Red Hat Training

A Red Hat training course is available for Red Hat Satellite

Chapter 8. Working with Containers

Docker is an open source project that automates the deployment of applications inside Linux Containers, and provides the capability to package an application with its runtime dependencies into a container. Linux containers enable rapid application deployment, simpler testing, maintenance, and troubleshooting while improving security. For more information see Get Started with Docker Formatted Container Images on Red Hat Systems on the Red Hat Customer Portal.
A container in the Docker format is composed of the following parts:
  • Container (in the narrow sense of the word) is an application sandbox. Each container is based on an image that holds necessary configuration data. When you launch a container from an image, a writable layer is added on top of this image. Every time you commit a container a new image layer is added to store your changes.
  • Image is a static snapshot of the containers' configuration. Image is a read-only layer that is never modified, all changes are made in top-most writable layer, and can be saved only by creating a new image. Each image depends on one or more parent images.
  • Platform image an image that has no parent. Platform images define the runtime environment, packages and utilities necessary for containerized applications to run. The platform image is read-only, so any changes are reflected in the copied images stacked on top of it. See Get Started with Docker Formatted Container Images on Red Hat Systems for information on how to access Red Hat Enterprise Linux platform images. See Example 8.1, “Creating a Red Hat Enterprise Linux Container in Satellite”.
  • Registry is a public or private archive that contains images available for download. Some registries allow users to upload images to make them available to others. Red Hat Satellite allows you to import images from local and external registries. Satellite itself can act as an image registry for hosts, however, hosts cannot push changes back to the registry. For more information, see Section 8.1.1, “Creating a New Container”
  • Tags are added to images to differentiate them from similar images in a repository. In practice, they typically mark versions of the application inside the image. Repositories are used to group similar images together in a container registry. Images only have unique alphanumeric identifiers, so repositories provide a way to name images (by using tags). Naming in form or repository:tag is a human-readable way of identifying images. See Section 8.5, “Using Tags”, or Section 8.2, “Working with Repositories” for details.
With Red Hat Satellite, you can create an on premise registry, import images from various sources and distribute them to containers using content views. Satellite provides a Docker compute resource, that acts as a server for running containers. This way, you can import an image, start a container based on this image, monitor the container's activity, and commit it's state to a new image layer that can be further propagated. For more information on loading images to a content view, see Section 5.2, “Adding Repositories to the Content View”.

8.1. Managing Containers

The following sections show how to create, view, start, stop, and commit a container.

8.1.1. Creating a New Container

In Red Hat Satellite, you can deploy containers only on a compute resource of the Docker provider type. Therefore, when attempting to view or create containers for the first time, you are prompted to create the Docker compute resource. To do so, follow the steps described in Section 11.3.4, “Compute Resources”.
Once there is at least one Docker compute resource present on your Satellite, you can create and view containers. To create a new container, follow the steps described in Procedure 8.1, “Creating a Container”. For instructions on how to investigate the already created containers, see Section 8.1.2, “Investigating Containers”.
To create a container, you first have to import an image, which can be a platform image, or a previously created layered image. Satellite supports the following image sources:
  • Local content: represented by the Satellite option when creating a container. This option allows you to import an image from a repository that is already present on a capsule server in a certain content view and life cycle environment. For more information on how to create and populate a local registry, see Section 8.2, “Working with Repositories”.
  • Docker Hub: allows you to search the Docker Hub registry and pull images from there. Make sure that you pull only trusted images with verified content.
  • External Registry: allows you to import images from a previously created external registry. For more information on creating registries in Red Hat Satellite, see Section 8.3, “Adding an External Registry”.

Note

Note that you can not change the container configuration once the container is created. To alter the configuration, you have to create a replacement container with modified settings as described in Procedure 8.1, “Creating a Container”. Therefore, make sure that containers can be easily replaced in your workflow.

Procedure 8.1. Creating a Container

  1. Navigate to ContainersNew Container. Alternatively, navigate to ContainersAll Containers and click New container.
  2. In the Preliminary stage of container creation configure the following settings:
    • On the Compute resource tab, select the compute resource from the Deployed on drop-down menu. See Section 11.3.4, “Compute Resources” for more information on compute resources.
    • On the Locations tab, select the locations where the new container will be available.
    • On the Organizations tab, select the organizations where the new container will be available.
    Click Next to proceed.
  3. In the Image stage of container creation import an image that will act as a base for your container. This can be a platform image, or a previously created layered image. Select from one of the following options:
    • Select the Satellite tab to import an image from a life cycle environment. Specify the life cycle environment, content view, repository, tag, and Capsule Server.
    • Select the Docker hub tab to import an image from the Docker Hub registry. Once you type an image name to the Search field, Satellite automatically searches the compute resource first. Click the looking glass icon to search the Docker Hub. If the image is found, Satellite displays the image metadata and populates the Tag field with tags available for the selected image name.
    • Select the External registry tab to import an image from an existing registry. Select the registry from the drop-down menu, and search it by the image name. Satellite populates the Tag field with tags available for the selected image name. See Section 8.3, “Adding an External Registry” for details.
    Click Next to proceed.
  4. In the Configuration stage of container creation set the following parameters:
    • Select a name for the container.
    • Specify a command to run inside the container.
    • Specify an entrypoint, which is a command that is executed automatically as soon as the container starts. The default entrypoint is /bin/sh -c.
    • Assign CPUs to the container. For example, 0-2,16 represents CPUs 0, 1, 2, and 16.
    • Define the relative share of CPU time for the container.
    • Specify a memory limit for the container. For example, 512m limits the container memory usage to 512 MB.
    Click Next to proceed.
  5. In the final stage of container creation named Environment, select if you want to allocate a pseudo-tty, attach STDIN, STDOUT, and STDERR to the container. Click Add environment variable to create a custom environment variable for the container.
  6. Click Submit to create the container.
After creating a container, Satellite displays a summary of container metadata. By default, the newly created container is inactive, for instructions how to start it see Procedure 8.3, “Starting and Stopping a Container”.

Note

Red Hat Satellite currently supports only Red Hat Enterprise Linux 7 container hosts.

Example 8.1. Creating a Red Hat Enterprise Linux Container in Satellite

To enable a Red Hat Enterprise Linux container in Red Hat Satellite, perform the following actions:
  1. Create a custom registry as described in Section 8.3, “Adding an External Registry”. Specify registry.access.redhat.com as a registry URL and insert your access credentials for the Red Hat Customer Portal.
  2. Create a new container as described in Section 8.1.1, “Creating a New Container”. In the Image stage of container creation, navigate to the External registry tab and select the registry created in the previous step from the drop-down list. Use the search field to find the desired version of the Red Hat Enterprise Linux image. Proceed through the Configuration and Environment stages to finalize the container.

8.1.2. Investigating Containers

Red Hat Satellite provides means to monitor the status of containers as well as processes running inside of them. Some containers can be marked as managed, which means they were created and provisioned inside the Satellite environment.
The following procedure shows how to view a list of containers present in the current organization and how to investigate the container metadata.

Procedure 8.2. Investigating a Container

  1. Navigate to ContainersAll Containers.
  2. On the Containers page, every Docker compute resource has a dedicated tab. Each of these tabs contains the table of available containers together with selected parameters of each container. Select the tab of the compute resource you want to inspect.
  3. To view the container metadata, click the name of the container you want to inspect. Satellite displays the table of container properties.
  4. On the Processes tab, you can view processes that are currently running in the container. Click on the process name to view the metadata of the process.
  5. If the container is running, you can view its standard output in the Logs tab. If you selected the allocate a pseudo-tty check box when creating a container, the console is interactive. Otherwise, it displays only the initial standard output produced when the container started.

8.1.3. Starting, Committing, and Removing Containers

A new container is by default disabled. By enabling a container, you start the processes of the containerized application in the compute resource that acts as a container server. Hosts are then able to communicate with the container as with a web application. The following procedure shows how to start a container:

Procedure 8.3. Starting and Stopping a Container

  1. Navigate to ContainersAll Containers to view the list of available containers.
  2. Click Power On next to the container you want to start. After starting the container, the button changes to Power Off, which allows for stopping the container. These actions are equivalent to the docker start and docker stop commands.
By committing a container, you create a new image layer that stores the status of the container. The following procedure shows how to commit the container to an image.

Procedure 8.4. Committing a Container

  1. Navigate to ContainersAll Containers to view the list of available containers.
  2. Click the name of the container you want to commit.
  3. Click Commit. Satellite then prompts you to provide the following information:
    • Specify a repository name. This can be a single name or combined with the user name, for example user/my-rhel-image.
    • Assign a tag to the image.
    • Provide your contact information.
    • Provide an informative comment about the image.
  4. Click Submit.

Note

The container is committed to the repository of the original image. For example, if the container is based on an image pulled from the Docker Hub, when you commit this container, the changes are pushed back to the Docker Hub.

Procedure 8.5. Removing a Container

  1. Navigate to ContainersAll Containers to view the list of available containers.
  2. Click the name of the container you want to delete.
  3. Click Delete.
  4. In the alert box, click OK to remove the container.