RH134 - ch13s12

Bookmark this page

Guided Exercise: Managing Containers as Services

In this exercise, you will configure a container that is managed as a systemd service, and then use systemctl commands to manage that container so that it automatically starts when the host machine starts.

Outcomes

You should be able to:

Create systemd unit files for managing containers.
Start and stop containers using systemctl commands.
Configure user accounts for systemd user services to start when the host machine starts.

On the workstation machine, log in as the student user with student as the password.

On the workstation machine, run the lab containers-services start command. This command runs a start script that determines if the servera machine is reachable on the network. It also installs the container tools on servera.

[student@workstation ~]$ lab containers-services start

Procedure 13.5. Instructions

Use the ssh command to log in to servera as the student user. The systems are configured to use SSH keys for authentication, so a password is not required.
```
[student@workstation ~]$ ssh student@servera
...output omitted...
[student@servera ~]$ 
```
Use the sudo -i command to switch to the root user. The password for the student user is student.
```
[student@servera ~]$ sudo -i
[sudo] password for student: student
[root@servera ~]# 
```
Create a user account named contsvc using redhat as the password. Configure the account to access the container image registry at registry.lab.example.com. You will use this account to run containers as systemd services, instead of using your regular user account.
1. Use the useradd command to create the account, and then use the passwd command to set the password to redhat.
```
[root@servera ~]# useradd contsvc
[root@servera ~]# passwd contsvc
Changing password for user contsvc.
New password: redhat
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: redhat
passwd: all authentication tokens updated successfully.
```
2. To manage the systemd user services with the contsvc account, you must log in directly as the contsvc user. You cannot use the su and sudo commands.
  Log out of servera, and then use the ssh command to log in as the contsvc user. The systems are configured to use SSH keys for authentication, so a password is not required.
```
[root@servera ~]# exit
logout
[student@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$ ssh contsvc@servera
...output omitted...
[contsvc@servera ~]$ 
```
3. Create the ~/.config/containers/ directory.
```
[contsvc@servera ~]$ mkdir -p ~/.config/containers/
[contsvc@servera ~]$ 
```
4. The lab script prepared the registries.conf file in the /tmp/containers-services/ directory. Copy that file to ~/.config/containers/. The following cp command is very long and should be entered as a single line.
```
[contsvc@servera ~]$ cp /tmp/containers-services/registries.conf ~/.config/containers/
```
5. To confirm that you can access the registry.lab.example.com registry, run the podman search ubi command as a test. If everything works as expected, then the command should list some images.
```
[contsvc@servera ~]$ podman search ubi
INDEX         NAME                    DESCRIPTION   STARS   OFFICIAL   AUTOMATED
example.com   registry.lab.example.com/ubi8/ubi         0
example.com   registry.lab.example.com/ubi7/ubi         0
```
Create the /home/contsvc/webcontent/html/ directory, and then create an index.html test page. You will use that directory as persistent storage when you deploy a web server container.
1. Create the ~/webcontent/html/ directory.
```
[contsvc@servera ~]$ mkdir -p ~/webcontent/html/
[contsvc@servera ~]$ 
```
2. Create the index.html file and add some content.
```
[contsvc@servera ~]$ echo "Hello World" > ~/webcontent/html/index.html
[contsvc@servera ~]$ 
```
3. Confirm that everyone has access to the directory and the index.html file. The container uses an unprivileged user that must be able to read the index.html file.
```
[contsvc@servera ~]$ ls -ld webcontent/html/
drwxrwxr-x. 2 contsvc contsvc 24 Aug 28 04:56 webcontent/html/
[contsvc@servera ~]$ ls -l webcontent/html/index.html
-rw-rw-r--. 1 contsvc contsvc 12 Aug 28 04:56 webcontent/html/index.html
```
Create a detached container named myweb. Redirect port 8080 on the local host to the container port 8080. Mount the ~/webcontent directory from the host to the /var/www directory in the container. Use the registry.lab.example.com/rhel8/httpd-24:1-105 image.
1. Log in to the registry.lab.example.com registry as the admin user with redhat321 as the password.
```
[contsvc@servera ~]$ podman login registry.lab.example.com
Username: admin
Password: redhat321
Login Succeeded!
```
2. Create the container. You can copy and paste the following command from the /tmp/containers-services/start-container.txt file. The following podman run command is very long and should be entered as a single line.
```
[contsvc@servera ~]$ podman run -d --name myweb -p 8080:8080 -v ~/webcontent:/var/www:Z registry.lab.example.com/rhel8/httpd-24:1-105
...output omitted...
```
3. To verify your work, use the curl command to access the web content on port 8080.
```
[contsvc@servera ~]$ curl http://localhost:8080/
Hello World
```
Create the systemd unit file for managing the myweb container with systemctl commands. When finished, stop and then delete the myweb container. Systemd manages the container and does not expect the container to exist initially.
1. Create the ~/.config/systemd/user/ directory.
```
[contsvc@servera ~]$ mkdir -p ~/.config/systemd/user/
[contsvc@servera ~]$ 
```
2. Change to the ~/.config/systemd/user/ directory, and then run the podman generate systemd command to create the unit file for the myweb container. Use the --new option so that systemd creates a new container when starting the service and deletes the container when stopping the service.
```
[contsvc@servera ~]$ cd ~/.config/systemd/user
[contsvc@servera user]$ podman generate systemd --name myweb --files --new
/home/contsvc/.config/systemd/user/container-myweb.service
```
3. Stop and then delete the myweb container.
```
[contsvc@servera user]$ podman stop myweb
2f4844b376b78f8f7021fe3a4c077ae52fdc1caa6d877e84106ab783d78e1e1a
[contsvc@servera user]$ podman rm myweb
2f4844b376b78f8f7021fe3a4c077ae52fdc1caa6d877e84106ab783d78e1e1a
```

Force systemd to reload its configuration, and then enable and start your new container-myweb user service. To test your work, stop and then start the service and control the container status with the curl and podman ps commands.

Use the systemctl --user daemon-reload command for systemd to take the new unit file into account.
```
[contsvc@servera user]$ systemctl --user daemon-reload
[contsvc@servera user]$ 
```

Enable and start the container-myweb service.

[contsvc@servera user]$ systemctl --user enable --now container-myweb
Created symlink /home/contsvc/.config/systemd/user/multi-user.target.wants/container-myweb.service → /home/contsvc/.config/systemd/user/container-myweb.service.
Created symlink /home/contsvc/.config/systemd/user/default.target.wants/container-myweb.service → /home/contsvc/.config/systemd/user/container-myweb.service.

Use the podman ps and curl commands to verify that the container is running.

[contsvc@servera user]$ podman ps
CONTAINER ID  IMAGE                                          COMMAND               CREATED             STATUS                 PORTS                   NAMES
a648c286c653  registry.lab.example.com/rhel8/httpd-24:1-105  /usr/bin/run-http...  About a minute ago  Up About a minute ago  0.0.0.0:8080->8080/tcp  myweb
[contsvc@servera user]$ curl http://localhost:8080/
Hello World

Take note of the container ID. You will use this information to confirm that systemd creates a new container when you restart the service.

Stop the container-myweb service, and then confirm that the container does not exist anymore. When you stop the service, systemd stops and then deletes the container.
```
[contsvc@servera user]$ systemctl --user stop container-myweb
[contsvc@servera user]$ podman ps --all
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES
```

Start the container-myweb service, and then confirm that the container is running.

[contsvc@servera user]$ systemctl --user start container-myweb
[contsvc@servera user]$ podman ps
CONTAINER ID  IMAGE                                          COMMAND               CREATED        STATUS            PORTS                   NAMES
6f5148b27726  registry.lab.example.com/rhel8/httpd-24:1-105  /usr/bin/run-http...  5 seconds ago  Up 4 seconds ago  0.0.0.0:8080->8080/tcp  myweb

Notice that the container ID has changed. When you start the service, systemd creates a new container.

To ensure user services for the contsvc user start with the server, run the loginctl enable-linger command. When done, restart servera.

Run the loginctl enable-linger command.

[contsvc@servera user]$ loginctl enable-linger
[contsvc@servera user]$

Confirm that the Linger option is set for the contsvc user.

[contsvc@servera user]$ loginctl show-user contsvc
...output omitted...
Linger=yes

Switch to the root user, and then use the systemctl reboot command to restart servera.

[contsvc@servera user]$ su -
Password: redhat
Last login: Fri Aug 28 07:43:40 EDT 2020 on pts/0
[root@servera ~]# systemctl reboot
Connection to servera closed by remote host.
Connection to servera closed.
[student@workstation ~]$

Wait for the servera machine to restart, which takes a few minutes, then, log in to servera as the contsvc user. Confirm that systemd started the myweb container and that the web content is available.

From workstation, use the ssh command to log in to servera as the contsvc user.

[student@workstation ~]$ ssh contsvc@servera
...output omitted...
[contsvc@servera ~]$

Use the podman ps command to confirm that the container is running.

[contsvc@servera ~]$ podman ps
CONTAINER ID  IMAGE                                          COMMAND               CREATED        STATUS            PORTS                   NAMES
1d174e79f08b  registry.lab.example.com/rhel8/httpd-24:1-105  /usr/bin/run-http...  3 minutes ago  Up 3 minutes ago  0.0.0.0:8080->8080/tcp  myweb

Use the curl command to access the web content.

[contsvc@servera ~]$ curl http://localhost:8080/
Hello World

Exit from servera.

[contsvc@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$

Finish

On the workstation machine, run the lab containers-services finish script to complete this exercise.

[student@workstation ~]$ lab containers-services finish

This concludes the guided exercise.

Discuss Red Hat System Administration II

Go to community

Is It possible to reset root password when the system is on multi-user.target?

jennifer1987

27 lip 2023

Hi thereWell, i have a question, Is It possible to reset root password when the system is on multi-user.target? I was not be able to found a foro o some information related with this and another question that I have, If the grub menu dont show up, is it posible to reset the root password?

991

Red Hat System Administration II (RH134)

Haley_Ruccio

21 lip 2023

Build the skills to perform the key tasks needed to become a full-time Linux administratorRed Hat System Administration II (RH134) is the second part of the RHCSA training track for IT professionals who have already attended Red Hat System Administration I. The course goes deeper into core Linux system administration skills in storage configuration and management, installation and deployment of Red Hat Enterprise Linux, management of security features such as SELinux, control of recurring system tasks, management of the boot process and troubleshooting, basic system tuning, and command-line automation and productivity. This course assumes that students have attended Red Hat System Administration I (RH124).Experienced Linux administrators who seek rapid preparation for the RHCSA certification should instead start with RHCSA Rapid Track (RH199).This course is based on Red Hat Enterprise Linux 9.0.Course summaryInstall Red Hat Enterprise Linux using scalable methodsAccess security files, file systems, and networksExecute shell scripting and automation techniquesManage storage devices, logical volumes, and file systemsManage security and system accessControl the boot process and system servicesRun containersAudience for this courseThis course is geared toward Windows system administrators, network administrators, and other system administrators who are interested in supplementing current skills or backstopping other team members, in addition to Linux system administrators who are responsible for these tasks:Configuring, installing, upgrading, and maintaining Linux systems using established standards and proceduresProviding operational supportManaging systems for monitoring system performance and availabilityWriting and deploying scripts for task automation and system administrationRecommended trainingSuccessful completion of Red Hat System Administration I (RH124) is recommended.Experienced Linux administrators seeking to accelerate their path toward becoming a Red Hat Certified System Administrator should start with the RHCSA Rapid Track course (RH199).Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technology requirements.This course is not designed for bring your own device (BYOD).Internet access is not required, but is recommended to allow students to research and access Red Hat online resources.

Welcome to the Red Hat System Administration II (RH134) group in the Red Hat Learning Community!

Deanna

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat System Administration II! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH134.Read more about Red Hat System Administration II here.

417

Revision: rh134-8.2-f0a9756