First look at RHEL 8 beta and Podman

RedHat has recently released their beta of the next RHEL, major version update RHEL 8.

You can download the beta from the following location if you have a dev account. From here in the UK it took me some time to download it, also at first I got timed out several times, probably many others are/were interested in it or my connection was pretty bad.

https://developers.redhat.com/rhel8/getrhel8/

There are some neat new features in this upcoming new version. OpenSSL 1.1.1 and TLS 1.3 support, Podman, Buildah, Skopeo for Linux containers. In the virtualization layer with qemu-kvm 2.12, UEFI boot, vCPU hot add/remove, Ceph storage support etc.

Ntp has been completely removed and replaced by crony, and it is worth to mention that authconfig has been replaced by authselect, also the pam_krb5 functionality has been taken over completely by sssd.

You can find the detailed release notes at the following page:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8-beta/html-single/8.0_beta_release_notes/index

The beta comes in a 6.9 GB image, the basic installation of the OS is similar to the previous versions.

[root@rhel8tst ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.0 Beta (Ootpa)

The image comes with two repos AppStream and BaseOS in it. While BaseOO has the basic OS packages jus tas the name says, AppStream contains all the general application packages like httpd, podman, etc…

[root@rhel8tst ~]# ls -all /mnt/dvd/
total 15
dr-xr-xr-x. 7 root root 2048 Nov 13 18:06 .
drwxr-xr-x. 3 root root 17 Nov 17 00:36 ..
dr-xr-xr-x. 4 root root 2048 Nov 13 18:06 AppStream
dr-xr-xr-x. 4 root root 2048 Nov 13 18:06 BaseOS
-r--r--r--. 1 root root 56 Nov 13 18:04 .discinfo
dr-xr-xr-x. 3 root root 2048 Nov 13 18:06 EFI
dr-xr-xr-x. 3 root root 2048 Nov 13 18:06 images
dr-xr-xr-x. 2 root root 2048 Nov 13 18:06 isolinux
-r--r--r--. 1 root root 442 Nov 13 18:06 TRANS.TBL
-r--r--r--. 1 root root 1641 Nov 13 18:04 .treeinfo

With AppStreams RedHat introduces a functionality where several versions of the same application can have packages in the repository and easily be installed with yum.

[root@rhel8tst ~]# yum module list

The command lists all the available application streams/versions as follows, with some information about the status of these components (disabled/installed etc).

Name                 Stream     Profiles                         Summary
...
nodejs 10 [d] development, minimal, s2i, defau Javascript runtime
lt [d]
nodejs 8 development, minimal, s2i, defau Javascript runtime
lt [d]
...
perl 5.24 minimal, default Practical Extraction and Report Language
perl 5.26 [d] minimal, default [d] Practical Extraction and Report Language
php 7.1 devel, minimal, default [d] PHP scripting language
php 7.2 [d] devel, minimal, default [d] PHP scripting language
...
postgresql 10 [d] client, default [d] postgresql module
postgresql 9.6 client, default [d] postgresql module
python27 2.7 [d] default [d] Python programming language, version 2.7
python36 3.6 [d] build, default [d] Python programming language, version 3.6
...
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

If you are interested in installing one of the apps with multiple appstreams available you need to use the following syntax. Which in this case would install the perl version 5.24. If a stream has a [d] after the version number, the original yum install command with the package name will install that.

[root@rhel8tst ~]# yum install @perl:5.24

Lightweight containerization with Podman

Podman is available in RHEL 7.6 as well, however, I thought I will give it a try on this RHEL 8 by first installing it with the following command.

[root@rhel8tst ~]# yum install podman -y

This command will install a set of dependencies along with a few SELinux policies.

Installed:
podman-0.10.1.3-5.gitdb08685.el8+2131+7e3e9e07.x86_64
fuse-overlayfs-0.1-7.dev.git50c7a50.el8+2117+8020c482.x86_64
slirp4netns-0.1-1.dev.gitc4e1bc5.el8+1463+3d8a3dce.x86_64
container-selinux-2:2.73-3.el8+1838+91f7e486.noarch
containernetworking-plugins-0.7.3-6.git19f2f28.el8+1742+b7ea820a.x86_64
containers-common-1:0.1.31-11.gitb0b750d.el8+1853+ae0bb178.x86_64
criu-3.10-4.el8.x86_64
libnet-1.1.6-15.el8.x86_64
ostree-libs-2018.8-2.el8.x86_64
protobuf-c-1.3.0-4.el8.x86_64
runc-1.0.0-52.rc5.dev.git2abd837.el8+1884+9fee228c.x86_64
checkpolicy-2.8-1.el8.x86_64
fuse3-libs-3.2.1-11.el8.x86_64
policycoreutils-python-utils-2.8-9.el8.noarch
python3-IPy-0.81-22.el8.noarch
python3-audit-3.0-0.5.20180831git0047a6c.el8.x86_64
python3-libsemanage-2.8-3.1.el8.x86_64
python3-policycoreutils-2.8-9.el8.noarch
python3-setools-4.1.1-11.el8.x86_64

Pull a basic RHEL 7 image locally execute the following command. Podman has the same syntax as the docker command, so you only need to replace the command itself while the options and attributes can remain the same.

[root@rhel8tst ~]# podman pull registry.access.redhat.com/rhel7/rhel

Start the container with the following command.

[root@rhel8tst ~]# podman run -it rhel sh
sh-4.2# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.6 (Maipo)

To start a container without previously downloading it use the following command. Which gonna first pull the container image from the registry, then start the container.

sudo podman run --name mymariadb -e MYSQL_ROOT_PASSWORD=mypassw -d mariadb

The image gets downloaded from the registry where it is available and the container and the MySQL DB will be started and configured with the password given in the command.

[root@rhel8tst ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3cda33a87c09 docker.io/library/mariadb:latest docker-entrypoint.s... 7 minutes ago Up 7 minutes ago mymariadb

To get the IP of your MariaDB container you can use the following command, to execute an IP address query in the container.

[root@rhel8tst ~]# podman exec mymariadb ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 0a:6b:ec:18:e2:00 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.88.0.12/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::86b:ecff:fe18:e200/64 scope link
valid_lft forever preferred_lft forever

Or you can just use the following command from the host to inspect the container.

[root@rhel8tst ~]# podman ps | grep mymariadb | awk {'print $1'} | xargs -n 1 podman inspect | grep \"IPAddress\"
"IPAddress": "10.88.0.12",

To connect to this container from the host machine use the MySQL client.

[root@rhel8tst ~]# mysql -u root -p -h 10.88.0.12
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.5.5-10.3.10-MariaDB-1:10.3.10+maria~bionic mariadb.org binary distribution
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> exit

A much more detailed documentation about Podman, Skopeo, Buildah can be found at the RedHat portal.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/managing_containers/finding_running_and_building_containers_without_docker