Chapter 6. Working with Containers
Container
: An application sandbox. Each container is based on an image that holds necessary configuration data. When you launch a container from an image, a writable layer is added on top of this image. Every time you commit a container a new image layer is added to store your changes.Image
: A static snapshot of the container's configuration that is never modified. Any changes made to the container can be saved only by creating a new image layer. Each image depends on one or more parent images.Platform image
: An image that has no parent. Platform images define the runtime environment, packages and utilities necessary for containerized applications to run. The platform image is not writable, so any changes are reflected in the copied images stacked on top of it. For information on how to access Red Hat Enterprise Linux platform images from Red Hat Satellite see Example 6.1, “Creating a Red Hat Enterprise Linux Container in Satellite”.Registry
: A public or private archive that contains images available for download. Some registries allow users to upload images to make them available to others. Red Hat Satellite allows you to import images from local and external registries. Satellite itself can act as an image registry for hosts, however, hosts cannot push changes back to the registry. For more information, see Section 6.1.1, “Creating Containers”Tag
: A mark used to differentiate images in a repository, typically by the version of the application stored in the image. Repositories are used to group similar images in a container registry. Images only have unique alphanumeric identifiers, so naming in form or repository:tag provides a human-readable way of identifying images. For more information, see Section 6.5, “Using Container Tags” and Section 6.2, “Managing Repositories”.
6.1. Managing Containers
Prerequisites
Procedure 6.1. To Prepare a Container Host:
- Prepare a Red Hat Enterprise Linux 7 server for hosting images and enable the
docker
service on this server as described in the Getting Docker in RHEL 7 section of the Get Started with Docker Formatted Container Images on Red Hat Systems guide on the Red Hat Customer Portal[2]. You can deploy the container host either on the same machine as the Satellite Server or independently.Note
Red Hat Enterprise Linux 7 is currently the only supported system for a container host. The docker package is available in the rhel-7-server-extras-rpms repository. Red Hat Enterprise Linux 6 systems are currently not supported to host containers. - Run the following command on the container host to install the Satellite Server's CA certificate:
rpm -Uvh https://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
Here, satellite.example.com is the fully qualified domain name of your Satellite Server. Skip this step if the container host is already registered as a Satellite host. - Depending on the location of the container host, perform the following tasks:
- If the container host is on the same machine as the Satellite Server:
- Create a docker user group and add the foreman user to it:
# groupadd docker # usermod -aG docker foreman
- Modify the OPTIONS variable in the
/etc/sysconfig/docker
file as follows:OPTIONS='--selinux-enabled -G docker'
- Restart the affected services to apply the changes:
# systemctl restart docker.service # katello-service restart
- If the container host is on a different machine than the Satellite Server:
- Open a port on the container host to communicate with the Satellite Server. To do so, modify the OPTIONS variable in the
/etc/sysconfig/docker
file as follows:OPTIONS='--selinux-enabled -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock'
You can use port2376
if TLS is enabled. - Restart the docker service and verify your settings as follows:
# systemctl restart docker.service # systemctl status docker.service
Procedure 6.2. To Create a Docker Compute Resource:
- Make sure the port 5000 is enabled on the Satellite Server. The container host uses this port to pull images from Content Views on the Satellite Server.
- Create the compute resource as described in Section 9.3.4, “Compute Resources”. Specify the resource URL according to the location of the container host:
- If the container host is on the same machine as the Satellite Server, set unix://var/run/docker.sock as the resource URL.
- If the container host is on a different machine than the Satellite Server, specify the URL in the form of:
http://container_host_fqdn:2375
Here, container_host_fqdn stands for the fully qualified domain name of the container host, and the port number opened on the container host for communication with Satellite can be either2375
or, if using TLS,2376
.
- Clickto test if the container host is available.
- Clickto create the compute resource.
6.1.1. Creating Containers
- Local content: represented by the
Content View
option when creating a container. This option allows you to import an image from a repository that is already present on a Capsule Server in a certain content view and life cycle environment. For more information on how to create and populate a local registry, see Section 6.2, “Managing Repositories”. - Docker Hub: allows you to search the Docker Hub registry and pull images from there. Make sure that you pull only trusted images with verified content.
- External Registry: allows you to import images from a previously created external registry. For more information on creating registries in Red Hat Satellite, see Section 6.3, “Importing External Registries”.
Note
Procedure 6.3. To Create a Container:
- Navigate to→ . Alternatively, navigate to → and click .
- In the Preliminary stage of container creation, configure the following settings:
- On the Compute resource tab, select the compute resource from the Deployed on drop-down menu. For more information on compute resources, see Section 9.3.4, “Compute Resources”.
- On the Locations tab, select the locations where the new container will be available.
- On the Organizations tab, select the organizations where the new container will be available.
Clickto proceed. - In the Image stage of container creation, import an image that will act as a base for your container. This can be a platform image, or a previously created layered image. Select from one of the following options:
- Select the Content View tab to import the image from a life cycle environment. Specify the life cycle environment, content view, repository, tag, and Capsule Server.
- Select the Docker hub tab to import the image from the Docker Hub registry. After you type the image name to the Search field, Satellite automatically searches the compute resource. Click the looking glass icon to search the Docker Hub. Select the image from the list of search results and pick a tag from the drop-down list.
- Select the External registry tab to import the image from an existing registry. Select the registry from the drop-down menu, and search it by the image name. Satellite populates the Tag field with tags available for the selected image name. For more information, see Section 6.3, “Importing External Registries”.
Clickto proceed. - In the Configuration stage of container creation, set the following parameters:
- Provide the container name.
- Specify a command to run inside the container.
- Specify an entrypoint, which is a command that is executed automatically as soon as the container starts. The default entrypoint is
/bin/sh -c
. - Assign CPUs to the container. For example,
0-2,16
represents CPUs 0, 1, 2, and 16. - Define the relative share of CPU time for the container.
- Specify a memory limit for the container. For example,
512m
limits the container memory usage to 512 MB.
Clickto proceed. - In the final stage of container creation named Environment, select if you want to allocate a pseudo-tty, attach STDIN, STDOUT, and STDERR to the container. Click to create a custom environment variable for the container. Select the Run? check box to start the container automatically after it is created.
- Clickto create the container.
Example 6.1. Creating a Red Hat Enterprise Linux Container in Satellite
- Create a custom registry as described in Section 6.3, “Importing External Registries”. Specify registry.access.redhat.com as the registry URL.
- Create a new container as described in Section 6.1.1, “Creating Containers”. In the Image stage of container creation, navigate to the External registry tab and select the registry created in the previous step. Use the search field to find the desired version of the Red Hat Enterprise Linux image. Proceed through the Configuration and Environment stages to finalize the container.
6.1.2. Monitoring Containers
Procedure 6.4. To Investigate a Container:
- Navigate to→ .
- On the Containers page, every Docker compute resource has a dedicated tab. Each of these tabs contains the table of available containers together with selected parameters of each container. Select the tab of the compute resource you want to inspect.
- To view the container metadata, click the name of the container you want to inspect. Satellite displays the table of container properties.
- On the Processes tab, you can view processes that are currently running in the container. Click on the process name to view the metadata of the process.
- If the container is running, you can view its standard output in the Logs tab. If you selected the allocate a pseudo-tty check box when creating a container, the console is interactive. Otherwise, it displays the initial standard output produced when the container started.
6.1.3. Starting, Committing, and Removing Containers
Procedure 6.5. To Start or Stop a Container:
- Navigate to→ to view the list of available containers.
- Clicknext to the container you want to start. After starting the container, the button changes to , which allows for stopping the container. These actions are equivalent to the
docker start
anddocker stop
commands.
Procedure 6.6. To Commit a Container:
- Navigate to→ to view the list of available containers.
- Click the name of the container you want to commit.
- Click. Satellite prompts you to:
- Specify a repository name. This can be a single name or combined with the user name, for example user/my-rhel-image.
- Assign a tag to the image.
- Provide your contact information.
- Provide an informative comment about the image.
- Click.
Note
Procedure 6.7. To Remove a Container:
- Navigate to→ to view the list of available containers.
- Click the name of the container you want to delete.
- Click.
- In the alert box, clickto remove the container.