RH134 - ch13s08

Bookmark this page

Guided Exercise: Manage Containers as System Services

In this exercise, you configure a container to manage it as a systemd service, and use systemctl commands to manage that container so that it automatically starts when the host machine starts.

Outcomes

Create systemd service files to manage a container.
Configure a container so you can manage it with systemctl commands.
Configure a user account for systemd user services to start a container when the host machine starts.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start containers-services

Instructions

[student@workstation ~]$ ssh student@servera
...output omitted...
[student@servera ~]$

Create a user account called contsvc and use redhat as the password. Use this user account to run containers as systemd services.

Create the contsvc user. Set redhat as the password for the contsvc user.

[student@servera ~]$ sudo useradd contsvc
[sudo] password for student: student
[student@servera ~]$ sudo passwd contsvc
Changing password for user contsvc.
New password: redhat
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: redhat
passwd: all authentication tokens updated successfully.

To manage the systemd user services with the contsvc account, you must log in directly as the contsvc user. You cannot use the su and sudo commands to create a session with the contsvc user.
Return to the workstation machine as the student user, and then log in as the contsvc user.
```
[student@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$ ssh contsvc@servera
...output omitted...
[contsvc@servera ~]$
```

Configure access to the registry.lab.example.com classroom registry in your home directory. Use the /tmp/containers-services/registries.conf file as a template.
1. Create the ~/.config/containers/ directory.
```
[contsvc@servera ~]$ mkdir -p ~/.config/containers/
```
2. The lab script prepares the registries.conf file in the /tmp/containers-services/ directory. Copy that file to the ~/.config/containers/ directory.
```
[contsvc@servera ~]$ cp /tmp/containers-services/registries.conf \
~/.config/containers/
```
3. Verify that you can access the registry.lab.example.com registry. If everything works as expected, then the command should list some images.
```
[contsvc@servera ~]$ podman search ubi
NAME                                    DESCRIPTION
registry.lab.example.com/ubi7/ubi
registry.lab.example.com/ubi8/ubi
registry.lab.example.com/ubi9-beta/ubi
```
Use the /home/contsvc/webcontent/html/ directory as persistent storage for the web server container. Create the index.html test page with the Hello World line inside the directory.
1. Create the ~/webcontent/html/ directory.
```
[contsvc@servera ~]$ mkdir -p ~/webcontent/html/
```
2. Create the index.html file and add the Hello World line.
```
[contsvc@servera ~]$ echo "Hello World" > ~/webcontent/html/index.html
```
3. Verify that the permission for others is set to r-x in the webcontent/html directory, and is set to r-- in the index.html file. The container uses a non-privileged user that must be able to read the index.html file.
```
[contsvc@servera ~]$ ls -ld webcontent/html/
drwxr-xr-x. 2 contsvc contsvc 24 Aug 28 04:56 webcontent/html/
[contsvc@servera ~]$ ls -l webcontent/html/index.html
-rw-r--r--. 1 contsvc contsvc 12 Aug 28 04:56 webcontent/html/index.html
```
Use the registry.lab.example.com/rhel8/httpd-24:1-163 image to run a container called webapp in detached mode. Redirect the 8080 port on the local host to the container 8080 port. Mount the ~/webcontent directory from the host to the /var/www directory in the container.
1. Log in to the registry.lab.example.com registry as the admin user with redhat321 as the password.
```
[contsvc@servera ~]$ podman login registry.lab.example.com
Username: admin
Password: redhat321
Login Succeeded!
```
2. Use the registry.lab.example.com/rhel8/httpd-24:1-163 image to run a container called webapp in detached mode. Use the -p option to map the 8080 port on servera to the 8080 port in the container. Use the -v option to mount the ~/webcontent directory on servera to the /var/www directory in the container.
```
[contsvc@servera ~]$ podman run -d --name webapp -p 8080:8080 -v \
~/webcontent:/var/www:Z registry.lab.example.com/rhel8/httpd-24:1-163
750a681bd37cb6825907e9be4347eec2c4cd79550439110fc6d41092194d0e06
...output omitted...
```
3. Verify that the web service is working on port 8080.
```
[contsvc@servera ~]$ curl http://localhost:8080
Hello World
```
Create a systemd service file to manage the webapp container with systemctl commands. Configure the systemd service so that when you start the service, the systemd daemon creates a container. After you finish the configuration, stop and then delete the webapp container. Remember that the systemd daemon expects that the container does not exist initially.
1. Create and change to the ~/.config/systemd/user/ directory.
```
[contsvc@servera ~]$ mkdir -p ~/.config/systemd/user/
[contsvc@servera ~]$ cd ~/.config/systemd/user
```
2. Create the unit file for the webapp container. Use the --new option so that systemd creates a container when starting the service, and deletes the container when stopping the service.
```
[contsvc@servera user]$ podman generate systemd --name webapp --files --new
/home/contsvc/.config/systemd/user/container-webapp.service
```
3. Stop and then delete the webapp container.
```
[contsvc@servera user]$ podman stop webapp
webapp
[contsvc@servera user]$ podman rm webapp
750a681bd37cb6825907e9be4347eec2c4cd79550439110fc6d41092194d0e06
[contsvc@servera user]$ podman ps -a
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES
```

Reload the systemd daemon configuration, and then enable and start your new container-webapp user service. Verify the systemd service configuration, stop and start the service, and display the web server response and the container status.

Reload the configuration to recognize the new unit file.
```
[contsvc@servera user]$ systemctl --user daemon-reload
```

Enable and start the container-webapp service.

[contsvc@servera user]$ systemctl --user enable --now container-webapp
Created symlink /home/contsvc/.config/systemd/user/default.target.wants/container-webapp.service → /home/contsvc/.config/systemd/user/container-webapp.service.

Verify that the web server responds to requests.

[contsvc@servera user]$ curl http://localhost:8080
Hello World

Verify that the container is running.

[contsvc@servera user]$ podman ps
CONTAINER ID  IMAGE                                           COMMAND               CREATED        STATUS            PORTS                   NAMES
3e996db98071  registry.access.redhat.com/ubi8/httpd-24:1-163  /usr/bin/run-http...  3 minutes ago  Up 3 minutes ago  0.0.0.0:8080->8080/tcp  webapp

Use the container ID information to confirm that the systemd daemon creates a container when you restart the service.

Stop the container-webapp service, and confirm that the container no longer exists. When you stop the service, the systemd daemon stops and then deletes the container.

[contsvc@servera user]$ systemctl --user stop container-webapp
[contsvc@servera user]$ podman ps --all
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES

Start the container-webapp service, and then confirm that the container is running.

The container ID is different, because the systemd daemon creates a container with the start instruction, and deletes the container with the stop instruction.

[contsvc@servera user]$ systemctl --user start container-webapp
[contsvc@servera user]$ podman ps
CONTAINER ID  IMAGE                                          COMMAND               CREATED        STATUS            PORTS                   NAMES
4584b4df514c  registry.access.redhat.com/ubi8/httpd-24:1-163  /usr/bin/run-http...  6 seconds ago  Up 7 seconds ago  0.0.0.0:8080->8080/tcp  webapp

Ensure that the services for the contsvc user start at system boot. When done, restart the servera machine.

Run the loginctl enable-linger command.

[contsvc@servera user]$ loginctl enable-linger

Confirm that the Linger option is set for the contsvc user.

[contsvc@servera user]$ loginctl show-user contsvc
...output omitted...
Linger=yes

Switch to the root user, and then use the systemctl reboot command to restart servera.

[contsvc@servera user]$ su -
Password: redhat
Last login: Fri Aug 28 07:43:40 EDT 2020 on pts/0
[root@servera ~]# systemctl reboot
Connection to servera closed by remote host.
Connection to servera closed.
[student@workstation ~]$

When the servera machine is up again, log in to servera as the contsvc user. Verify that the systemd daemon started the webapp container, and that the web content is available.

[student@workstation ~]$ ssh contsvc@servera
...output omitted...

Verify that the container is running.

[contsvc@servera ~]$ podman ps
CONTAINER ID  IMAGE                                           COMMAND               CREATED        STATUS            PORTS                   NAMES
6c325bf49f84  registry.access.redhat.com/ubi8/httpd-24:1-163  /usr/bin/run-http...  2 minutes ago  Up 2 minutes ago  0.0.0.0:8080->8080/tcp  webapp

Access the web content.

[contsvc@servera ~]$ curl http://localhost:8080
Hello World

Return to the workstation machine as the student user.

[contsvc@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$

Finish

On the workstation machine, run the lab finish containers-services script to complete this exercise.

[student@workstation ~]$ lab finish containers-services

This concludes the section.

Discuss Red Hat System Administration II

Go to community

Is It possible to reset root password when the system is on multi-user.target?

jennifer1987

27 lip 2023

Hi thereWell, i have a question, Is It possible to reset root password when the system is on multi-user.target? I was not be able to found a foro o some information related with this and another question that I have, If the grub menu dont show up, is it posible to reset the root password?

991

Red Hat System Administration II (RH134)

Haley_Ruccio

21 lip 2023

Build the skills to perform the key tasks needed to become a full-time Linux administratorRed Hat System Administration II (RH134) is the second part of the RHCSA training track for IT professionals who have already attended Red Hat System Administration I. The course goes deeper into core Linux system administration skills in storage configuration and management, installation and deployment of Red Hat Enterprise Linux, management of security features such as SELinux, control of recurring system tasks, management of the boot process and troubleshooting, basic system tuning, and command-line automation and productivity. This course assumes that students have attended Red Hat System Administration I (RH124).Experienced Linux administrators who seek rapid preparation for the RHCSA certification should instead start with RHCSA Rapid Track (RH199).This course is based on Red Hat Enterprise Linux 9.0.Course summaryInstall Red Hat Enterprise Linux using scalable methodsAccess security files, file systems, and networksExecute shell scripting and automation techniquesManage storage devices, logical volumes, and file systemsManage security and system accessControl the boot process and system servicesRun containersAudience for this courseThis course is geared toward Windows system administrators, network administrators, and other system administrators who are interested in supplementing current skills or backstopping other team members, in addition to Linux system administrators who are responsible for these tasks:Configuring, installing, upgrading, and maintaining Linux systems using established standards and proceduresProviding operational supportManaging systems for monitoring system performance and availabilityWriting and deploying scripts for task automation and system administrationRecommended trainingSuccessful completion of Red Hat System Administration I (RH124) is recommended.Experienced Linux administrators seeking to accelerate their path toward becoming a Red Hat Certified System Administrator should start with the RHCSA Rapid Track course (RH199).Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technology requirements.This course is not designed for bring your own device (BYOD).Internet access is not required, but is recommended to allow students to research and access Red Hat online resources.

Welcome to the Red Hat System Administration II (RH134) group in the Red Hat Learning Community!

Deanna

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat System Administration II! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH134.Read more about Red Hat System Administration II here.

417

Revision: rh134-9.0-fa57cbe