RH134 - ch13s06

Bookmark this page

Guided Exercise: Manage Container Storage and Network Resources

In this exercise, you pass environment variables to a container during creation, mount persistent storage to a container, create and connect multiple container networks, and expose container ports from the host machine.

Outcomes

Create container networks and connect them to containers.
Troubleshoot failed containers.
Pass environment variables to containers during creation.
Create and mount persistent storage to containers.
Map host ports to ports inside containers.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start containers-resources

Instructions

[student@workstation ~]$ ssh student@servera
...output omitted...
[student@servera ~]$

Create the frontend container network. Create the db_client and db_01 containers and connect them to the frontend network.

Use the podman network create command --subnet and --gateway options to create the frontend network with the 10.89.1.0/24 subnet and the 10.89.1.1 gateway.
```
[student@servera ~]$ podman network create --subnet 10.89.1.0/24 \
--gateway 10.89.1.1 frontend
frontend
```

[student@servera ~]$ podman login registry.lab.example.com
Username: admin
Password: redhat321
Login Succeeded!

Start a container named db_client in the background, and connect it to the frontend network. To be able to install packages in the db_client container, mount the /etc/yum.repos.d DNF repositories directory at the /etc/yum.repos.d container path. Run the sleep infinity command in the db_client container to prevent the container from exiting. Use the registry.lab.example.com/ubi9-beta/ubi image.
```
[student@servera ~]$ podman run -d --name db_client \
--network frontend \
-v /etc/yum.repos.d:/etc/yum.repos.d \
registry.lab.example.com/ubi9-beta/ubi \
sleep infinity
e20dfed7e392abe4b7bea3c25e9cb17ef95d16af9cedd50d68f997a663ba6c15
```

Start in the background a container named db_01 that is connected to the frontend network. Use the registry.lab.example.com/rhel8/mariadb-105 image.

[student@servera ~]$ podman run -d --name db_01 --network frontend \
registry.lab.example.com/rhel8/mariadb-105
3e767ae6eea4578152a216beb5ae98c8ef03a2d66098debe2736b8b458bab405

View all containers.

[student@servera ~]$ podman ps -a
CONTAINER ID  IMAGE                                              COMMAND     CREATED       STATUS                   PORTS       NAMES
e20dfed7e392  registry.lab.example.com/ubi8/ubi:latest           sleep infinity  56 seconds ago  Up 56 seconds ago              db_client
3e767ae6eea4  registry.lab.example.com/rhel8/mariadb-105:latest  run-mysqld  1 second ago  Exited (1) 1 second ago              db_01

Troubleshoot the db_01 container and determine why it is not running. Re-create the db_01 container by using the required environment variables.

View the container logs and determine why the container exited.

[student@servera ~]$ podman container logs db_01
...output omitted...
You must either specify the following environment variables:
  MYSQL_USER (regex: '^[a-zA-Z0-9_]+$')
  MYSQL_PASSWORD (regex: '^[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]+$')
  MYSQL_DATABASE (regex: '^[a-zA-Z0-9_]+$')
Or the following environment variable:
  MYSQL_ROOT_PASSWORD (regex: '^[a-zA-Z0-9_~!@#$%^&*()-=<>,.?;:|]+$')
Or both.
...output omitted...

Remove the db_01 container and create it again with environment variables. Provide the required environment variables.

[student@servera ~]$ podman rm db_01
3e767ae6eea4578152a216beb5ae98c8ef03a2d66098debe2736b8b458bab405
[student@servera ~]$ podman run -d --name db_01 \
--network frontend \
-e MYSQL_USER=dev1 \
-e MYSQL_PASSWORD=devpass \
-e MYSQL_DATABASE=devdb \
-e MYSQL_ROOT_PASSWORD=redhat \
registry.lab.example.com/rhel8/mariadb-105
948c4cd767b561432056e77adb261ab4024c1b66a22af17861aba0f16c66273b

View the current running containers.

[student@servera ~]$ podman ps
CONTAINER ID  IMAGE                                              COMMAND         CREATED         STATUS             PORTS       NAMES
e20dfed7e392  registry.lab.example.com/ubi8/ubi:latest           sleep infinity  56 seconds ago  Up 56 seconds ago              db_client
948c4cd767b5  registry.lab.example.com/rhel8/mariadb-105:latest  run-mysqld      11 seconds ago  Up 12 seconds ago              db_01

Create persistent storage for the containerized MariaDB service, and map the local machine 13306 port to the 3306 port in the container. Allow traffic to the 13306 port on the servera machine.

Create the /home/student/databases directory on the servera machine.
```
[student@servera ~]$ mkdir /home/student/databases
```

Obtain the mysql UID and GID from the db_01 container, and then remove the db01 container.

[student@servera ~]$ podman exec -it db_01 grep mysql /etc/passwd
mysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologin
[student@servera ~]$ podman stop db_01
db_01
[student@servera ~]$ podman rm db_01
948c4cd767b561432056e77adb261ab4024c1b66a22af17861aba0f16c66273b

Run the chown command inside the container namespace, and set the user and group owner to 27 on the /home/student/database directory.

[student@servera ~]$ podman unshare chown 27:27 /home/student/databases/
[student@servera ~]$ ls -l /home/student/
total 0
drwxr-xr-x. 2 100026 100026 6 May  9 17:40 databases

Create the db_01 container, and mount the /home/student/databases directory from the servera machine to the /var/lib/mysql directory inside the db_01 container. Use the Z option to apply the required SELinux context.

[student@servera ~]$ podman run -d --name db_01 \
--network frontend \
-e MYSQL_USER=dev1 \
-e MYSQL_PASSWORD=devpass \
-e MYSQL_DATABASE=devdb \
-e MYSQL_ROOT_PASSWORD=redhat \
-v /home/student/databases:/var/lib/mysql:Z \
-p 13306:3306 \
registry.lab.example.com/rhel8/mariadb-105

Install the mariadb package in the db_client container.

[student@servera ~]$ podman exec -it db_client dnf install -y mariadb
...output omitted...
Complete!

Create the crucial_data table in the dev_db database in the db_01 container from the db_client container.

[student@servera ~]$ podman exec -it db_client mysql -u dev1 -p -h db_01
Enter password: devpass
...output omitted...
MariaDB [(none)]> USE devdb;
Database changed
MariaDB [devdb]> CREATE TABLE crucial_data(column1 int);
Query OK, 0 rows affected (0.036 sec)

MariaDB [devdb]> SHOW TABLES;
+-----------------+
| Tables_in_devdb |
+-----------------+
| crucial_data    |
+-----------------+
1 row in set (0.001 sec)

MariaDB [devdb]> quit
Bye

Allow port 13306 traffic in the firewall on the servera machine.

[student@servera ~]$ sudo firewall-cmd --add-port=13306/tcp --permanent
[sudo] password for student: student
success
[student@servera ~]$ sudo firewall-cmd --reload
success

Open a second terminal on the workstation machine and use the MariaDB client to connect to the servera machine on port 13306, to show tables inside the db_01 container that are stored in the persistent storage.

[student@workstation ~]$ mysql -u dev1 -p -h servera --port 13306 \
devdb -e 'SHOW TABLES';
Enter password: devpass
+-----------------+
| Tables_in_devdb |
+-----------------+
| crucial_data    |
+-----------------+

Create a second container network called backend, and connect the backend network to the db_client and db_01 containers. Test network connectivity and DNS resolution between the containers.

Create the backend network with the 10.90.0.0/24 subnet and the 10.90.0.1 gateway.

[student@servera ~]$ podman network create --subnet 10.90.0.0/24 \
--gateway 10.90.0.1 backend
backend

Connect the backend container network to the db_client and db_01 containers.

[student@servera ~]$ podman network connect backend db_client
[student@servera ~]$ podman network connect backend db_01

Obtain the IP addresses of the db_01 container.

[student@servera ~]$ podman inspect db_01
...output omitted...
               "Networks": {
                    "backend": {
                         "EndpointID": "",
                         "Gateway": "10.90.0.1",
                         "IPAddress": "10.90.0.3",
...output omitted...
                    "frontend": {
                         "EndpointID": "",
                         "Gateway": "10.89.1.1",
                         "IPAddress": "10.89.1.5",
...output omitted...

Install the iputils package in the db_client container.

[student@servera ~]$ podman exec -it db_client dnf install -y iputils
...output omitted...
Complete!

Ping the db_01 container name from the db_client container.

[student@servera ~]$ podman exec -it db_client ping -c4 db_01
PING db_01.dns.podman (10.90.0.3) 56(84) bytes of data.
...output omitted...
--- db_01.dns.podman ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3048ms
rtt min/avg/max/mdev = 0.043/0.049/0.054/0.004 ms

Exit the servera machine.

[student@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish containers-resources

This concludes the section.

Discuss Red Hat System Administration II

Go to community

Is It possible to reset root password when the system is on multi-user.target?

jennifer1987

27 lip 2023

Hi thereWell, i have a question, Is It possible to reset root password when the system is on multi-user.target? I was not be able to found a foro o some information related with this and another question that I have, If the grub menu dont show up, is it posible to reset the root password?

991

Red Hat System Administration II (RH134)

Haley_Ruccio

21 lip 2023

Build the skills to perform the key tasks needed to become a full-time Linux administratorRed Hat System Administration II (RH134) is the second part of the RHCSA training track for IT professionals who have already attended Red Hat System Administration I. The course goes deeper into core Linux system administration skills in storage configuration and management, installation and deployment of Red Hat Enterprise Linux, management of security features such as SELinux, control of recurring system tasks, management of the boot process and troubleshooting, basic system tuning, and command-line automation and productivity. This course assumes that students have attended Red Hat System Administration I (RH124).Experienced Linux administrators who seek rapid preparation for the RHCSA certification should instead start with RHCSA Rapid Track (RH199).This course is based on Red Hat Enterprise Linux 9.0.Course summaryInstall Red Hat Enterprise Linux using scalable methodsAccess security files, file systems, and networksExecute shell scripting and automation techniquesManage storage devices, logical volumes, and file systemsManage security and system accessControl the boot process and system servicesRun containersAudience for this courseThis course is geared toward Windows system administrators, network administrators, and other system administrators who are interested in supplementing current skills or backstopping other team members, in addition to Linux system administrators who are responsible for these tasks:Configuring, installing, upgrading, and maintaining Linux systems using established standards and proceduresProviding operational supportManaging systems for monitoring system performance and availabilityWriting and deploying scripts for task automation and system administrationRecommended trainingSuccessful completion of Red Hat System Administration I (RH124) is recommended.Experienced Linux administrators seeking to accelerate their path toward becoming a Red Hat Certified System Administrator should start with the RHCSA Rapid Track course (RH199).Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technology requirements.This course is not designed for bring your own device (BYOD).Internet access is not required, but is recommended to allow students to research and access Red Hat online resources.

Welcome to the Red Hat System Administration II (RH134) group in the Red Hat Learning Community!

Deanna

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat System Administration II! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH134.Read more about Red Hat System Administration II here.

417

Revision: rh134-9.0-fa57cbe