RH134 - ch13s05

Bookmark this page

Finding and Managing Container Images

Objectives

After completing this section, you should be able to find, retrieve, inspect, and manage container images obtained from a remote container registry and stored on your server.

Configuring Container Registries

Podman uses a registries.conf file on your host system to get information about the container registries it can use.

[user@host ~]$ cat /etc/containers/registries.conf
# This is a system-wide configuration file used to
# keep track of registries for various container backends.
# It adheres to TOML format and does not support recursive
# lists of registries.

# The default location for this configuration file is /etc/containers/registries.conf.

# The only valid categories are: 'registries.search', 'registries.insecure',
# and 'registries.block'.

[registries.search]
registries = ['registry.redhat.io', 'quay.io', 'docker.io']

# If you need to access insecure registries, add the registry's fully-qualified name.
# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
[registries.insecure]
registries = []

# If you need to block pull access from a registry, uncomment the section below
# and add the registries fully-qualified name.
#
[registries.block]
registries = []

Important

For a regular (rootless) user of Podman, this file is stored in the $HOME/.config/containers directory. Configuration settings in this file override the system-wide settings in the /etc/containers/registries.conf file.

The list of registries that Podman can search are configured in the [registries.search] section of this file. If you do not specify a fully qualified image on the command line, then Podman will search this section in the order listed to determine how to form a complete image path.

The podman info command displays configuration information for Podman, including its configured registries.

[user@host ~]$ podman info
...output omitted...
insecure registries:
  registries: []
registries:
  registries:
  - registry.redhat.io
  - quay.io
  - docker.io
...output omitted...

Registry Security

Insecure registries are listed in the [registries.insecure] section of the registries.conf file. If a registry is listed as insecure, then connections to that registry are not protected with TLS encryption. If a registry is both searchable and insecure, then it can be listed in both [registries.search] and [registries.insecure].

Container registries can also be configured to require authentication. As previously discussed, you use the podman login command to log in to a container registry that requires authentication.

Finding Container Images

Use the podman search command to search container registries for a specific container image. The following example shows how to search the container registry registry.redhat.io for all images that include the name rhel8:

[user@host ~]$ podman search registry.redhat.io/rhel8
INDEX       NAME          DESCRIPTION                STARS   OFFICIAL   AUTOMATED
redhat.io   registry.redhat.io/openj9/openj9-8-rhel8      OpenJ9 1.8 OpenShift S2I image for Java Appl...   0
redhat.io   registry.redhat.io/openjdk/openjdk-8-rhel8    OpenJDK 1.8 Image for Java Applications base...   0
redhat.io   registry.redhat.io/openj9/openj9-11-rhel8     OpenJ9 11 OpenShift S2I image for Java Appli...   0
redhat.io   registry.redhat.io/openjdk/openjdk-11-rhel8   OpenJDK S2I image for Java Applications on U...   0
redhat.io   registry.redhat.io/rhel8/memcached            Free and open source, high-performance, dist...   0
redhat.io   registry.redhat.io/rhel8/llvm-toolset         The LLVM back-end compiler and core librarie...   0
redhat.io   registry.redhat.io/rhel8/rust-toolset         Rust and Cargo, which is a build system and ...   0
redhat.io   registry.redhat.io/rhel8/go-toolset           Golang compiler which will replace the curre...   0
...output omitted...

Run the same command with the --no-trunc option to see longer image descriptions:

[user@host ~]$ podman search --no-trunc registry.access.redhat.com/rhel8
INDEX       NAME          DESCRIPTION                STARS   OFFICIAL   AUTOMATED
...output omitted...
redhat.io   registry.redhat.io/rhel8/nodejs-10            Node.js 10 available as container is a base platform for building and running various Node.js 10 applications and frameworks. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.          0

redhat.io   registry.redhat.io/rhel8/python-36            Python 3.6 available as container is a base platform for building and running various Python 3.6 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming.          0

redhat.io   registry.redhat.io/rhel8/perl-526             Perl 5.26 available as container is a base platform for building and running various Perl 5.26 applications and frameworks. Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text.         0
...output omitted...

The following table shows some other useful options for the podman search command:

Table 13.1. Useful Podman Search Options

Option	Description
`--limit <number>`	Limits the number of listed images per registry.
`--filter <filter=value>`	Filters output based on conditions provided. Supported filters include: `stars=<number>`: Show only images with at least this number of stars. `is-automated=<true\|false>`: Show only images automatically built. `is-official=<true\|false>`: Show only images flagged as official.
`--tls-verify <true\|false>`	Enables or disables HTTPS certificate validation for all used registries. Default=`true`

Using the Red Hat Container Catalog

Red Hat maintains repositories containing certified container images. You can access a web interface to search them at https://access.redhat.com/containers.

Using this repository provides customers with a layer of protection and reliability against known vulnerabilities that could potentially be caused by untested images. The standard podman command is compatible with the repositories referenced by the Red Hat Container Catalog.

Inspecting Container Images

You can view information about an image before downloading it to your system. The skopeo inspect command can inspect a remote container image in a registry and display information about it.

The following example inspects a container image and returns image information without pulling the image to the local system:

Note

The skopeo inspect command can inspect different image formats from different sources, such as remote registries or local directories. The docker:// transport mechanism instructs skopeo to query a container image registry.

[user@host ~]$ skopeo inspect docker://registry.redhat.io/rhel8/python-36
...output omitted...
                "name": "ubi8/python-36",
                "release": "107",
                "summary": "Platform for building and running Python 3.6 applications",
...output omitted...

You can also inspect locally stored image information using the podman inspect command. This command might provide more information than the skopeo inspect command.

List locally stored images:

[user@host ~]$ podman images
REPOSITORY                            TAG      IMAGE ID       CREATED       SIZE
quay.io/generic/rhel7                 latest   1d3b6b7d01e4   3 weeks ago   688 MB
registry.redhat.io/rhel8/python-36    latest   e55cd9a2e0ca   6 weeks ago   811 MB
registry.redhat.io/ubi8/ubi           latest   a1f8c9699786   6 weeks ago   211 MB

Inspect a locally stored image and return information:

[user@host ~]$ podman inspect registry.redhat.io/rhel8/python-36
...output omitted...
        "Config": {
            "User": "1001",
            "ExposedPorts": {
                "8080/tcp": {}
...output omitted...
                "name": "ubi8/python-36",
                "release": "107",
                "summary": "Platform for building and running Python 3.6 applications",
...output omitted...

Removing Local Container Images

Container images are immutable; they do not change. This means that old images are not updated, so updating software in a container requres a new image that replaces the old one.

When an updated image is made available, the publisher changes the latest tag to associate it with the new image. You can still access an older image by referencing its specific version tag, and you can run containers from it. You can also remove the older image, pull the latest image, and only use the latest (updated) image to run containers.

For example, images provided by Red Hat benefit from the long experience Red Hat has in managing security vulnerabilities and defects in Red Hat Enterprise Linux and other products. The Red Hat security team hardens and controls these high quality images. They are rebuilt when new vulnerabilities are discovered and go through a quality assurance process.

To remove a locally stored image, use the podman rmi command.

List locally stored images:

[user@host ~]$ podman images
REPOSITORY                            TAG      IMAGE ID       CREATED       SIZE
quay.io/generic/rhel7                 latest   1d3b6b7d01e4   3 weeks ago   688 MB
registry.redhat.io/rhel8/python-36    latest   e55cd9a2e0ca   6 weeks ago   811 MB
registry.redhat.io/ubi8/ubi           latest   a1f8c9699786   6 weeks ago   211 MB

Remove the registry.redhat.io/rhel8/python-36:latest image.

[user@host ~]$ podman rmi registry.redhat.io/rhel8/python-36:latest
e55cd9a2e0ca5f0f4e0249404d1abe3a69d4c6ffa5103d0512dd4263374063ad
[user@host ~]$

List locally stored images and verify that it was removed:

[user@host ~]$ podman images
REPOSITORY                            TAG      IMAGE ID       CREATED       SIZE
quay.io/generic/rhel7                 latest   1d3b6b7d01e4   3 weeks ago   688 MB
registry.redhat.io/ubi8/ubi           latest   a1f8c9699786   6 weeks ago   211 MB

References

podman-search(1), podman-inspect(1), and skopeo(1) man pages.

For more information, refer to the Working with Container Images chapter in the Red Hat Enterprise Linux 8 Building, Running, and Managing Containers Guide at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/building_running_and_managing_containers/index#working-with-container-images_building-running-and-managing-containers

Discuss Red Hat System Administration II

Go to community

Is It possible to reset root password when the system is on multi-user.target?

jennifer1987

27 lip 2023

Hi thereWell, i have a question, Is It possible to reset root password when the system is on multi-user.target? I was not be able to found a foro o some information related with this and another question that I have, If the grub menu dont show up, is it posible to reset the root password?

991

Red Hat System Administration II (RH134)

Haley_Ruccio

21 lip 2023

Build the skills to perform the key tasks needed to become a full-time Linux administratorRed Hat System Administration II (RH134) is the second part of the RHCSA training track for IT professionals who have already attended Red Hat System Administration I. The course goes deeper into core Linux system administration skills in storage configuration and management, installation and deployment of Red Hat Enterprise Linux, management of security features such as SELinux, control of recurring system tasks, management of the boot process and troubleshooting, basic system tuning, and command-line automation and productivity. This course assumes that students have attended Red Hat System Administration I (RH124).Experienced Linux administrators who seek rapid preparation for the RHCSA certification should instead start with RHCSA Rapid Track (RH199).This course is based on Red Hat Enterprise Linux 9.0.Course summaryInstall Red Hat Enterprise Linux using scalable methodsAccess security files, file systems, and networksExecute shell scripting and automation techniquesManage storage devices, logical volumes, and file systemsManage security and system accessControl the boot process and system servicesRun containersAudience for this courseThis course is geared toward Windows system administrators, network administrators, and other system administrators who are interested in supplementing current skills or backstopping other team members, in addition to Linux system administrators who are responsible for these tasks:Configuring, installing, upgrading, and maintaining Linux systems using established standards and proceduresProviding operational supportManaging systems for monitoring system performance and availabilityWriting and deploying scripts for task automation and system administrationRecommended trainingSuccessful completion of Red Hat System Administration I (RH124) is recommended.Experienced Linux administrators seeking to accelerate their path toward becoming a Red Hat Certified System Administrator should start with the RHCSA Rapid Track course (RH199).Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technology requirements.This course is not designed for bring your own device (BYOD).Internet access is not required, but is recommended to allow students to research and access Red Hat online resources.

Welcome to the Red Hat System Administration II (RH134) group in the Red Hat Learning Community!

Deanna

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat System Administration II! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH134.Read more about Red Hat System Administration II here.

417

Revision: rh134-8.2-f0a9756