Category: Linux

Podman Pods are very similar to Kubernetes pods in a way that they can have more than one container.

Every Podman pod contains one infra container by default. This container is responsible for associating the names space with the pod and allowing podman to connect the containers to another pod.

Create a Pod using Podman

The first step is to create a Pod using podman:

sudo podman pod create –name <podname>

For our example we will create a pod with the name wp-pod

sudo podman pod create -p 8080:80 --name wp-pod

After creating the Pod you can see the infra container using the command:

sudo podman pod ps -a --pod

Note that host port 8080 has been redirected to port 80 of the pod. Pod port settings should always be made when creating the pod. You cannot reset this later.

Adding containers to a Pod

To add a container to a pod we use the –pod option when using the comand podman run.

sudo podman run -d --name <container name> --pod <podname> <imagename>

Creating a container using the mariadb image

To run the workpress we need a database. In this case I will use the image of mariadb and add it in the pod wp-pod

sudo podman run -d --restart=always –-pod wp-pod \

-e MYSQL_ROOT_PASSWORD="myrootpass" \

-e MYSQL_DATABASE="wpdb" \

-e MYSQL_USER="wpuser" \

-e MYSQL_PASSWORD="w0rdpr3ss" \

--name=wp-db registry.access.redhat.com/rhscl/mariadb-100-rhel7

Next we will create a wordpress container, add it to the pod and connect it to the previously created database.

sudo podman run -d --restart=always --pod wp-pod \

-e WORDPRESS_DB_NAME="wpdb" \

-e WORDPRESS_DB_USER="wpuser" \

-e WORDPRESS_DB_PASSWORD="w0rdpr3ss" \

-e WORDPRESS_DB_HOST="127.0.0.1" --name wp-web wordpress

To verify that if everything is working, run:

 curl http://localhost:8080/wp-admin/install.php.

The text corresponding to an html  page will appear in the console:

!DOCTYPE html><html lang="en-US" xml:lang="en-US"><head>

<meta name="viewport" content="width=device-width" /> 

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />     

  <meta name="robots" content="noindex,nofollow" /> 

  <title>WordPress &rsaquo; Installation</title>

  <link rel='stylesheet' id='dashicons-css'  href='http://localhost:8080/wp-includes/css/dashicons.min.css?ver=5.8.2' type='text/css' media='all' />…

So far, we have a pod with 3 containers: infra, wp-db and wp-web.  The pod is running as root and also does not have a volume associated for data persistence.

Rootless Podman

Rootless podman (running Podman as a non-root user) needs to do some gymnastics to get the same container experience you’re familiar with from docker, but without requiring root.

When you run rootless podman, it uses a user namespace to map between the user IDs in the container and the user IDs on your host.

All rootless containers run by you, are run inside the same user namespace.

By using the same user namespace, your containers can share resources with each other, without needing to ask for root privileges.

It uses this user namespace to mount filesystems, or run a container which accesses more than one user ID (UID) or group ID (GID).

This mapping is fine for most situations, except when the container needs to be able to share something with the host, like a volume.

When the container runs, any volumes which are shared with it, will appear inside the user namespace as owned by root/root.

Because the mapping will map your UID on the host (e.g. 1000) as root (0) in the container.

This means that if you’re running your container process as a non-root user, it won’t be able to write to that directory and I don’t want to disable SELinux.

This is where podman unshare comes in.

Running WP-POD as a rootless POD and use a volume to persist data

First we need to create a directory so that it can be used by the container

mkdir /home/<username>/dbfiles

Using the podman inspect command we can see that the mariadb container uses user 27

We then execute the command:  podman unshare chown 27:27 -R /home/kenio/dbfiles

To remove the previously created pod:

sudo  podman pod stop wp-pod

sudo podman pod rm wp-pod

Perform the following steps to create the wp-pod as rootless:

podman pod create --name=wp-pod -p 8080:80

podman run -d --restart=always \

-v /home/kenio/dbfiles:/var/lib/mysql/data:Z --pod wp-pod \

-e MARIADB_ROOT_PASSWORD="password" \

-e MYSQL_ROOT_PASSWORD="password" \

-e MYSQL_DATABASE="wpdb" \

-e MYSQL_USER="wpuser" \

-e MYSQL_PASSWORD="w0rdpr3ss"  \

--name=wp-db registry.access.redhat.com/rhscl/mariadb-100-rhel7

 

Note that I add the :Z flag to the volume. This tells Podman to label the volume content as “private unshared” with SELinux.

This label allows the container to write to the volume, but doesn’t allow the volume to be shared with other containers.

 

podman run  -d --restart=always --pod=wp-pod \

-e WORDPRESS_DB_NAME="wpdb" \

-e WORDPRESS_DB_USER="wpuser" \

-e WORDPRESS_DB_PASSWORD="w0rdpr3ss" \

-e WORDPRESS_DB_HOST="127.0.0.1" --name wp-web wordpress

Use curl://localhost:8080/wp-admin/install.php and verify if everything is running.

Use podman logs –names <container name> para verificar os logs dos containers

I am using RHEL 8.3 and podman is version 3.2.3

If you want to access the worpress pod from external machine, in my case, I need to setup the firewall:

sudo firewall-cmd --add-port=8080/tcp --permanent

sudo firewall-cmd –reload

 

Many thanks for Tone Donohue for his article about rootless podman.

https://www.tutorialworks.com/podman-rootless-volumes/

docker Linux podman

Today I received a notice on my computer about  another Docker Desktop update, but this time a new agreement had to be accepted as now for professional use there is a subscription.
I saw many people commenting about this when the new licensing model was announced and since Kubernetes will no longer support the Docker Container Engine, I decided to remove Docker Desktop from my MAC and install Podman.

To remove the Docker Desktop I used this article and to install Podman I used the following steps:

  • brew install podman
  • podman machine init
  • podman machine start

Use podman info to see if everything is ok.

Linux

Today i will install Code Ready. You can install Openshift on your laptop. See this link . My RHEL 8.4 VM has a small disk and first i need to resize the disk and then install CodeReady

Using this commands i change from 20 GB to 50GB disk

First you need to locate the vm disk with the command

sudo virsh domblklist rhel8-1

the output was:

Target Source
——————————————————-
vda /var/lib/libvirt/images/rhel8-2-clone.qcow2
sda –

To resize the disk the VM must be not running and must not have a snapshot.

Just type this command and add 30GB

sudo qemu-img resize /var/lib/libvirt/images/rhel8-2-clone.qcow2 +30G

Start the vm and verify the disk using lsblk command

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sr0 11:0 1 1024M 0 rom
vda 252:0 0 50G 0 disk
|-vda1 252:1 0 1G 0 part /boot
`-vda2 252:2 0 29G 0 part
|-rhel-root 253:0 0 26G 0 lvm /
`-rhel-swap 253:1 0 3G 0 lvm [SWAP]

 

Linux openshift

After creating a VM using the template that was created using RHEL 8 I tried to register the new VM and the following error was shown:

 

This system is registered to Red Hat Subscription Management, but is not receiving updates. You can use subscription-manager to assign subscriptions.

Error: There are no enabled repositories in "/etc/yum.repos.d", "/etc/yum/repos.d", "/etc/distro.repos.d"

The solution for me was to remove and add subscriptions again RHEL8:

 subscription-manager remove --all        
 subscription-manager clean
 subscription-manager register --username <redhat username> --auto-attach
 dnf repolist or yum repolist

Linux

Continuing with the preparation of my lab I have installed a vm with RHEL 8.4 updated and from there I will create a template.

To create a template and use it later in the KVM the steps are as follows:

obs: My host is an Ubuntu 20.04

Install the tools to work with guests:

sudo apt install libguestfs-tools

List the vms:

virsh list --all

Prepare the rhel8-2 virtual machine to be a template

sudo virt-sysprep -d rhel8-2

Rename the vm to be a template

sudo virsh domrename rhel8-2 rhel8-Template

Open the VM Manager (virt-manager), and then select the rhel-Template. Right-click on it and select the Clone option, which will open the Clone Virtual Machine window.

Linux openshift

On December 8, 2020, Red Hat announced a major change to the enterprise Linux ecosystem: Red Hat will begin shifting our work from CentOS Linux to CentOS Stream on December 31, 2021. We and the CentOS Project governing board believe that CentOS Stream represents the best way to further drive Linux innovation. It will give everyone in the broader ecosystem community, including open source developers, hardware and software creators, individual contributors, and systems administrators, a closer connection to the development of the world’s leading enterprise Linux platform.

Now you can have a 100% RHEL no-cost subscription.

No-cost RHEL for customer development teams

We recognized a challenge of the developer program was limiting it to an individual developer. We’re now expanding the Red Hat Developer program to make it easier for a customer’s development teams to join the program and take advantage of its benefits. These development teams can now be added to this program at no additional cost via the customer’s existing subscription, helping to make RHEL more accessible as a development platform for the entire organization. Through this program, RHEL can also be deployed via Red Hat Cloud Access and is accessible on major public clouds including AWS, Google Cloud Platform and Microsoft Azure at no additional costs except for the usual hosting fees charged by your cloud provider of choice.

See details here

Linux

When Red Hat, CentOS’s Linux parent company, announced it was “shifting focus from CentOS Linux, the rebuild of Red Hat Enterprise Linux (RHEL), to CentOS Stream, which tracks just ahead of a current RHEL release.” Many CentOS screamed in protest on social media. CentOS co-founder, Gregory Kurtzer, heard them and announced he’d create his own RHEL clone and CentOS replacement: Rocky Linux

Read more information here

Linux

Red Hat, CentOS’s Linux parent company, announced it was “shifting focus from CentOS Linux, the rebuild of Red Hat Enterprise Linux (RHEL), to CentOS Stream, which tracks just ahead of a current RHEL release.” In other words, CentOS will no longer be a stable point distribution but a rolling release Linux distribution. CentOS users are ticked off.

Read the full article here

Linux

I setup Node-red to use HTTPS and everything works fine. All HTTPS requests go to default port of Node-red.  Today i need to setup a communication with a client that not support HTTPS, just HTTP.

The solution i found was to setup Nginx as reverse proxy.  Nginx receives the HTTP requests and then forward them to Node-red.

On my Nginx server i just add the following lines

server {
listen 80;
location /reddata {
proxy_pass https://<ipaddress>:port/reddata;
}
}

 

 

IoT Linux

Today i upgrade one server to Domino 11.0.1 from Domino 11.0 on linux.  When the server starts the HTTP  the console show the error bellow:

 

[103028:000002-00007F2CD562E740] 06/18/2020 10:40:45 AM JVM: Java Virtual Machine initialized.
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:45 AM HTTP Server: Java Virtual Machine loaded
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: java.lang.reflect.InvocationTargetException
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: at java.lang.reflect.Method.invoke(Method.java:498)
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: at com.ibm.domino.http.bootstrap.BootstrapOSGIClassLoader.loadClassFromBundle(BootstrapOSGIClassLoader.java:136)
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: at com.ibm.domino.http.bootstrap.BootstrapOSGIClassLoader.launchOSGIFramework(BootstrapOSGIClassLoader.java:88)
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: at com.ibm.domino.http.bootstrap.BootstrapOSGIClassLoader.loadClass(BootstrapOSGIClassLoader.java:63)
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: at java.lang.ClassLoader.loadClass(ClassLoader.java:881)
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: at com.ibm.domino.http.bootstrap.BootstrapClassLoader.findClass(BootstrapClassLoader.java:79)
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: Caused by:
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: java.lang.ClassNotFoundException: No class loader available for the bundle: com.ibm.xsp.domino_11.0.0.20191120-0552 [226]
[103028:000002-00007F2CD562E740] 06/18/2020 10:40:50 AM HTTP JVM: at org.eclipse.osgi.internal.framework.EquinoxBundle.loadClass(EquinoxBundle.java:579)

 

The solution was to delete all content of the folder /opt/lotus/notes/latest/linux/osgi/shared/eclipse/plugins and run the installer again.

Domino Linux

You need A Fully Qualified Domain Name (FQDN) pointing to a dedicated IP address of the webserver.
This needs to be configured by your DNS administrator or provider.

1 – Install Certbot in Centos 8

sudo curl -O https://dl.eff.org/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto

2 – Configure Nginx server_name on nginx.conf

Edit nginx.conf an change the variable server_name to the same FQDN
of your server for example: server_name www.mysphere.com.br;

3 – Run the certbot command:

Execute sudo /usr/local/bin/certbot-auto –nginx and follow the instructions

Test if your Nginx server using https://<server_name>

IoT Linux web

I am creating a server (Centos 8) to develop a system that will use an application using REACT as a front end to show data from different sensors. I will use NGINX as a webserver and Node-red as a back end. In this first post I describe how to install NGINX.

Install nginx package using the yum command on CentOS 8:

sudo yum update
sudo yum install nginx

Update firewall settings and open TCP port 80 and 443. Run:

sudo firewall-cmd –permanent –zone=public –add-service=https –add-service=http
sudo firewall-cmd –reload

Enable nginx service by running systemctl command so that it starts at server boot time:

sudo systemctl enable nginx

start the service, run:

sudo systemctl start nginx

Commands to start/stop/restart nginx server

Run command as per your needs.

sudo systemctl start nginx  <– start the server ##
sudo systemctl stop nginx  <– stop the server ##
sudo systemctl restart nginx  <– restart the server ##
sudo systemctl reload nginx  <– reload the server ##
sudo systemctl status nginx  <– get status of the server ##

You must open and enable port 80 and 443 using the firewall-cmd command:

sudo firewall-cmd –permanent –zone=public –add-service=http –add-service=https
sudo firewall-cmd –reload
sudo firewall-cmd –list-services –zone=public

Now nginx is installed. Bellow are some important directories (defaults) i

Config directory – /etc/nginx/
Maibn global config file – /etc/nginx/nginx.conf
TCP ports opened by Nginx – 80 (HTTP), 443 (HTTPS)
Default web document root directory – /usr/share/nginx/html
Access log file – /var/log/nginx/access.log
Error log file – /var/log/nginx/error.log

IoT Linux web