Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 23. Using Toolbx for development and troubleshooting

Installing software on a system presents certain risks: it can change a system’s behavior, and can leave unwanted files and directories behind after they are no longer needed. You can prevent these risks by installing your favorite development and debugging tools, editors, and software development kits (SDKs) into the Toolbx fully mutable container without affecting the base operating system. You can perform changes on the host system with commands such as less, lsof, rsync, ssh, sudo, and unzip.

The Toolbx utility performs the following actions:

  1. Pulling the registry.access.redhat.com/ubi8/toolbox:latest image to your local system
  2. Starting up a container from the image
  3. Running a shell inside the container from which you can access the host system
Note

Toolbx can run a root container or a rootless container, depending on the rights of the user who creates the Toolbx container. Utilities that would require root rights on the host system also should be run in root containers.

The default container name is rhel-toolbox.

23.1. Starting a Toolbx container

You can create a Toolbx container by using the toolbox create command. You can then enter the container with the toolbox enter command.

Procedure

  1. Create a Toolbx container:

    • As a rootless user:

      $ toolbox create <mytoolbox>
    • As a root user:

      $ sudo toolbox create <mytoolbox>
      Created container: <mytoolbox>
      Enter with: toolbox enter
    • Verify that you pulled the correct image:

      [user@toolbox ~]$ toolbox list
      IMAGE ID      IMAGE NAME    CREATED
      fe0ae375f149   registry.access.redhat.com/ubi{ProductVersion}/toolbox 5 weeks ago
      
      CONTAINER ID  CONTAINER NAME  CREATED         STATUS   IMAGE NAME
      5245b924c2cb  <mytoolbox>       7 minutes ago   created  registry.access.redhat.com/ubi{ProductVersion}/toolbox:8.9-6
  2. Enter the Toolbx container:

    [user@toolbox ~]$ toolbox enter <mytoolbox>

Verification

  • Enter a command inside the <mytoolbox> container and display the name of the container and the image:

    ⬢ [user@toolbox ~]$ cat /run/.containerenv
    engine="podman-4.8.2"
    name="<mytoolbox>"
    id="5245b924c2cb..."
    image="registry.access.redhat.com/ubi{ProductVersion}/toolbox"
    imageid="fe0ae375f14919cbc0596142e3aff22a70973a36e5a165c75a86ea7ec5d8d65c"

23.2. Using Toolbx for development

You can use a Toolbx container as a rootless user for installation of development tools, such as editors, compilers, and software development kits (SDKs). After installation, you can continue using those tools as a rootless user.

Prerequisites

  • The Toolbx container is created and is running. You entered the Toolbx container. You do not need to create the Toolbx container with root privileges. See Starting the Toolbox container.

Procedure

  • Install the tools of your choice, for example, the Emacs text editor, GCC compiler and GNU Debugger (GDB):

    ⬢[user@toolbox ~]$ sudo yum install emacs gcc gdb

Verification

  • Verify that the tools are installed:

    ⬢[user@toolbox ~]$  yum repoquery --info --installed <package_name>

23.3. Using Toolbx for troubleshooting a host system

You can use a Toolbx container with root privileges to find the root cause of various problems with the host system by using tools such as systemd, journalctl , and nmap, without installing them on the host system. Inside the Toolbx container you can, for example, perform the following actions.

Prerequisites

  • The Toolbx container is created and is running. You entered the Toolbx container. You need to create the Toolbx container with root privileges. See Starting the Toolbox container.

Procedure

  1. Install the systemd suite to be able to run the journalctl command:

    ⬢[root@toolbox ~]# yum install systemd
  2. Display log messages for all processes running on the host:

    ⬢[root@toolbox ~]# j journalctl --boot -0
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: microcode: updated ear>
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: Linux version 6.6.8-10>
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: Command line: BOOT_IMA>
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: x86/split lock detecti>
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: BIOS-provided physical>
  3. Display log messages for the kernel:

    ⬢[root@toolbox ~]# journalctl --boot -0 --dmesg
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: microcode: updated ear>
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: Linux version 6.6.8-10>
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: Command line: BOOT_IMA>
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: x86/split lock detecti>
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: BIOS-provided physical>
    Jan 02 09:06:48 user-thinkpadp1gen4i.brq.csb kernel: BIOS-e820: [mem 0x0000>
  4. Install the nmap network scanning tool:

    ⬢[root@toolbox ~]# yum install nmap
  5. Scan IP addresses and ports in a network:

    ⬢[root@toolbox ~]# nmap -sS scanme.nmap.org
    Starting Nmap 7.93 ( https://nmap.org ) at 2024-01-02 10:39 CET
    Stats: 0:01:01 elapsed; 0 hosts completed (0 up), 256 undergoing Ping Scan
    Ping Scan Timing: About 29.79% done; ETC: 10:43 (0:02:24 remaining)
    Nmap done: 256 IP addresses (0 hosts up) scanned in 206.45 seconds
    • The -sS option performs a TCP SYN scan. Most of Nmap’s scan types are only available to privileged users, because they send and receive raw packets, which requires root access on UNIX systems.

23.4. Stopping the Toolbx container

Use the exit command to leave the Toolbox container and the podman stop commmand to stop the container.

Procedure

  1. Leave the container and return to the host:

    ⬢ [user@toolbox ~]$ exit
  2. Stop the toolbox container:

    ⬢ [user@toolbox ~]$ podman stop <mytoolbox>
  3. Optional: Remove the toolbox container:

    ⬢ [user@toolbox ~]$ toolbox rm <mytoolbox>

    Alternatively, you can also use the podman rm command to remove the container.