RHCSA-8.2虚拟机

一、基本信息
kiosk:redhat
root:Asimov

RHCSA-12GB-4core
RHCE-16GB-4core

172.25.254.250 foundation0
172.25.254.254 classroom

172.25.250.9 workstation.lab.example.com workstation
172.25.250.10 servera.lab.example.com servera
172.25.250.11 serverb.lab.example.com serverb
172.25.250.254 bastion.lab.example.com bastion
172.25.250.220 utility.lab.example.com utility

172.25.250.220 registry.lab.example.com registry

网络模式 -> 仅主机
虚拟网卡 -> vmnet1
网段IP地址 -> 为 172.25.254.250

启动命令
rht-vmctl start all
rht-vmctl start classroom

停止命令
rht-vmctl stop all
rht-vmctl stop classroom

二、Podman -> RH134内容
1、启动RHCSA
用户名:kiosk
密码:redhat

2、查看状态
[kiosk@foundation0 ~]$ rht-vmctl status all
bastion DEFINED
workstation DEFINED
utility DEFINED
servera DEFINED
serverb DEFINED

3、启动 bastion、workstation、utility、servera、kvm 虚拟机
[kiosk@foundation0 ~]$ rht-vmctl start bastion
Starting bastion.

[kiosk@foundation0 ~]$ rht-vmctl start workstation
Starting workstation.

[kiosk@foundation0 ~]$ rht-vmctl start utility
Starting utility.

[kiosk@foundation0 ~]$ rht-vmctl start servera
Starting servera.

4、再次查看
[kiosk@foundation0 ~]$ rht-vmctl status all
bastion RUNNING
workstation RUNNING
utility RUNNING
servera RUNNING
serverb DEFINED

5、登陆 servera 服务器
[kiosk@foundation0 ~]$ ssh root@servera

6、查看主机名称
[root@servera ~]# hostnamectl
Static hostname: servera.lab.example.com
Icon name: computer-vm
Chassis: vm
Machine ID: f874df04639f474cb0a9881041f4f7d4
Boot ID: 700ec5902522464e9bde231a0940d2e3
Virtualization: kvm
Operating System: Red Hat Enterprise Linux 8.2 (Ootpa)
CPE OS Name: cpe:/o:redhat:enterprise_linux:8.2:GA
Kernel: Linux 4.18.0-193.el8.x86_64
Architecture: x86-64

7、查看模块
[root@servera ~]# dnf module list
RHEL8.2 或 Centos8.2 的 Podman version 1.6.4 存在一定的 bug
解决方案

方案一
直接使用RHEL8.3 | Centos8.3
[root@servera ~]# dnf module install -y container-tools
NAT 上网
获得更多的image,通过配置源加速的方式优先查找容器镜像的源

方案二
练习环境,podman升级到比1.6.4更高的版本1.9.3
podman 升级到1.9.3 这个版本是没有问题的
[root@servera ~]# exit
[kiosk@foundation0 ~]$ ssh student@workstation

开启一个实验环境,更新yum源
[student@workstation ~]$ lab containers-basic start
[student@workstation ~]$ exit

[kiosk@foundation0 ~]$ ssh root@servera
[root@servera ~]# dnf module install -y container-tools

8、查看podman版本
[root@servera ~]# podman version
Version: 1.9.3
RemoteAPI Version: 1
Go Version: go1.13.4
OS/Arch: linux/amd64
[root@servera ~]# podman --version
podman version 1.9.3
[root@servera ~]# podman -v
podman version 1.9.3

9、配置 redhat podman 镜像加速器
[root@servera ~]# vim /etc/containers/registries.conf
[registries.search]
registries = [‘https://3iy7bctt.mirror.aliyuncs.com’, ‘http://hub-mirror.c.163.com’, ‘https://mirror.ccs.tencentyun.com’, ‘https://docker.mirrors.ustc.edu.cn’, ‘docker.io’, ‘registry.access.redhat.com’, ‘registry.redhat.io’]

10、查看podman信息
[root@servera ~]# podman info

11、登陆注册表服务器
[root@servera ~]# podman login registry.lab.example.com
Username: admin
Password: redhat321
Login Succeeded!

12、查找镜像
[root@servera ~]# podman search nginx
[root@servera ~]# podman search registry.lab.example.com/rhel8/httpd-24:latest

13、下载 nginx 镜像
[root@servera ~]# podman pull nginx

14、下载 httpd 镜像
[root@servera ~]# podman pull registry.lab.example.com/rhel8/httpd-24:latest

和通过dnf安装的内容是一样大的
[root@servera ~]# dnf module install -y httpd

15、查看本地镜像
[root@servera ~]# podman images

16、查看镜像详细信息
[root@servera ~]# podman inspect nginx:latest
[root@servera ~]# podman inspect registry.lab.example.com/rhel8/httpd-24:latest

17、删除一个镜像
[root@servera ~]# podman rmi nginx:latest
[root@servera ~]# podman images

18、容器的管理
1)创建容器
[root@servera ~]# mkdir -p /root/alex/container-journal/
[root@servera ~]# podman create -d --name=webserver -v /root/alex/container-journal/:/var/log/journal:Z registry.lab.example.com/rhel8/httpd-24
参数说明:
-d 后台运行
–name=webserver 容器名称(该名称必须正确且后面会用到)
-v 将主机的目录映射到容器指定目录
/root/alex/container-journal/ -> 主机目录
/var/log/journal -> 容器目录
:Z Podman 自动将 SELinux container_file_t context 应用到主机目录

2)查看容器
[root@servera ~]# podman ps
[root@servera ~]# podman ps -a

3)启动容器
[root@servera ~]# podman start webserver

4)运行容器
[root@servera ~]# podman run -d --name httpd-test -p 8081:8080 httpd-24

5)监听端口
[root@servera ~]# lsof -i:8081

6)测试一下
[root@servera ~]# curl servera:8081

7)查看端口
[root@servera ~]# podman port -a
cbf8e0f0d663 8080/tcp -> 0.0.0.0:8081

8)进入容器
[root@servera ~]# podman exec -it httpd-test /bin/bash
bash-4.4$ cat /etc/httpd/conf/httpd.conf | grep -i 8080
Listen 0.0.0.0:8080
bash-4.4$ echo “hello redhat” > /var/www/html/index.html
bash-4.4$ exit

9)不进入容器的状态下,操作容器
[root@servera ~]# podman exec httpd-test cat /var/www/html/index.html
hello redhat

10)停止容器
[root@servera ~]# podman stop httpd-test
[root@servera ~]# podman stop webserver

11)删除容器
[root@servera ~]# podman rm httpd-test
[root@servera ~]# podman rm webserver
[root@servera ~]# podman ps -a

19、配置 rootless 的容器管理
1)查看 student 是具备操作podman容器的原因
[root@servera ~]# su - student
[student@servera ~]$ cat .config/containers/registries.conf
unqualified-search-registries = [‘registry.lab.example.com’]
[[registry]]
location = “registry.lab.example.com”
insecure = true
blocked = false

2)添加用户,查看镜像
[student@servera ~]$ exit
[root@servera ~]# useradd alex
[root@servera ~]# su - alex
[alex@servera ~]$ podman images

3)alex用户注册podman
(1)第一步
[alex@servera ~]$ mkdir -p .config/containers
[alex@servera ~]$ vim .config/containers/registries.conf
unqualified-search-registries = [‘registry.lab.example.com’]
[[registry]]
location = “registry.lab.example.com”
insecure = true
blocked = false

(2)第二步
[kiosk@foundation0 ~]$ ssh alex@servera

(3)第三步
[alex@servera ~]$ podman login registry.lab.example.com
Username: admin
Password: redhat321
Login Succeeded!

4)rootless 要注意的地方
基于 rootless 进行容器的管理

(1)一定要 ssh 登陆
ssh alex@servera 一定要ssh进行对alex用户的登录
root = > su - alex (x)

(2)一定要有 registries.conf 文件
[alex@servera ~]$ vim .config/containers/registries.conf

5)拉取镜像
[alex@servera ~]$ podman pull registry.lab.example.com/rhel8/httpd-24:latest
[alex@servera ~]$ podman pull nginx

6)创建容器
[alex@servera ~]$ mkdir container-journal
[alex@servera ~]$ podman run -d --name httpserver -v /home/alex/container-journal/:/var/log/joural:Z -p 8081:8080 httpd-24

20、配置面向 alex 用户的 systemd 服务的形式
1)创建 /home/alex/.config/systemd/user 目录
[alex@servera ~]$ mkdir -p .config/systemd/user

2)按照systemd的服务方式管理容器
[alex@servera ~]$ podman run -d --name httpserver -v /home/alex/container-journal/:/var/log/joural:Z -p 8081:8080 httpd-24
[alex@servera ~]$ cd .config/systemd/user/
[alex@servera user]$ podman generate systemd --name httpserver --files
/home/alex/.config/systemd/user/container-httpserver.service
参数说明:
–name httpserver 对应容器的名称
–files 在当前目录中生成 *.service 单元文件

3)服务名称为 container-httpserver 并在重新启动系统后自动启动
(1)删除 httpserver 容器
[alex@servera user]$ podman stop httpserver
[alex@servera user]$ podman rm httpserver
[alex@servera user]$ podman ps -a

(2)重新加载 systemd 管理器配置
[alex@servera user]$ systemctl --user daemon-reload

(3)设置开机自动启动
[alex@servera user]$ systemctl --user enable container-httpserver.service --now

(4)强制让普通用户的服务在服务器启动时启动
[alex@servera user]$ loginctl enable-linger alex
[alex@servera user]$ loginctl show-user alex

[alex@servera user]$ systemctl --user start container-httpserver.service

普通用户重启机器
[alex@servera ~]$ systemctl reboot -i

Logo

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐