Chapter 8. Managing Containers
You can automate the deployment of applications inside Linux containers using RHUI. Using containers offers the following advantages:
- Requires less storage and in-memory space than VMs: Because the containers hold only what is needed to run an application, saving and sharing is more efficient with containers than it is with VMs that include entire operating systems.
- Improved performance: Because you are not running an entirely separate operating system, a container typically runs faster than an application that carries the overhead of a new VM.
- Secure: Because a container typically has its own network interfaces, file system, and memory, the application running in that container can be isolated and secured from other activities on a host computer.
- Flexible: With an application’s runtime requirements included with the application in the container, a container can run in multiple environments.
Support for containers is not enabled by default. You must manually enable support by setting the --container-support-enabled
flag.
8.1. Understanding containers in Red Hat Update Infrastructure
A container is an application sandbox. Each container is based on an image that holds necessary configuration data. When you launch a container from an image, a writable layer is added on top of this image. Every time you commit a container, a new image layer is added to store your changes.
An image is a read-only layer that is never modified. All changes are made in the top-most writable layer, and the changes can be saved only by creating a new image. Each image depends on one or more parent images.
A platform image is an image that has no parent. Platform images define the runtime environment, packages, and utilities necessary for a containerized application to run. The platform image is read-only, so any changes are reflected in the copied images stacked on top of it.
8.2. Adding a container to Red Hat Update Infrastructure
You can use the rhui-manager
tool to add containers using the Repository Management section.
Procedure
On the RHUA node, enable support for containers and apply it on all CDS nodes:
# rhui-installer --rerun --container-support-enabled True # rhui-manager --noninteractive cds reinstall --all
Optional: Edit the
/etc/rhui/rhui-tools.conf
file and set the container registry credentials in the RHUI configuration by removing the following lines in the [container] section.If you have a clean installation of RHUI 4.1.1 or newer, the last several lines contain a [container] section with podman-specific options and handy comments. If you have updated from an earlier version of RHUI, the section is available at the end of the
etc/rhui/rhui-tools.conf.rpmnew
file, and you can copy it to therhui-tools.conf
file.[container] … registry_username: your_RH_login registry_password: your_RH_password
NoteIf you normally synchronize from a registry different from
registry.redhat.io
, also change the values of the registry_url and registry_auth options accordingly.On the RHUA node, run
rhui-manager
:# rhui-manager
Press
r
to access the Repository Management screen.-= Red Hat Update Infrastructure Management Tool =- -= Repository Management =- l list repositories currently managed by the RHUI i display detailed information on a repository a add a new Red Hat content repository ac add a new Red Hat container c create a new custom repository (RPM content only) d delete a repository from the RHUI u upload content to a custom repository (RPM content only) ur upload content from a remote web site (RPM content only) p list packages in a repository (RPM content only) Connected: rhua.example.com
Press
ac
to add a new Red Hat container.rhui (repo) => ac Specify URL of registry [https://registry.redhat.io]:
-
If the container you want to add exists in a non-default registry, enter the registry URL. Press
Enter
without entering anything to use the default registry. Enter the name of the container in the registry:
jboss-eap-6/eap64-openshift
Enter a unique ID for the container.
rhui-manager
converts the name of the container from the registry to the format that is usable in Pulp by replacing slashes and dots with underscores. You can use such a converted name by pressing Enter or by entering a name of your choice.Enter a display name for the container.
jboss-eap-6_eap64-openshift
- Optional: Set your login and password in the RHUI configuration if prompted.
Verify the displayed summary.
The following container will be added: Registry URL: http://registry.redhat.io Container Id: jboss-eap-6_eap64-openshift Display Name: jboss-eap-6_eap64-openshift Upstream Container Name: jboss-eap-6/eap64-openshift Proceed? (y/n)
Press
y
to proceed and add the container.y Successfully added container jboss-eap-6_eap64-openshift
8.3. Synchronizing container repositories
After you add your container to Red Hat Update Infrastructure, you can use the rhui-manager
tool to synchronize the container.
Procedure
On the RHUA node, run
rhui-manager
:# rhui-manager
-
Press
s
to access thesynchronization status and scheduling
screen. -
Press
sr
to synchronize an individual repository immediately. - Enter the number of the repository that you wish to synchronize.
-
Press
c
to confirm the selection. Verify the repository and press
y
to synchronize orn
to cancel.The following repositories will be scheduled for synchronization: jboss-eap-6_eap64-openshift Proceed? (y/n) y Scheduling sync for jboss-eap-6_eap64-openshift... ... successfully scheduled for the next available timeslot.
8.4. Generating container client configurations
RHUI clients can pull containers from RHUI using client configuration. The RPM contains the load balancer’s certificate and you can use it to add the load balancer to the container registry and to modify container configuration.
Procedure
On the RHUA node, run
rhui-manager
:# rhui-manager
-
Press
e
to access theentitlement certificates and client configuration RPMs
screen. -
Press
d
tocreate a container client configuration RPM
. Enter the full path of a local directory where you want to save the configuration files.
/root/
Enter the name of the RPM.
containertest
-
Enter the version number of the configuration RPM. The default is
2.0
. -
Enter the release number of the configuration RPM. The default is
1
. Enter the number of days the certificate should be valid. The default is
365
.Successfully created client configuration RPM. Location: /root/containertest-2.0/build/RPMS/noarch/containertest-2.0-1.noarch.rpm
8.5. Installing a container configuration RPM on the client
After generating the container configuration RPM, you can install it on a client by importing it to your local machine.
Procedure
Retrieve the RPM from the RHUA node to your local machine:
# root@rhua.example.com:/root/containertest-2.0/build/RPMS/noarch/containertest-2.0-1.noarch.rpm .
Transfer the RPM from the local machine to the client.
# scp containertest-2.0-1.noarch.rpm root@cli01.example.com:.
Switch to the client and install the RPM:
[root@cli01 ~]# yum install containertest-2.0-1.noarch.rpm
8.6. Testing the podman pull command on the client
You can use the podman pull command to verify the content on the container.
Procedure
Run the
podman pull
command.[root@cli01 ~]# podman pull jboss-eap-6_eap64-openshift Resolving "jboss-eap-6_eap64-openshift" using unqualified-search registries (/etc/containers/registries.conf) Trying to pull cds.example.com/jboss-eap-6_eap64-openshift:latest... Getting image source signatures Copying blob b0e0b761a531 done Copying blob aa23ac04e287 done Copying blob 0d30ea1353f9 done Copying config 3d0728c907 done Writing manifest to image destination Storing signatures 3d0728c907d55d9faedc4d19de003f21e2a1ebdf3533b3d670a4e2f77c6b35d2
If the
podman pull
command fails, check therhui-manager
status. The synchronization probably has not been performed yet and you have to wait until it synchronizes.Resolving "jboss-eap-6_eap64-openshift" using unqualified-search registries (/etc/containers/registries.conf) Trying to pull cds.example.com/jboss-eap-6_eap64-openshift:latest... Error: initializing source docker://cds.example.com/jboss-eap-6_eap64-openshift:latest: reading manifest latest in cds.example.com/jboss-eap-6_eap64-openshift: manifest unknown: Manifest not found.