Using Red Hat Software Collections Container Images

Red Hat Software Collections 3.3

Basic Usage Instructions for Red Hat Software Collections 3.3 Container images

Lenka Špačková

Robert Krátký

Vladimír Slávik

Red Hat Software Collections Documentation Team

Abstract

This document provides instructions for obtaining, configuring, and using container images that are shipped with Red Hat Software Collections.

Preface

As a part of the Red Hat Software Collections offering, Red Hat provides a number of container images, which are based on the corresponding Software Collections. These include application, daemon, and database images. The provided images are detailed in the tables:

You can use these images in a containerized environment to build, deploy, and run your applications.

For more information on containers and container images, see the Core Concepts of the OpenShift Enterprise 3.9 Architecture, which discusses core concepts and methods related to delivering containerized applications. See also Red Hat Container Catalog Get Started Guide.

For more information on Software Collections, see the Red Hat Software Collections and Red Hat Developer Toolset documentation.

Note

Running Red Hat Software Collections container images is supported only on Red Hat Enterprise Linux 7 Server and Red Hat Enterprise Linux Atomic Host. You cannot run the images on Red Hat Enterprise Linux 7 Workstation or Red Hat Enterprise Linux 6 or earlier.

When using SELinux for controlling processes within a container, make sure that any content that is volume mounted into the container is readable, and potentially writable, depending on the use case. For more information, see Using Volumes With the docker Container Can Cause Problems With SELinux.

There are two basic approaches that you can take to use the container images shipped with Red Hat Software Collections: using base images or using Source-to-Image.

Chapter 1. Using Base Images

To use container images provided by Red Hat as base images in your own Dockerfile, add the following line to it:

FROM registry.access.redhat.com/rhscl/python-35-rhel7

Working with Dockerfiles is covered in the Red Hat Enterprise Linux Atomic Host 7 Getting Started with Containers document. Detailed information on Dockerfiles can be found in the Dockerfile reference document.

Chapter 2. Using Source-to-Image (S2I)

Source-to-Image (S2I) is a framework and a tool that allows you to write images which use the application source code as an input and produce a new image that runs the assembled application as an output. The main advantage of using the S2I tool for building reproducible container images is the ease of use for developers.

To use the S2I tool on your system, subscribe to Red Hat Software Collections and run the following command to install the source-to-image package:

# yum install source-to-image

Use the RHSM channel: rhel-server-rhscl-7-rpms. Note that the source-to-image package requires the docker package from the Red Hat Enterprise Linux Extras channel.

For details about subscribing to Red Hat Software Collections, see Getting Access to Red Hat Software Collections.

More information about the S2I tool is available at GitHub.

Note

Similarly to Red Hat Software Collections container images, the S2I tool runs only on Red Hat Enterprise Linux 7 Server, not on Red Hat Enterprise Linux 7 Workstation.

2.1. Build Process

The build process consists of the following three fundamental elements, which are combined into a final container image:

  • The source code of your application—​written in a programming language or framework.
  • Builder image—​container image provided by Red Hat that supports building images using the S2I tool.
  • S2I scripts that are part of the builder image.

During the build process, S2I creates a tar file that contains the source code and scripts, then streams that file into the builder image.

For more information on the Source-to-Image framework, see S2I Requirements.

2.2. Example: building a Python application from Git using S2I

This example shows how to build:

  • A new container image from the python-35-rhel7 builder image that is available in the Red Hat Container Registry, and
  • A test application available from a public Git repository in the GitHub sti-python repository, in the 3.5/test/setup-test-app/ directory.

    1. Install the S2I tool from the Red Hat Software Collections repository:

      # yum install source-to-image
    2. Pull the builder image:

      # podman pull registry.access.redhat.com/rhscl/python-35-rhel7
    3. Build the test application from the GitHub sti-python repository, in the 3.5/test/setup-test-app/ directory:

      # s2i build https://github.com/openshift/sti-python.git --context-dir=3.5/test/setup-test-app/ rhscl/python-35-rhel7 python-35-rhel7-app

      This produces a new application image, python-35-rhel7-app.

    4. Run the resulting python-35-rhel7-app image:

      # podman run -d -p 8080:8080 --name example-app python-35-rhel7-app
    5. Fetch a document from http://localhost:8080/:

      $ wget http://localhost:8080/

      The example document is returned.

    6. Stop the container:

      # podman stop example-app
Note

Since Red Hat Enterprise Linux 7.6, the podman command can be used as a fully supported replacement for docker, implementing the same command-line syntax while providing more container management features. podman enables you to run containers as standalone entities, without requiring that Kubernetes, the Docker runtime, or any other container runtimes are involved. For more information, see the podman documentation. Note that in Red Hat Enterprise Linux 7, you can still use the docker command .

Chapter 3. Container Images Based on Red Hat Software Collections 3.3

ComponentDescriptionSupported architectures

Application Images

  

rhscl/ruby-26-rhel7

Ruby 2.6 platform for building and running applications

x86_64, s390x, ppc64le

Daemon Images

  

rhscl/httpd-24-rhel7

Apache HTTP 2.4 Server

x86_64, s390x, ppc64le

rhscl/varnish-6-rhel7

Varnish Cache 6.0 HTTP reverse proxy

x86_64, s390x, ppc64le

Database Images

  

rhscl/mariadb-103-rhel7

MariaDB 10.3 SQL database server

x86_64, s390x, ppc64le

rhscl/redis-5-rhel7

Redis 5 key-value store

x86_64, s390x, ppc64le

Red Hat Developer Toolset 8.1 Images

  

rhscl/devtoolset-8-toolchain-rhel7

Red Hat Developer Toolset toolchain

x86_64, s390x, ppc64le

rhscl/devtoolset-8-perftools-rhel7

Red Hat Developer Toolset perftools

x86_64, s390x, ppc64le

Legend:

  • x86_64 - AMD64 and Intel 64 architectures
  • s390x - IBM Z
  • ppc64le - IBM POWER, little endian

All images are based on components from Red Hat Software Collections. The images are available for Red Hat Enterprise Linux 7 through the Red Hat Container Registry.

For detailed information about components provided by Red Hat Software Collections 3.3, see the Red Hat Software Collections 3.3 Release Notes.

For more information about the Red Hat Developer Toolset 8.1 components, see the Red Hat Developer Toolset 8 User Guide.

For information regarding container images based on Red Hat Software Collections 2, see Using Red Hat Software Collections 2 Container Images.

Chapter 4. Container Images Based on Red Hat Software Collections 3.2

ComponentDescriptionSupported architectures

Application Images

  

rhscl/php-72-rhel7

PHP 7.2 platform for building and running applications

x86_64, s390x, ppc64le

Daemon Images

  

rhscl/nginx-114-rhel7

nginx 1.14 server and a reverse proxy server

x86_64, s390x, ppc64le

Database Images

  

rhscl/mysql-80-rhel7

MySQL 8.0 SQL database server

x86_64, s390x, ppc64le

Legend:

  • x86_64 - AMD64 and Intel 64 architectures
  • s390x - IBM Z
  • ppc64le - IBM POWER, little endian

All images are based on components from Red Hat Software Collections. The images are available for Red Hat Enterprise Linux 7 through the Red Hat Container Registry.

For detailed information about components provided by Red Hat Software Collections 3.2, see the Red Hat Software Collections 3.2 Release Notes.

For more information about the Red Hat Developer Toolset 8.0 components, see the Red Hat Developer Toolset 8 User Guide.

For information regarding container images based on Red Hat Software Collections 2, see Using Red Hat Software Collections 2 Container Images.

Chapter 5. Container Images Based on Red Hat Software Collections 3.1

ComponentDescriptionSupported architectures

Application Images

  

rhscl/php-70-rhel7

PHP 7.0 platform for building and running applications

x86_64

rhscl/perl-526-rhel7

Perl 5.26 platform for building and running applications

x86_64

rhscl/ruby-25-rhel7

Ruby 2.5 platform for building and running applications

x86_64

Daemon Images

  

rhscl/varnish-5-rhel7

Varnish Cache 5.0 HTTP reverse proxy

x86_64, s390x, ppc64le

Database Images

  

rhscl/mongodb-36-rhel7

MongoDB 3.6 NoSQL database server

x86_64

rhscl/postgresql-10-rhel7

PostgreSQL 10 SQL database server

x86_64, s390x, ppc64le

Red Hat Developer Toolset 8.1 Images

  

rhscl/devtoolset-7-toolchain-rhel7

Red Hat Developer Toolset toolchain

x86_64, s390x, ppc64le

rhscl/devtoolset-7-perftools-rhel7

Red Hat Developer Toolset perftools

x86_64, s390x, ppc64le

Legend:

  • x86_64 - AMD64 and Intel 64 architectures
  • s390x - IBM Z
  • ppc64le - IBM POWER, little endian

All images are based on components from Red Hat Software Collections. The images are available for Red Hat Enterprise Linux 7 through the Red Hat Container Registry.

For detailed information about components provided by Red Hat Software Collections 3.1, see the Red Hat Software Collections 3.1 Release Notes.

For more information about the Red Hat Developer Toolset 7.1 components, see the Red Hat Developer Toolset 7 User Guide.

For information regarding container images based on Red Hat Software Collections 2, see Using Red Hat Software Collections 2 Container Images.

Chapter 6. Container Images Based on Red Hat Software Collections 3.0

ComponentDescriptionSupported architectures

Application Images

  

rhscl/nodejs-8-rhel7

Node.js 8 platform for building and running applications

x86_64, s390x, ppc64le

rhscl/php-71-rhel7

PHP 7.1 platform for building and running applications

x86_64

rhscl/python-36-rhel7

Python 3.6 platform for building and running applications

x86_64, s390x, ppc64le

Daemon Images

  

rhscl/nginx-112-rhel7

nginx 1.12 server and a reverse proxy server

x86_64, s390x, ppc64le

Database Images

  

rhscl/mariadb-102-rhel7

MariaDB 10.2 SQL database server

x86_64

rhscl/mongodb-34-rhel7

MongoDB 3.4 NoSQL database server

x86_64

rhscl/postgresql-96-rhel7

PostgreSQL 9.6 SQL database server

x86_64

Legend:

  • x86_64 - AMD64 and Intel 64 architectures
  • s390x - IBM Z
  • ppc64le - IBM POWER, little endian

All images are based on components from Red Hat Software Collections. The images are available for Red Hat Enterprise Linux 7 through the Red Hat Container Registry.

For detailed information about components provided by Red Hat Software Collections 3.0, see the Red Hat Software Collections 3.0 Release Notes.

For more information about the Red Hat Developer Toolset 7.0 components, see the Red Hat Developer Toolset 7 User Guide.

For information regarding container images based on Red Hat Software Collections 2, see the Using Red Hat Software Collections 2 Container Images.

Chapter 7. Extending Existing Container Images

To extend a functionality of a container image provided by Red Hat:

Chapter 8. Application Images

8.1. Node.js

8.1.1. Description

The rhscl/nodejs-8-rhel7 image provides a Node.js 8 platform for building and running applications.

8.1.2. Access

To pull the rhscl/nodejs-8-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/nodejs-8-rhel7

8.1.3. Configuration

To set environment variables, you can place them as a key-value pair into a .s2i/environment file inside your source code repository.

Variable NameDescription

NODE_ENV

NodeJS runtime mode (default: "production")

DEV_MODE

When set to "true", nodemon will be used to automatically reload the server while you work (default: "false"). Setting DEV_MODE to "true" will change the NODE_ENV default to "development" (if not explicitly set).

NPM_RUN

Select an alternate / custom runtime mode, defined in your package.json file’s scripts section (default: npm run "start"). These user-defined run-scripts are unavailable while DEV_MODE is in use.

HTTP_PROXY

Use an npm proxy during assembly

HTTPS_PROXY

Use an npm proxy during assembly

NPM_MIRROR

Use a custom NPM registry mirror to download packages during the build process

Note

Node.js 10 container image is not distributed with Red Hat Software Collections 3.2. Customers are advised to use Node.js container images available with Red Hat OpenShift Application Runtimes (RHOAR), for example the Node.js 10 container image.

8.2. PHP

8.2.1. Description

The rhscl/php-72-rhel7 image provides a PHP 7.2 platform for building and running applications; the rhscl/php-71-rhel7 image provides a PHP 7.1 platform, and the rhscl/php-70-rhel7 image provides a PHP 7.0 platform. Node.js with npm is preinstalled in the PHP images.

8.2.2. Access

To pull the rhscl/php-72-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/php-72-rhel7

To pull the rhscl/php-71-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/php-71-rhel7

To pull the rhscl/php-70-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/php-70-rhel7

8.2.3. Configuration

To set environment variables, place them as a key-value pair into a .s2i/environment file inside your source code repository.

The following environment variables set their equivalent property value in the php.ini file:

Variable NameDescriptionDefault

ERROR_REPORTING

Informs PHP of which errors, warnings and notices you would like it to take action for

E_ALL & ~E_NOTICE

DISPLAY_ERRORS

Controls whether or not and where PHP will output errors, notices and arnings

ON

DISPLAY_STARTUP_ERRORS

Cause display errors which occur during PHP’s startup sequence to be handled separately from display errors

OFF

TRACK_ERRORS

Store the last error/warning message in $php_errormsg (boolean)

OFF

HTML_ERRORS

Link errors to documentation related to the error

ON

INCLUDE_PATH

Path for PHP source files

.:/opt/app-root/src:/opt/rh/rh-php72/root/usr/share/pear

SESSION_NAME

Name of the session

PHPSESSID

SESSION_HANDLER

Method for saving sessions

files

SESSION_PATH

Location for session data files

/tmp/sessions

SESSION_COOKIE_DOMAIN

The domain for which the cookie is valid

 

SESSION_COOKIE_HTTPONLY

Whether or not to add the httpOnly flag to the cookie

0

SESSION_COOKIE_SECURE

Specifies whether cookies should only be sent over secure connections

Off

SHORT_OPEN_TAG

Determines whether or not PHP will recognize code between <? and ?> tags

OFF

DOCUMENTROOT

Path that defines the DocumentRoot for your application (ie. /public)

/

Replace the version of the rh-php7* Software Collection when appropriate.

The following environment variables set their equivalent property value in the opcache.ini file:

Variable NameDescriptionDefault

OPCACHE_MEMORY_CONSUMPTION

The OPcache shared memory storage size in megabytes

128

OPCACHE_REVALIDATE_FREQ

How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.

2

You can also override the entire directory used to load the PHP configuration by setting:

Variable NameDescription

PHPRC

Sets the path to the php.ini file

PHP_INI_SCAN_DIR

Path to scan for additional ini configuration files

You can override the Apache MPM prefork settings to increase the performance for of the PHP application. In case you set the Cgroup limits in Docker, the image will attempt to automatically set the optimal values. You can override this at any time by specifying the values yourself:

Variable NameDescriptionDefault

HTTPD_START_SERVERS

The StartServers directive sets the number of child server processes created on startup.

8

HTTPD_MAX_REQUEST_WORKERS

The MaxRequestWorkers directive sets the limit on the number of simultaneous requests that will be served.

256 (this is automatically tuned by setting Cgroup limits for the container using this formula: TOTAL_MEMORY / 15MB. The 15MB is average size of a single httpd process.

You can use a custom composer repository mirror URL to download packages instead of the default packagist.org:

Variable NameDescription

COMPOSER_MIRROR

Adds a custom composer repository mirror URL to composer configuration. Note: This only affects packages listed in composer.json.

COMPOSER_INSTALLER

Overrides the default URL for downloading Composer of https://getcomposer.org/installer. Useful in disconnected environments.

COMPOSER_ARGS

Adds extra arguments to the composer install command line (for example, --no-dev).

In case the DocumentRoot of the application is nested within the source directory /opt/app-root/src, users can provide their own .htaccess file. This allows the overriding of Apache’s behavior and specifies how application requests should be handled. The .htaccess file needs to be located at the root of the application source. For details about .htaccess, see the Apache HTTP Server Tutorial.

8.2.4. Extending the Image

The PHP image can be extended using source-to-image.

For example, to build a customized PHP image my-php-rhel7 with configuration in the ~/image-configuration/ directory, run:

$ s2i build ~/image-configuration/ rhscl/php-71-rhel7 my-php-rhel7

Make sure to change the source image version accordingly.

The structure of the application can be similar to this example:

Directory nameDescription

./httpd-cfg

Can contain additional Apache configuration files (*.conf)

./httpd-ssl

Can contain own SSL certificate (in the certs/ subdirectory) and key (in the private/ subdirectory)

./php-pre-start

Can contain shell scripts (*.sh) that are sourced before httpd is started

./php-post-assemble

Can contain shell scripts (*.sh) that are sourced at the end of assemble script

./

Application source code

8.3. Perl

8.3.1. Description

The rhscl/perl-526-rhel7 image provides a Perl 5.26 platform for building and running applications. Apache httpd 2.4 with mod_perl for deploying Perl web applications is preinstalled, as well as Node.js with npm.

The image also supports deploying Perl Web Server Gateway Interface (PSGI) applications.

8.3.2. Access

To pull the rhscl/perl-526-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/perl-526-rhel7

8.3.3. Configuration

To set environment variables, you can place them as a key-value pair into a .s2i/environment file inside your source code repository.

Variable NameDescriptionDefault

ENABLE_CPAN_TEST

Allows the installation of all specified cpan packages and the running of their tests

false

CPAN_MIRROR

Specifies a mirror URL which will used by cpanminus to install dependencies

URL is not specified by default

PERL_APACHE2_RELOAD

Enables automatic reloading of modified Perl modules

false

HTTPD_START_SERVERS

The StartServers directive sets the number of child server processes created on startup

8

HTTPD_MAX_REQUEST_WORKERS

Number of simultaneous requests that will be handled by Apache

256 but will be automatically lowered if memory is limited

PSGI_FILE

Specifies relative path to the PSGI application file. Use empty value to disable the PSGI autoconfiguration

Single *.psgi file in the top-level directory, if it exists

PSGI_URI_PATH

Specifies URI path that is handled by the PSGI application

/

To install additional Perl modules from the Comprehensive Perl Archive Network (CPAN), create a cpanfile in the root directory of your application sources. The file must conform to the cpanfile format as defined in Module-CPANFile CPAN distribution. For detailed information about the cpanfile format, refer to the cpanfile documentation.

To modify the Apache httpd behavior, drop the .htaccess file in the application sources tree where appropriate. For details about .htaccess, see the Apache HTTP Server Tutorial.

8.4. Python

8.4.1. Description

The rhscl/python-36-rhel7 image provides a Python 3.6 platform for building and running applications
Node.js with npm is preinstalled.

8.4.2. Access

To pull the rhscl/python-36-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/python-36-rhel7

8.4.3. Configuration

To set environment variables, you can place them as a key-value pair into a .s2i/environment file inside your source code repository.

Variable NameDescription

APP_SCRIPT

Used to run the application from a script file. This should be a path to a script file (defaults to app.sh unless set to null) that will be run to start the application.

APP_FILE

Used to run the application from a Python script. This should be a path to a Python file (defaults to app.py) that will be passed to the Python interpreter to start the application.

APP_MODULE

Used to run the application with Gunicorn, as documented here. This variable specifies a WSGI callable with the pattern MODULE_NAME:VARIABLE_NAME, where MODULE_NAME is the full dotted path of a module, and VARIABLE_NAME refers to a WSGI callable inside the specified module. Gunicorn will look for a WSGI callable named application if not specified. If APP_MODULE is not provided, the run script will look for a wsgi.py file in your project and use it if it exists. If using setup.py for installing the application, the MODULE_NAME part can be read from there. For an example, see setup-test-app.

APP_HOME

This variable can be used to specify a sub-directory in which the application to be run is contained. The directory pointed to by this variable needs to contain wsgi.py (for Gunicorn) or manage.py (for Django). If APP_HOME is not provided, the assemble and run scripts will use the application’s root directory.

APP_CONFIG

Path to a valid Python file with a Gunicorn configuration file.

DISABLE_COLLECTSTATIC

Set this variable to a non-empty value to inhibit the execution of manage.py collectstatic during the build. This affects only Django projects.

DISABLE_MIGRATE

Set this variable to a non-empty value to inhibit the execution of manage.py migrate when the produced image is run. This affects only Django projects.

PIP_INDEX_URL

Set this variable to use a custom index URL or mirror to download required packages during build process. This only affects packages listed in requirements.txt.

UPGRADE_PIP_TO_LATEST

Set this variable to a non-empty value to have the pip program be upgraded to the most recent version before any Python packages are installed. If not set, it will use whatever the default version is included by the platform for the Python version being used.

WEB_CONCURRENCY

Set this to change the default setting for the number of workers. By default, this is set to the number of available cores times 2.

8.5. Ruby

8.5.1. Description

The rhscl/ruby-26-rhel7 image provides a Ruby 2.6 platform for building and running applications; the rhscl/ruby-25-rhel7 image provides a Ruby 2.5 platform. Node.js with npm is preinstalled.

8.5.2. Access

To pull the rhscl/ruby-26-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/ruby-26-rhel7

To pull the rhscl/ruby-25-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/ruby-25-rhel7

8.5.3. Configuration

To set environment variables, you can place them as a key-value pair into a .s2i/environment file inside your source code repository.

Variable NameDescription

RACK_ENV

This variable specifies the environment where the Ruby application will be deployed (unless overwritten) - production, development, test. Each level has different behaviors in terms of logging verbosity, error pages, Ruby gem installation, and other. Note that application assets will be compiled only if the RACK_ENV is set to production.

DISABLE_ASSET_COMPILATION

This variable set to true indicates that the asset compilation process will be skipped. Because this only takes place when the application is run in the production environment, it should be used only when assets are already compiled.

PUMA_MIN_THREADS, PUMA_MAX_THREADS

These variables indicate the minimum and maximum threads that will be available in Puma's thread pool.

PUMA_WORKERS

This variable indicates the number of worker processes that will be launched. See documentation on Puma’s clustered mode.

RUBYGEM_MIRROR

Set this variable to use a custom RubyGems mirror URL to download required gem packages during the build process.

For S2I scripts to work, you need to include the puma or rack gem in the application’s Gemfile.

Chapter 9. Daemon Images

9.1. Apache HTTP Server

9.1.1. Description 3

The rhscl/httpd-24-rhel7 image provides an Apache HTTP 2.4 Server. The image can be used as a base image for other applications based on Apache HTTP web server.

9.1.2. Access

To pull the rhscl/httpd-24-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/httpd-24-rhel7

The rhscl/httpd-24-rhel7 image supports using the S2I tool.

9.1.3. Configuration and Usage

The Apache HTTP Server container image supports the following configuration variables, which can be set by using the -e option with the podman run command:

Variable NameDescription

HTTPD_LOG_TO_VOLUME

By default, httpd logs into standard output, so the logs are accessible by using the podman logs command. When HTTPD_LOG_TO_VOLUME is set, httpd logs into /var/log/httpd24, which can be mounted to host system using the container volumes. This option is allowed allowed when the container is run as UID 0.

HTTPD_MPM

This variable can be set to change the default Multi-Processing Module (MPM) from the package default MPM.

If you want to run the image and mount the log files into /wwwlogs on the host as a container volume, execute the following command:

$ podman run -d -u 0 -e HTTPD_LOG_TO_VOLUME=1 --name httpd -v /wwwlogs:/var/log/httpd24:Z rhscl/httpd-24-rhel7

To run an image using the event MPM (rather than the default prefork), execute the following command:

$ podman run -d -e HTTPD_MPM=event --name httpd rhscl/httpd-24-rhel7

You can also set the following mount points by passing the -v /host:/container option to the podman run command:

Volume Mount PointDescription

/var/www

Apache HTTP Server data directory

/var/log/httpd24

Apache HTTP Server log directory (available only when running as root)

When mouting a directory from the host into the container, ensure that the mounted directory has the appropriate permissions and that the owner and group of the directory matches the user UID or name which is running inside the container.

Note

The rhscl/httpd-24-rhel7 container image now uses 1001 as the default UID to work correctly within the source-to-image strategy in OpenShift. Additionally, the container image listens on port 8080 by default. Previously, the rhscl/httpd-24-rhel7 container image listened on port 80 by default and ran as UID 0.

To run the rhscl/httpd-24-rhel7 container image as UID 0, specify the -u 0 option of the podman run command:

podman run -u 0 rhscl/httpd-24-rhel7

9.2. nginx

9.2.1. Description

The rhscl/nginx-114-rhel7 image provides an nginx 1.14 server and a reverse proxy server; the image can be used as a base image for other applications based on nginx 1.14 web server. The rhscl/nginx-112-rhel7 image provides an nginx 1.12 server and a reverse proxy server.

9.2.2. Access

To pull the rhscl/nginx-114-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/nginx-114-rhel7

To pull the rhscl/nginx-112-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/nginx-112-rhel7

9.2.3. Configuration

The nginx container images support the following configuration variable, which can be set by using the -e option with the podman run command:

Variable NameDescription

NGINX_LOG_TO_VOLUME

By default, nginx logs into standard output, so the logs are accessible by using the podman logs command. When NGINX_LOG_TO_VOLUME is set, nginx logs into /var/opt/rh/rh-nginx114/log/nginx/ or /var/opt/rh/rh-nginx112/log/nginx/, which can be mounted to host system using the container volumes.

The rhscl/nginx-114-rhel7 and rhscl/nginx-112-rhel7 images support using the S2I tool.

9.3. Varnish Cache

9.3.1. Description

The rhscl/varnish-6-rhel7 image provides Varnish Cache 6.0, an HTTP reverse proxy. The rhscl/varnish-5-rhel7 image provides Varnish Cache 5.0.

9.3.2. Access

To pull the rhscl/varnish-6-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/varnish-6-rhel7

To pull the rhscl/varnish-5-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/varnish-5-rhel7

9.3.3. Configuration

No further configuration is required.

The Red Hat Software Collections Varnish Cache images support using the S2I tool. Note that the default.vcl configuration file in the directory accessed by S2I needs to be in the VCL format.

Chapter 10. Database Images

10.1. MariaDB

10.1.1. Description

The rhscl/mariadb-103-rhel7 image provides a MariaDB 10.3 SQL database server, the rhscl/mariadb-102-rhel7 image provides the MariaDB server version 10.2.

10.1.2. Access

To pull the rhscl/mariadb-103-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/mariadb-103-rhel7

To pull the rhscl/mariadb-102-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/mariadb-102-rhel7

10.1.3. Configuration and Usage

The usage and configuration is the same as for the MySQL image. Note that the name of the daemon is mysqld and all environment variables have the same names as in MySQL.

The image recognizes the following environment variables that you can set during initialization by passing the -e VAR=VALUE option to the podman run command:

Variable NameDescription

MYSQL_USER

User name for MySQL account to be created

MYSQL_PASSWORD

Password for the user account

MYSQL_DATABASE

Database name

MYSQL_ROOT_PASSWORD

Password for the root user (optional)

Note

The root user has no password set by default, only allowing local connections. You can set it by setting the MYSQL_ROOT_PASSWORD environment variable when initializing your container. This will allow you to login to the root account remotely. Local connections will still not require a password. To disable remote root access, simply unset MYSQL_ROOT_PASSWORD and restart the container.

Important

Because passwords are part of the image configuration, the only supported method to change passwords for an unpriviledged user (MYSQL_USER) and the root user is by changing the environment variables MYSQL_PASSWORD and MYSQL_ROOT_PASSWORD, respectively. Changing database passwords through SQL statements or any other way will cause a mismatch between the values stored in the variables and the actual passwords. Whenever a database container starts, it will reset the passwords to the values stored in the environment variables.

The following environment variables influence the MySQL configuration file and are all optional:

Variable nameDescriptionDefault

MYSQL_LOWER_CASE_TABLE_NAMES

Sets how the table names are stored and compared

0

MYSQL_MAX_CONNECTIONS

The maximum permitted number of simultaneous client connections

151

MYSQL_MAX_ALLOWED_PACKET

The maximum size of one packet or any generated/intermediate string

200M

MYSQL_FT_MIN_WORD_LEN

The minimum length of the word to be included in a FULLTEXT index

4

MYSQL_FT_MAX_WORD_LEN

The maximum length of the word to be included in a FULLTEXT index

20

MYSQL_AIO

Controls the innodb_use_native_aio setting value in case the native AIO is broken. See http://help.directadmin.com/item.php?id=529

1

MYSQL_TABLE_OPEN_CACHE

The number of open tables for all threads

400

MYSQL_KEY_BUFFER_SIZE

The size of the buffer used for index blocks

32M (or 10% of available memory)

MYSQL_SORT_BUFFER_SIZE

The size of the buffer used for sorting

256K

MYSQL_READ_BUFFER_SIZE

The size of the buffer used for a sequential scan

8M (or 5% of available memory)

MYSQL_INNODB_BUFFER_POOL_SIZE

The size of the buffer pool where InnoDB caches table and index data

32M (or 50% of available memory)

MYSQL_INNODB_LOG_FILE_SIZE

The size of each log file in a log group

8M (or 15% of available memory)

MYSQL_INNODB_LOG_BUFFER_SIZE

The size of the buffer that InnoDB uses to write to the log files on disk

8M (or 15% of available memory)

MYSQL_DEFAULTS_FILE

Point to an alternative configuration file

/etc/my.cnf

MYSQL_BINLOG_FORMAT

Set sets the binlog format; supported values are row and statement

statement

When the MariaDB image is run with the --memory parameter set, values of the following parameters will be automatically calculated based on the available memory unless the parameters are explicitly specified:

Variable nameDefault memory percentage

MYSQL_KEY_BUFFER_SIZE

10%

MYSQL_READ_BUFFER_SIZE

5%

MYSQL_INNODB_BUFFER_POOL_SIZE

50%

MYSQL_INNODB_LOG_FILE_SIZE

15%

MYSQL_INNODB_LOG_BUFFER_SIZE

15%

You can also set the following mount point by passing the -v /host:/container option to the podman run command:

Volume Mount PointDescription

/var/lib/mysql/data

MySQL data directory

Note

When mounting a directory from the host into the container, ensure that the mounted directory has the appropriate permissions and that the owner and group of the directory matches the user UID or name which is running inside the container.

10.1.4. Extending the Image

See How to Extend the rhscl/mariadb-101-rhel7 Container Image, which is applicable also to rhscl/mariadb-102-rhel7 and rhscl/mariadb-103-rhel7.

10.2. MySQL

10.2.1. Description

The rhscl/mysql-80-rhel7 image provides a MySQL 8.0 SQL database server.

10.2.2. Access and Usage

To pull the rhscl/mysql-80-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/mysql-80-rhel7

To set only the mandatory environment variables and not store the database in a host directory, execute the following command:

# podman run -d --name mysql_database -e MYSQL_USER=<user> -e MYSQL_PASSWORD=<pass> \
  -e MYSQL_DATABASE=<db> -p 3306:3306 rhscl/mysql-80-rhel7

This will create a container named mysql_database running MySQL with database db and user with credentials user:pass. Port 3306 will be exposed and mapped to the host. If you want your database to be persistent across container executions, also add a -v /host/db/path:/var/lib/mysql/data argument. The directory /host/db/path will be the MySQL data directory.

If the database directory is not initialized, the entrypoint script will first run mysql_install_db and set up necessary database users and passwords. After the database is initialized, or if it was already present, mysqld is executed and will run as PID 1. You can stop the detached container by running the podman stop mysql_database command.

10.2.3. Configuration

The image recognizes the following environment variables that you can set during initialization by passing -e VAR=VALUE to the podman run command:

Variable NameDescription

MYSQL_USER

User name for MySQL account to be created

MYSQL_PASSWORD

Password for the user account

MYSQL_DATABASE

Database name

MYSQL_ROOT_PASSWORD

Password for the root user (optional)

Note

The root user has no password set by default, only allowing local connections. You can set it by setting the MYSQL_ROOT_PASSWORD environment variable when initializing your container. This will allow you to login to the root account remotely. Local connections will still not require a password. To disable remote root access, simply unset MYSQL_ROOT_PASSWORD and restart the container.

Important

Because passwords are part of the image configuration, the only supported method to change passwords for an unpriviledged user (MYSQL_USER) and the root user is by changing the environment variables MYSQL_PASSWORD and MYSQL_ROOT_PASSWORD, respectively. Changing database passwords through SQL statements or any other way will cause a mismatch between the values stored in the variables and the actual passwords. Whenever a database container starts, it will reset the passwords to the values stored in the environment variables.

The following environment variables influence the MySQL configuration file and are all optional:

Variable nameDescriptionDefault

MYSQL_LOWER_CASE_TABLE_NAMES

Sets how the table names are stored and compared

0

MYSQL_MAX_CONNECTIONS

The maximum permitted number of simultaneous client connections

151

MYSQL_MAX_ALLOWED_PACKET

The maximum size of one packet or any generated/intermediate string

200M

MYSQL_FT_MIN_WORD_LEN

The minimum length of the word to be included in a FULLTEXT index

4

MYSQL_FT_MAX_WORD_LEN

The maximum length of the word to be included in a FULLTEXT index

20

MYSQL_AIO

Controls the innodb_use_native_aio setting value in case the native AIO is broken. See http://help.directadmin.com/item.php?id=529

1

MYSQL_TABLE_OPEN_CACHE

The number of open tables for all threads

400

MYSQL_KEY_BUFFER_SIZE

The size of the buffer used for index blocks

32M (or 10% of available memory)

MYSQL_SORT_BUFFER_SIZE

The size of the buffer used for sorting

256K

MYSQL_READ_BUFFER_SIZE

The size of the buffer used for a sequential scan

8M (or 5% of available memory)

MYSQL_INNODB_BUFFER_POOL_SIZE

The size of the buffer pool where InnoDB caches table and index data

32M (or 50% of available memory)

MYSQL_INNODB_LOG_FILE_SIZE

The size of each log file in a log group

8M (or 15% of available memory)

MYSQL_INNODB_LOG_BUFFER_SIZE

The size of the buffer that InnoDB uses to write to the log files on disk

8M (or 15% of available memory)

MYSQL_DEFAULTS_FILE

Point to an alternative configuration file

/etc/my.cnf

MYSQL_BINLOG_FORMAT

Set sets the binlog format, supported values are row and statement

statement

MYSQL_LOG_QUERIES_ENABLED

To enable query logging, set this variable to 1

0

When the MySQL image is run with the --memory parameter set, values of the following parameters will be automatically calculated based on the available memory unless the parameters are explicitly specified:

Variable nameDefault memory percentage

MYSQL_KEY_BUFFER_SIZE

10%

MYSQL_READ_BUFFER_SIZE

5%

MYSQL_INNODB_BUFFER_POOL_SIZE

50%

MYSQL_INNODB_LOG_FILE_SIZE

15%

MYSQL_INNODB_LOG_BUFFER_SIZE

15%

You can also set the following mount point by passing the -v /host:/container option to the podman run command:

Volume Mount PointDescription

/var/lib/mysql/data

MySQL data directory

Note

When mounting a directory from the host into the container, ensure that the mounted directory has the appropriate permissions and that the owner and group of the directory matches the user UID or name which is running inside the container.

10.3. MongoDB

10.3.1. Description

The rhscl/mongodb-36-rhel7 image provides a MongoDB 3.6 NoSQL database server; the rhscl/mongodb-34-rhel7 image provides a MongoDB 3.4 NoSQL database server.

10.3.2. Access and Usage

To pull the rhscl/mongodb-36-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/mongodb-36-rhel7

To pull the rhscl/mongodb-34-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/mongodb-34-rhel7

To set only the mandatory environment variables and store the database in the /home/user/database directory on the host file system, execute the following command:

# podman run -d -e MONGODB_USER=<user> -e MONGODB_PASSWORD=<password> \
  -e MONGODB_DATABASE=<database> -e MONGODB_ADMIN_PASSWORD=<admin_password> \
  -v /home/user/database:/var/lib/mongodb/data <image_name>

If you are initializing the database and it is the first time you are using the specified shared volume, two databases will be created with two users: the admin database with the admin user, and the MONGODB_DATABASE with the MONGODB_USER. After that, the MongoDB daemon will be started. If you are re-attaching the volume to another container, the creation of the database user and admin user will be skipped and only the MongoDB daemon will be started.

The mongod deamon writes its logs to the standard output. To examine the container image log, use the podman logs <image_name> command.

10.3.3. Configuration

The image recognizes the following environment variables that you can set during initialization by passing -e VAR=VALUE to the podman run command:

Variable NameDescription

MONGODB_ADMIN_PASSWORD

Password for the admin user

MONGODB_USER

User name for the MONGODB account to be created

MONGODB_PASSWORD

Password for the user account

MONGODB_DATABASE

Database name

Note

The administrator user name is set to admin and you have to to specify the password by setting the MONGODB_ADMIN_PASSWORD environment variable. This process is done upon database initialization. The admin user has the dbAdminAnyDatabase, userAdminAnyDatabase, readWriteAnyDatabase, and clusterAdmin roles (see MongoDB reference for details). An unpriviledged user has only the readWrite role and needs to have a MONGODB_USER and MONGODB_PASSWORD environment variables set.

Important

Because passwords are part of the image configuration, the only supported method to change passwords for an unpriviledged user and the admin user is by changing the environment variables MONGODB_PASSWORD and MONGODB_ADMIN_PASSWORD, respectively. Changing database passwords directly in MongoDB will cause a mismatch between the values stored in the variables and the actual passwords. Whenever a database container image starts, it will reset the passwords to the values stored in the environment variables.

The following environment variable influences the MongoDB configuration file and is optional:

Variable NameDescriptionDefault

MONGODB_QUIET

Runs MongoDB in a quiet mode that attempts to limit the amount of output

true

You can also set the following mount point by passing the -v /host:/container option to the podman run command:

Volume Mount PointDescription

/var/lib/mongodb/data

MongoDB data directory

Note

When mounting a directory from the host into the container, ensure that the mounted directory has the appropriate permissions and that the owner and group of the directory matches the user UID or name which is running inside the container.

10.3.4. Extending the Image

The MongoDB image can be extended using source-to-image.

For example, to build a customized MongoDB database image my-mongodb-rhel7 with configuration in the ~/image-configuration/ directory, run:

$ s2i build ~/image-configuration/ rhscl/mongodb-36-rhel7 my-mongodb-rhel7

Change the image name to rhscl/mongodb-34-rhel7 when using this image.

The directory passed to the S2I build should contain one or more of the following directories:

mongodb-cfg/

When running the run-mongod or run-mongod-replication commands, the contained mongod.conf file is used for mongod configuration. The envsubst command is run on the mongod.conf file to still allow customization of the image using environment variables. A custom configuration file does not affect the name of a replica set; it has to be set in the MONGODB_REPLICA_NAME environment variable. It is impossible to configure SSL using a custom configuration file.

mongodb-pre-init/

The contained shell scripts (*.sh) are sourced before the mongod server is started.

mongodb-init/

The contained shell scripts (*.sh) are sourced when the mongod server is started for the first time, that is, when the data directory is empty. The run-mongod command does not have an enabled authentication in this phase. The run-mongod-replication command does have an enabled authentication in this phase.

mongodb-start/

Similar to mongodb-init/, except these scripts are always sourced (after the mongodb-init/ scripts, if they exist). These scripts are skipped if run-mongod-replication is run with an already initialized data directory.

The following variables can be used in the scripts provided to S2I:

mongo_common_args

Contains arguments for the mongod server. Note that changing this can break existing customization scripts, that is, the default scripts.

MEMBER_ID

Contains an ID of the container. It is defined only in scripts for replication (the run-mongod-replication command) and has a different value for each container image in a replica set cluster. Customization scripts are run by all container images in a replica set; MEMBER_ID can be used to write scripts which are run only by some containers.

During the S2I build, all provided files are copied into the /opt/app-root/src/ directory in the new image. If some configuration files are present in the destination directory, files with the same name are overwritten. Also, only one file with the same name can be used for customization. User-provided files are preferred over the default files in the /usr/share/container-scripts/mongodb/ directory, so it is possible to overwrite them.

The same configuration directory structure can be used to customize the image every time the image is started using the podman run command. The directory has to be mounted into /opt/app-root/src/ in the image by using the -v ./image-configuration/:/opt/app-root/src/ option. This overwrites the customization built into the image.

10.4. PostgreSQL

10.4.1. Description

The rhscl/postgresql-10-rhel7 image provides a PostgreSQL 10 SQL database server.

The rhscl/postgresql-96-rhel7 image provides a PostgreSQL 9.6 SQL database server.

10.4.2. Access and Usage

To pull the rhscl/postgresql-10-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/postgresql-10-rhel7

To pull the rhscl/postgresql-96-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/postgresql-96-rhel7

To set only the mandatory environment variables and not store the database in a host directory, execute the following command:

# podman run -d --name postgresql_database -e POSTGRESQL_USER=<user> \
  -e POSTGRESQL_PASSWORD=<pass> -e POSTGRESQL_DATABASE=<db> \
  -p 5432:5432 <image_name>

This will create a container named postgresql_database running PostgreSQL with database db and user with credentials user:pass. Port 5432 will be exposed and mapped to the host. If you want your database to be persistent across container executions, also add a -v /host/db/path:/var/lib/pgsql/data argument. This will be the PostgreSQL database cluster directory.

If the database cluster directory is not initialized, the entrypoint script will first run initdb and set up necessary database users and passwords. After the database is initialized, or if it was already present, postgres is executed and will run as PID 1. You can stop the detached container by running the podman stop postgresql_database command.

The the postgres daemon first writes its logs to the standard output. To examine the container image log, use the podman logs <image_name> command. Then the log output is redirected to the logging collector process and appears in the pg_log/ directory.

10.4.3. Configuration

The image recognizes the following environment variables that you can set during initialization by passing -e VAR=VALUE to the podman run command:

Variable NameDescription

POSTGRESQL_USER

User name for PostgreSQL account to be created

POSTGRESQL_PASSWORD

Password for the user account

POSTGRESQL_DATABASE

Database name

POSTGRESQL_ADMIN_PASSWORD

Password for the postgres admin account (optional)

Note

The postgres administrator account has no password set by default, only allowing local connections. You can set it by setting the POSTGRESQL_ADMIN_PASSWORD environment variable when initializing your container. This will allow you to login to the postgres account remotely. Local connections will still not require a password.

Important

Since passwords are part of the image configuration, the only supported method to change passwords for the database user and postgres admin user is by changing the environment variables POSTGRESQL_PASSWORD and POSTGRESQL_ADMIN_PASSWORD, respectively. Changing database passwords through SQL statements or any way other than through the environment variables aforementioned will cause a mismatch between the values stored in the variables and the actual passwords. Whenever a database container image starts, it will reset the passwords to the values stored in the environment variables.

The following options are related to migration:

Variable NameDescriptionDefault

POSTGRESQL_MIGRATION_REMOTE_HOST

Hostname/IP to migrate from

 

POSTGRESQL_MIGRATION_ADMIN_PASSWORD

Password for the remote postgres admin user

 

POSTGRESQL_MIGRATION_IGNORE_ERRORS

Optional: Ignore sql import errors

no

The following environment variables influence the PostgreSQL configuration file and are all optional:

Variable NameDescriptionDefault

POSTGRESQL_MAX_CONNECTIONS

The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.

100

POSTGRESQL_MAX_PREPARED_TRANSACTIONS

Sets the maximum number of transactions that can be in the "prepared" state. If you are using prepared transactions, you will probably want this to be at least as large as max_connections

0

POSTGRESQL_SHARED_BUFFERS

Sets how much memory is dedicated to PostgreSQL to use for caching data

32M

POSTGRESQL_EFFECTIVE_CACHE_SIZE

Set to an estimate of how much memory is available for disk caching by the operating system and within the database itself

128M

Note

When the PostgreSQL image is run with the --memory parameter set and if there are no values provided for POSTGRESQL_SHARED_BUFFERS and POSTGRESQL_EFFECTIVE_CACHE_SIZE, these values are automatically calculated based on the value provided in the --memory parameter. The values are calculated based on the upstream formulas and are set to 1/4 and 1/2 of the given memory, respectively.

You can also set the following mount point by passing the -v /host:/container option to the podman run command:

Volume Mount PointDescription

/var/lib/pgsql/data

PostgreSQL database cluster directory

Note

When mounting a directory from the host into the container, ensure that the mounted directory has the appropriate permissions and that the owner and group of the directory matches the user UID or name which is running inside the container.

Unless you use the -u option with the podman run command, processes in containers are usually run under UID 26. To change the data directory permissions, use the following command:

$ setfacl -m u:26:-wx /your/data/dir
$ podman run <...> -v /your/data/dir:/var/lib/pgsql/data:Z <...>

10.4.4. Data Migration

PostgreSQL container images support migration of data from a remote PostgreSQL server. Use the following command and change the image name and add optional configuration variables when necessary:

$ podman run -d --name postgresql_database \
    -e POSTGRESQL_MIGRATION_REMOTE_HOST=172.17.0.2 \
    -e POSTGRESQL_MIGRATION_ADMIN_PASSWORD=remoteAdminP@ssword \
    [ OPTIONAL_CONFIGURATION_VARIABLES ]
    rhscl/postgresql-96-rhel7

The migration is done the dump and restore way (running pg_dumpall against a remote cluster and importing the dump locally by psql). Because the process is streamed (unix pipeline), there are no intermediate dump files created during this process to not waste additional storage space.

If some SQL commands fail during applying, the default behavior of the migration script is to fail as well to ensure the "all or nothing" result of a scripted, unattended migration. In most common cases, successful migration is expected (but not guaranteed), given you migrate from a previous version of PostgreSQL server container, which is created using the same principles - for example, migration from rhscl/postgresql-96-rhel7 to rhscl/postgresql-10-rhel7. Migration from a different kind of PostgreSQL container image will likely fail.

If this "all or nothing" principle is inadequate for you, there is an optional POSTGRESQL_MIGRATION_IGNORE_ERRORS option which peforms "best effort" migration. However, some data might be lost and it is up to the user to review the standard error output and fix issues manually in the post-migration time.

Note

The container image provides migration help for users' convenience, but fully automatic migration is not guaranteed. Thus, before you start proceeding with the database migration, you will need to perform manual steps to get all your data migrated.

You might not use variables such as POSTGRESQL_USER in the migration scenario. All data (including information about databases, roles, or passwords) are copied from the old cluster. Ensure that you use the same optional configuration variables as you used for initialization of the old PostgreSQL container image. If some non-default configuration is done on a remote cluster, you might need to copy the configuration files manually, too.

Warning

The IP communication between the old and the new PostgreSQL clusters is not encrypted by default, it is up to the user to configure SSL on a remote cluster or ensure security using different means.

10.4.5. Upgrading the Database

Warning

Before you decide to perform the data directory upgrade, make sure you have backed up all your data. Note that you may need to manually roll back if the upgrade fails.

The PostreSQL image supports automatic upgrade of a data directory created by the PostgreSQL server version provided by the previous rhscl image, for example, the rhscl/postgresql-10-rhel7 image supports upgrading from rhscl/postgresql-96-rhel7. The upgrade process is designed so that you should be able to just switch from image A to image B, and set the $POSTGRESQL_UPGRADE variable appropriately to explicitly request the database data transformation.

The upgrade process is internally implemented using the pg_upgrade binary, and for that purpose the container needs to contain two versions of PostgreSQL server (see the pg_upgrade man page for more information).

For the pg_upgrade process and the new server version, it is necessary to initialize a new data directory. This data directory is created automatically by the container tooling in the /var/lib/pgsql/data/ directory, which is usually an external bind-mountpoint. The pg_upgrade execution is then similar to the dump and restore approach. It starts both the old and the new PostgreSQL servers (within the container) and "dumps" the old data directory and, at the same time, it "restores" it into new data directory. This operation requires a lot of data files copying. Set the $POSTGRESQL_UPGRADE variable accordingly based on what type of upgrade you choose:

copy

The data files are copied from the old data directory to the new directory. This option has a low risk of data loss in case of an upgrade failure.

hardlink

Data files are hard-linked from the old to the new data directory, which brings performance optimization. However, the old directory becomes unusable, even in case of a failure.

Note

Make sure you have enough space for the copied data. Upgrade failure because of insufficient space might lead to a data loss.

10.4.6. Extending the Image

The PostgreSQL image can be extended using using source-to-image.

For example, to build a customized new-postgresql image with configuration in the ~/image-configuration/ directory, use the following command:

$ s2i build ~/image-configuration/ postgresql new-postgresql

The directory passed to the S2I build should contain one or more of the following directories:

postgresql-pre-start/

Source all *.sh files from this directory during an early start of the container. There is no PostgreSQL daemon running in the background.

postgresql-cfg/

Contained configuration files (*.conf) will be included at the end of the image’s postgresql.conf file.

postgresql-init/

Contained shell scripts (*.sh) are sourced when the database is freshly initialized (after successful initdb run, which made the data directory non-empty). At the time of sourcing these scripts, the local PostgreSQL server is running. For re-deployments scenarios with persistent data directory, the scripts are not sourced (no-op).

postgresql-start/

Similar to postgresql-init/, except these scripts are always sourced (after the postgresql-init/ scripts, if they exist).

During the S2I build, all provided files are copied into the /opt/app-root/src/ directory in the new image. Only one file with the same name can be used for customization, and user-provided files are preferred over default files in the /usr/share/container-scripts/ directory, so it is possible to overwrite them.

10.5. Redis

10.5.1. Description

The rhscl/redis-5-rhel7 image provides Redis 5, an advanced key-value store. The image is based on the rh-redis5 Software Collection.

10.5.2. Access

To pull the rhscl/redis-5-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/redis-5-rhel7

10.5.3. Configuration and Usage

To set only the mandatory environment variables and not store the database in a host directory, run:

# podman run -d --name redis_database -p 6379:6379 rhscl/redis-5-rhel7

This command creates a container named redis_database. Port 6379 is exposed and mapped to the host.

The following environment variable influences the Redis configuration file and is optional:

Variable NameDescription

REDIS_PASSWORD

Password for the server access

To set a password, run:

# podman run -d --name redis_database -e REDIS_PASSWORD=strongpassword rhscl/redis-5-rhel7
Important

Use a very strong password because Redis is fast and thus can become a target of a brute-force attack.

To make your database persistent across container executions, add the -v /host/db/path:/var/lib/redis/data:Z option to the podman run command.

Volume Mount PointDescription

/var/lib/redis/data

Redis data directory

Note

When mounting a directory from the host into the container, ensure that the mounted directory has the appropriate permissions and that the owner and group of the directory matches the user UID or name that is running inside the container.

To examine the container image log, use the podman logs <image_name> command.

Chapter 11. Red Hat Developer Toolset Images

Red Hat Developer Toolset is a Red Hat offering for developers on the Red Hat Enterprise Linux platform. It provides a complete set of development and performance analysis tools that can be installed and used on multiple versions of Red Hat Enterprise Linux. Executables built with the Red Hat Developer Toolset toolchain can then also be deployed and run on multiple versions of Red Hat Enterprise Linux. For detailed compatibility information, see Red Hat Developer Toolset 8 User Guide and Red Hat Developer Toolset 7 User Guide.

11.1. Running Red Hat Developer Toolset Tools from Pre-Built Container Images

To display general usage information for pre-built Red Hat Developer Toolset container images that you have already pulled to your local machine, run the following command as root:

# podman run image_name usage

To launch an interactive shell within a pre-built container image, run the following command as root:

# podman run -ti image_name /bin/bash -l

In both of the above commands, substitute the image_name parameter with the name of the container image you pulled to your local system and now want to use.

For example, to launch an interactive shell within the container image with selected toolchain components, run the following command as root:

# podman run -ti rhscl/devtoolset-7-toolchain-rhel7 /bin/bash -l

Example 11.1. Using GCC in the Pre-Built Red Hat Developer Toolset Toolchain Image

This example illustrates how to obtain and launch the pre-built container image with selected toolchain components of the Red Hat Developer Toolset and how to run the gcc compiler within that image.

  1. Make sure you have a container environment set up properly on your system by following instructions at Using podman to work with containers in the Managing Containers document.
  2. Pull the pre-built toolchain Red Hat Developer Toolset container image from the official Red Hat Container Registry:

    # podman pull rhscl/devtoolset-7-toolchain-rhel7
  3. To launch the container image with an interactive shell, issue the following command:

    # podman run -ti rhscl/devtoolset-7-toolchain-rhel7 /bin/bash -l
  4. To launch the container as a regular (non-root) user, use the sudo command. To map a directory from the host system to the container file system, include the -v (or --volume) option in the podman command:

    $ sudo podman run -v ~/Source:/src -ti rhscl/devtoolset-7-toolchain-rhel7 /bin/bash -l

    In the above command, the host’s ~/Source/ directory is mounted as the /src/ directory within the container.

  5. Once you are in the container’s interactive shell, you can run Red Hat Developer Toolset tools as expected. For example, to verify the version of the gcc compiler, run:

    bash-4.2$ gcc -v
    [...]
    gcc version 6.3.1 20170216 (Red Hat 6.3.1-3) (GCC)

11.2. Using Container Images Built from Dockerfiles

Dockerfiles are available for selected Red Hat Developer Toolset components. Dockerfiles are text files that contain instructions for automated building of container images.

Red Hat Developer Toolset 7.1 for Red Hat Enterprise Linux 7 is distributed with the following Dockerfiles:

  • devtoolset-7-toolchain
  • devtoolset-7-perftools

Red Hat Developer Toolset 8.1 for Red Hat Enterprise Linux 7 is distributed with the following Dockerfiles:

  • devtoolset-8-toolchain
  • devtoolset-8-perftools

11.2.1. Obtaining Dockerfiles

The Red Hat Developer Toolset Dockerfiles are provided in the Red Hat Container Catalog. Every tagged container image is provided with the Dockerfile used to build it.

To get the Dockerfiles, follow this procedure:

  1. Open the Red Hat Container Catalog page website for the latest container image in the Red Hat Developer Toolset version you want:

  2. Copy the Dockerfile contents from the webpage.
  3. Paste the text to a suitably named plain text file on your system.
Note

Previously, Red Hat Developer Toolset Dockerfiles were provided by the package devtoolset-8-dockerfiles. This package has been removed in Red Hat Developer Toolset version 8.1.

11.2.2. Building Container Images

Change to the directory where the Dockerfile is installed and run the following command as root:

# podman build -t image_name

Replace image_name with the desired name for the new image.

Example 11.2. Building a Container Image with a Red Hat Developer Toolset Component

To build a container image for deploying the perftools tools from Red Hat Developer Toolset 8.1 in a container, follow the instructions below:

  1. Make sure you have a container environment set up properly on your system by following instructions at Using podman to work with containers in the Managing Containers document.
  2. Copy the Dockerfile contents text from the Red Hat Container Catalog page for Red Hat Developer Toolset 8.1 perftools image.
  3. Paste the text into a text editor and save it as the file /home/user/devtoolset-8-toolchain-rhel7/Dockerfile

    Replace user with name of the current user. To determine this value, run the whoami command in the terminal.

  4. Change to the directory with the file:

    # cd /home/user/devtoolset-8-toolchain-rhel7/
  5. Build the container image:

    # podman build -t devtoolset-8-my-perftools .

    Replace devtoolset-8-my-perftools with the name you wish to assign to your resulting container image.

11.2.3. Running Red Hat Developer Toolset Tools from Custom-Built Container Images

To display general usage information for images built from Red Hat Developer Toolset Dockerfiles (see Section 11.2.2, “Building Container Images”), run the following command as root:

podman run image_name container-usage

To launch an interactive shell within a container image you built, run the following command as root:

podman run -ti image_name /bin/bash -l

In both of the above commands, substitute the image_name parameter with the name of the container image you chose when building it.

Example 11.3. Using elfutils in a Custom-Built Red Hat Developer Toolset Image

This example illustrates how to launch a custom-built container image with the elfutils component and how to run the eu-size tool within that image.

  1. To launch the container image with an interactive shell, issue the following command:

    # podman run -ti devtoolset-7-my-perftools /bin/bash -l
  2. To launch the container as a regular (non-root) user, use the sudo command. To map a directory from the host system to the container file system, include the -v (or --volume) option in the podman command:

    $ sudo podman run -v ~/Source:/src -ti devtoolset-7-my-perftools /bin/bash -l

    In the above command, the host’s ~/Source/ directory is mounted as the /src/ directory within the container.

  3. Once you are in the container’s interactive shell, you can run Red Hat Developer Toolset tools as expected. For example, to verify the version of the eu-size tool, run:

    bash-4.2$ eu-size -V
    size (elfutils) 0.168
    [...]

11.3. Additional Resources

For more information about Red Hat Developer Toolset, see the following online resources:

11.4. Red Hat Developer Toolset Toolchain

11.4.1. Description

The Red Hat Developer Toolset Toolchain images provide the GNU Compiler Collection (GCC) and GNU Debugger (GDB).

The rhscl/devtoolset-8-toolchain-rhel7 image provides content corresponding to the following packages:

ComponentVersionPackage

gcc

8.3.1

devtoolset-8-gcc

g++

devtoolset-8-gcc-c++

gfortran

devtoolset-8-gcc-fortran

gdb

8.2

devtoolset-8-gdb

Additionally, the devtoolset-8-binutils package is included as a dependency.

The rhscl/devtoolset-7-toolchain-rhel7 image provides content corresponding to the following packages:

ComponentVersionPackage

gcc

7.3.1

devtoolset-7-gcc

g++

devtoolset-7-gcc-c++

gfortran

devtoolset-7-gcc-fortran

gdb

8.0.1

devtoolset-7-gdb

Additionally, the devtoolset-7-binutils package is included as a dependency.

11.4.2. Access

To pull the rhscl/devtoolset-8-toolchain-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/devtoolset-8-toolchain-rhel7

To pull the rhscl/devtoolset-7-toolchain-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/devtoolset-7-toolchain-rhel7

11.5. Red Hat Developer Toolset Performance Tools

11.5.1. Description

The Red Hat Developer Toolset Performance Tools images provide a number of profiling and performance measurement tools.

The rhscl/devtoolset-8-perftools-rhel7 image provides the following components:

ComponentVersionPackage

dwz

0.12

devtoolset-8-dwz

Dyninst

9.3.2

devtoolset-8-dyninst

elfutils

0.176

devtoolset-8-elfutils

ltrace

0.7.91

devtoolset-8-ltrace

make

4.2.1

devtoolset-8-make

memstomp

0.1.5

devtoolset-8-memstomp

OProfile

1.3.0

devtoolset-8-oprofile

strace

4.24

devtoolset-8-strace

SystemTap

3.3

devtoolset-8-systemtap

Valgrind

3.14.0

devtoolset-8-valgrind

Additionally, the devtoolset-8-gcc and devtoolset-8-binutils packages are included as a dependency.

The rhscl/devtoolset-7-perftools-rhel7 image provides the following components:

ComponentVersionPackage

dwz

0.12

devtoolset-7-dwz

Dyninst

9.3.2

devtoolset-7-dyninst

elfutils

0.170

devtoolset-7-elfutils

ltrace

0.7.91

devtoolset-7-ltrace

make

4.2.1

devtoolset-7-make

memstomp

0.1.5

devtoolset-7-memstomp

OProfile

1.2.0

devtoolset-7-oprofile

strace

4.17

devtoolset-7-strace

SystemTap

3.1

devtoolset-7-systemtap

Valgrind

3.13.0

devtoolset-7-valgrind

Additionally, the devtoolset-7-gcc and devtoolset-7-binutils packages are included as a dependency.

11.5.2. Access

To pull the rhscl/devtoolset-8-perftools-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/devtoolset-8-perftools-rhel7

To pull the rhscl/devtoolset-7-perftools-rhel7 image, run the following command as root:

# podman pull registry.access.redhat.com/rhscl/devtoolset-7-perftools-rhel7

11.5.3. Usage

Using the SystemTap Tool from Container Images

When using the SystemTap tool from a container image, additional configuration is required, and the container needs to be run with special command-line options.

The following three conditions need to be met:

  1. The image needs to be run with super-user privileges. To do this, run the image using the following command:

    ~]$ podman run --ti --privileged --ipc=host --net=host --pid=host devtoolset-7-my-perftools /bin/bash -l

    To use the pre-built perftools image, substitute the image name for devtoolset-7-perftools-rhel7 in the above command.

  2. The following kernel packages need to be installed in the container:

    • kernel
    • kernel-devel
    • kernel-debuginfo

      The version and release numbers of the above packages must match the version and release numbers of the kernel running on the host system. Run the following command to determine the version and release numbers of the hosts system’s kernel:

      ~]$ uname -r
      3.10.0-514.10.2.el7.x86_64

      Note that the kernel-debuginfo package is only available from the Debug channel. Enable the rhel-7-server-debug-rpms repository as described in TODO WHERE. For more information on how to get access to debuginfo packages, see https://access.redhat.com/site/solutions/9907.

      To install the required packages with the correct version, use the yum package manager and the output of the uname command. For example, to install the correct version of the kernel package, run the following command as root:

      ~]# yum install -y kernel-$(uname -r)
  3. Save the container to a reusable image by executing the podman commit command. To save a custom-built SystemTap container:

    ~]$ podman commit devtoolset-7-systemtap-$(uname -r)

Chapter 12. Compiler Toolset Images

Red Hat Developer Tools container images are available for the AMD64 and Intel 64, IBM Z, and IBM POWER, little endian architectures for the following compiler toolsets:

  • Clang and LLVM Toolset
  • Rust Toolset
  • Go Toolset

For details, see the Red Hat Developer Tools documentation.

Chapter 13. Revision History

VersionDateChangeAuthor

0.1-1

Jun 11 2019

Release of Using Red Hat Software Collections 3.3 Container Images.

Lenka Špačková

0.1-0

Apr 16 2019

Release of Using Red Hat Software Collections 3.3 Beta Container Images.

Lenka Špačková

0.0-9

Nov 13 2018

Release of Using Red Hat Software Collections 3.2 Container Images.

Lenka Špačková

0.0-8

Oct 23 2018

Release of Using Red Hat Software Collections 3.2 Beta Container Images.

Lenka Špačková

0.0-8

Aug 29 2018

Added a known issue related to SystemTap in devtoolset-6-perftools.

Lenka Špačková

0.0-7

May 10 2018

Extended MongoDB image documentation.

Lenka Špačková

0.0-6

May 03 2018

Release of Using Red Hat Software Collections 3.1 Container Images.

Lenka Špačková

0.0-5

Apr 04 2018

Release of Using Red Hat Software Collections 3.1 Beta Container Images.

Lenka Špačková

0.0-3

Nov 29 2017

Added the Extending Existing Container Images section.

Lenka Špačková

0.0-2

Oct 24 2017

Release of Using Red Hat Software Collections 3.0 Container Images.

Lenka Špačková

0.0-1

Oct 03 2017

Release of Using Red Hat Software Collections 3.0 Beta Container Images.

Lenka Špačková

Legal Notice

Copyright © 2019 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.