RH199 - ch16s09

Course update

An updated version of this course is available that uses a newer version of Red Hat Enterprise Linux in the lab environment. Therefore, the RHEL 9.0 version of the lab environment will retire on December 31, 2024. Please complete any work in this lab environment before it is removed on December 31, 2024. For the most up-to-date version of this course, we recommend moving to the RHEL 9.3 version.

Preface A: Introduction

Section A.1: RHCSA Rapid Track

Section A.2: Orientation to the Classroom Environment

Section A.3: Performing Lab Exercises

Chapter 1: Access Systems and Get Support

Section 1.1: Edit Text Files from the Shell Prompt

Section 1.2: Guided Exercise: Edit Text Files from the Shell Prompt

Section 1.3: Configure SSH Key-based Authentication

Section 1.4: Guided Exercise: Configure SSH Key-based Authentication

Section 1.5: Create a Diagnostics Report

Section 1.6: Guided Exercise: Create a Diagnostics Report

Section 1.7: Detect and Resolve Issues with Red Hat Insights

Section 1.8: Quiz: Detect and Resolve Issues with Red Hat Insights

Section 1.9: Summary

Chapter 2: Manage Files from the Command Line

Section 2.1: Describe Linux File System Hierarchy Concepts

Section 2.2: Quiz: Describe Linux File System Hierarchy Concepts

Section 2.3: Make Links Between Files

Section 2.4: Guided Exercise: Make Links Between Files

Section 2.5: Match File Names with Shell Expansions

Section 2.6: Quiz: Match File Names with Shell Expansions

Section 2.7: Lab: Manage Files from the Command Line

Section 2.8: Summary

Chapter 3: Manage Local Users and Groups

Section 3.1: Describe User and Group Concepts

Section 3.2: Quiz: Describe User and Group Concepts

Section 3.3: Gain Superuser Access

Section 3.4: Guided Exercise: Gain Superuser Access

Section 3.5: Manage Local User Accounts

Section 3.6: Guided Exercise: Manage Local User Accounts

Section 3.7: Manage Local Group Accounts

Section 3.8: Guided Exercise: Manage Local Group Accounts

Section 3.9: Manage User Passwords

Section 3.10: Guided Exercise: Manage User Passwords

Section 3.11: Lab: Manage Local Users and Groups

Section 3.12: Summary

Chapter 4: Control Access to Files

Section 4.1: Manage File System Permissions from the Command Line

Section 4.2: Guided Exercise: Manage File System Permissions from the Command Line

Section 4.3: Manage Default Permissions and File Access

Section 4.4: Guided Exercise: Manage Default Permissions and File Access

Section 4.5: Lab: Control Access to Files

Section 4.6: Summary

Chapter 5: Manage SELinux Security

Section 5.1: Change the SELinux Enforcement Mode

Section 5.2: Guided Exercise: Change the SELinux Enforcement Mode

Section 5.3: Control SELinux File Contexts

Section 5.4: Guided Exercise: Control SELinux File Contexts

Section 5.5: Adjust SELinux Policy with Booleans

Section 5.6: Guided Exercise: Adjust SELinux Policy with Booleans

Section 5.7: Investigate and Resolve SELinux Issues

Section 5.8: Guided Exercise: Investigate and Resolve SELinux Issues

Section 5.9: Lab: Manage SELinux Security

Section 5.10: Summary

Chapter 6: Tune System Performance

Section 6.1: Kill Processes

Section 6.2: Guided Exercise: Kill Processes

Section 6.3: Monitor Process Activity

Section 6.4: Guided Exercise: Monitor Process Activity

Section 6.5: Adjust Tuning Profiles

Section 6.6: Guided Exercise: Adjust Tuning Profiles

Section 6.7: Influence Process Scheduling

Section 6.8: Guided Exercise: Influence Process Scheduling

Section 6.9: Lab: Tune System Performance

Section 6.10: Summary

Chapter 7: Schedule Future Tasks

Section 7.1: Schedule Recurring User Jobs

Section 7.2: Guided Exercise: Schedule Recurring User Jobs

Section 7.3: Schedule Recurring System Jobs

Section 7.4: Guided Exercise: Schedule Recurring System Jobs

Section 7.5: Manage Temporary Files

Section 7.6: Guided Exercise: Manage Temporary Files

Section 7.7: Quiz: Schedule Future Tasks

Section 7.8: Summary

Chapter 8: Install and Update Software Packages

Section 8.1: Register Systems for Red Hat Support

Section 8.2: Quiz: Register Systems for Red Hat Support

Section 8.3: Install and Update Software Packages with DNF

Section 8.4: Guided Exercise: Install and Update Software Packages with DNF

Section 8.5: Enable DNF Software Repositories

Section 8.6: Guided Exercise: Enable DNF Software Repositories

Section 8.7: Lab: Install and Update Software Packages

Section 8.8: Summary

Chapter 9: Manage Basic Storage

Section 9.1: Mount and Unmount File Systems

Section 9.2: Guided Exercise: Mount and Unmount File Systems

Section 9.3: Add Partitions, File Systems, and Persistent Mounts

Section 9.4: Guided Exercise: Add Partitions, File Systems, and Persistent Mounts

Section 9.5: Manage Swap Space

Section 9.6: Guided Exercise: Manage Swap Space

Section 9.7: Lab: Manage Basic Storage

Section 9.8: Summary

Chapter 10: Manage Storage Stack

Section 10.1: Create and Extend Logical Volumes

Section 10.2: Guided Exercise: Create and Extend Logical Volumes

Section 10.3: Lab: Manage Storage Stack

Section 10.4: Summary

Chapter 11: Control Services and Boot Process

Section 11.1: Identify Automatically Started System Processes

Section 11.2: Guided Exercise: Identify Automatically Started System Processes

Section 11.3: Control System Services

Section 11.4: Guided Exercise: Control System Services

Section 11.5: Select the Boot Target

Section 11.6: Guided Exercise: Select the Boot Target

Section 11.7: Reset the Root Password

Section 11.8: Guided Exercise: Reset the Root Password

Section 11.9: Repair File-system Issues at Boot

Section 11.10: Guided Exercise: Repair File-system Issues at Boot

Section 11.11: Lab: Control the Boot Process

Section 11.12: Summary

Chapter 12: Analyze and Store Logs

Section 12.1: Describe System Log Architecture

Section 12.2: Quiz: Describe System Log Architecture

Section 12.3: Review Syslog Files

Section 12.4: Guided Exercise: Review Syslog Files

Section 12.5: Review System Journal Entries

Section 12.6: Guided Exercise: Review System Journal Entries

Section 12.7: Preserve the System Journal

Section 12.8: Guided Exercise: Preserve the System Journal

Section 12.9: Maintain Accurate Time

Section 12.10: Guided Exercise: Maintain Accurate Time

Section 12.11: Lab: Analyze and Store Logs

Section 12.12: Summary

Chapter 13: Manage Networking

Section 13.1: Validate Network Configuration

Section 13.2: Guided Exercise: Validate Network Configuration

Section 13.3: Configure Networking from the Command Line

Section 13.4: Guided Exercise: Configure Networking from the Command Line

Section 13.5: Edit Network Configuration Files

Section 13.6: Guided Exercise: Edit Network Configuration Files

Section 13.7: Configure Hostnames and Name Resolution

Section 13.8: Guided Exercise: Configure Hostnames and Name Resolution

Section 13.9: Lab: Manage Networking

Section 13.10: Summary

Chapter 14: Access Network-Attached Storage

Section 14.1: Manage Network-Attached Storage with NFS

Section 14.2: Guided Exercise: Manage Network-Attached Storage with NFS

Section 14.3: Automount Network-Attached Storage

Section 14.4: Guided Exercise: Automount Network-Attached Storage

Section 14.5: Lab: Access Network-Attached Storage

Section 14.6: Summary

Chapter 15: Manage Network Security

Section 15.1: Manage Server Firewalls

Section 15.2: Guided Exercise: Manage Server Firewalls

Section 15.3: Control SELinux Port Labeling

Section 15.4: Guided Exercise: Control SELinux Port Labeling

Section 15.5: Lab: Manage Network Security

Section 15.6: Summary

Chapter 16: Run Containers

Section 16.1: Container Concepts

Section 16.2: Quiz: Container Concepts

Section 16.3: Deploy Containers

Section 16.4: Guided Exercise: Deploy Containers

Section 16.5: Manage Container Storage and Network Resources

Section 16.6: Guided Exercise: Manage Container Storage and Network Resources

Section 16.7: Manage Containers as System Services

Section 16.8: Guided Exercise: Manage Containers as System Services

SectionSection 16.9: Lab: Run Containers

Section 16.10: Summary

Chapter 17: Comprehensive Review

Section 17.1: Comprehensive Review

Section 17.2: Lab: Fix Boot Issues and Maintain Servers

Section 17.3: Lab: Configure and Manage File Systems and Storage

Section 17.4: Lab: Configure and Manage Server Security

Section 17.5: Lab: Run Containers

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Lab: Run Containers

In this lab, you configure on your server a container that provides a MariaDB database service, stores its database on persistent storage, and starts automatically with the server.

Outcomes

Create detached containers.
Configure port redirection and persistent storage.
Configure systemd for containers to start when the host machine starts.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start containers-review

Instructions

On serverb, install the container tools package.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$

Install the container-tools package.

[student@serverb ~]$ sudo dnf install container-tools
[sudo] password for student: student
...output omitted...
Is this ok [y/N]: y
...output omitted...
Complete!

The container image registry at registry.lab.example.com stores the rhel8/mariadb-103 image with several tags. Use the podsvc user to list the available tags and note the tag with the lowest version number. Use the admin user and redhat321 password to authenticate to the registry. Use the /tmp/registries.conf file as a template for the registry configuration.
Return to the workstation machine as the student user.
[student@serverb ~]$ exit logout Connection to serverb closed. [student@workstation ~]$
Log in to serverb as the podsvc user.
[student@workstation ~]$ ssh podsvc@serverb ...output omitted... [podsvc@serverb ~]$
Configure access to the registry.lab.example.com classroom registry in your home directory. Use the /tmp/registries.conf file as a template.
[podsvc@serverb ~]$ mkdir -p ~/.config/containers/ [podsvc@serverb ~]$ cp /tmp/registries.conf \ ~/.config/containers/
Log in to the container registry with the podman login command.
[podsvc@serverb ~]$ podman login registry.lab.example.com Username: admin Password: redhat321 Login Succeeded!
Note
The repository that contains the mariadb container image is not a public repository, and so the podman search mariadb command returns no results. Review the note in the podman-search (1) man page about the unreliability of using podman-search to determine the existence of an image.
View information about the registry.lab.example.com/rhel8/mariadb-103 image.
[podsvc@serverb ~]$ skopeo inspect \ docker://registry.lab.example.com/rhel8/mariadb-103 { "Name": "registry.lab.example.com/rhel8/mariadb-103", "Digest": "sha256:a95b...4816", "RepoTags": [ "1-86", "1-102", "latest" ], ...output omitted...
The lowest version tag is the 1-86 version.
Create the /home/podsvc/db_data directory, and configure the directory so that containers have read/write access. Then, create the inventorydb detached container. Use the rhel8/mariadb-103 image from the registry.lab.example.com registry, and specify the tag with the lowest version number on that image, which you found in a preceding step. Map port 3306 in the container to port 13306 on the host. Mount the /home/podsvc/db_data directory on the host as /var/lib/mysql/data in the container. Declare the following variable values for the container:
Variable Value
MYSQL_USER operator1
MYSQL_PASSWORD redhat
MYSQL_DATABASE inventory
MYSQL_ROOT_PASSWORD redhat
You can copy and paste these parameters from the /home/podsvc/containers-review/variables file on serverb. Execute the /home/podsvc/containers-review/testdb.sh script to confirm that the MariaDB database is running.
Start the db_01 detached container to obtain the mysql UID and GID.
[podsvc@serverb ~]$ podman run -d --name db_01 -p 13306:3306 \ -e MYSQL_USER=operator1 \ -e MYSQL_PASSWORD=redhat \ -e MYSQL_DATABASE=inventory \ -e MYSQL_ROOT_PASSWORD=redhat \ registry.lab.example.com/rhel8/mariadb-103:1-86 ...output omitted... c33f85d177dc8c51a303e231e6be63c1f251b9d426b4ccb56498603ab72d4219
Create the /home/podsvc/db_data directory.
[podsvc@serverb ~]$ mkdir /home/podsvc/db_data
Obtain the mysql UID and GID from the db_01 container, and then remove the db01 container.
[podsvc@serverb ~]$ podman exec -it db_01 grep mysql /etc/passwd mysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologin [podsvc@serverb ~]$ podman stop db_01 db_01 [podsvc@serverb ~]$ podman rm db_01 c33f85d177dc8c51a303e231e6be63c1f251b9d426b4ccb56498603ab72d4219
Use the podman unshare command to set the user namespace UID and GID of 27 as the owner of the directory.
[podsvc@serverb ~]$ podman unshare chown 27:27 /home/podsvc/db_data
Create the container.
[podsvc@serverb ~]$ podman run -d --name inventorydb -p 13306:3306 \ -e MYSQL_USER=operator1 \ -e MYSQL_PASSWORD=redhat \ -e MYSQL_DATABASE=inventory \ -e MYSQL_ROOT_PASSWORD=redhat \ -v /home/podsvc/db_data:/var/lib/mysql/data:Z \ registry.lab.example.com/rhel8/mariadb-103:1-86 ...output omitted...
Confirm that the database is running.
[podsvc@serverb ~]$ ~/containers-review/testdb.sh Testing the access to the database... SUCCESS

Variable	Value
`MYSQL_USER`	`operator1`
`MYSQL_PASSWORD`	`redhat`
`MYSQL_DATABASE`	`inventory`
`MYSQL_ROOT_PASSWORD`	`redhat`

Configure the systemd daemon so that the inventorydb container starts automatically when the system boots.

If you used sudo or su to log in as the podsvc user, then exit serverb and use the ssh command to log in directly to serverb as the podsvc user. Remember, the systemd daemon requires the user to open a direct session from the console or through SSH. Omit this step if you already logged in to the serverb machine as the podsvc user by using SSH.
```
[student@workstation ~]$ ssh podsvc@serverb
...output omitted...
[podsvc@serverb ~]$
```

Create the ~/.config/systemd/user/ directory.

[podsvc@serverb ~]$ mkdir -p ~/.config/systemd/user/

Create the systemd unit file from the running container.

[podsvc@serverb ~]$ cd ~/.config/systemd/user/
[podsvc@serverb user]$ podman generate systemd --name inventorydb --files --new
/home/podsvc/.config/systemd/user/container-inventorydb.service

Stop and then delete the inventorydb container.

[podsvc@serverb user]$ podman stop inventorydb
inventorydb
[podsvc@serverb user]$ podman rm inventorydb
0d28f0e0a4118ff019691e34afe09b4d28ee526079b58d19f03b324bd04fd545

Instruct the systemd daemon to reload its configuration, and then enable and start the container-inventorydb service.

[podsvc@serverb user]$ systemctl --user daemon-reload
[podsvc@serverb user]$ systemctl --user enable --now container-inventorydb.service
Created symlink /home/podsvc/.config/systemd/user/default.target.wants/container-inventorydb.service â†’ /home/podsvc/.config/systemd/user/container-inventorydb.service.

Confirm that the container is running.

[podsvc@serverb user]$ ~/containers-review/testdb.sh
Testing the access to the database...
SUCCESS
[podsvc@serverb user]$ podman ps
CONTAINER ID  IMAGE                                            COMMAND     CREATED         STATUS             PORTS                    NAMES
3ab24e7f000d  registry.lab.example.com/rhel8/mariadb-103:1-86  run-mysqld  47 seconds ago  Up 46 seconds ago  0.0.0.0:13306->3306/tcp  inventorydb

Run the loginctl enable-linger command for the user services to start automatically when the server starts.
```
[podsvc@serverb ~]$ loginctl enable-linger
```

Return to the workstation machine as the student user.

[podsvc@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade containers-review

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish containers-review

This concludes the section.

Revision: rh199-9.0-4fecb06

RHCSA Rapid Track

Course update

Lab: Run Containers

Note