Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 8. Adding software to a running UBI container

Red Hat Universal Base Images (UBIs) are built from a subset of the RHEL content. UBIs also provide a subset of RHEL packages that are freely available to install for use with UBI. To add or update software to a running container, you can use the yum repositories that include RPM packages and updates. UBIs provide a set of pre-built language runtime container images such as Python, Perl, Node.js, Ruby, and so on.

To add packages from UBI repositories to running UBI containers:

  • On UBI init and UBI standard images, use the yum command
  • On UBI minimal images, use the microdnf command
Note

Installing and working with software packages directly in running containers adds packages temporarily. The changes are not saved in the container image. To make package changes persistent, see section Building an image from a Containerfile with Buildah.

Note

When you add software to a UBI container, procedures differ for updating UBIs on a subscribed RHEL host or on an unsubscribed (or non-RHEL) system.

8.1. Adding software to a UBI container on a subscribed host

If you are running a UBI container on a registered and subscribed RHEL host, the RHEL Base and AppStream repositories are enabled inside the standard UBI container, along with all the UBI repositories.

8.2. Adding software in a standard UBI container

To add software inside the standard UBI container, disable non-UBI yum repositories to ensure the containers you build can be redistributed.

Procedure

  1. Pull and run the registry.access.redhat.com/ubi8/ubi image:

    $ podman run -it --name myubi registry.access.redhat.com/ubi8/ubi
  2. Add a package to the myubi container.

    • To add a package that is in the UBI repository, disable all yum repositories except for UBI repositories. For example, to add the bzip2 package:

      # yum install --disablerepo=* --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos bzip2
    • To add a package that is not in the UBI repository, do not disable any repositories. For example, to add the zsh package:

      # yum install zsh
    • To add a package that is in a different host repository, explicitly enable the repository you need. For example, to install the python38-devel package from the codeready-builder-for-rhel-8-x86_64-rpms repository:

      # yum install --enablerepo=codeready-builder-for-rhel-8-x86_64-rpms  python38-devel

Verification steps

  1. List all enabled repositories inside the container:

    # yum repolist
  2. Ensure that the required repositories are listed.
  3. List all installed packages:

    # rpm -qa
  4. Ensure that the required packages are listed.

    NOTE
    Installing Red Hat packages that are not inside the Red Hat UBI repositories can limit the ability to distribute the container outside of subscribed RHEL systems.

8.3. Adding software in a minimal UBI container

UBI yum repositories are enabled inside UBI Minimal images by default.

Procedure

  1. Pull and run the registry.access.redhat.com/ubi8/ubi-minimal image:

    $ podman run -it --name myubimin registry.access.redhat.com/ubi8/ubi-minimal
  2. Add a package to the myubimin container:

    • To add a package that is in the UBI repository, do not disable any repositories. For example, to add the bzip2 package:

      # microdnf install bzip2
    • To add a package that is in a different host repository, explicitly enable the repository you need. For example, to install the python38-devel package from the codeready-builder-for-rhel-8-x86_64-rpms repository:

      # microdnf install --enablerepo=codeready-builder-for-rhel-8-x86_64-rpms  python38-devel

Verification steps

  1. List all enabled repositories inside the container:

    # microdnf repolist
  2. Ensure that the required repositories are listed.
  3. List all installed packages:

    # rpm -qa
  4. Ensure that the required packages are listed.

    NOTE
    Installing Red Hat packages that are not inside the Red Hat UBI repositories can limit the ability to distribute the container outside of subscribed RHEL systems.

8.4. Adding software to a UBI container on a unsubscribed host

You do not have to disable any repositories when adding software packages on unsubscribed RHEL systems.

Procedure

  • Add a package to a running container based on the UBI standard or UBI init images. Do not disable any repositories. Use the podman run command to run the container. then use the yum install command inside a container.

    • For example, to add the bzip2 package to the UBI standard based container:

      $ podman run -it --name myubi registry.access.redhat.com/ubi8/ubi
      # yum install bzip2
      1. For example, to add the bzip2 package to the UBI init based container:

        $ podman run -it --name myubimin registry.access.redhat.com/ubi8/ubi-minimal
        # microdnf install bzip2

Verification steps

  1. List all enabled repositories:

    • To list all enabled repositories inside the containers based on UBI standard or UBI init images:

      #  yum repolist
    • To list all enabled repositories inside the containers based on UBI minimal containers:

      # microdnf repolist
  2. Ensure that the required repositories are listed.
  3. List all installed packages:

    # rpm -qa
  4. Ensure that the required packages are listed.

8.5. Building UBI-based images

You can create a UBI-based web server container from a Containerfile using the Buildah utility. You have to disable all non-UBI yum repositories to ensure that your image contains only Red Hat software that you can redistribute.

NOTE

For UBI minimal images, use microdnf instead of yum:

RUN microdnf update -y && rm -rf /var/cache/yum
RUN microdnf install httpd -y && microdnf clean all

Procedure

  1. Create a Containerfile:

    FROM registry.access.redhat.com/ubi8/ubi
    USER root
    LABEL maintainer="John Doe"
    # Update image
    RUN yum update --disablerepo=* --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos -y && rm -rf /var/cache/yum
    RUN yum install --disablerepo=* --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos httpd -y && rm -rf /var/cache/yum
    # Add default Web page and expose port
    RUN echo "The Web Server is Running" > /var/www/html/index.html
    EXPOSE 80
    # Start the service
    CMD ["-D", "FOREGROUND"]
    ENTRYPOINT ["/usr/sbin/httpd"]
  2. Build the container image:

    # buildah bud -t johndoe/webserver .
    STEP 1: FROM registry.access.redhat.com/ubi8/ubi:latest
    STEP 2: USER root
    STEP 3: LABEL maintainer="John Doe"
    STEP 4: RUN yum update --disablerepo=* --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos -y
    ...
    Writing manifest to image destination
    Storing signatures
    --> f9874f27050
    f9874f270500c255b950e751e53d37c6f8f6dba13425d42f30c2a8ef26b769f2

Verification steps

  1. Run the web server:

    # podman run -d --name=myweb -p 80:80 johndoe/webserver
    bbe98c71d18720d966e4567949888dc4fb86eec7d304e785d5177168a5965f64
  2. Test the web server:

    # curl http://localhost/index.html
    The Web Server is Running

8.6. Using Application Stream runtime images

Runtime images based on Application Streams offer a set of container images that you can use as the basis for your container builds.

Supported runtime images are Python, Ruby, s2-core, s2i-base, .NET Core, PHP. The runtime images are available in the Red Hat Container Catalog.

NOTE
Because these UBI images contain the same basic software as their legacy image counterparts, you can learn about those images from the Using Red Hat Software Collections Container Images guide.

8.7. Getting UBI container image source code

Source code is available for all Red Hat UBI-based images in the form of downloadable container images. Source container images cannot be run, despite being packaged as containers. To install Red Hat source container images on your system, use the skopeo command, not the podman pull command.

Source container images are named based on the binary containers they represent. For example, for a particular standard RHEL UBI 8 container registry.access.redhat.com/ubi8:8.1-397 append -source to get the source container image (registry.access.redhat.com/ubi8:8.1-397-source).

Procedure

  1. Use the skopeo copy command to copy the source container image to a local directory:

    $ skopeo copy \
    docker://registry.access.redhat.com/ubi8:8.1-397-source \
    dir:$HOME/TEST
    ...
    Copying blob 477bc8106765 done
    Copying blob c438818481d3 done
    ...
    Writing manifest to image destination
    Storing signatures
  2. Use the skopeo inspect command to inspect the source container image:

    $ skopeo inspect dir:$HOME/TEST
    {
        "Digest": "sha256:7ab721ef3305271bbb629a6db065c59bbeb87bc53e7cbf88e2953a1217ba7322",
        "RepoTags": [],
        "Created": "2020-02-11T12:14:18.612461174Z",
        "DockerVersion": "",
        "Labels": null,
        "Architecture": "amd64",
        "Os": "linux",
        "Layers": [
            "sha256:1ae73d938ab9f11718d0f6a4148eb07d38ac1c0a70b1d03e751de8bf3c2c87fa",
            "sha256:9fe966885cb8712c47efe5ecc2eaa0797a0d5ffb8b119c4bd4b400cc9e255421",
            "sha256:61b2527a4b836a4efbb82dfd449c0556c0f769570a6c02e112f88f8bbcd90166",
            ...
            "sha256:cc56c782b513e2bdd2cc2af77b69e13df4ab624ddb856c4d086206b46b9b9e5f",
            "sha256:dcf9396fdada4e6c1ce667b306b7f08a83c9e6b39d0955c481b8ea5b2a465b32",
            "sha256:feb6d2ae252402ea6a6fca8a158a7d32c7e4572db0e6e5a5eab15d4e0777951e"
        ],
        "Env": null
    }
  3. Unpack all the content:

    $ cd $HOME/TEST
    $ for f in $(ls); do tar xvf $f; done
  4. Check the results:

    $ find blobs/ rpm_dir/
    blobs/
    blobs/sha256
    blobs/sha256/10914f1fff060ce31388f5ab963871870535aaaa551629f5ad182384d60fdf82
    rpm_dir/
    rpm_dir/gzip-1.9-4.el8.src.rpm

    If the results are correct, the image is ready to be used.

    NOTE
    It could take several hours after a container image is released for its associated source container to become available.

Additional resources

  • skopeo-copy man page
  • skopeo-inspect man page