Author: <span class="vcard">kenio.carvalho</span>

Podman Pods are very similar to Kubernetes pods in a way that they can have more than one container.

Every Podman pod contains one infra container by default. This container is responsible for associating the names space with the pod and allowing podman to connect the containers to another pod.

Create a Pod using Podman

The first step is to create a Pod using podman:

sudo podman pod create –name <podname>

For our example we will create a pod with the name wp-pod

sudo podman pod create -p 8080:80 --name wp-pod

After creating the Pod you can see the infra container using the command:

sudo podman pod ps -a --pod

Note that host port 8080 has been redirected to port 80 of the pod. Pod port settings should always be made when creating the pod. You cannot reset this later.

Adding containers to a Pod

To add a container to a pod we use the –pod option when using the comand podman run.

sudo podman run -d --name <container name> --pod <podname> <imagename>

Creating a container using the mariadb image

To run the workpress we need a database. In this case I will use the image of mariadb and add it in the pod wp-pod

sudo podman run -d --restart=always –-pod wp-pod \

-e MYSQL_ROOT_PASSWORD="myrootpass" \

-e MYSQL_DATABASE="wpdb" \

-e MYSQL_USER="wpuser" \

-e MYSQL_PASSWORD="w0rdpr3ss" \

--name=wp-db registry.access.redhat.com/rhscl/mariadb-100-rhel7

Next we will create a wordpress container, add it to the pod and connect it to the previously created database.

sudo podman run -d --restart=always --pod wp-pod \

-e WORDPRESS_DB_NAME="wpdb" \

-e WORDPRESS_DB_USER="wpuser" \

-e WORDPRESS_DB_PASSWORD="w0rdpr3ss" \

-e WORDPRESS_DB_HOST="127.0.0.1" --name wp-web wordpress

To verify that if everything is working, run:

 curl http://localhost:8080/wp-admin/install.php.

The text corresponding to an html  page will appear in the console:

!DOCTYPE html><html lang="en-US" xml:lang="en-US"><head>

<meta name="viewport" content="width=device-width" /> 

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />     

  <meta name="robots" content="noindex,nofollow" /> 

  <title>WordPress &rsaquo; Installation</title>

  <link rel='stylesheet' id='dashicons-css'  href='http://localhost:8080/wp-includes/css/dashicons.min.css?ver=5.8.2' type='text/css' media='all' />…

So far, we have a pod with 3 containers: infra, wp-db and wp-web.  The pod is running as root and also does not have a volume associated for data persistence.

Rootless Podman

Rootless podman (running Podman as a non-root user) needs to do some gymnastics to get the same container experience you’re familiar with from docker, but without requiring root.

When you run rootless podman, it uses a user namespace to map between the user IDs in the container and the user IDs on your host.

All rootless containers run by you, are run inside the same user namespace.

By using the same user namespace, your containers can share resources with each other, without needing to ask for root privileges.

It uses this user namespace to mount filesystems, or run a container which accesses more than one user ID (UID) or group ID (GID).

This mapping is fine for most situations, except when the container needs to be able to share something with the host, like a volume.

When the container runs, any volumes which are shared with it, will appear inside the user namespace as owned by root/root.

Because the mapping will map your UID on the host (e.g. 1000) as root (0) in the container.

This means that if you’re running your container process as a non-root user, it won’t be able to write to that directory and I don’t want to disable SELinux.

This is where podman unshare comes in.

Running WP-POD as a rootless POD and use a volume to persist data

First we need to create a directory so that it can be used by the container

mkdir /home/<username>/dbfiles

Using the podman inspect command we can see that the mariadb container uses user 27

We then execute the command:  podman unshare chown 27:27 -R /home/kenio/dbfiles

To remove the previously created pod:

sudo  podman pod stop wp-pod

sudo podman pod rm wp-pod

Perform the following steps to create the wp-pod as rootless:

podman pod create --name=wp-pod -p 8080:80

podman run -d --restart=always \

-v /home/kenio/dbfiles:/var/lib/mysql/data:Z --pod wp-pod \

-e MARIADB_ROOT_PASSWORD="password" \

-e MYSQL_ROOT_PASSWORD="password" \

-e MYSQL_DATABASE="wpdb" \

-e MYSQL_USER="wpuser" \

-e MYSQL_PASSWORD="w0rdpr3ss"  \

--name=wp-db registry.access.redhat.com/rhscl/mariadb-100-rhel7

 

Note that I add the :Z flag to the volume. This tells Podman to label the volume content as “private unshared” with SELinux.

This label allows the container to write to the volume, but doesn’t allow the volume to be shared with other containers.

 

podman run  -d --restart=always --pod=wp-pod \

-e WORDPRESS_DB_NAME="wpdb" \

-e WORDPRESS_DB_USER="wpuser" \

-e WORDPRESS_DB_PASSWORD="w0rdpr3ss" \

-e WORDPRESS_DB_HOST="127.0.0.1" --name wp-web wordpress

Use curl://localhost:8080/wp-admin/install.php and verify if everything is running.

Use podman logs –names <container name> para verificar os logs dos containers

I am using RHEL 8.3 and podman is version 3.2.3

If you want to access the worpress pod from external machine, in my case, I need to setup the firewall:

sudo firewall-cmd --add-port=8080/tcp --permanent

sudo firewall-cmd –reload

 

Many thanks for Tone Donohue for his article about rootless podman.

https://www.tutorialworks.com/podman-rootless-volumes/

docker Linux podman

Linux Containers have emerged as a key open source application packaging and delivery technology, combining lightweight application isolation with the flexibility of image-based deployment methods.

Red Hat Enterprise Linux (RHEL) base images are meant to form the foundation for the container images you build. As of April 2019, new Universal Base Image (UBI) versions of RHEL standard, minimal, init, and Red Hat Software Collections images are available that add to those images the ability to be freely redistributed.

RHEL minimal images provide a base for your own container images that is less than half the size of the standard image, while still being able to draw on RHEL software repositories and maintain any compliance requirements your software has.

Building custom images using Containerfile or Dokerfile  sometimes you need to install packages on top of the minimal images of RHEL.  You need to use microdnf to install things not dnf /yum.

Answer: As minimal as stated: no Python and no Python module dependencies. Which are quite many packages to think of it.

I suppose the actual gap will come also from the fact of not using Python:

  • There is no Python interface, and thus you can’t invoke microdnf from a Python code using a consistent API. You’ll have to resort to using the subprocess Python module
  • Actual dnf can be expanded with many additional commands provided by the dnf-plugins-core and other plugin packages. You may not expect any of those features in microdnf. They will hardly ever make it to microdnf.

 

 

 

openshift

Today I received a notice on my computer about  another Docker Desktop update, but this time a new agreement had to be accepted as now for professional use there is a subscription.
I saw many people commenting about this when the new licensing model was announced and since Kubernetes will no longer support the Docker Container Engine, I decided to remove Docker Desktop from my MAC and install Podman.

To remove the Docker Desktop I used this article and to install Podman I used the following steps:

  • brew install podman
  • podman machine init
  • podman machine start

Use podman info to see if everything is ok.

Linux

Today i will install Code Ready. You can install Openshift on your laptop. See this link . My RHEL 8.4 VM has a small disk and first i need to resize the disk and then install CodeReady

Using this commands i change from 20 GB to 50GB disk

First you need to locate the vm disk with the command

sudo virsh domblklist rhel8-1

the output was:

Target Source
——————————————————-
vda /var/lib/libvirt/images/rhel8-2-clone.qcow2
sda –

To resize the disk the VM must be not running and must not have a snapshot.

Just type this command and add 30GB

sudo qemu-img resize /var/lib/libvirt/images/rhel8-2-clone.qcow2 +30G

Start the vm and verify the disk using lsblk command

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sr0 11:0 1 1024M 0 rom
vda 252:0 0 50G 0 disk
|-vda1 252:1 0 1G 0 part /boot
`-vda2 252:2 0 29G 0 part
|-rhel-root 253:0 0 26G 0 lvm /
`-rhel-swap 253:1 0 3G 0 lvm [SWAP]

 

Linux openshift

After creating a VM using the template that was created using RHEL 8 I tried to register the new VM and the following error was shown:

 

This system is registered to Red Hat Subscription Management, but is not receiving updates. You can use subscription-manager to assign subscriptions.

Error: There are no enabled repositories in "/etc/yum.repos.d", "/etc/yum/repos.d", "/etc/distro.repos.d"

The solution for me was to remove and add subscriptions again RHEL8:

 subscription-manager remove --all        
 subscription-manager clean
 subscription-manager register --username <redhat username> --auto-attach
 dnf repolist or yum repolist

Linux

Continuing with the preparation of my lab I have installed a vm with RHEL 8.4 updated and from there I will create a template.

To create a template and use it later in the KVM the steps are as follows:

obs: My host is an Ubuntu 20.04

Install the tools to work with guests:

sudo apt install libguestfs-tools

List the vms:

virsh list --all

Prepare the rhel8-2 virtual machine to be a template

sudo virt-sysprep -d rhel8-2

Rename the vm to be a template

sudo virsh domrename rhel8-2 rhel8-Template

Open the VM Manager (virt-manager), and then select the rhel-Template. Right-click on it and select the Clone option, which will open the Clone Virtual Machine window.

Linux openshift

I am studying to take some RedHat certification exams including the OpenShift Enterprise Administration (DO280) exam.  I could set up Linux cloud servers such as IBM Cloud or even on AWS but I have an old laptop and decided to setup

a cluster with 3 Linux machines on it. I will start building a small k8s cluster. The first step was to install Ubuntu 20.04 as host.

My old laptop is a Toshiba Satellite P875 – S3210 32GB RAM 512GB SSD 750 GB HD SATA

Install and Enable SSH server on Ubuntu 20.04

  1. Update ubuntu : sudo apt-get update
  2. Install OpenSSH: sudo apt-get install openssh-server
  3. Verify the status: sudo systemctl status sshd
  4. Enable ssh connections on the host: sudo ufw allow ssh
  5.  Check if openssh is enabled:  sudo systemctl list-unit-files | grep enabled | grep ssh6
  6. If you have no results on step 5: sudo systemctl enable ssh

Now I can connect to my ubuntu laptop using ssh.

The second step was to install Timeshift and perform a backup of the system.

  1. Add the repository: add-apt-repository -y ppa:teejee2008/ppa2
  2. Install TimeShift: apt install timeshift

Then I made the first backup and started the KVM installation

Install KVM on Ubuntu 20.04

Install KVM:

  1. sudo apt install qemu qemu-kvm libvirt-clients libvirt-daemon-system virtinst bridge-utilsb
  2. sudo systemctl enable libvirtd
  3. sudo systemctl start libvirtd

Configure VNC:  VNC support should be available by default, and I do this configuration:

Edit /etc/libvirt/qemu.conf and add: vnc_listen = “0.0.0.0”
This will enable VNC on all networks. This is not a problem for me because it’s a local machine. Don’t do this if you are using a machine exposed to internet.b.

Edit /etc/libvirt/libvirtd.conf and add: listen_tcp = 1

Reboot the machine.

Enable VNC connections: sudo ufw allow 5900:5903 (VNC uses TCP port 5900+n and I will setup 3 machines)

Setup a bridge network

 The default network virbr0, created by KVM does not allow virtual machines to communicate with external hosts (inbound and outbound).

Using the nmcli tool I setup a bridge network. I try to use my wireless connection but it’s not work, some documents show that this only work with ethernet interfaces. My host ethernet connection is enp1s0

nmcli con add ifname br0 type bridge con-name br0

nmcli con add type bridge-slave ifname enp1s0 master br0

nmcli con down “Wired connection 1”

nmcli con up br0

Declaring KVM Bridged Network Create a xml file anmed bridge.xml with the lines:

<network>  <name>br0</name>  <forward mode="bridge"/>  <bridge name="br0" /></network>

Use the file to define the new network:

virsh net-define ./bridge.xml 

Start the network and configure it for auto-start

 virsh net-start br0virsh net-autostart br0   

Now I can use this network on the Virtual Machines 

For example using virt-install –network option

  Next step is to setup 3 machines and K8s

openshift

 

I have on my desk now 2 MacBooks Pro a monitor, a keyboard and a magic mouse. For the two computers to share the monitor, keyboard and mouse I should buy a KVM but I don’t want to have too many cables on the desk and also the cost of the KVM for the macbooks is too expensive for me in Brazil.

I found an interesting solution which was to connect each macbook using HDMI adapters to the monitor and use a software to switch the keyboard and mouse between the computers.

I’m testing Barrier and so far everything is working fine.

There is feature very cool :  You can copy and paste from one computer to another.

You can see this video and see how it works

Uncategorized

For over 20 years I worked with Lotus/IBM technologies most notably Domino/Notes, Sametime, IBM WebSphere, IBM Websphere Portal, IBM Watson and lastly Maximo Asset Manager and NodeRed on IoT projects.

Many years working with IBM and now working at IBM.

I started my career at IBM as Customer Success Manager – Architect Cloud & Data Platform

Many new things to learn and many challenges. I am part of a diverse, bright team with a lot of drive to ensure the success of our customers using IBM technologies.

 

Change

Today i setup a Domino V12 server just for test some new features. A customer ask to use photos on Verse hosting photos on Domino.

Domino V12 comes with Verse 2.0. I just download the version 2.1 of Verse and follow the installation instructions.

After the setup i just put a URL of a PNG image on the person document, field photoURL  and add the entry VOP_GK_FEATURE_230=1 to the notes.ini of the server.

Works Great

Domino

Yesterday it seemed like it would be an ordinary working day but a client called me informing about the expiration of a certifier. It would be normal to resolve the problem with the re-certification procedures but it was a special certificate.

This client has been using Notes/Domino since version 4.0.  When I saw the certificate creation date 05/09/1996 I was impressed.

This customer uses the environment for mail and applications for 25 years!. How times flies

I started working for this client in 1999 by installing the first R5 server (5.0.4) on an IBM Netfinity 5500 Server running Windows NT 4.0.

The hardware is gone, the operating system and the administrators who created this certifer are no longer in the company.  I believe they never imagined that the day to re-certify would come.

I learned a lot from this client and from the environment they have.

There are dozens of servers, thousands of users, hundreds of applications and a lot of success history to tell.

 

Domino

1. Open the Domino directory
2. Select the Server view
3. Select Programs view
4. Click Add Program
5. Under the Basics tab and in the field Program name enter: nserver
6. In the Command line enter:
    -c “tell http restart” ( for restarting the HTTP Task )
 7. Fill in the Server to run on field and also set a schedule under the Schedule tab.
8. Save the document
If you want to see the schedule at the Domino console type show sched

Domino