Chapter 2. Managing Containers

This chapter outlines how to manage containers. For instructions on setting up container content, see Managing Container Images in the Content Management Guide.

2.1. Preparing Container Hosts

Prerequisites

In Red Hat Satellite, you can deploy containers only on a compute resource of the Docker provider type. Therefore, when you attempt to view or create containers for the first time, Satellite prompts you to create a Docker compute resource. To do so, first create a container host, then specify this host as a compute resource.

To Prepare a Container Host:

  1. Prepare a Red Hat Enterprise Linux 7 server for hosting images and enable the docker service on this server as described in the Getting Docker in RHEL 7 section of the Get Started with Docker Formatted Container Images on Red Hat Systems guide on the Red Hat Customer Portal. You can deploy the container host either on the same machine as the Satellite Server or independently.

    Note

    Red Hat Enterprise Linux 7 is currently the only supported system for a container host. The docker package is available in the rhel-7-server-extras-rpms repository. Red Hat Enterprise Linux 6 systems are currently not supported to host containers.

  2. Run the following command on the container host to install the Satellite Server’s CA certificate:

    rpm -Uvh https://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm

    Here, satellite.example.com is the fully qualified domain name of your Satellite Server. Skip this step if the container host is already registered as a Satellite host.

  3. Depending on the location of the container host, perform the following tasks:

    1. If the container host is on the same machine as the Satellite Server:

      1. Create a docker user group and add the foreman user to it:

        # groupadd docker
        # usermod -aG docker foreman
      2. Modify the OPTIONS variable in the /etc/sysconfig/docker file as follows:

        OPTIONS='--selinux-enabled -G docker'
      3. Restart the affected services to apply the changes:

        # systemctl restart docker.service
        # katello-service restart
    2. If the container host is on a different machine than the Satellite Server:

      1. Open a port on the container host to communicate with the Satellite Server. To do so, modify the OPTIONS variable in the /etc/sysconfig/docker file as follows:

        OPTIONS='--selinux-enabled -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock'

        You can use port 2376 if TLS is enabled.

      2. Restart the docker service and verify your settings as follows:

        # systemctl restart docker.service
        # systemctl status docker.service

To Create a Docker Compute Resource:

  1. Make sure the port 5000 is enabled on the Satellite Server. The container host uses this port to pull images from Content Views on the Satellite Server.
  2. Create the compute resource as described in Adding an Atomic Host Connection to the Satellite Server in the Provisioning Guide. Specify the resource URL according to the location of the container host:

    1. If the container host is on the same machine as the Satellite Server, set unix://var/run/docker.sock as the resource URL.
  3. If the container host is on a different machine than the Satellite Server, specify the URL in the form of:

    http://container_host_fqdn:2375

    Here, container_host_fqdn stands for the fully qualified domain name of the container host, and the port number opened on the container host for communication with Satellite can be either 2375 or, if using TLS, 2376.

  4. Click Test Connection to test if the container host is available.
  5. Click Submit to create the compute resource.

2.2. Creating Containers

When there is at least one Docker compute resource present in your Satellite, you can create containers. To create a new container, follow the steps described in ]. For instructions on how to monitor existing containers, see xref:sect-Red_Hat_Satellite-Managing_Hosts-Managing_Containers-Monitoring_Containers[.

To create a container, you must first import an image, which can be a platform image or a previously created layered image. Satellite supports the following image sources:

  • Local content: represented by the Content View option when creating a container. This option allows you to import an image from a repository that is already present on a Capsule Server in a certain Content View and life cycle environment. For more information on how to create and populate a local registry, see Importing Container Images from the Red Hat Container Catalog in the Content Management Guide.
  • Docker Hub: allows you to search the Docker Hub registry and pull images from there. Make sure that you pull only trusted images with verified content.
  • External Registry: allows you to import images from a previously created external registry. For more information on creating registries in Red Hat Satellite, see Importing Container Images from Other Image Registries in the Content Management Guide.
Note

You cannot change the configuration of an existing container. To alter the configuration, you have to create a replacement container with modified settings as described in To Create a Container:. Therefore, make sure that containers can be replaced in your workflow.

To Create a Container:

  1. Navigate to Containers > New Container. Alternatively, navigate to Containers > All Containers and click New container.
  2. In the Preliminary stage of container creation, configure the following settings:

    • On the Compute resource tab, select the compute resource from the Deployed on drop-down menu. For more information on compute resources, see Defining the Provisioning Workflow in the Provisioning Guide.
    • On the Locations tab, select the locations where the new container will be available.
    • On the Organizations tab, select the organizations where the new container will be available.

      Click Next to proceed.

  3. In the Image stage of container creation, import an image that will act as a base for your container. This can be a platform image, or a previously created layered image. Select from one of the following options:

    • Select the Content View tab to import the image from a life cycle environment. Specify the life cycle environment, Content View, repository, tag, and Capsule Server.
    • Select the Docker hub tab to import the image from the Docker Hub registry. After you type the image name to the Search field, Satellite automatically searches the compute resource. Click the looking glass icon to search the Docker Hub. Select the image from the list of search results and pick a tag from the drop-down list.
    • Select the External registry tab to import the image from an existing registry. Select the registry from the drop-down menu, and search it by the image name. Satellite populates the Tag field with tags available for the selected image name. For more information, see Importing Container Images from Other Image Registries in the Content Management Guide.

      Click Next to proceed.

  4. In the Configuration stage of container creation, set the following parameters:

    • Provide the container name.
    • Specify a command to run inside the container.
    • Specify an entrypoint, which is a command that is executed automatically as soon as the container starts. The default entrypoint is /bin/sh -c.
    • Assign CPUs to the container. For example, 0-2,16 represents CPUs 0, 1, 2, and 16.
    • Define the relative share of CPU time for the container.
    • Specify a memory limit for the container. For example, 512m limits the container memory usage to 512 MB.

      Click Next to proceed.

  5. In the final stage of container creation named Environment, select if you want to allocate a pseudo-tty, attach STDIN, STDOUT, and STDERR to the container. Click Add environment variable to create a custom environment variable for the container. Select the Run? check box to start the container automatically after it is created.
  6. Click Submit to create the container.

After creating a container, Satellite displays a summary of container metadata. By default, new containers are disabled (unless you selected the Run? check box when creating the container). For instructions how to start containers see To Start or Stop a Container:.

Example 2.1. Creating a Red Hat Enterprise Linux Container in Satellite

To enable a Red Hat Enterprise Linux container in Red Hat Satellite, perform the following actions:

  1. Create a custom registry as described in Importing Container Images from the Red Hat Container Catalog in the Content Management Guide. Specify registry.access.redhat.com as the registry URL.
  2. Create a new container as described in Section 2.2, “Creating Containers”. In the Image stage of container creation, navigate to the External registry tab and select the registry created in the previous step. Use the search field to find the desired version of the Red Hat Enterprise Linux image. Proceed through the Configuration and Environment stages to finalize the container.

2.3. Monitoring Containers

Red Hat Satellite provides the means to monitor the status of containers as well as processes running inside them. Some containers can be marked as managed, which means they were created and provisioned inside the Satellite environment.

The following procedure shows how to list containers of a selected organization and how to monitor the container metadata.

To Investigate a Container:

  1. Navigate to Containers > All Containers.
  2. On the Containers page, every Docker compute resource has a dedicated tab. Each of these tabs contains the table of available containers together with selected parameters of each container. Select the tab of the compute resource you want to inspect.
  3. To view the container metadata, click the name of the container you want to inspect. Satellite displays the table of container properties.
  4. On the Processes tab, you can view processes that are currently running in the container. Click on the process name to view the metadata of the process.
  5. If the container is running, you can view its standard output in the Logs tab. If you selected the allocate a pseudo-tty check box when creating a container, the console is interactive. Otherwise, it displays the initial standard output produced when the container started.

2.4. Starting, Committing, and Removing Containers

New containers are by default disabled. By enabling a container, you start the processes of the containerized application in the compute resource. Hosts are then able to communicate with the container as with a web application. The following procedure shows how to start and stop a container:

To Start or Stop a Container:

  1. Navigate to Containers > All Containers to view the list of available containers.
  2. Click Power On next to the container you want to start. After starting the container, the button changes to Power Off, which allows for stopping the container. These actions are equivalent to the docker start and docker stop commands.

The following procedure shows how to commit a container to create a new image layer that stores the status of the container.

To Commit a Container:

  1. Navigate to Containers > All Containers to view the list of available containers.
  2. Click the name of the container you want to commit.
  3. Click Commit. Satellite prompts you to:

    • Specify a repository name. This can be a single name or combined with the user name, for example user/my-rhel-image.
    • Assign a tag to the image.
    • Provide your contact information.
    • Provide an informative comment about the image.
  4. Click Submit.
Note

The container is committed to the repository of the original image. For example, if the container is based on an image pulled from the Docker Hub, the committed changes are pushed back to the Docker Hub.

To Remove a Container:

  1. Navigate to Containers > All Containers to view the list of available containers.
  2. Click the name of the container you want to delete.
  3. Click Delete.
  4. In the alert box, click OK to remove the container.