Chapter 12. Provisioning Containers

Containerization is a virtualization method that uses the kernel of an operating system to provide multiple isolated user-space instances. Docker is an open source project that automates the deployment of applications inside Linux containers, and provides the capability to package an application with its runtime dependencies into a container. Linux containers enable rapid application deployment, simpler testing, maintenance, and troubleshooting while improving security.

Red Hat Enterprise Linux Atomic Host is a secure, lightweight, and minimal-footprint operating system optimized to run Linux containers. Red Hat Satellite 6 provides the ability to connect to Red Hat Enterprise Linux Atomic Host and other Docker-based servers. This includes creating new containers from images. In this chapter, the aim is to add a connection to ACME’s Red Hat Enterprise Linux Atomic Host and provision a container.

12.1. Defining Requirements for Container Provisioning

The requirements for provisioning on Red Hat Enterprise Linux Atomic Host include:

  • A source for images, such as a container registry. Red Hat Satellite 6 uses three sources of container images:

12.2. Configuring the Red Hat Enterprise Linux Atomic Host

The Atomic Host requires some configuration before adding it to Satellite. This includes exposing the Red Hat API for Docker to the Satellite Server.

Log into the Atomic Host and edit the /etc/sysconfig/docker file:

$ vi /etc/sysconfig/docker

Find the OPTIONS parameter and modify it to expose the API:

OPTIONS='--selinux-enabled -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375'
Important

Use either port 2375 or 2376 for the connection. This is because the Satellite Server contains special SELinux rules to allow access to these ports. Using an alternative port results in authentication failure.

Import the Satellite Server certificate:

$ curl http://satellite.example.com/pub/katello-server-ca.crt \
-o /etc/pki/ca-trust/source/anchors/katello-server-ca.crt
$ update-ca-trust

Restart the docker service:

$ systemctl restart docker

Check the port is exposed:

$ netstat -tulnp | grep 2375

12.3. Adding an Atomic Host Connection to the Satellite Server

This process adds the Red Hat Enterprise Linux Atomic connection in the Satellite Server’s compute resources.

For Web UI Users

Navigate to Infrastructure > Compute resource and click New Compute Resource. The UI provides a set of fields for the compute resource:

  • Name - A plain text name for the resource. For example, ACME's Atomic.
  • Provider - A field for selecting the compute resource provider. Select Docker and a new set of fields appear.
  • Description - A plain text description for the resource. For example, ACME's Atomic Host at atomic.example.com.
  • URL - A URL pointing to the Red Hat API for Docker on the Atomic Host. For example: http://atomic.example.com:2375
  • Username, Password, Email - The authentication details for the container registry. The Satellite Server uses these details to make the Atomic host download images from the container registry. These details are not required if using public images or images managed on the Satellite Server.

The Locations and Organizations tabs are automatically set to your current context. Add additional contexts to these tabs.

Click Submit to save the Red Hat OpenStack Platform connection.

For CLI Users

Create the connection with the hammer compute-resource create command:

# hammer compute-resource create --provider docker \
--name "ACME's Atomic" --url "http://atomic.example.com:2375" \
--organizations 'Default Organization' --locations 'Default Location'

12.4. Adding External Registries to the Satellite Server

The Content Management Guide discusses how Red Hat Satellite 6 can synchronize Docker-formatted container images and manage them through Content Views. However, in others circumstances, you might only require access to an external registry without needing to synchronize the content. Red Hat Satellite 6 provides the ability to add an external container registry.

For Web UI Users

Navigate to Containers > Registries and click New Registry. The UI displays a set of fields for the new registry:

  • Name - A plain text name for the registry. For example: Red Hat.
  • URL - The location of the registry. For example: https://registry.access.redhat.com.
  • Description - A plain text description of the registry. For example: Red Hat Docker Image Registry.
  • Username and Password - Authentication details for private registries.

The Locations and Organizations tabs are automatically set to your current context. Add additional contexts to these tabs.

Click Submit to save the external registry.

For CLI Users

Create the registry with the hammer docker registry create command:

# hammer docker registry create --name "Red Hat" \
--url "https://registry.access.redhat.com" \
--description "Red Hat Docker Image Registry"

12.5. Creating Containers with the Satellite Server

The container provisioning process differs from the standard host creation process. Instead of creating containers through the Hosts > New host menu, you use the Containers > New container option.

For Web UI Users

Navigate to Containers > New container. The UI provides a wizard to create the container:

Preliminary

This section defines the Atomic host to use and the provisioning context.

  • Select the container image compute resource. For our example: "ACME’s Atomic"
  • The provisioning context (Organization and Location) should automatically be set to the current context. For this example: ACME and New York.
Image

This section provides the image selection methods, which includes three different methods:

  • Content View - Select an image from the Satellite Server’s application life cycle. Select the Lifecycle Environment, the Content View, the Repository, the Docker Tag, and the Capsule Server containing the docker content.
  • Docker Hub - Provides a search feature for Docker images on the Docker hub. Type a Search keyword, click the magnifying glass icon, and a list of images displays. Select an image, then select a Tag for that image.
  • External registry - Provides a search feature for Docker-formatted container images on external container registries. Type a Search keyword, click the magnifying glass icon, and a list of images displays. Select an image, then select a Tag for that image.
Configuration

This section provides some initial configuration for the container:

  • In the Basic options:

    • Enter a Name for the container.
    • Enter a Command to run on the container.
    • Enter an Entry point. The default is /bin/sh -c.
  • In the Compute options:

    • Enter the CPU sets, which assigns individual CPUs.
    • Enter the CPU share, which set the share of CPU time available to containerized tasks.
    • Enter an amount for Memory, which allocates memory usage for the container.
Environment

This section provides some configuration to the Atomic host for when the container runs:

  • Environment variables - Allows you to define a set of environment variables. For example: LANG=en_US.UTF-8.
  • Exposed Ports - Opens ports in the container. For example, you can open SSH communication to the container on port 22.
  • DNS - Enter DNS servers for the container.
  • Run? - Select whether to run the container after creation.
  • Shell - Provides shell options, including a TTY console and standard streams (STDIN, STDOUT, and STDERR).

After completing all options in the wizard, click Submit.

For CLI Users

The following are three examples of the hammer docker container create command. First, creating a container from a Content View:

# hammer docker container create --compute-resource "ACME's Atomic" \
--repository-name "rhel7" --tag "latest" --name "docker-test1" \
--command "bash" --organizations "ACME" --locations "New York"

Next, provisioning from the Docker hub:

# hammer docker container create --compute-resource "ACME's Atomic" \
--repository-name "docker.io/fedora" --tag latest \
--name "docker-test2" --command bash --organizations "ACME" \
--locations "New York"

And finally, provisioning from an external registry:

# hammer docker container create --compute-resource "ACME's Atomic" \
--registry-id 1 --repository-name "rhel" --tag latest \
--name "docker-test3 --command bash --organizations "ACME" \
--locations "New York"

This creates a new container from the chosen image and runs it on the chosen Red Hat Enterprise Linux Atomic Host.

12.6. Chapter Summary

This chapter showed how to configure Red Hat Satellite 6 to add and manage a Red Hat Enterprise Linux Atomic Host and how to provision containers on the Atomic host.

This guide has no further provisioning scenarios. See Chapter 13, Finalizing Provisioning for some final notes on provisioning.