Chapter 11 | Run Containers

Guided Exercise

Manage Containers as System Services

In this exercise, you configure a container to manage it as a systemd service, and use
systemctl commands to manage that container so that it automatically starts when the
host machine starts.

Outcomes
• Create systemd service files to manage a container.
• Configure a container so you can manage it with systemctl commands.
• Configure a user account for systemd user services to start a container when the host
machine starts.

Before You Begin

As the student user on the workstation machine, use the lab command to prepare your
system for this exercise.

This command prepares your environment and ensures that all required resources are
available.

[student@workstation ~]$ lab start containers-services

Instructions
1. Log in to the servera machine as the student user.

[student@workstation ~]$ ssh student@servera

...output omitted...
[student@servera ~]$

2. Create a user account called contsvc and use redhat as the password. Use this user
account to run containers as systemd services.

2.1. Create the contsvc user. Set redhat as the password for the contsvc user.

[student@servera ~]$ sudo useradd contsvc

[sudo] password for student: student
[student@servera ~]$ sudo passwd contsvc
Changing password for user contsvc.
New password: redhat
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: redhat
passwd: all authentication tokens updated successfully.

2.2. To manage the systemd user services with the contsvc account, you must log in
directly as the contsvc user. You cannot use the su and sudo commands to create a
session with the contsvc user.

RH134-RHEL9.0-en-2-20220609 367
Chapter 11 | Run Containers

Return to the workstation machine as the student user, and then log in as the
contsvc user.

[student@servera ~]$ exit

logout
Connection to servera closed.
[student@workstation ~]$ ssh contsvc@servera
...output omitted...
[contsvc@servera ~]$

3. Configure access to the registry.lab.example.com classroom registry in your home

directory. Use the /tmp/containers-services/registries.conf file as a template.

3.1. Create the ~/.config/containers/ directory.

[contsvc@servera ~]$ mkdir -p ~/.config/containers/

3.2. The lab script prepares the registries.conf file in the /tmp/containers-
services/ directory. Copy that file to the ~/.config/containers/ directory.

[contsvc@servera ~]$ cp /tmp/containers-services/registries.conf \

~/.config/containers/

3.3. Verify that you can access the registry.lab.example.com registry. If everything
works as expected, then the command should list some images.

[contsvc@servera ~]$ podman search ubi

NAME DESCRIPTION
registry.lab.example.com/ubi7/ubi
registry.lab.example.com/ubi8/ubi
registry.lab.example.com/ubi9-beta/ubi

4. Use the /home/contsvc/webcontent/html/ directory as persistent storage for the

web server container. Create the index.html test page with the Hello World line inside
the directory.

4.1. Create the ~/webcontent/html/ directory.

[contsvc@servera ~]$ mkdir -p ~/webcontent/html/

4.2. Create the index.html file and add the Hello World line.

[contsvc@servera ~]$ echo "Hello World" > ~/webcontent/html/index.html

4.3. Confirm that the permission for others is set to r-- in the index.html file. The
container uses a non-privileged user that must be able to read the index.html file.

368 RH134-RHEL9.0-en-2-20220609
Chapter 11 | Run Containers

[contsvc@servera ~]$ ls -ld webcontent/html/

drwxr-xr-x. 2 contsvc contsvc 24 Aug 28 04:56 webcontent/html/
[contsvc@servera ~]$ ls -l webcontent/html/index.html
-rw-r--r--. 1 contsvc contsvc 12 Aug 28 04:56 webcontent/html/index.html

5. Use the registry.lab.example.com/rhel8/httpd-24:1-105 image to run a

container called webapp in detached mode. Redirect the 8080 port on the local host to the
container 8080 port. Mount the ~/webcontent directory from the host to the /var/www
directory in the container.

5.1. Log in to the registry.lab.example.com registry as the admin user with

redhat321 as the password.

[contsvc@servera ~]$ podman login registry.lab.example.com

Username: admin
Password: redhat321
Login Succeeded!

5.2. Use the registry.lab.example.com/rhel8/httpd-24:1-163 image to run

a container called webapp in detached mode. Use the -p option to map the 8080
port on servera to the 8080 port in the container. Use the -v option to mount the
~/webcontent directory on servera to the /var/www directory in the container.

[contsvc@servera ~]$ podman run -d --name webapp -p 8080:8080 -v \

~/webcontent:/var/www:Z registry.access.redhat.com/ubi8/httpd-24:1-163
750a681bd37cb6825907e9be4347eec2c4cd79550439110fc6d41092194d0e06
...output omitted...

5.3. Verify that the web service is working on port 8080.

[contsvc@servera ~]$ curl http://localhost:8080

Hello World

6. Create a systemd service file to manage the webapp container with systemctl
commands. Configure the systemd service so that when you start the service, the
systemd daemon creates a container. After you finish the configuration, stop and then
delete the webapp container. Remember that the systemd daemon expects that the
container does not exist initially.

6.1. Create and change to the ~/.config/systemd/user/ directory.

[contsvc@servera ~]$ mkdir -p ~/.config/systemd/user/

[contsvc@servera ~]$ cd ~/.config/systemd/user

6.2. Create the unit file for the webapp container. Use the --new option so that systemd
creates a container when starting the service and deletes the container when
stopping the service.

[contsvc@servera user]$ podman generate systemd --name webapp --files --new

/home/contsvc/.config/systemd/user/container-webapp.service

RH134-RHEL9.0-en-2-20220609 369
Chapter 11 | Run Containers

6.3. Stop and then delete the webapp container.

[contsvc@servera user]$ podman stop webapp

webapp
[contsvc@servera user]$ podman rm webapp
750a681bd37cb6825907e9be4347eec2c4cd79550439110fc6d41092194d0e06
[contsvc@servera user]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

7. Reload the systemd daemon configuration, and then enable and start your new
container-webapp user service. Verify the systemd service configuration, stop and
start the service, and display the web server response and the container status.

7.1. Reload the configuration to recognize the new unit file.

[contsvc@servera user]$ systemctl --user daemon-reload

7.2. Enable and start the container-webapp service.

[contsvc@servera user]$ systemctl --user enable --now container-webapp

Created symlink /home/contsvc/.config/systemd/user/multi-user.target.wants/
container-webapp.service → /home/contsvc/.config/systemd/user/container-
webapp.service.
Created symlink /home/contsvc/.config/systemd/user/default.target.wants/container-
webapp.service → /home/contsvc/.config/systemd/user/container-webapp.service.

7.3. Verify that the web server responds to requests.

[contsvc@servera user]$ curl http://localhost:8080

Hello World

7.4. Verify that the container is running.

[contsvc@servera user]$ podman ps

CONTAINER ID IMAGE COMMAND
CREATED STATUS PORTS NAMES
3e996db98071 registry.access.redhat.com/ubi8/httpd-24:1-163 /usr/bin/run-http...
3 minutes ago Up 3 minutes ago 0.0.0.0:8080->8080/tcp webapp

Notice the container ID. Use this information to confirm that systemd creates a
container when you restart the service.

7.5. Stop the container-webapp service, and confirm that the container no longer
exists. When you stop the service, systemd stops and then deletes the container.

[contsvc@servera user]$ systemctl --user stop container-webapp

[contsvc@servera user]$ podman ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

7.6. Start the container-webapp service, and then confirm that the container is
running.

370 RH134-RHEL9.0-en-2-20220609
Chapter 11 | Run Containers

The container ID is different, because the systemd daemon creates a container with
the start instruction and deletes the container with the stop instruction.

[contsvc@servera user]$ systemctl --user start container-webapp

[contsvc@servera user]$ podman ps
CONTAINER ID IMAGE COMMAND
CREATED STATUS PORTS NAMES
4584b4df514c registry.access.redhat.com/ubi8/httpd-24:1-163 /usr/bin/run-http...
6 seconds ago Up 7 seconds ago 0.0.0.0:8080->8080/tcp webapp

8. Ensure that the services for the contsvc user start at system boot. When done, restart the
servera machine.

8.1. Run the loginctl enable-linger command.

[contsvc@servera user]$ loginctl enable-linger

8.2. Confirm that the Linger option is set for the contsvc user.

[contsvc@servera user]$ loginctl show-user contsvc

...output omitted...
Linger=yes

8.3. Switch to the root user, and then use the systemctl reboot command to restart
servera.

[contsvc@servera user]$ su -
Password: redhat
Last login: Fri Aug 28 07:43:40 EDT 2020 on pts/0
[root@servera ~]# systemctl reboot
Connection to servera closed by remote host.
Connection to servera closed.
[student@workstation ~]$

9. When the servera machine is up again, log in to servera as the contsvc user. Verify
that systemd started the webapp container and that the web content is available.

9.1. Log in to servera as the contsvc user.

[student@workstation ~]$ ssh contsvc@servera

...output omitted...

9.2. Verify that the container is running.

[contsvc@servera ~]$ podman ps

CONTAINER ID IMAGE COMMAND
CREATED STATUS PORTS NAMES
6c325bf49f84 registry.access.redhat.com/ubi8/httpd-24:1-163 /usr/bin/run-http...
2 minutes ago Up 2 minutes ago 0.0.0.0:8080->8080/tcp webapp

9.3. Access the web content.

RH134-RHEL9.0-en-2-20220609 371
Chapter 11 | Run Containers

[contsvc@servera ~]$ curl http://localhost:8080

Hello World

9.4. Return to the workstation machine as the student user.

[contsvc@servera ~]$ exit

logout
Connection to servera closed.
[student@workstation ~]$

Finish
On the workstation machine, run the lab finish containers-services script to
complete this exercise.

[student@workstation ~]$ lab finish containers-services

This concludes the section.

372 RH134-RHEL9.0-en-2-20220609