Image
How to build a container lab in five minutes
A home lab is a great way to get started with containers, an essential component in today's IT landscape.
Home labs are an excellent way to learn and test new technologies. Enable Sysadmin has published several articles on deploying home labs using virtual machines by way of scripting and Ansible, including Build a lab in five minutes with three simple commands by Alex Callejas and Build a lab in 36 seconds with Ansible by Ricardo Girardi. You can do something similar with containers.
Containers are an essential component in IT today, and it's easy to get started with containers in a home lab environment. You might have a small project requiring a couple of basic containers to accomplish a few simple tasks.
In this how-to's example project, you will learn to quickly deploy Linux environments that students can use to accomplish brief, focused lab activities. Specifically, participants need to work on files using the Nano editor. A virtual machine would suffice, but the students may as well get an early introduction to containers.
Choose a container platform
Podman is a modern and flexible container environment, so first, install Podman on your host computer. Some steps may vary slightly depending on your host distribution, but on Fedora, CentOS Stream, and Red Hat Enterprise Linux (RHEL), it's as easy as:
$ sudo dnf install podman
Enable rootless containers
By default, you need administrative privileges to run containers with Podman. This is part of the cost of having a daemonless container engine, but it's by no means a permanent limitation.
Use the usermod
command to add a pool of user and group IDs to your user account:
$ sudo usermod \
--add-subuids 200000-215000 \
--add-subgids 200000-215000 \
$USER
[ Get more insight on How to manage users and groups in Linux. ]
You should also verify that users have access to a few thousand namespaces:
$ sysctl --all --pattern user_namespaces
user.max_user_namespaces = 28633
If your distribution doesn't have that property, or has it set low, you can create it by entering this text into the file /etc/sysctl.d/userns.conf
:
user.max_user_namespaces=28633
And then load that setting:
$ sudo sysctl -p /etc/sysctl.d/userns.conf
I prefer to reboot after this configuration to make sure that the changes to both the user and kernel parameters get loaded.
After you reboot, try running the RHEL Universal Base Image (UBI) with Podman:
$ podman run ubi8/ubi cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
[...]
Create a Dockerfile
Now you can create a Dockerfile that specifies how to build your new container image. First, create a directory for your Dockerfile file:
$ mkdir ~/mycontainer
$ cd !$
Create a file with the following contents to build a UBI-based image with the Nano text editor installed:
FROM ubi8/ubi:latest
RUN dnf install -y nano
Build the image:
$ podman build --tag rhel-with-nano .
Be careful not to miss the trailing dot representing "here" in the build process.
Confirm that the image got created:
$ podman images
Now you can run the container. First, run a command on the original UBI image to establish a baseline:
$ podman run ubi8/ubi which nano
which: no nano in (/usr/local/sbin:...
The Nano text editor isn't installed in UBI by default. Now run the same command in your custom container:
$ podman run rhel-with-nano which nano
/usr/bin/nano
Nano is now installed in your custom container.
You can also run the container interactively:
$ podman run -it rhel-with-nano
[root@be54cb4780a1 /]# ls
bin dev home lib64 media opt root sbin sys usr
boot etc lib lost+found mnt proc run srv tmp var
You can switch to a different terminal tab or open a new terminal to see some basic stats about the running container:
$ docker ps
Type exit
to close the container.
Try the same process to build and run a Fedora container image to solidify your understanding of the steps. Now that you've installed Podman, the process is as simple as pulling existing images or building your own.
Storage
One thing that often confounds new users of containers is their ephemeralness; they're explicitly designed as throwaway environments. For instance, launch an instance of your custom image and create and save a file in the home directory. Do it interactively, so you can confirm that your instructions were followed:
$ podman run -it rhel-with-nano
[root@8b0929c40fb9 /]# cd home/
[root@8b0929c40fb9 home]# ls
[root@8b0929c40fb9 home]# touch test.txt
[root@8b0929c40fb9 home]# ls
test.txt
[root@8b0929c40fb9 home]# exit
You created a file called test.txt
, and you confirmed that it was created. But you exited the container, causing it to stop running. Launch a new one and look for your file:
$ podman run -it rhel-with-nano
[root@ed75875cfa3d /]# ls home/
[root@ed75875cfa3d /]# exit
[ Get an overview of Kubernetes storage and how it’s implemented. Download the free eBook Storage patterns for Kubernetes for dummies. ]
If you need persistent storage, you can create a local directory and bind it as a mount option for your container. First, create the storage directory:
$ mkdir data
Then start your container using your storage directory as some relevant mount point. This example binds the local directory to a location called /storage
, but you could bind it to /opt
or /home
or whatever directory you want.
You must append your directory location with :Z
(that's a colon and a capital Z) so that SELinux can translate contexts between your host and Podman.
$ podman run -it --volume ./data:/storage:Z rhel-with-nano
[root@c0c2fbdc7145 /]# ls
bin dev home lib64 media opt root sbin storage sys
boot etc lib lost+found mnt proc run srv tmp usr var
[root@c0c2fbdc7145 /]# touch /storage/test.txt
[root@c0c2fbdc7145 /]# exit
Any data you create and save in the /storage
directory in the container is saved to your persistent data
location and then is accessible again from any container using that volume for its storage.
Use an existing image
So far, you've deployed two simple containers with local applications. What else can containers do? The answer seems to be almost anything. Bring the level of intensity up just a little.
Many years ago, there was a great game named Nethack. By today's standards, Nethack isn't exactly on the cutting edge of gaming technology, but it was entertaining. And it turns out there is a prebuilt Nethack image. Oh, life is good!
$ podman pull matsuu/nethack
$ podman run -it matsuu/nethack
There's nothing quite like using modern technology to play a 30-year-old game.
Consider deploying a container-based web server, such as Apache, for something more closely related to today's sysadmin tasks.
Wrap up
This process, which should take about five minutes to configure, provides a very basic look at using containers as lab environments for tools such as Vim, Nano, and Apache (and Nethack!). Take this basic knowledge and explore Dockerhub to discover what other useful technologies you can begin to learn in your container-based lab environment. Consider Podman, Python, MariaDB, or create something uniquely your own.
Image
Work through this Linux fundamentals checklist to make sure you're ready for whatever comes your way at home, at work, or on certification exams.
Image
Want to create a home lab environment to test out new Linux skills? These how-tos will help ease your journey.
Image
Red Hat Enterprise Linux Skills Workshops offer a way to learn more about Linux without building and maintaining your own lab environment.
Image
Using Ansible makes provisioning virtual machines automated, flexible, repeatable, and fast.
Image
It's handy to have a lab environment separate from your day-to-day workstation. Use these commands to set up a place to learn and experiment without risking your work environment.
Damon Garn
Damon Garn owns Cogspinner Coaction, LLC, a technical writing, editing, and IT project company based in Colorado Springs, CO. Damon authored many CompTIA Official Instructor and Student Guides (Linux+, Cloud+, Cloud Essentials+, Server+) and developed a broad library of interactive, scored labs. He regularly contributes to Enable Sysadmin, SearchNetworking, and CompTIA article repositories. Damon has 20 years of experience as a technical trainer covering Linux, Windows Server, and security content. He is a former sysadmin for US Figure Skating. He lives in Colorado Springs with his family and is a writer, musician, and amateur genealogist. More about me
Seth Kenlon
Seth Kenlon is a UNIX geek and free software enthusiast. More about me