RHEL 8 - 用podman/buildah/skopeo构建systemd级别运行容器
姜德容
《OpenShift 4.x HOL教程汇总》
已在 RHEL 8.4 上验证
构建定制的HTTP容器
构建定制容器
- 安装软件。
$ yum install -y buildah podman skopeo
- 下载基础镜像。
$ buildah from registry.access.redhat.com/ubi8/ubi:latest
Getting image source signatures
Checking if image destination supports signatures
Copying blob f0ae454850a7 skipped: already exists
Copying blob 053724d29990 [--------------------------------------] 0.0b / 0.0b
Copying config 272209ff0a done
Writing manifest to image destination
Storing signatures
ubi-working-container
$ buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
ac89c406967f * 272209ff0ae5 registry.access.redhat.com/ub... ubi-working-container
- 先删除本地的httpd服务,然后在本地容器上安装httpd。
$ yum erase -y httpd
$ buildah run ubi-working-container -- yum -y install httpd
Updating Subscription Management repositories.
Unable to read consumer identity
Subscription Manager is operating in container mode.
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Red Hat Universal Base Image 8 (RPMs) - BaseOS 934 kB/s | 786 kB 00:00
Red Hat Universal Base Image 8 (RPMs) - AppStream 402 kB/s | 2.4 MB 00:06
Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder 13 kB/s | 15 kB 00:01
Last metadata expiration check: 0:00:01 ago on Mon Jun 14 02:08:38 2021.
Dependencies resolved.
=========================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================
Installing:
httpd x86_64 2.4.37-39.module+el8.4.0+9658+b87b2deb ubi-8-appstream 1.4 M
Installing dependencies:
apr x86_64 1.6.3-11.el8 ubi-8-appstream 125 k
apr-util x86_64 1.6.1-6.el8 ubi-8-appstream 105 k
httpd-filesystem noarch 2.4.37-39.module+el8.4.0+9658+b87b2deb ubi-8-appstream 38 k
httpd-tools x86_64 2.4.37-39.module+el8.4.0+9658+b87b2deb ubi-8-appstream 106 k
mailcap noarch 2.1.48-3.el8 ubi-8-baseos 39 k
mod_http2 x86_64 1.15.7-3.module+el8.4.0+8625+d397f3da ubi-8-appstream 154 k
redhat-logos-httpd noarch 84.4-1.el8 ubi-8-baseos 29 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8 ubi-8-appstream 25 k
apr-util-openssl x86_64 1.6.1-6.el8 ubi-8-appstream 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
=========================================================================================================================================================================
Install 10 Packages
Total download size: 2.0 M
Installed size: 5.4 M
Downloading Packages:
(1/10): redhat-logos-httpd-84.4-1.el8.noarch.rpm 461 kB/s | 29 kB 00:00
(2/10): mailcap-2.1.48-3.el8.noarch.rpm 558 kB/s | 39 kB 00:00
(3/10): httpd-filesystem-2.4.37-39.module+el8.4.0+9658+b87b2deb.noarch.rpm 461 kB/s | 38 kB 00:00
(4/10): apr-util-1.6.1-6.el8.x86_64.rpm 2.7 MB/s | 105 kB 00:00
(5/10): apr-util-openssl-1.6.1-6.el8.x86_64.rpm 918 kB/s | 27 kB 00:00
(6/10): httpd-tools-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64.rpm 2.3 MB/s | 106 kB 00:00
(7/10): apr-1.6.3-11.el8.x86_64.rpm 2.7 MB/s | 125 kB 00:00
(8/10): apr-util-bdb-1.6.1-6.el8.x86_64.rpm 665 kB/s | 25 kB 00:00
(9/10): mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm 2.0 MB/s | 154 kB 00:00
(10/10): httpd-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64.rpm 4.3 MB/s | 1.4 MB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 4.5 MB/s | 2.0 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.6.3-11.el8.x86_64 1/10
Running scriptlet: apr-1.6.3-11.el8.x86_64 1/10
Installing : apr-util-openssl-1.6.1-6.el8.x86_64 2/10
Installing : apr-util-bdb-1.6.1-6.el8.x86_64 3/10
Installing : apr-util-1.6.1-6.el8.x86_64 4/10
Running scriptlet: apr-util-1.6.1-6.el8.x86_64 4/10
Installing : httpd-tools-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 5/10
Running scriptlet: httpd-filesystem-2.4.37-39.module+el8.4.0+9658+b87b2deb.noarch 6/10
Installing : httpd-filesystem-2.4.37-39.module+el8.4.0+9658+b87b2deb.noarch 6/10
Installing : mailcap-2.1.48-3.el8.noarch 7/10
Installing : redhat-logos-httpd-84.4-1.el8.noarch 8/10
Installing : mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64 9/10
Installing : httpd-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 10/10
Running scriptlet: httpd-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 10/10
Verifying : redhat-logos-httpd-84.4-1.el8.noarch 1/10
Verifying : mailcap-2.1.48-3.el8.noarch 2/10
Verifying : httpd-filesystem-2.4.37-39.module+el8.4.0+9658+b87b2deb.noarch 3/10
Verifying : apr-util-1.6.1-6.el8.x86_64 4/10
Verifying : httpd-tools-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 5/10
Verifying : apr-util-openssl-1.6.1-6.el8.x86_64 6/10
Verifying : apr-1.6.3-11.el8.x86_64 7/10
Verifying : apr-util-bdb-1.6.1-6.el8.x86_64 8/10
Verifying : httpd-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 9/10
Verifying : mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64 10/10
Installed products updated.
Installed:
apr-1.6.3-11.el8.x86_64 apr-util-1.6.1-6.el8.x86_64
apr-util-bdb-1.6.1-6.el8.x86_64 apr-util-openssl-1.6.1-6.el8.x86_64
httpd-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 httpd-filesystem-2.4.37-39.module+el8.4.0+9658+b87b2deb.noarch
httpd-tools-2.4.37-39.module+el8.4.0+9658+b87b2deb.x86_64 mailcap-2.1.48-3.el8.noarch
mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64 redhat-logos-httpd-84.4-1.el8.noarch
Complete!
- 创建http缺省页面并复制到容器中。
$ echo 'Welcome to the RHEL8 workshop!' > index.html
$ buildah copy ubi-working-container index.html /var/www/html/index.html
609feef15d5c341cebe85f9777cdef5e3674ee98476f14549c2b006bc7e60869
- 为运行在容器中的httpd服务设置“-D FOREGROUN”和运行端口。
$ buildah config --cmd "/usr/sbin/httpd -D FOREGROUND" ubi-working-container
$ buildah config --port 80 ubi-working-container
- 构建容器。
$ buildah commit ubi-working-container httpd
Getting image source signatures
Copying blob 1a6543399d61 skipped: already exists
Copying blob f0a77c369efd skipped: already exists
Copying blob 88f428e6d999 done
Copying config 6b4dbc4e23 done
Writing manifest to image destination
Storing signatures
6b4dbc4e23024eb746da45496084cfe92f6d07ca02d7787d3c27221674bcddd7
- 查看并运行容器,“localhost/httpd”为新构建的容器。
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/httpd latest 6b4dbc4e2302 About a minute ago 262 MB
registry.access.redhat.com/ubi8/ubi latest 272209ff0ae5 11 days ago 234 MB
$ podman run -d -p 8080:80 httpd
98d25b529b44aa778b5691944616aab57e399f6d7a2b7b782d74e29c6083db30
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
98d25b529b44 localhost/httpd:latest /usr/sbin/httpd -... 7 seconds ago Up 6 seconds ago 0.0.0.0:8080->80/tcp dazzling_rosalind
$ podman top -l
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 13.528590572s ? 0s /usr/sbin/httpd -D FOREGROUND
apache 6 1 0.000 13.528951222s ? 0s /usr/sbin/httpd -D FOREGROUND
apache 7 1 0.000 13.530009913s ? 0s /usr/sbin/httpd -D FOREGROUND
apache 8 1 0.000 13.530228674s ? 0s /usr/sbin/httpd -D FOREGROUND
apache 9 1 0.000 13.5303452s ? 0s /usr/sbin/httpd -D FOREGROUND
$ curl -s http://localhost:8080
Welcome to the RHEL8 workshop!
$ podman stop -a
$ podman ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
98d25b529b44 localhost/httpd:latest /usr/sbin/httpd -... 47 seconds ago Exited (0) 6 seconds ago 0.0.0.0:8080->80/tcp dazzling_rosalind
$ podman stop 98d25b529b44
98d25b529b44aa778b5691944616aab57e399f6d7a2b7b782d74e29c6083db30
生成systemd服务
- 确认已关闭系统的“fapolicyd”服务。
$ systemctl disable --now fapolicyd.service
Failed to disable unit: Unit file fapolicyd.service does not exist.
- 查看本地容器详细信息。
$ skopeo inspect containers-storage:localhost/httpd
INFO[0000] Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled
{
"Name": "localhost/httpd",
"Digest": "sha256:0ddbdb3d09e681e6918ffada4048ceb8aafae019e046036908438bd2cda8e81e",
"RepoTags": [],
"Created": "2021-06-14T02:09:43.784286286Z",
"DockerVersion": "",
"Labels": {
"architecture": "x86_64",
"build-date": "2021-06-02T19:27:01.978498",
"com.redhat.build-host": "cpt-1005.osbs.prod.upshift.rdu2.redhat.com",
"com.redhat.component": "ubi8-container",
"com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI",
"description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
"distribution-scope": "public",
"io.buildah.version": "1.19.8",
"io.k8s.description": "The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.",
"io.k8s.display-name": "Red Hat Universal Base Image 8",
"io.openshift.expose-services": "",
"io.openshift.tags": "base rhel8",
"maintainer": "Red Hat, Inc.",
"name": "ubi8",
"release": "203.1622660121",
"summary": "Provides the latest release of Red Hat Universal Base Image 8.",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/images/8.4-203.1622660121",
"vcs-ref": "ed5adf70c28eb951940c72f4173fa32c4bca2165",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "8.4"
},
"Architecture": "amd64",
"Os": "linux",
"Layers": [
"sha256:1a6543399d619ac51e7b928aa443dac16e52e28522e8e5d2232ee2360569f2c2",
"sha256:f0a77c369efd5e6bde23cd1e9a6472b2781ea306e9872ce4c3c334fc55dd7481",
"sha256:88f428e6d99908614a1d4ea784cc28caaf4c12cc93b03491b30150140b69a1c3"
],
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"container=oci"
]
}
- 查看本地容器详细信息。
$ podman create -p 80:80 --name web httpd
0346dec890fb13b1aff375659b9deb3f345453165eabebf80832e11ab2457c04
- 根据运行的容器生成systemd的配置文件。
$ podman generate systemd --name web -f
/root/container-web.service
- 查看生成的systemd配置文件。
$ cat container-web.service
# container-web.service
# autogenerated by Podman 3.0.2-dev
# Mon Jun 14 10:19:39 CST 2021
[Unit]
Description=Podman container-web.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start web
ExecStop=/usr/bin/podman stop -t 10 web
ExecStopPost=/usr/bin/podman stop -t 10 web
PIDFile=/run/containers/storage/overlay-containers/0346dec890fb13b1aff375659b9deb3f345453165eabebf80832e11ab2457c04/userdata/conmon.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target
- 根据systemd配置文件创建“container-web”服务。
$ cp container-web.service /etc/systemd/system/
$ systemctl daemon-reload
$ systemctl enable --now container-web.service
Created symlink /etc/systemd/system/multi-user.target.wants/container-web.service → /etc/systemd/system/container-web.service.
Created symlink /etc/systemd/system/default.target.wants/container-web.service → /etc/systemd/system/container-web.service.
测试
- 确认容器已经运行并可以访问。
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0346dec890fb localhost/httpd:latest /usr/sbin/httpd -... About a minute ago Up 6 seconds ago 0.0.0.0:80->80/tcp web
$ curl -s http://localhost
Welcome to the RHEL8 workshop!
- 重启系统。由于运行在容器中的httpd服务会作为systemd服务自动启动,因此可以访问到httpd服务。
$ curl -s http://localhost
Welcome to the RHEL8 workshop!
参考
http://redhatgov.io/workshops/rhel_8/exercise1.8/
类似资料: