DO180 - Commands
What does containerfile ADD and COPY do to permissions?
Both the ADD and COPY instructions copy the files, retaining permissions, with root as the owner, even if the USER instruction is specified. Red Hat recommends using a RUN instruction after the copy to change the owner and avoid permission denied errors.
On rootless containers, how is networking managed?
By Slirp. It works by forking into the container's user and network namespaces and creating a tap device that becomes the default route. Then, it passes the device's file descriptor to the parent, who runs in the default network namespace and can now communicate with both the container and the internet.
What does the COPY containerfile instruction do?
COPY copies files from the working directory and adds them to the container's file system. It is not possible to copy a remote file using its URL with this Containerfile instruction.
What are User Namespaces?
Containers use Linux namespaces to isolate themselves from the host on which they run. In particular, the User namespace is used to make containers rootless. This namespace maps user and group IDs so that a process inside the namespace might appear to be running under a different ID. Rootless containers use the User namespace to make application code appear to be running as root. However, from the host's perspective, permissions are limited to those of a regular user. If an attacker manages to escape the user namespace onto the host, then it will have only the capabilities of a regular, unprivileged user.
What are config maps and secrets?
Contains a set of keys and values that can be used by other resources. ConfigMaps and Secrets are usually used to centralize configuration values used by several resources. Secrets differ from ConfigMaps maps in that Secrets' values are always encoded (not encrypted) and their access is restricted to fewer authorized users.
What should you do with yum instructions?
Create a single layer: RUN yum --disablerepo=* --enablerepo="rhel-7-server-rpms" && \ yum update -y && \ yum install -y httpd
What is Persistent Volumes?
Define storage areas to be used by Kubernetes pods.
What can you do with ENV Containerfile option?
ENV MYSQL_ROOT_PASSWORD="my_password" \ MYSQL_DATABASE "my_database"
How to build an application with S2I using -i instead of tilde?
Instead of using the tilde, you can set the image stream by using the -i option or -- image-stream for the full version. oc new-app -i php http://services.lab.example.com/app --name=myapp
What are PVCs?
Persistent Volume Claims (pvc) Represent a request for storage by a pod. PVCs links a PV to a pod so its containers can make use of it, usually by mounting the storage into the container's file system
What does podman use to create a software-defined network between all containers in the host?
Podman uses Container Network Interface (CNI) to create a software-defined network (SDN) between all containers in the host. Unless stated otherwise, CNI assigns a new IP address to a container when it starts.
What is a project?
Pods are attached to a Kubernetes namespace, which OpenShift calls a project.
What is a a control plane?
Provides basic cluster services such as APIs or controllers.
What is a route?
Represent a DNS host name recognized by the OpenShift router as an ingress point for applications and microservices.
Kubernetes: what are pods?
Represent a collection of containers that share resources, such as IP addresses and persistent storage volumes. It is the basic unit of work for Kubernetes.
Kubernetes: what is a resource?
Resources are any kind of component definition managed by Kubernetes. Resources contain the configuration of the managed component (for example, the role assigned to a node), and the current state of the component (for example, if the node is available).
How to achieve networking between rootless containers?
Rootless containers do not support software-defined network (SDN). Therefore, the container's IP address is not available to communicate with other containers on the host. We can achieve networking between rootless containers by using port-forwarding. Port-forwarding allows external access to a container service from the host.
What does S2I do?
Source-to-Image (S2I) provides an alternative to using Containerfiles to create new container images that can be used either as a feature from OpenShift or as the standalone s2i utility. S2I allows developers to work using their usual tools, instead of learning Containerfile syntax and using operating system commands such as yum.
What is the entry point?
The container image specifies a process that starts inside the container known as entry point.
Kubernetes: What is a Operators?
The latest Kubernetes versions implement many controllers as Operators. Operators are Kubernetes plug-in components that can react to cluster events and control the state of resources. Operators and CoreOS Operator Framework are outside the scope of this document.
Kubernetes: what is a compute node?
This node executes workloads for the cluster. Application pods are scheduled onto compute nodes.
How to use external parameters at startup?
Use -e [user@demo ~]$ podman run -e GREET=Hello -e NAME=RedHat \ > ubi8/ubi:8.3 printenv GREET NAME Hello RedHat
Command to list all repositories available in a registry?
Use /v2/_catalog endpoint: curl -Ls https://myserver/v2/_catalog?n=3
What is the SELinux context that Podman users?
container_file_t
Command to remove obsolete images?
oc adm prune
Create Template from mysql.json or mysql.yaml file - use the template created variables: MYSQL_USER=user1 MYSQL_PASSWORD=password MYSQL_DATABASE=books
oc create -f mysql.yaml oc get templates oc process mysql-persistent -p MYSQL_USER=user -p MYSQL_PASSWORD=password -p MYSQL_DATABASE=books | oc create -f - # check status oc get all
Command to delete a resource from OpenSHift cluster?
oc delete RESOURCE_TYPE name
How to delete and recreate a persistent volume ?
oc delete pv <pv_name> oc create -f <pv_resource_file>
Command to retrieve detailed information about a resource?
oc describe RESOURCE_TYPE RESOURCE_NAME
In OpenShift, how to display events just related to mysql pod?
oc describe pod mysql
How to access a running container using OpenSHift?
oc exec [options] pod [-c container] -- command [arguments] oc exec -it myhttpdpod /bin/bash
One way to create a route?
oc expose service quotedb --name quote By default, routes created by oc expose generate DNS names of the form: route-name- project-name.default-domain
Command to expose service todoapi?
oc expose service todoapi
Command to display a summary of all resources of the specified type?
oc get RESOURCE_TYPE
Command to retrieve a summary of the most important components of a cluster?
oc get all
Expose the service to url mysqltestapptesturl.com Copy file mytestfile.txt from host to the mysql application path /tmp/ check pod logs log into application and check the version of mysql
oc get all oc expose svc mysql-app --hostname=mysqltestapptesturl.com oc cp mytestfile.txt mysql-app-1-mlb7h:/tmp/ oc logs -f pod/mysql-app-1-mlb7h oc get all oc rsh pod/mysql-app-1-mlb7h mysql -u user -p password
Command to trigger a new build?
oc get buildconfig oc start-build myapp
Command to see a list of application builds?
oc get builds
In openShift how do you display events like starting a container or destroying a pod?
oc get events This command spans the whole RHOCP cluster
Verify build in open shift?
oc get pods
Command to list persistent volume objects in a cluster?
oc get pv
Command to see the YAML definition for a given PersistenVolume?
oc get pv pv0001 -o yaml
How to view a template in yaml format?
oc get template mysql-persistent -n openshift -o yaml
Command to get OpenShift templates?
oc get templates -n openshift
Command to example logs for build pod name called: php-helloworld-1-build
oc logs --all-containers -f php-helloworld-1-build
OpenShift command to view log from container?
oc logs <podName> -c <containerName> The container name is optional if there is only one container, as oc defaults to the only running container and returns the output.
Command to retrieve logs from a build configuration?
oc logs bc/<application-name>
Command to view build logs?
oc logs build/myapp-1
Command to view deployment logs?
oc logs deployment/<application-name>
oc command to create an application based on an image from a private Docker image registry:
oc new-app --docker-image=myregistry.com/mycompany/myapp --name=myapp
Create an mysql app with the following settings: name of app: mysql-app registry image: registry.access.redhat.com/rhscl/mysql-57-rhel7 MYSQL_USER=user MYSQL_PASSWORD=password MYSEL_DATABASE=books All resources should have label app=mydbapp
oc new-app --docker-image=registry.access.redhat.com/rhscl/mysql-57-rhel7 --name=mysql-app -e MYSQL_USER=user -e MYSQL_PASSWORD=password -e MSQL_DATABASE=books -l app=mydbapp oc get all oc get all -o wide
How to create an application using the Git repo in the current directory?
oc new-app .
Create a new app based on a mysql template:
oc new-app \ > --template=mysql-persistent \ > -p MYSQL_USER=user1 -p MYSQL_PASSWORD=mypa55 -p MYSQL_DATABASE=testdb \ > -p MYSQL_ROOT_PASSWORD=r00tpa55 -p VOLUME_CAPACITY=10Gi
Command to create an application based on an existing template:
oc new-app \ > --template=mysql-persistent \ > -p MYSQL_USER=user1 -p MYSQL_PASSWORD=mypa55 -p MYSQL_DATABASE=testdb \ > -p MYSQL_ROOT_PASSWORD=r00tpa55 -p VOLUME_CAPACITY=10Gi .
Command to create an application based on source code stored in a Git repository:
oc new-app https://github.com/openshift/ruby-hello-world --name=ruby-hello
Create an application based on source code stored in Git repo:
oc new-app https://github.com/openshift/ruby-hello-world --name=ruby-hello
S2I create a new app using a remote git repo and a context subdirectory?
oc new-app https://github.com/openshift/sti-ruby.git \ --context-dir=2.0/test/puma-test-app
Create new php 7.3 app from github repo?
oc new-app php:7.3 --name=php-helloworld https://github.com/maryfrances/DO180-apps#s2i --context-dir php-helloworld
Command to build an application with S2I using the OpenShift CLI?
oc new-app php~http://my.git.server.com/my-app --name=myapp The image stream used in the process appears to the left of the tilde (~). The URL after the tilde indicates the location of the source code's Git repository. Sets the application name.
Command to create a new project in open shift?
oc new-project project-name
Command to forward a local port to a pod port?
oc port-forward db 30306 3306 When running this command, be sure to leave the terminal window running. Closing the window or canceling the process stops the port mapping. While the podman run -p method of mapping (port-forwarding) can only be configured when the container is started, the mapping with the oc port-forward command can be created and destroyed at any time after a pod was created.
How to forward a port in openshift?
oc port-forward mysql 3306:3306
OC how to import a database from workstation to container?
oc port-forward mysql 3306:3306 mysql -uuser1 -h 127.0.0.1 -pmypa55 -P3306 items < db.sql
Create mysql application using mysql.json or mysql.yaml for application creation. Variables: MYSQL_USER=user1 MYSQL_PASSWORD=password MYSQL_DATABASE=books
oc process -f mysql.yaml -p MYSQL_USER=user -p MYSQL_PASSWORD=password -p MYSQL_DATABASE=books | oc create -f -
How to switch projects in openshift?
oc projects oc project rsalyf-s2i
command to start a new build?
oc start-build <application-name>
What is the command to build images with podman?
podman build -t NAME:TAG DIR
How to copy a database file from host to the mysql container?
podman cp /home/student/DO180/labs/manage-lifecycle/db.sql mysql:/
Transfer standalone.conf into a container named todoapi into directory /opt/jboss/standalone/conf/standalone.conf using podman?
podman cp standalone.conf todoapi:/opt/jboss/standalone/conf/standalone.conf .
Command to copy db.sql to a container using podman?
podman exec -i <container> mysql -uroot -proot < /path/on/host/db.sql
You have a container called httpd-basic. How do you connect to the container and run bash?
podman exec -it httpd-basic /bin/bash
How to start an additional process inside an already running container?
podman exec 234029384 cat /etc/hostname
How to access a running container using podman?
podman exec [options] container command [arguments] podman exec apache-container cat /var/log/httpd/error_log
Populate the items database with the Projects table?
podman exec mysql /bin/bash -c 'mysql -uuser1 -pmypa55 items < /db.sql'
Command to list all container images stored locally?
podman images
Command to list images?
podman images
command to restore a container image?
podman load -i filename podman load -i mysql.tar
command to view container logs?
podman logs <containername>
How to view the logs of a container?
podman logs mysql-db
Command to retrieve local port that the container listens on?
podman port -l
Command to see what port a container is using?
podman port apache3
Command to list all containers, including stopped ones?
podman ps -a
Command to fetch image and save it locally?
podman pull rhel
Command to restart a stopped container?
podman restart my-httpd-container
Command to delete a container and discard its state and file system?
podman rm my-httpd-container The -f option with rm removes the container even if it is not stopped
How to delete an image from local storage?
podman rmi image
How to bind a port to a specified IP address in a container?
podman run -d --name apache2 -p 127.0.0.1:8081 registry.redhat.io/rhel8/httpd-24
Command to start a container image as a background process?
podman run -d -p 8080 registry.redhat.io/rhel8/httpd-24
Command to start an interactive shell inside a httpd-24 container?
podman run -it registry.redhat.io/rhel8/httpd-24 /bin/bash -t terminal -i keeps standard input open
Command to start a Bash terminal inside the container and interactively run some commands in it?
podman run -it ubi8/ubi:8.3 /bin/bash
Option to mount a host directory to a container?
podman run -v /home/student/dbfiles:/var/lib/mysql rhmap47/mysql
How to save an image to a tar file?
podman save -o filename imagename podman save -o mysql.tar registry.redhat.io/rhel8/mysql-80
Command to search for an image?
podman search rhel
Command to stop a container?
podman stop myhttpd-container Use podman stop -a to stop all containers
Command to tag an image?
podman tag timage registryhost/username/name/tag podman tag mysql-custom devops/mysql:snapshot
What command provides a session to execute commands within the same user namespace as the process running inside the container?
podman unshare chown -R 27:27 /home/student/dbfiles
Command to apply the container_file_t to a directory and all subdirectiories to allow containers access to all of its contents?
sudo semanage fcontext -a -t container_file_t '/home/student/dbfiles(/.*)?' sudo restore -Rv /home/student/dbfiles
Command to list tags available for a single image?
use /v2/<name>/tags/list curl -Ls https://quay.io/v2/redhattraining/httpd-parent/tags/list | python -m json.tool
What are the three steps to build an image with a Containerfile?
1. Create a working directory 2. Write the Containerfile 3. Build the image with Podman
What are the steps that S2I uses to build a custom container image?
1. Start a container from a base container image called the builder image. This image includes a programming language runtime and essential development tools, such as compilers and package managers. 2. Fetch the application source code, usually from a Git server, and send it to the container. 3. Build the application binary files inside the container. 4. Save the container, after some clean up, as a new container image, which includes the programming language runtime and the application binaries.
Kubernetes: what is a namespace?
A scope for Kubernetes resources and processes, so that resources with the same name can be used in different boundaries.
Kubernetes: What is a node?
A server that hosts applications in a Kubernetes cluster
What does the ADD containerfile instruction do?
ADD instruction copies files or folders from a local or remote source and adds them to the container's file system. If used to copy local files, those must be in the working directory. ADD instruction unpacks local .tar files to the destination image directory.
