cancel
Showing results for 
Search instead for 
Did you mean: 
spurs
Flight Engineer
Flight Engineer
  • 6,450 Views

Container image on the exam

Jump to solution

During the practice myself, I usually run the container image that was given from the questions.

Likewise, am I supposed to be given a specific container image from the question on the exam? 

If yes, just do 'podman run (whatever conf like port, name, bind-mounting) given imagename'?

Another question is that I know it's important to change ownership of directory when mounting container from hostdir to containerdir. For ex, /home/user/mysql:/var/lib/mysql:Z, in this case, the ownership of mysql dir must be appropriately configured. I used podman inspect imagename |grep User so that I can get UID GID. However, the UID of the above command will only show up once container is running. How can I get the proper UID for directory before running container?

Lastly, I'm wondering what exactly these port do in this command 'podman run -p 8080:80 ~~~~'

Thank you!

 

4 Solutions

Accepted Solutions
Chetan_Tiwary_
Community Manager
Community Manager
  • 3,306 Views

Regarding the UID & GID , use "podman image inspect <image-url>  and check under "User" & "History" parameter :

Chetan_Tiwary__0-1690375653098.png

 

to get UID and GID , run a temporary container with id as shown below : 

Chetan_Tiwary__1-1690375706345.png

********************************************************************************************

Now the second question : PODMAN UNSHARE CHOWN :

podman unshare chown command creates a new user namespace, which is a way of isolating the user ID and group ID of a process from the rest of the system and change the ownership of a directory. 

The UID and GID matching configuration does not occur the same way in a rootless container. In a rootless container, the user has root access from within the container, because Podman launches a container inside the user namespace.

You can use the podman unshare command to run a command inside the user namespace

Understand this with an example :  

You use the podman exec command to view the mysql user UID and GID inside the container (db01 ) that is running with ephemeral storage.

[user@host ~]$ podman exec -it db01 grep mysql /etc/passwd
mysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologin


You decide to mount the /home/user/db_data directory into the db01 container to provide persistent storage on the /var/lib/mysql directory of the container.

You then create the /home/user/db_data directory, and use the podman unshare command to set the user namespace UID and GID of 27 as the owner of the directory.

[user@host ~]$ mkdir /home/user/db_data
[user@host ~]$ podman unshare chown 27:27 /home/user/db_data

Then run the container successfully :

podman run -d --name db01 -e MYSQL....... -v /home/user/db_data:/var/lib/mysql:Z 
registry.lab.example.com/rhel8/mariadb-105

Refer this article for detailed answer : https://www.redhat.com/sysadmin/rootless-podman-makes-sense 

View solution in original post

Tags (3)
Chetan_Tiwary_
Community Manager
Community Manager
  • 3,298 Views

Yes, The podman run --rm command is used to run a container and automatically remove the container when it exits.

View solution in original post

0 Kudos
spurs
Flight Engineer
Flight Engineer
  • 6,294 Views

The error is that after I ran the container, I couldn't see the UID

spurs_0-1690764959954.png

 

Could anyone give a solution?

View solution in original post

0 Kudos
tnishiok
Flight Engineer
Flight Engineer
  • 6,226 Views

Hi @spurs

I think the "User" field comes from either the "USER" instruction inside of Containerfile/Dockerfile or "podman run --user xxx" option. I guess you are using "docker.io/library/mariadb" then neigher of them will be applied. You may want to try the mariadb-105 image from Red Hat. That Containerfile has specified the USER instruction. 

USER 27

ENTRYPOINT ["container-entrypoint"]
CMD ["run-mysqld"]

Thereby the podman inspect command can retrieve the UID.

shell.jpg

Same for that RH mysql image. The "Get this image" tab will guide you how to pull the image.

View solution in original post

0 Kudos
15 Replies
Chetan_Tiwary_
Community Manager
Community Manager
  • 3,322 Views

Hello @spurs !
Thanks for reaching out !

If you have done enough practice in the labs and have learnt the concepts well - you won't find any difficulties in executing the same thing in the exam as well. 

Next, podman run -p 8080:80.....  is port forwarding mechanism 

-p <host_port>:<container_port>  

means The <host_port> is the port on the host that you want to map to the container. The <container_port> is the port on the container that you want to expose.

if you have a web application running in a container on your local machine, and you want to be able to access it from another machine on your network, you can use the -p flag to map port 8080 on your local machine to port 80 on the container. This way, when you access localhost:8080 from another machine on your network, you will be forwarded to the web application running in the container.

Refer : https://docs.openshift.com/container-platform/4.9/nodes/containers/nodes-containers-port-forwarding.... 

 

Tags (2)
spurs
Flight Engineer
Flight Engineer
  • 3,314 Views

Cool, thank you so much.

I think I pretty got most topics related to container, but not changing ownership (podman unshare chown).

When exactly do I need to use this command? is it necessary whenever I mount hostdir:containerdir?

Chetan_Tiwary_
Community Manager
Community Manager
  • 3,307 Views

Regarding the UID & GID , use "podman image inspect <image-url>  and check under "User" & "History" parameter :

Chetan_Tiwary__0-1690375653098.png

 

to get UID and GID , run a temporary container with id as shown below : 

Chetan_Tiwary__1-1690375706345.png

********************************************************************************************

Now the second question : PODMAN UNSHARE CHOWN :

podman unshare chown command creates a new user namespace, which is a way of isolating the user ID and group ID of a process from the rest of the system and change the ownership of a directory. 

The UID and GID matching configuration does not occur the same way in a rootless container. In a rootless container, the user has root access from within the container, because Podman launches a container inside the user namespace.

You can use the podman unshare command to run a command inside the user namespace

Understand this with an example :  

You use the podman exec command to view the mysql user UID and GID inside the container (db01 ) that is running with ephemeral storage.

[user@host ~]$ podman exec -it db01 grep mysql /etc/passwd
mysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologin


You decide to mount the /home/user/db_data directory into the db01 container to provide persistent storage on the /var/lib/mysql directory of the container.

You then create the /home/user/db_data directory, and use the podman unshare command to set the user namespace UID and GID of 27 as the owner of the directory.

[user@host ~]$ mkdir /home/user/db_data
[user@host ~]$ podman unshare chown 27:27 /home/user/db_data

Then run the container successfully :

podman run -d --name db01 -e MYSQL....... -v /home/user/db_data:/var/lib/mysql:Z 
registry.lab.example.com/rhel8/mariadb-105

Refer this article for detailed answer : https://www.redhat.com/sysadmin/rootless-podman-makes-sense 

Tags (3)
spurs
Flight Engineer
Flight Engineer
  • 3,300 Views

Great! This is what I wanted to see the UID & GID, container can be temporarily run. 

what's the 'podman run --rm~' in the picture? Is it going to remove the container after run? 

Chetan_Tiwary_
Community Manager
Community Manager
  • 3,299 Views

Yes, The podman run --rm command is used to run a container and automatically remove the container when it exits.

0 Kudos
spurs
Flight Engineer
Flight Engineer
  • 3,277 Views

Thank you! 

Then, to know UID & GID, I can run podman run --rm > change ownership of dir or file > run container again

Is this correct?

Chetan_Tiwary_
Community Manager
Community Manager
  • 3,270 Views

Yes , as I mentioned earlier. 

spurs
Flight Engineer
Flight Engineer
  • 3,232 Views

Hello! 

I got other errors while I was practising at home.

the first error is [operation not permitted]

spurs_0-1690424586589.png

I know it should be rootless, but still, I tried sudo after seeing the error and didn't work at all.

The second error is that after I ran the container, I couldn't see the UID

spurs_1-1690424731043.png

 

+I found out that I created /mydb as lisa with using sudo. So the path /home/lisa/mydb didn't show up as well. However, if I don't use sudo as lisa I can't create a directory..

 

0 Kudos
Chetan_Tiwary_
Community Manager
Community Manager
  • 3,178 Views

Hello @spurs !

As I explained above , dont use grep User , try the command : podman image inspect mysql 

and check under User or History :

 

Chetan_Tiwary__0-1690805405205.png

for the UID and GID you should run a temporary container with id argument : example like this :

podman run --rm mysql id 

Join the discussion
You must log in to join this conversation.