RHEL 8 New Features for Experienced Linux Administrators
Abstract
| Goal | Explain the new container runtime engine and tools which replace the docker container engine. |
| Objectives |
|
| Sections |
|
| Lab |
Managing Containers with the New Runtime |
Objectives
After completing this section, students should be able to describe the new container engine and utilities and observe the planned similarity in syntax and function, and the increase in performance and features.
The Podman Container Engine
Red Hat Enterprise Linux 8 includes the container-tools package module, which provides a new container engine named Podman which replaces Docker and Moby. The container-tools package module also contains other tools such as Buildah to build container images, Skopeo to manage container images on registries, and runc. In contrast to Docker, which depends on daemons to build and run containers, this new toolset and container engine allow building and running containers without daemons.
The New Container Runtime Toolset
RHEL 8 replaces Docker with a new container runtime which supports most of the Docker functionality.
RHEL 8's container runtime toolset supports Open Container Initiative (OCI) standards, which for example enables reusing third-party containers images.
The container runtime provides a daemon-less container engine. This architecture does not require an active
root-privileged daemon to run containers. Users run containers withoutrootprivileges.This architecture uses a fork/exec model, which enhances integration with the kernel's
auditsecurity feature. This replaces the Docker client/server model, which uses whatauditrefers to as the unset audit UID.The container-tools package module provides the new container runtime toolset and engine.
Describing the new Container Runtime Toolset
The podman container engine is daemon-less and supports the execution of containers.
The podman syntax is similar to the docker command, and also supports Dockerfile use.
Buildah builds containers images, either from scratch or from a Dockerfile.
Copy and inspect container images in registries with Skopeo.
Skopeo supports Docker and private registries, the Atomic registry, and local directories, including those which use OCI.
Pacemaker Resource Bundles
Describing Pacemaker Resource Bundles
RHEL 8 includes Pacemaker container bundles with podman as a technology preview.
A Pacemaker bundle supports the execution of the same container across all hosts belonging to a specific node type, for example an OpenStack controller node.
A bundle also maps the required storage inside the container directories, and customizes specific attributes in the container.
Red Hat OpenStack Platform currently supports Pacemaker bundles.
References
For more information, refer to the Working with containers and Building container images with Buildah chapters in the Red Hat Enterprise Linux 8 Building, Running, and Managing Containers Guide at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/building_running_and_managing_containers
Containers without daemons: Podman and Buildah
Knowledgebase: Pacemaker 2.0 upgrade in Red Hat Enterprise Linux 8
