Author: <span class="vcard">kenio.carvalho</span>

Since June 2022 the Red Hat OpenShift operator index images (redhat/redhat/operator-index) have been served from using as the backend. OpenShift itself already needs access to the registry and CDN hosts as explained in its installation instructions, and so this change required no action from customers at that time.

We are extending this to all Red Hat container images. This allows customers to benefit from the high availability of the registry while simplifying the way Red Hat delivers container images and paving the way for future enhancements.

More informaion


Today i got the following error when i try to run the command :
./cpd-cli manage login-entitled-registry ${IBM_ENTITLEMENT_KEY}

Run command: podman run -d –name olm-utils-play –env CMD_PREFIX=manage -v /opt/cpd-cli-linux-EE-12.0.2-39/cpd-cli-workspace/olm-utils-workspace/work:/tmp/work[ERROR] 2023-03-06T12:41:55.991666Z Command exception: Failed to start the olm-utils-play container: Error: runc: container_linux.go:370: starting container process caused: error adding seccomp filter rule for syscall bdflush: permission denied: OCI permission denied (exit status 126)[ERROR] 2023-03-06T12:41:55.998354Z RunPluginCommand:Execution error: exit status 1

This error happened due to runc version too low. My bastion host is RHEL 8.4. To solve the problem i just updated the Linux, and everything works.

Cloud openshift podman

This error appears today on my MAC using macOS 12.6 Monterey. I don’t know the cause and . It was woking last time i used podman on this MAC.

To solve the problem:

podman machine rm podman-machine-default

brew uninstall podman

brew install podman

podman machine init

Cloud MAC

If a user has been deleted from the OpenShift web console, they will no longer be able to login. The user’s account and associated resources will also be deleted. If the user needs access again, they will have to be re-created in the console.

To recreate the user you can use the command :

oc create user <username>

Use the oc create useridentitymapping command to map the identity to the user.

Use the command oc get identities to lis all identities you have configured, an then map the user.
For example:
oc create useridentitymapping homeldap:Y249a2VuaW8sb3U9 kenio


This is a secondary laptop. My wife use it since the begining of the pandemic on 2020.
She start to work at home and needs a laptop to do the job. This laptop is not so fast comapred to may others laptos (mac pro 2016 and mac pro 2020).
I decided last week to upgrade this laptop and change his HD, i put an NVME m.2 500GB and more 16GB RAM.

I cloned the original HD using the Macrium Reflect Free. I found the tutorial bellow with very good instructions on how to create the clone. Everything works after i clone the disk

Laptop Windows

I started a channel on youtube. The first video series will be about software that helps beginners to start using linux and after this series i will start to talk about my jorney learning new things like OpenShift, IBM Cloud, Cloud Paks and related IBM technologies.
I will record the videos in Brazilian Portuguese first and maybe i will create videos in English.
There is no much content about the things i will record in my native language and not everyone here in Brazil are able listen videos in English.
There is another blog too were you can view the transcription of the video.


We started a CP4D installation on AWS, but without using AWS ROSA. We create a new cluster from scratch.
In our lab everything worked perfectly but when the client went to do its installation the Openshift CLI displayed the following error message:

assertion failed [inst.has.value()]: failed to decode instruction: 0x0

After much analysis, we discovered that the client’s Administrator was using a MacBook Pro M1 laptop.

We found the solution at this link



It’s only for messages. No calendar migration

Imapsync command is a tool allowing incremental and recursive imap transfers from one mailbox to another. If you don’t understand the previous sentence, it’s normal, it’s pedantic computer-oriented jargon.

All folders are transferred, recursively, meaning the whole folder hierarchy is taken, all messages in them, and all message flags (\Seen\Answered \Flagged etc.) are synced too.

Imapsync reduces the amount of data transferred by not transferring a given message if it already resides on the destination side. Messages that are on the destination side but not on the source side stay as they are.

Get the tool here


This paper is intended for architects, systems programmers, analysts and programmers wanting to understand the performance characteristics, and best
practises of IBM MQ. The information is not intended as the specification of any programming interface that is provided by IBM. It is assumed that the reader is
familiar with the concepts and operation of IBM MQ.

Link to download the paper:


I received an email yesterday from Docker. It’s a reminder about the end of grace period.


As a reminder you’re receiving this email because on August 31, 2021 we updated the terms applicable to the Docker products or services you use.

On January 31, 2022, the grace period ends for free commercial use of Docker Desktop in larger enterprises. Companies with more than 250 employees OR more than $10 million USD in annual revenue now require a paid subscription to use Docker Desktop. Read the blog or visit our FAQ to learn more about these updates.

For me is not a problem anymore i remove Docker Desktop from my computers and install Podman.  No issues, no problems everything works.

Don’t need Docker Desktop anymore.


Openshift comes with a set of default templates, you can use oc get templates -n openshift to show them
Each template contains specifc sections
  • The objects section: defines a list of resources that will be created
  • The parameters section: defines parameters that are used in the template objects
1 – Inspect the template file for the parameters
I export the postgresql-ephemeral to a yaml file using :  oc get template postgresql-ephemeral -o yaml -n openshift > postgresql.yaml 
Then inspect the yaml file  oc process --parameters -f <filename.yaml>
2 – Create the application using oc process
oc process -f postgresql.yaml -l app=mydb -p DATABASE_SERVICE_NAME=dbservice -p POSTGRESQL_USER=dbuser \
-p POSTGRESQL_PASSWORD=password -p POSTGRESQL_DATABASE=books | oc create -f -


Podman Pods are very similar to Kubernetes pods in a way that they can have more than one container.

Every Podman pod contains one infra container by default. This container is responsible for associating the names space with the pod and allowing podman to connect the containers to another pod.

Create a Pod using Podman

The first step is to create a Pod using podman:

sudo podman pod create –name <podname>

For our example we will create a pod with the name wp-pod

sudo podman pod create -p 8080:80 --name wp-pod

After creating the Pod you can see the infra container using the command:

sudo podman pod ps -a --pod

Note that host port 8080 has been redirected to port 80 of the pod. Pod port settings should always be made when creating the pod. You cannot reset this later.

Adding containers to a Pod

To add a container to a pod we use the –pod option when using the comand podman run.

sudo podman run -d --name <container name> --pod <podname> <imagename>

Creating a container using the mariadb image

To run the workpress we need a database. In this case I will use the image of mariadb and add it in the pod wp-pod

sudo podman run -d --restart=always –-pod wp-pod \

-e MYSQL_ROOT_PASSWORD="myrootpass" \

-e MYSQL_DATABASE="wpdb" \

-e MYSQL_USER="wpuser" \

-e MYSQL_PASSWORD="w0rdpr3ss" \


Next we will create a wordpress container, add it to the pod and connect it to the previously created database.

sudo podman run -d --restart=always --pod wp-pod \


-e WORDPRESS_DB_USER="wpuser" \

-e WORDPRESS_DB_PASSWORD="w0rdpr3ss" \

-e WORDPRESS_DB_HOST="" --name wp-web wordpress

To verify that if everything is working, run:

 curl http://localhost:8080/wp-admin/install.php.

The text corresponding to an html  page will appear in the console:

!DOCTYPE html><html lang="en-US" xml:lang="en-US"><head>

<meta name="viewport" content="width=device-width" /> 

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />     

  <meta name="robots" content="noindex,nofollow" /> 

  <title>WordPress &rsaquo; Installation</title>

  <link rel='stylesheet' id='dashicons-css'  href='http://localhost:8080/wp-includes/css/dashicons.min.css?ver=5.8.2' type='text/css' media='all' />…

So far, we have a pod with 3 containers: infra, wp-db and wp-web.  The pod is running as root and also does not have a volume associated for data persistence.

Rootless Podman

Rootless podman (running Podman as a non-root user) needs to do some gymnastics to get the same container experience you’re familiar with from docker, but without requiring root.

When you run rootless podman, it uses a user namespace to map between the user IDs in the container and the user IDs on your host.

All rootless containers run by you, are run inside the same user namespace.

By using the same user namespace, your containers can share resources with each other, without needing to ask for root privileges.

It uses this user namespace to mount filesystems, or run a container which accesses more than one user ID (UID) or group ID (GID).

This mapping is fine for most situations, except when the container needs to be able to share something with the host, like a volume.

When the container runs, any volumes which are shared with it, will appear inside the user namespace as owned by root/root.

Because the mapping will map your UID on the host (e.g. 1000) as root (0) in the container.

This means that if you’re running your container process as a non-root user, it won’t be able to write to that directory and I don’t want to disable SELinux.

This is where podman unshare comes in.

Running WP-POD as a rootless POD and use a volume to persist data

First we need to create a directory so that it can be used by the container

mkdir /home/<username>/dbfiles

Using the podman inspect command we can see that the mariadb container uses user 27

We then execute the command:  podman unshare chown 27:27 -R /home/kenio/dbfiles

To remove the previously created pod:

sudo  podman pod stop wp-pod

sudo podman pod rm wp-pod

Perform the following steps to create the wp-pod as rootless:

podman pod create --name=wp-pod -p 8080:80

podman run -d --restart=always \

-v /home/kenio/dbfiles:/var/lib/mysql/data:Z --pod wp-pod \


-e MYSQL_ROOT_PASSWORD="password" \

-e MYSQL_DATABASE="wpdb" \

-e MYSQL_USER="wpuser" \

-e MYSQL_PASSWORD="w0rdpr3ss"  \



Note that I add the :Z flag to the volume. This tells Podman to label the volume content as “private unshared” with SELinux.

This label allows the container to write to the volume, but doesn’t allow the volume to be shared with other containers.


podman run  -d --restart=always --pod=wp-pod \


-e WORDPRESS_DB_USER="wpuser" \

-e WORDPRESS_DB_PASSWORD="w0rdpr3ss" \

-e WORDPRESS_DB_HOST="" --name wp-web wordpress

Use curl://localhost:8080/wp-admin/install.php and verify if everything is running.

Use podman logs –names <container name> para verificar os logs dos containers

I am using RHEL 8.3 and podman is version 3.2.3

If you want to access the worpress pod from external machine, in my case, I need to setup the firewall:

sudo firewall-cmd --add-port=8080/tcp --permanent

sudo firewall-cmd –reload


Many thanks for Tone Donohue for his article about rootless podman.

docker Linux podman