How to build a container lab in five minutes

Home labs are an excellent way to learn and test new technologies. Enable Sysadmin has published several articles on deploying home labs using virtual machines by way of scripting and Ansible, including Build a lab in five minutes with three simple commands by Alex Callejas and Build a lab in 36 seconds with Ansible by Ricardo Girardi. You can do something similar with containers.

Containers are an essential component in IT today, and it's easy to get started with containers in a home lab environment. You might have a small project requiring a couple of basic containers to accomplish a few simple tasks. 

In this how-to's example project, you will learn to quickly deploy Linux environments that students can use to accomplish brief, focused lab activities. Specifically, participants need to work on files using the Nano editor. A virtual machine would suffice, but the students may as well get an early introduction to containers.

Choose a container platform

Podman is a modern and flexible container environment, so first, install Podman on your host computer. Some steps may vary slightly depending on your host distribution, but on Fedora, CentOS Stream, and Red Hat Enterprise Linux (RHEL), it's as easy as:

$ sudo dnf install podman

Enable rootless containers

By default, you need administrative privileges to run containers with Podman. This is part of the cost of having a daemonless container engine, but it's by no means a permanent limitation.

Use the usermod command to add a pool of user and group IDs to your user account:

$ sudo usermod \
--add-subuids 200000-215000 \
--add-subgids 200000-215000 \
$USER

[ Get more insight on How to manage users and groups in Linux. ]

You should also verify that users have access to a few thousand namespaces:

$ sysctl --all --pattern user_namespaces
user.max_user_namespaces = 28633

If your distribution doesn't have that property, or has it set low, you can create it by entering this text into the file /etc/sysctl.d/userns.conf:

user.max_user_namespaces=28633

And then load that setting:

$ sudo sysctl -p /etc/sysctl.d/userns.conf

I prefer to reboot after this configuration to make sure that the changes to both the user and kernel parameters get loaded.

After you reboot, try running the RHEL Universal Base Image (UBI) with Podman:

$ podman run ubi8/ubi cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
[...]

Create a Dockerfile

Now you can create a Dockerfile that specifies how to build your new container image. First, create a directory for your Dockerfile file:

$ mkdir ~/mycontainer
$ cd !$

Create a file with the following contents to build a UBI-based image with the Nano text editor installed:

FROM ubi8/ubi:latest
RUN dnf install -y nano

Build the image:

$ podman build --tag rhel-with-nano .

Be careful not to miss the trailing dot representing "here" in the build process.

Confirm that the image got created:

$ podman images

Now you can run the container. First, run a command on the original UBI image to establish a baseline:

$ podman run ubi8/ubi which nano
which: no nano in (/usr/local/sbin:...

The Nano text editor isn't installed in UBI by default. Now run the same command in your custom container:

$ podman run rhel-with-nano which nano
/usr/bin/nano

Nano is now installed in your custom container.

You can also run the container interactively:

$ podman run -it rhel-with-nano
[root@be54cb4780a1 /]# ls
bin   dev  home  lib64	     media  opt   root	sbin  sys  usr
boot  etc  lib	 lost+found  mnt    proc  run	srv   tmp  var

You can switch to a different terminal tab or open a new terminal to see some basic stats about the running container:

$ docker ps

Type exit to close the container.

Try the same process to build and run a Fedora container image to solidify your understanding of the steps. Now that you've installed Podman, the process is as simple as pulling existing images or building your own.

Storage

One thing that often confounds new users of containers is their ephemeralness; they're explicitly designed as throwaway environments.  For instance, launch an instance of your custom image and create and save a file in the home directory. Do it interactively, so you can confirm that your instructions were followed:

$ podman run -it rhel-with-nano
[root@8b0929c40fb9 /]# cd home/
[root@8b0929c40fb9 home]# ls
[root@8b0929c40fb9 home]# touch test.txt
[root@8b0929c40fb9 home]# ls
test.txt
[root@8b0929c40fb9 home]# exit

You created a file called test.txt, and you confirmed that it was created. But you exited the container, causing it to stop running. Launch a new one and look for your file:

$ podman run -it rhel-with-nano
[root@ed75875cfa3d /]# ls home/
[root@ed75875cfa3d /]# exit

[ Get an overview of Kubernetes storage and how it’s implemented. Download the free eBook Storage patterns for Kubernetes for dummies. ]

If you need persistent storage, you can create a local directory and bind it as a mount option for your container. First, create the storage directory:

$ mkdir data

Then start your container using your storage directory as some relevant mount point. This example binds the local directory to a location called /storage, but you could bind it to /opt or /home or whatever directory you want.

You must append your directory location with :Z (that's a colon and a capital Z) so that SELinux can translate contexts between your host and Podman.

$ podman run -it --volume ./data:/storage:Z rhel-with-nano
[root@c0c2fbdc7145 /]# ls
bin   dev  home  lib64	     media  opt   root	sbin  storage sys
boot  etc  lib	 lost+found  mnt    proc  run	srv   tmp  usr var
[root@c0c2fbdc7145 /]# touch /storage/test.txt
[root@c0c2fbdc7145 /]# exit

Any data you create and save in the /storage directory in the container is saved to your persistent data location and then is accessible again from any container using that volume for its storage.

Use an existing image

So far, you've deployed two simple containers with local applications. What else can containers do? The answer seems to be almost anything. Bring the level of intensity up just a little.

Many years ago, there was a great game named Nethack. By today's standards, Nethack isn't exactly on the cutting edge of gaming technology, but it was entertaining. And it turns out there is a prebuilt Nethack image. Oh, life is good!

$ podman pull matsuu/nethack
$ podman run -it matsuu/nethack

There's nothing quite like using modern technology to play a 30-year-old game.

Consider deploying a container-based web server, such as Apache, for something more closely related to today's sysadmin tasks.

Wrap up

This process, which should take about five minutes to configure, provides a very basic look at using containers as lab environments for tools such as Vim, Nano, and Apache (and Nethack!). Take this basic knowledge and explore Dockerhub to discover what other useful technologies you can begin to learn in your container-based lab environment. Consider Podman, Python, MariaDB, or create something uniquely your own.