此内容没有您所选择的语言版本。
Chapter 10. Managing Container Images
Containerization is an operating system-level virtualization method. While standard virtual machines consume resources that a hypervisor allocates to each system, containers act as individual systems that directly use a host’s kernel. This means that processes in containers share resources alongside the host and other containers. This provides an efficient method to run multiple systems from a single host. Linux containers also provide rapid application deployment, simpler testing, maintenance, and troubleshooting while improving security.
For more information about containers, see the Getting Started with Containers guide for Red Hat Enterprise Linux Atomic Host 7.
Docker is an open source project that automates the deployment Linux containers and their applications. It provides the capability to package an application with its runtime dependencies into a container.
A container in the Docker format is composed of the following parts:
- Container
- An application sandbox. Each container is based on an image that holds necessary configuration data. When you launch a container from an image, a writable layer is added on top of this image. Every time you commit a container a new image layer is added to store your changes.
- Image
- A static snapshot of the container’s configuration that is never modified. Any changes made to the container can be saved only by creating a new image layer. Each image depends on one or more parent images.
- Platform image
- An image that has no parent. Platform images define the runtime environment, packages and utilities necessary for containerized applications to run. The platform image is not writable, so any changes are reflected in the copied images stacked on top of it.
- Registry
- A public or private archive that contains images available for download. Some registries allow users to upload images to make them available to others. Red Hat Satellite allows you to import images from local and external registries. Satellite itself can act as an image registry for hosts. However, hosts cannot push changes back to the registry.
- Tag
-
A mark used to differentiate images in a repository, typically by the version of the application stored in the image. Repositories are used to group similar images in a container registry. Images only have unique alphanumeric identifiers, so naming them in the form
repository:tag
provides a human-readable way of identifying images.
With Red Hat Satellite 6, you can create an on-premise registry, import images from various sources and distribute them to containers using Content Views. Satellite Server supports creating one or more Docker compute resources that act as servers for running containers. This way, you can import an image, start a container based on this image, monitor the container’s activity, and commit its state to a new image layer that can be further propagated.
Importing content and managing the life cycle of container images is similar to managing other content types, such as RPMs and Puppet modules. You configure repositories bundled with Products and include those repositories in Content Views.
10.1. Importing Container Images from the Red Hat Container Catalog
The Red Hat Container Catalog provides a set of container images that you can import into your Satellite Server. The process for importing this content differs to how we enable repositories for Red Hat content. The process is:
- Create a custom product for Red Hat Container Catalog.
- Add a repository that links to the Red Hat Container Catalog registry (http://registry.access.redhat.com/).
- Synchronize with the registry’s repository.
For Web UI Users
Navigate to Content > Products and click New Product. A form for a new Product appears. Enter the following details:
-
Name - The plain text name for the product. Enter
Red Hat Container Catalog
. -
Label - An internal ID for the repository. Enter
rhcc
. - GPG Key - The GPG Key for the entire product. Leave this blank.
-
Sync Plan - A synchronization plan for the product. We can attach this to our
Example Plan
. -
Description - A plain text description of the product. Enter
Red Hat Container Catalog content
.
Click Save.
After creating the custom product, the product’s repositories screen appears. Click Create Repository, which displays a form for a new repository. Enter the following details:
-
Name - A plain text name for the repository. Enter
RHEL7
. -
Label - An internal ID for the repository. Enter
RHEL7
. -
Type - The type of repository. Select
docker
. A new set of fields appear. -
URL - The URL of the registry to use as a source. Enter
http://registry.access.redhat.com/
. -
Upstream Repository Name - The name of the repository on the registry. For our example, enter
rhel7
.
You can search and view other repositories at https://access.redhat.com/containers/ .
Click Save. We return to the product’s repository screen with our new repository listed. Select it and click Sync Now to start the synchronization process. After a few minutes, Satellite Server completes the synchronization. Click Manage Docker Manifests to list the available manifests. From the list, you can optionally remove any manifests that are not required.
You can also view the progress of the synchronization in the Web UI. Navigate to Content > Sync Status and expanding the Product/Repository tree (or click Expand All).
For CLI Users
Create the custom Red Hat Container Catalog
product:
# hammer product create \ --name "Red Hat Container Catalog" \ --sync-plan "Example Plan" \ --description "Red Hat Container Catalog content" \ --organization "ACME"
Create the repository for the container images:
# hammer repository create \ --name "RHEL7" \ --content-type "docker" \ --url "http://registry.access.redhat.com/" \ --docker-upstream-name "rhel7" \ --product "Red Hat Container Catalog" \ --organization "ACME"
Then synchronize the repository:
# hammer repository synchronize \ --name "RHEL7" \ --product "Red Hat Container Catalog" \ --organization "ACME"
Now we have a synchronized set of container images.
10.2. Importing Container Images from Other Image Registries
In addition to importing container images from Red Hat Container Catalog, Red Hat Satellite 6 can also import content from other image registries, such as community-based or internal registries. The process for importing from third-party registries is the similar to importing images from the Red Hat Container Catalog:
- Create a custom product.
- Add a repository for container images to the product and link it to a repository on an external registry.
- Synchronize with the registry’s repository.
The following procedure demonstrates how to accomplish this using the official Fedora images from the DockerHub registry (https://registry.hub.docker.com
).
For Web UI Users
Navigate to Content > Products and click New Product. A form for a new Product appears. Enter the following details:
-
Name - The plain text name for the product. Enter
Fedora
. - Label - An internal ID for the product. Red Hat Satellite 6 automatically completes this field based on what you have entered for Name.
- GPG Key - The GPG Key for the entire product. Leave this blank.
-
Sync Plan - A synchronization plan for the product. We can attach this to our
Example Plan
. -
Description - A plain text description of the product. Enter
Fedora content
.
Click Save.
After creating the custom product for Fedora, the product’s repositories screen appears. Click Create Repository, which displays a form for a new repository. Enter the following details:
-
Name - A plain text name for the repository. Enter
Fedora Docker Images
. - Label - An internal ID for the repository. Red Hat Satellite 6 automatically completes this field based on what you have entered for Name.
-
Type - The type of repository. Select
docker
. A new set of fields appear. -
URL - The URL of the registry to use as a source. Enter
https://registry.hub.docker.com
. -
Upstream Repository Name - The name of the repository on the registry. For our example, enter
fedora/ssh
You can search and view other repositories at https://hub.docker.com/explore/ .
Click Save. We return to the product’s repository screen with our new repository listed. Select it and click Sync Now to start the synchronization process. After a few minutes, Satellite Server completes the synchronization. Click Manage Docker Manifests to list the available manifests. From the list, you can optionally remove any manifests that are not required.
You can also view the progress of the synchronization in the Web UI. Navigate to Content > Sync Status and expanding the Product/Repository tree (or click Expand All).
For CLI Users
Create the custom fedora
product:
# hammer product create \ --name "Fedora" \ --sync-plan "Example Plan" \ --description "Fedora content" \ --organization "ACME"
Create the repository for the container images:
# hammer repository create \ --name "Fedora/SSH" \ --content-type "docker" \ --url "https://registry.hub.docker.com" \ --docker-upstream-name "fedora/ssh" \ --product "Fedora" \ --organization "ACME"
Then synchronize the repository:
# hammer repository synchronize \ --name "Fedora/SSH" \ --product "Fedora" \ --organization "ACME"
Now we have a synchronized set of container images.
10.3. Managing Container Images with Content Views
Use Content Views to manage container images across the application life cycle. This process uses the same publication and promotion method that RPMs and Puppet modules use.
For Web UI Users
Navigate to Content > Content Views and click Create New View. This displays a form for View Details. Enter the following information:
-
Name - The plain text name for the view. Enter
Containers
. - Label - An internal ID for the view. Red Hat Satellite 6 automatically completes this field based on what you have entered for Name.
-
Description - A plain text description of the view. Enter
Container image for Red Hat Enterprise Linux 7
. - Composite View? - Defines whether to use a Composite Content View. Leave this check box clear.
Click Save to complete.
This creates a new Content View entry. Navigate to the Docker Content subtab, then click Add. Select the container repository for our Red Hat Enterprise Linux 7 Server image. Click Add Repository. This adds the container images from this repository to the Content View.
Our Content View is ready to publish. Navigate to Versions and click Publish New Version. Satellite Server provides some details about the new version (Version 1) and allows you to enter a Description for the version, which is useful to logging changes for new content versions. Enter Initial content view for our container image
and click Save.
Satellite Server creates the new version of the view and publishes it to the Library environment.
You can also click Promote to promote this Content View across environments in the application life cycle.
For CLI Users
Obtain a list of repository IDs:
# hammer repository list --organization "ACME"
For our example, the container rhel7
repository uses 8 for its IDs. Create the Content View and add the repository:
# hammer content-view create \ --name "Containers" \ --description "Container image for Red Hat Enterprise Linux 7" \ --repository-ids 8 \ --organization "ACME"
Now publish the view:
# hammer content-view publish \ --name "Containers" \ --description "Initial content view for our container image" \ --organization "ACME"
Satellite Server creates the new version of the view and publishes it to the Library environment.
10.4. Managing Container Images with Docker Tags
Some of the container images use Docker tags to identify version numbers and basic information about each version.
For Web UI Users
Navigate to Content > Docker Tags to view a list of tags for container-based products. Click on a tag to view information about a specific image.
For CLI Users
View a list of Docker tags and their IDs:
# hammer docker tag info --id 218 --organization "ACME"
View a Docker tag using the tag ID:
# hammer docker tag info --id 218
10.5. Chapter Summary
This chapter provided a basic overview of managing container image content in Red Hat Satellite 6, including how to create your own registry and how to manage container images across the application life cycle.
The next chapter examines how to manage OSTree content.