Container Management (podman)

Skill Level: Fundamental

1. Overview

Podman (the POD manager) is a tool for developing, managing, and running containers on your Linux systems.

In this unit, we will get familiar with application containers and the podman CLI.

2. Getting Started

For these exercises, you will be using the host node3 as user root.

From host bastion, ssh to node3.

ssh node3

Use sudo to elevate your privileges.

[[ "$UID" == 0 ]] || sudo -i

Verify that you are on the right host for these exercises.

workshop-podman-checkhost.sh

You are now ready to proceed with these exercises.

3. Core Concepts

Linux containers are technologies (plural) that allow you to package and isolate applications as lightweight, portable entities. When compared to a traditional virtual machine (as containers often are), Linux containers:

  • improve resource utlitization over virtual machines

  • improve performance over virtual machines

  • improve flexibilty over virtual machines

Because container images include only the content needed to run an application, a container is more efficient and requires fewer resources to run. Likewise, since the container is not running the entirety of a complete operating system, it will typically run faster than an application that carries with it the overhead of a whole new virtual machine. Lastly, with an application’s run time requirements included in the image itself, a container is far more capable of being run in multiple environments (without modification).

That said, let’s begin to explore the capabilities of podman.

3.1. Essential Container Commands

Here is a list of the fundamental podman commands and their purpose:

  • podman images - list container images on the system

  • podman ps - list running containers

  • podman pull - pull (copy) container image from repository (ie: redhat and/or docker hub)

  • podman run - run a container

  • podman inspect - view facts about a container

  • podman logs - display logs of a container (can be used with --follow)

  • podman rm - remove one or more containers

  • podman rmi - remove one or more images

  • podman stop - stop one or more containers

  • podman kill $(podman ps -q) - kill all running containers

  • podman rm $(podman ps -a -q) - delete all stopped containers

4. Exercise: Basic Information

Now have a look at the general container information.

podman info
host:
  arch: amd64
  buildahVersion: 1.39.4
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
...<output truncated>...

There is obviously a lot of information here, but we are just trying to point out how to get to that info when you need it.

5. Exercise: Container Image Management

5.1. List Current Images

Now have a look at the general container information.

podman images

Your results should have come back empty and that’s because we have not imported, loaded or pulled any containers on to our platform.

5.2. Pull New Images

Time to pull a container from our local repository. We’re going to start with a RHEL 10 UBI image (see UBI documentation link at the end of this exercise).

podman pull registry.access.redhat.com/ubi10/ubi:latest
Trying to pull registry.access.redhat.com/ubi10/ubi:latest...
Getting image source signatures
Checking if image destination supports signatures
Copying blob 7fdd59f6557b done   |
Copying config da862ffa17 done   |
Writing manifest to image destination
Storing signatures
da862ffa17875f5980832d6d8cd545f75e7cf3175a710b6529d7f7fc5fd650d1

Have a look at the image list now.

podman images
REPOSITORY                            TAG         IMAGE ID      CREATED     SIZE
registry.access.redhat.com/ubi10/ubi  latest      da862ffa1787  2 days ago  216 MB
If you are a subscriber to Red Hat Enterprise Linux, you can pull authentic Red Hat certified images directly from Red Hat’s repository. For example: podman pull rhel7.9 --creds 'username:password'

Pull a few more container images.

podman pull registry.access.redhat.com/ubi10/ubi-minimal
podman pull registry.access.redhat.com/ubi10/ubi-init
podman images
REPOSITORY                                    TAG         IMAGE ID      CREATED       SIZE
registry.access.redhat.com/ubi10/ubi-init     latest      7f2cd7fb740c  37 hours ago  236 MB
registry.access.redhat.com/ubi10/ubi          latest      da862ffa1787  2 days ago    216 MB
registry.access.redhat.com/ubi10/ubi-minimal  latest      94287c165ee4  2 days ago    85.3 MB

5.3. Tag Images

Container images can also be tagged with convenient (ie: custom) names. This could make it more intuitive to understand what they contain, especially after an image has been customized.

podman tag registry.access.redhat.com/ubi10/ubi myfavorite
podman images
REPOSITORY                                    TAG         IMAGE ID      CREATED       SIZE
registry.access.redhat.com/ubi10/ubi-init     latest      7f2cd7fb740c  37 hours ago  236 MB
localhost/myfavorite                          latest      da862ffa1787  2 days ago    216 MB
registry.access.redhat.com/ubi10/ubi          latest      da862ffa1787  2 days ago    216 MB
registry.access.redhat.com/ubi10/ubi-minimal  latest      94287c165ee4  2 days ago    85.3 MB

Notice how the image-id for "ubi" and "myfavorite" are identical.

The Red Hat Container Catalog (RHCC) provides a convenient service to locate certified container images built and supported by Red Hat. You can also view the "security evaluation" for each image.

5.4. Delete Images

Let’s take another look at the images we have and remove one we don’t need

podman images
podman rmi ubi-init
podman images
REPOSITORY                                    TAG         IMAGE ID      CREATED     SIZE
localhost/myfavorite                          latest      da862ffa1787  2 days ago  216 MB
registry.access.redhat.com/ubi10/ubi          latest      da862ffa1787  2 days ago  216 MB
registry.access.redhat.com/ubi10/ubi-minimal  latest      94287c165ee4  2 days ago  85.3 MB

6. Exercise: Run a Container

6.1. Hello World

podman run ubi echo "hello world"
hello world

Well that was really boring!! What did we learn from this? For starters, you should have noticed how fast the container launched and then concluded. Compare that with traditional virtualization where:

  • you power up,

  • wait for bios,

  • wait for grub,

  • wait for the kernel to boot and initialize resources,

  • pivot root,

  • launch all the services, and then finally

  • run the application

Let us run a few more commands to see what else we can glean.

podman ps -a
CONTAINER ID  IMAGE                                        COMMAND           CREATED         STATUS                     PORTS       NAMES
ff41e34f372e  registry.access.redhat.com/ubi10/ubi:latest  echo hello world  14 seconds ago  Exited (0) 14 seconds ago              musing_heisenberg

Now let us run the exact same command as before to print "hello world".

podman run ubi echo "hello world"
hello world

Check out 'podman info' one more time and you should notice a few changes.

podman info
host:
  arch: amd64
  buildahVersion: 1.39.4
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc

...<output truncated>...

Again, there is a lot of information here. But if you dig into it, you should notice that the number of containers (ContainerStore) has incremented to 2, and that the number of stopped containers has also has grown.

podman info |grep -A7 store:
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 0
    stopped: 2
  graphDriverName: overlay

6.2. Cleanup

Run 'podman ps -a' to see the IDs of the exited containers.

podman ps -a
CONTAINER ID  IMAGE                                        COMMAND           CREATED             STATUS                         PORTS       NAMES
ff41e34f372e  registry.access.redhat.com/ubi10/ubi:latest  echo hello world  About a minute ago  Exited (0) About a minute ago              musing_heisenberg
0871cf47b06c  registry.access.redhat.com/ubi10/ubi:latest  echo hello world  About a minute ago  Exited (0) About a minute ago              optimistic_cray

Using the container UIDs from the above output, you could clean up the 'exited' containers individually using podman rm <CONTAINER-ID> <CONTAINER-ID>, but we are lazy and will cleanup up the containers with a single command:

podman rm --all

Now run 'podman ps -a' again, and the results should come back empty.

podman ps -a

6.3. Conclusion

workshop-finish-exercise.sh

Additional Reference Materials

End of Unit