Chapter 11. Provisioning Containers
With Red Hat Satellite 6, you can create an on-premise registry, import images from various sources and distribute them to containers using Content Views. Satellite Server supports creating one or more Docker compute resources that act as servers for running containers.
You can import an image, start a container based on this image, monitor the container’s activity, and commit its state to a new image layer that can be further propagated.
For information about containers, see the Getting Started with Containers guide for Red Hat Enterprise Linux Atomic Host 7.
Use this chapter to import container images and use these images to create containers.
11.1. Prerequisites for Container Provisioning
Before you can provision a container using Red Hat Enterprise Linux Atomic Host, you must have a source for images, such as a container registry.
Red Hat Satellite 6 uses three sources of container images:
- Synchronized Docker-formatted container images that are a part of the Satellite Server’s application life cycle.
- Public images from Docker Hub.
- Other External registries, including Red Hat’s container image registry. This is explored in Section 11.3, “Adding External Registries to the Satellite Server”.
11.2. Importing Container Images
You can import container images from the Red Hat Container Catalog or from other image registries that you connect to Satellite.
To import a container image, follow these steps:
- Create a custom product for Red Hat Container Catalog.
- Add a repository that links to the container catalog that you want to use. For example, Red Hat Container Catalog registry (http://registry.access.redhat.com/) or a third-party registry in Satellite.
- Synchronize with the registry’s repository.
To create a custom product for the Red Hat container Catalog and create an image repository, complete the following steps:
- In the Satellite web UI, navigate to Content > Products and click New Product.
- In the Name field, enter a name for the product.
- Enter and select any additional details for the product.
- Click Save to create the product.
- Click Create Repository.
- In the Name field, enter a name that describes the repository.
- In the Label field, enter an internal ID for the repository.
-
From the Type list, select
docker
. -
In the URL field, enter the URL of the registry to use as a source: for example,
http://registry.access.redhat.com/
or the URL of another source that you want to use, such ashttps://registry.hub.docker.com
. - In the Upstream Repository Name field, enter the name of the repository.
- Click Save to create the repository and view it in Satellite’s repository list.
- Select the new repository and then click Sync Now to start the synchronization process.
To view the progress of the synchronization in the Web UI. Navigate to Content > Sync Status and expand the repository tree.
When the synchronization completes, you can click Manage Docker Manifests to list the available manifests. From the list, you can also remove any manifests that you do not require.
For CLI Users
Create the custom
Red Hat Container Catalog
product:# hammer product create \ --name "Red Hat Container Catalog" \ --sync-plan "Example Plan" \ --description "Red Hat Container Catalog content" \ --organization "My_Organization"
Create the repository for the container images:
# hammer repository create \ --name "RHEL7" \ --content-type "docker" \ --url "http://registry.access.redhat.com/" \ --docker-upstream-name "rhel7" \ --product "Red Hat Container Catalog" \ --organization "My_Organization"
Synchronize the repository:
# hammer repository synchronize \ --name "RHEL7" \ --product "Red Hat Container Catalog" \ --organization "My_Organization"
11.3. Adding External Registries to the Satellite Server
If you want to create a container from an image in an external registry, you must first add the registry to Satellite.
To add an external container registry, complete the following steps:
- In the Satellite web UI, navigate to Containers > Registries and click Create Registry.
- In the Name field, enter a name for the registry.
-
In the URL field, enter the location of the registry. For example:
https://registry.access.redhat.com
. - Optional: In the Description field, enter a description for your registry entry.
- In the Username field, enter the user name that corresponds with your user account on the registry.
- In the Password field, enter the password for your user account on your registry.
- Select the Locations tab, and select a location.
- Select the Organizations tab, and select an organization.
- Click Submit to save the external registry.
For CLI Users
Create the registry with the hammer docker registry create
command:
# hammer docker registry create --name "Red Hat" \ --url "https://registry.access.redhat.com" \ --description "Red Hat Container Image Registry" \ --organization "Default_Organization" \ --location "Default_Location"
11.4. Managing Container Images in Satellite
To manage container images with Content Views, complete the following steps:
- In the Satellite web UI, navigate to Content > Content Views and click Create New View.
-
In the Name field, enter
Containers
. This automatically populates the Label field. -
In the Description field, enter a description. For example,
Container image for Red Hat Enterprise Linux 7
. - If you want to use a Composite Content View to hold other Content Views, select the Composite View check box.
- Optional: If you select Composite Content View, you can select whether you want to Auto publish a composite view when a new version of a component Content View is created.
- Click Save to create the Content View.
- Navigate to the Docker Content subtab, then click Add.
- Select the container repository for a Red Hat Enterprise Linux 7 Server image.
- Click Add Repository.
- Navigate to Versions and click Publish New Version.
You can enter a Description for the version; meaningful descriptions can help in logging new content versions.
Satellite Server creates the new version of the view and publishes it to the Library environment.
You can also click Promote to promote this Content View across environments in the application life cycle.
For CLI Users
To obtain a list of repository IDs:
# hammer repository list --organization "My_Organization"
Create the Content View and add the repository:
# hammer content-view create \ --name "Containers" \ --description "Container image for Red Hat Enterprise Linux 7" \ --repository-ids 8 \ --organization "My_Organization"
Publish the view:
# hammer content-view publish \ --name "Containers" \ --description "Initial Content View for our container image" \ --organization "My_Organization"
11.5. Configuring the Red Hat Enterprise Linux Atomic Host
Configure the Atomic Host before connecting to Satellite. This includes exposing the Red Hat API for Docker-formatted containers to the Satellite Server. For information about containers, see the Getting Started with Containers guide for Red Hat Enterprise Linux Atomic Host 7.
Log on to the Atomic Host and edit the
/etc/sysconfig/docker
file:$ vi /etc/sysconfig/docker
Find the
OPTIONS
parameter and modify it to expose the API:OPTIONS=--selinux-enabled -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375
ImportantUse either TCP port 2375 or 2376 for the connection. Satellite Server contains certain SELinux rules to permit access to these ports. Using an alternative port results in authentication failure.
Open port 2375 for the firewall:
# firewall-cmd --add-port=2375/tcp # firewall-cmd --add-port=2375/tcp --permanent
Import the Satellite Server certificate:
$ curl http://satellite.example.com/pub/katello-server-ca.crt \ -o /etc/pki/ca-trust/source/anchors/katello-server-ca.crt $ update-ca-trust
Restart the
docker
service:# systemctl restart docker
11.6. Adding an Atomic Host Connection to the Satellite Server
To add an Red Hat Enterprise Linux Atomic connection in the Satellite Server’s compute resources, complete the following steps:
- In the Satellite web UI, navigate to Infrastructure > Compute Resources and click Create Compute Resource.
- In the Name field, enter a name for the resource.
- From the Provider list, select Docker.
- Optional: In the Description field, you can add a description for the resource.
- Select the Locations tab, and select the location that you want to use.
- Select the Organizations tab, and select the organization that you want to use.
- Click Submit to save.
For CLI Users
Create the connection with the hammer compute-resource create
command:
# hammer compute-resource create --provider docker \ --name "Atomic" --url "http://atomic.example.com:2375" \ --organizations 'Default Organization' --locations 'Default Location'
11.7. Creating a Container
Use this procedure to create a container in Satellite. The Satellite web UI contains a wizard that guides you through the creation process. You can select a container image from a Content View, a Docker Hub, or an external registry that you add to Satellite.
- In the Satellite web UI, navigate to Containers > Create Container.
- From the Deploy on list, select the compute resource that you want to use.
- Select the Locations tab, and select a location.
- Select the Organizations tab, and select an organization.
- Click Next step.
To create a container, you have three options:
- Create from a container image in Content View
- Create from an container image in the Docker Hub
- Create from an container image in an external registry.
Creating a Container from a Content View
- From the Lifecycle Environment list, select the lifecycle environment that you want to use.
- From the Content View list, select the container image that you want to use.
- From the Registry list, select the registry that you want to use.
- From the Tag list, select the container image tag that you want to use.
- From the Capsule list, select the Capsule that you want to use.
- Click Next Step.
Creating a Container from Docker Hub
- Select the Docker Hub tab, and in the Search field, enter the Docker container that you want to use.
- In the Tag field, enter the name of the container image tag that you want to use, and click Search for images.
- Select the container image that you want to use, and click Next Step.
Creating a Container from an External Registry
- From the Registry list, select a registry that you want to use.
- In the Search field, enter the name of the container image that you want to use.
- In the Tag field, enter the tag that is associated with the container image you want to use.
- Click Search for images and select the image that you want to use, and click Next step.
Finishing the Container Creation Process
- In the Name field, enter a name for the new container.
- In the Command field, enter a command that you want to run in the container.
-
In the Entry point field, enter a command that you want the container to execute automatically when the container starts. The default entrypoint is
/bin/sh -c
. - Select the Compute options tab.
- In the CPU Sets field, assign CPUs to the container. For example, 0-2,16 represents CPUs 0, 1, 2, and 16.
- In the CPU share field, assign the CPU share for the container. This sets the share of CPU time available to containerized tasks.
- In the Memory field, enter the memory size that you want to allocate to the container.
- Click Next Step.
-
In the Environment variables field, define a set of environmental variables. For example,
LANG=en_US.UTF-8
. - In the Exposed Ports field, enter the number of ports that you want to open in the container. For example, you can open SSH communication to the container on port 22.
- In the DNS field, enter the DNS server for the container.
- Select the Run check box to start the container automatically after it is created.
- Click Submit to create a container.
For CLI Users
The following are three examples of the hammer docker container create
command.
To create a container from a Content View:
# hammer docker container create --compute-resource "Atomic" \ --repository-name "rhel7" --tag "latest" --name "docker-test1" \ --command "bash" --organizations "My_Organization" --locations "New York"
To provision from the Docker Hub:
# hammer docker container create --compute-resource "Atomic" \ --repository-name "docker.io/redhat" --tag latest \ --name "docker-test2" --command bash --organizations "My_Organization" \ --locations "New York"
To provision from an external registry:
# hammer docker container create --compute-resource "Atomic" \ --registry-id 1 --repository-name "rhel" --tag latest \ --name "docker-test3 --command bash --organizations "My_Organization" \ --locations "New York"
11.8. Starting, Committing, and Removing Containers
Starting or Stopping a Container
When you create a container, its default state is disabled. By enabling a container, you start the processes of the containerized application in the compute resource. Hosts are then able to communicate with the container as with a web application.
- In the Satellite web UI, navigate to Containers > All Containers.
- From the list of existing containers, select the container that you want, and then click Power On. To stop the container, click Power Off.
Committing a Container
When you launch a container from an image, a writable layer is added on top of this image. Committing a container creates an image layer that stores the status of that container. Every time you commit a container a new image layer is added to store your changes. The container is committed to the repository of the original image. For example, if the container is based on an image pulled from the Docker Hub, the committed changes are pushed back to the Docker Hub.
- In the Satellite web UI, navigate to Containers > All Containers.
- From the list of existing containers, select the container that you want, and then click Commit.
-
Enter a repository name, for example
user/my-rhel-image
. - Assign a tag to the image.
- Enter your contact information.
- Enter an informative comment about the commit.
- Click Submit.
Removing a Container
- In the Satellite web UI, navigate to Containers > All Containers.
- From the list of existing containers, select the container that you want, and then click Delete.
- In the alert window, click OK to confirm the deletion.