RHCSA Rapid Track

Bookmark this page
P1234567891011121314151617
PreviousNext

Guided Exercise: Managing Containers as Services

In this exercise, you will configure a container that is managed as a systemd service, and then use systemctl commands to manage that container so that it automatically starts when the host machine starts.

Outcomes

You should be able to:

  • Create systemd unit files for managing containers.

  • Start and stop containers using systemctl commands.

  • Configure user accounts for systemd user services to start when the host machine starts.

On the workstation machine, log in as the student user with student as the password.

On the workstation machine, run the lab containers-services start command. This command runs a start script that determines if the servera machine is reachable on the network. It also installs the container tools on servera. 

[student@workstation ~]$ lab containers-services start

Procedure 16.5. Instructions

  1. Use the ssh command to log in to servera as the student user. The systems are configured to use SSH keys for authentication, so a password is not required. 

    [student@workstation ~]$ ssh student@servera
...output omitted...
[student@servera ~]$

  2. Use the sudo -i command to switch to the root user. The password for the student user is student. 

    [student@servera ~]$ sudo -i
[sudo] password for student: student
[root@servera ~]#

  3. Create a user account named contsvc using redhat as the password. Configure the account to access the container image registry at registry.lab.example.com. You will use this account to run containers as systemd services, instead of using your regular user account.

    1. Use the useradd command to create the account, and then use the passwd command to set the password to redhat. 

      [root@servera ~]# useradd contsvc
[root@servera ~]# passwd contsvc
Changing password for user contsvc.
New password: redhat
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: redhat
passwd: all authentication tokens updated successfully.

    2. To manage the systemd user services with the contsvc account, you must log in directly as the contsvc user. You cannot use the su and sudo commands.

      Log out of servera, and then use the ssh command to log in as the contsvc user. The systems are configured to use SSH keys for authentication, so a password is not required. 

      [root@servera ~]# exit
logout
[student@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$ ssh contsvc@servera
...output omitted...
[contsvc@servera ~]$

    3. Create the ~/.config/containers/ directory. 

      [contsvc@servera ~]$ mkdir -p ~/.config/containers/
[contsvc@servera ~]$

    4. The lab script prepared the registries.conf file in the /tmp/containers-services/ directory. Copy that file to ~/.config/containers/. The following cp command is very long and should be entered as a single line. 

      [contsvc@servera ~]$ cp /tmp/containers-services/registries.conf ~/.config/containers/

    5. To confirm that you can access the registry.lab.example.com registry, run the podman search ubi command as a test. If everything works as expected, then the command should list some images. 

      [contsvc@servera ~]$ podman search ubi
INDEX         NAME                    DESCRIPTION   STARS   OFFICIAL   AUTOMATED
example.com   registry.lab.example.com/ubi8/ubi         0
example.com   registry.lab.example.com/ubi7/ubi         0

  4. Create the /home/contsvc/webcontent/html/ directory, and then create an index.html test page. You will use that directory as persistent storage when you deploy a web server container.

    1. Create the ~/webcontent/html/ directory. 

      [contsvc@servera ~]$ mkdir -p ~/webcontent/html/
[contsvc@servera ~]$

    2. Create the index.html file and add some content. 

      [contsvc@servera ~]$ echo "Hello World" > ~/webcontent/html/index.html
[contsvc@servera ~]$

    3. Confirm that everyone has access to the directory and the index.html file. The container uses an unprivileged user that must be able to read the index.html file. 

      [contsvc@servera ~]$ ls -ld webcontent/html/
drwxrwxr-x. 2 contsvc contsvc 24 Aug 28 04:56 webcontent/html/
[contsvc@servera ~]$ ls -l webcontent/html/index.html
-rw-rw-r--. 1 contsvc contsvc 12 Aug 28 04:56 webcontent/html/index.html

  5. Create a detached container named myweb. Redirect port 8080 on the local host to the container port 8080. Mount the ~/webcontent directory from the host to the /var/www directory in the container. Use the registry.lab.example.com/rhel8/httpd-24:1-105 image.

    1. Log in to the registry.lab.example.com registry as the admin user with redhat321 as the password. 

      [contsvc@servera ~]$ podman login registry.lab.example.com
Username: admin
Password: redhat321
Login Succeeded!

    2. Create the container. You can copy and paste the following command from the /tmp/containers-services/start-container.txt file. The following podman run command is very long and should be entered as a single line. 

      [contsvc@servera ~]$ podman run -d --name myweb -p 8080:8080 -v ~/webcontent:/var/www:Z registry.lab.example.com/rhel8/httpd-24:1-105
...output omitted...

    3. To verify your work, use the curl command to access the web content on port 8080. 

      [contsvc@servera ~]$ curl http://localhost:8080/
Hello World

  6. Create the systemd unit file for managing the myweb container with systemctl commands. When finished, stop and then delete the myweb container. Systemd manages the container and does not expect the container to exist initially.

    1. Create the ~/.config/systemd/user/ directory. 

      [contsvc@servera ~]$ mkdir -p ~/.config/systemd/user/
[contsvc@servera ~]$

    2. Change to the ~/.config/systemd/user/ directory, and then run the podman generate systemd command to create the unit file for the myweb container. Use the --new option so that systemd creates a new container when starting the service and deletes the container when stopping the service. 

      [contsvc@servera ~]$ cd ~/.config/systemd/user
[contsvc@servera user]$ podman generate systemd --name myweb --files --new
/home/contsvc/.config/systemd/user/container-myweb.service

    3. Stop and then delete the myweb container. 

      [contsvc@servera user]$ podman stop myweb
2f4844b376b78f8f7021fe3a4c077ae52fdc1caa6d877e84106ab783d78e1e1a
[contsvc@servera user]$ podman rm myweb
2f4844b376b78f8f7021fe3a4c077ae52fdc1caa6d877e84106ab783d78e1e1a

  7. Force systemd to reload its configuration, and then enable and start your new container-myweb user service. To test your work, stop and then start the service and control the container status with the curl and podman ps commands.

    1. Use the systemctl --user daemon-reload command for systemd to take the new unit file into account. 

      [contsvc@servera user]$ systemctl --user daemon-reload
[contsvc@servera user]$

    2. Enable and start the container-myweb service. 

      [contsvc@servera user]$ systemctl --user enable --now container-myweb
Created symlink /home/contsvc/.config/systemd/user/multi-user.target.wants/container-myweb.service → /home/contsvc/.config/systemd/user/container-myweb.service.
Created symlink /home/contsvc/.config/systemd/user/default.target.wants/container-myweb.service → /home/contsvc/.config/systemd/user/container-myweb.service.

    3. Use the podman ps and curl commands to verify that the container is running. 

      [contsvc@servera user]$ podman ps
CONTAINER ID  IMAGE                                          COMMAND               CREATED             STATUS                 PORTS                   NAMES
a648c286c653  registry.lab.example.com/rhel8/httpd-24:1-105  /usr/bin/run-http...  About a minute ago  Up About a minute ago  0.0.0.0:8080->8080/tcp  myweb
[contsvc@servera user]$ curl http://localhost:8080/
Hello World

      Take note of the container ID. You will use this information to confirm that systemd creates a new container when you restart the service.

    4. Stop the container-myweb service, and then confirm that the container does not exist anymore. When you stop the service, systemd stops and then deletes the container. 

      [contsvc@servera user]$ systemctl --user stop container-myweb
[contsvc@servera user]$ podman ps --all
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES

    5. Start the container-myweb service, and then confirm that the container is running. 

      [contsvc@servera user]$ systemctl --user start container-myweb
[contsvc@servera user]$ podman ps
CONTAINER ID  IMAGE                                          COMMAND               CREATED        STATUS            PORTS                   NAMES
6f5148b27726  registry.lab.example.com/rhel8/httpd-24:1-105  /usr/bin/run-http...  5 seconds ago  Up 4 seconds ago  0.0.0.0:8080->8080/tcp  myweb

      Notice that the container ID has changed. When you start the service, systemd creates a new container.

  8. To ensure user services for the contsvc user start with the server, run the loginctl enable-linger command. When done, restart servera.

    1. Run the loginctl enable-linger command. 

      [contsvc@servera user]$ loginctl enable-linger
[contsvc@servera user]$

    2. Confirm that the Linger option is set for the contsvc user. 

      [contsvc@servera user]$ loginctl show-user contsvc
...output omitted...
Linger=yes

    3. Switch to the root user, and then use the systemctl reboot command to restart servera. 

      [contsvc@servera user]$ su -
Password: redhat
Last login: Fri Aug 28 07:43:40 EDT 2020 on pts/0
[root@servera ~]# systemctl reboot
Connection to servera closed by remote host.
Connection to servera closed.
[student@workstation ~]$

  9. Wait for the servera machine to restart, which takes a few minutes, then, log in to servera as the contsvc user. Confirm that systemd started the myweb container and that the web content is available.

    1. From workstation, use the ssh command to log in to servera as the contsvc user. 

      [student@workstation ~]$ ssh contsvc@servera
...output omitted...
[contsvc@servera ~]$

    2. Use the podman ps command to confirm that the container is running. 

      [contsvc@servera ~]$ podman ps
CONTAINER ID  IMAGE                                          COMMAND               CREATED        STATUS            PORTS                   NAMES
1d174e79f08b  registry.lab.example.com/rhel8/httpd-24:1-105  /usr/bin/run-http...  3 minutes ago  Up 3 minutes ago  0.0.0.0:8080->8080/tcp  myweb

    3. Use the curl command to access the web content. 

      [contsvc@servera ~]$ curl http://localhost:8080/
Hello World

    4. Exit from servera. 

      [contsvc@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$

Finish

On the workstation machine, run the lab containers-services finish script to complete this exercise. 

[student@workstation ~]$ lab containers-services finish

This concludes the guided exercise.

PreviousNext
Revision: rh199-8.2-3beeb12