1
00:00:06,570 --> 00:00:09,000
- Now that we know how to run a container,

2
00:00:09,000 --> 00:00:13,260
let's talk about some
more environmental stuff,

3
00:00:13,260 --> 00:00:16,380
which is storage and variables and ports.

4
00:00:16,380 --> 00:00:20,790
So first storage, container
storage is ephemeral.

5
00:00:20,790 --> 00:00:21,870
What does that mean?

6
00:00:21,870 --> 00:00:25,170
Well, if you run a container,
a directory is created,

7
00:00:25,170 --> 00:00:26,220
and in that directory,

8
00:00:26,220 --> 00:00:29,340
the environment for the
container is stored,

9
00:00:29,340 --> 00:00:30,900
including all files that you create

10
00:00:30,900 --> 00:00:33,480
or modify from within a container.

11
00:00:33,480 --> 00:00:35,370
And the ephemeral nature is that

12
00:00:35,370 --> 00:00:37,620
if you remove the container,

13
00:00:37,620 --> 00:00:38,850
this directory is removed,

14
00:00:38,850 --> 00:00:41,370
including everything that you have stored.

15
00:00:41,370 --> 00:00:43,320
And that's why we say that files created

16
00:00:43,320 --> 00:00:46,743
in a container don't outlive
the container lifetime.

17
00:00:47,730 --> 00:00:49,590
If you want to provide persistent storage,

18
00:00:49,590 --> 00:00:52,440
the common solution is
to bind mount a directory

19
00:00:52,440 --> 00:00:54,333
on the host inside a container.

20
00:00:55,320 --> 00:01:00,320
In podman, you use podman
run -v mydir:/mydir:Z

21
00:01:00,900 --> 00:01:04,473
to bind mount the mydir host
directory inside a container.

22
00:01:05,760 --> 00:01:07,980
And the result is that all files created

23
00:01:07,980 --> 00:01:10,080
in mydir will be stored on the host,

24
00:01:10,080 --> 00:01:12,960
and outlive the container lifetime.

25
00:01:12,960 --> 00:01:14,390
One thing, you can see that

26
00:01:14,390 --> 00:01:17,763
on the slide we have this mydir:Z.

27
00:01:17,763 --> 00:01:20,343
The :Z is taking care of SELinux.

28
00:01:21,270 --> 00:01:24,060
If you are using Docker on a
system that doesn't do SELinux,

29
00:01:24,060 --> 00:01:27,690
just skip the colon uppercase Z,

30
00:01:27,690 --> 00:01:30,450
because if you don't have SELinux

31
00:01:30,450 --> 00:01:31,470
you don't have to consider

32
00:01:31,470 --> 00:01:33,870
it while running your containers.

33
00:01:33,870 --> 00:01:34,953
Let me demonstrate.

34
00:01:38,370 --> 00:01:41,370
Okay, let me start with podman images.

35
00:01:41,370 --> 00:01:44,400
There we go, the different
images that are available.

36
00:01:44,400 --> 00:01:47,493
And if I use podman inspect and nginx,

37
00:01:49,010 --> 00:01:52,470
then we can figure out what's
going on in the Nginx image.

38
00:01:52,470 --> 00:01:54,480
So here we can see
everything that is happening

39
00:01:54,480 --> 00:01:56,253
when you are starting Nginx.

40
00:01:58,920 --> 00:01:59,753
Might be good to know

41
00:01:59,753 --> 00:02:02,550
about this before starting your container.

42
00:02:02,550 --> 00:02:05,153
So I'm going to use podman stop myweb.

43
00:02:08,337 --> 00:02:09,330
Now I'm going to start

44
00:02:09,330 --> 00:02:13,503
it again using podman run
-D --name=myweb nginx.

45
00:02:18,990 --> 00:02:21,360
And oh boy, what am I getting here?

46
00:02:21,360 --> 00:02:23,077
Well, I'm getting an error message,

47
00:02:23,077 --> 00:02:25,440
"Creating container storage:
container name myweb

48
00:02:25,440 --> 00:02:26,910
is already in use

49
00:02:26,910 --> 00:02:31,410
by 0c05a, this long thing here.

50
00:02:31,410 --> 00:02:34,260
That's a unique ID for a container.

51
00:02:34,260 --> 00:02:36,180
Now why am I getting this message?

52
00:02:36,180 --> 00:02:37,470
Well, I'm getting this message

53
00:02:37,470 --> 00:02:40,740
because of podman ps -a,

54
00:02:40,740 --> 00:02:44,640
if you stop a container, then
a container is not removed.

55
00:02:44,640 --> 00:02:48,150
So here we can see myweb still exists

56
00:02:48,150 --> 00:02:52,710
and actually if I would use find . -name

57
00:02:52,710 --> 00:02:56,727
on 0c05*,

58
00:02:59,880 --> 00:03:01,680
then you can see that that doesn't work

59
00:03:01,680 --> 00:03:03,660
without sudo privileges.

60
00:03:03,660 --> 00:03:06,273
So let's add sudo privileges as well,

61
00:03:07,530 --> 00:03:09,900
and we can see the directory

62
00:03:09,900 --> 00:03:12,720
where the temporary files created

63
00:03:12,720 --> 00:03:14,940
by this container are stored.

64
00:03:14,940 --> 00:03:16,890
So this directory is what it is all about.

65
00:03:16,890 --> 00:03:20,490
If I use podman rm on myweb,

66
00:03:20,490 --> 00:03:22,980
then this directory is deleted.

67
00:03:22,980 --> 00:03:24,120
And that means that everything

68
00:03:24,120 --> 00:03:26,753
that once existed inside this directory,

69
00:03:26,753 --> 00:03:28,980
all the the files, the ephemeral files

70
00:03:28,980 --> 00:03:32,190
that you have created are deleted as well.

71
00:03:32,190 --> 00:03:34,540
And that's a problem that
we need to deal with.

72
00:03:35,460 --> 00:03:40,460
Now let me show you how to
do that using mkdir files.

73
00:03:42,150 --> 00:03:44,010
If you are using a rootless container,

74
00:03:44,010 --> 00:03:46,650
which is the the standard in podman,

75
00:03:46,650 --> 00:03:49,380
then the directory that you are going

76
00:03:49,380 --> 00:03:52,110
to expose on the host
must be a directory that

77
00:03:52,110 --> 00:03:55,890
is read writeable accessible
by the current user.

78
00:03:55,890 --> 00:03:57,750
Oh we already have the files.

79
00:03:57,750 --> 00:04:00,570
Well, I think I don't mind,
we already have the files.

80
00:04:00,570 --> 00:04:03,100
Even if there is files existing inside

81
00:04:03,960 --> 00:04:06,660
I do need to check the permission, so-

82
00:04:06,660 --> 00:04:09,780
so ls -ld on files is showing

83
00:04:09,780 --> 00:04:12,150
it's owned by student and group student,

84
00:04:12,150 --> 00:04:15,360
and we have permission mode 775.

85
00:04:15,360 --> 00:04:16,680
That is good enough,

86
00:04:16,680 --> 00:04:18,333
that is what we are going to use.

87
00:04:19,200 --> 00:04:20,400
How are we going to use it?

88
00:04:20,400 --> 00:04:25,400
Well podman run -v /home/student/files,

89
00:04:26,520 --> 00:04:30,477
I like having absolute path
names in my containers,

90
00:04:30,477 --> 00:04:35,400
:/files:Z -it

91
00:04:35,400 --> 00:04:38,733
busybox sh.

92
00:04:41,070 --> 00:04:44,250
So now I go in this files
directly, and what do we see?

93
00:04:44,250 --> 00:04:46,890
We see all the files from the host,

94
00:04:46,890 --> 00:04:50,460
and if I use touch busyfile,

95
00:04:50,460 --> 00:04:52,530
then I can even create a new file.

96
00:04:52,530 --> 00:04:54,270
Small typo, that doesn't matter,

97
00:04:54,270 --> 00:04:56,220
because that's not what this is about.

98
00:04:56,220 --> 00:04:57,810
What this is about is that

99
00:04:57,810 --> 00:05:00,120
if at this point I use ls on my files,

100
00:05:00,120 --> 00:05:02,340
I can see all these files existing.

101
00:05:02,340 --> 00:05:03,870
The files are on the host,

102
00:05:03,870 --> 00:05:06,180
and they are no longer
in the container image.

103
00:05:06,180 --> 00:05:08,763
And that is why this
is persistent storage.

104
00:05:11,220 --> 00:05:12,750
The next thing you need to know about

105
00:05:12,750 --> 00:05:15,540
is how to access container applications.

106
00:05:15,540 --> 00:05:16,860
Applications in containers

107
00:05:16,860 --> 00:05:19,260
are accessed using port forwarding.

108
00:05:19,260 --> 00:05:21,420
Containers don't need an IP address

109
00:05:21,420 --> 00:05:23,940
in order to have the
application accessible.

110
00:05:23,940 --> 00:05:26,580
And that's because a container
is just an application.

111
00:05:26,580 --> 00:05:29,550
And if you run a web
server without a container,

112
00:05:29,550 --> 00:05:31,713
you also don't get an IP address, right?

113
00:05:32,910 --> 00:05:35,550
So the container
application port is exposed

114
00:05:35,550 --> 00:05:37,680
on the host that runs a container,

115
00:05:37,680 --> 00:05:40,623
and users access this specific host port.

116
00:05:41,460 --> 00:05:42,540
And that guarantees that

117
00:05:42,540 --> 00:05:46,050
the container doesn't even
need its own IP address.

118
00:05:46,050 --> 00:05:47,940
Privileged host ports can only be used

119
00:05:47,940 --> 00:05:51,390
by the root container, so if
you run a rootless container,

120
00:05:51,390 --> 00:05:53,040
that is something to be aware of.

121
00:05:53,040 --> 00:05:57,390
You can't address a host port below 1024.

122
00:05:57,390 --> 00:05:58,223
Let me show you.

123
00:06:01,634 --> 00:06:03,467
Now let me use podmanrun -p 8080:80

124
00:06:07,162 --> 00:06:08,763
- d nginx,

125
00:06:09,750 --> 00:06:13,173
which is doing the port forwarding.

126
00:06:15,360 --> 00:06:17,280
So -p is for port forwarding,

127
00:06:17,280 --> 00:06:20,010
8080 is what we are exposing on the host,

128
00:06:20,010 --> 00:06:23,670
and 80 is the port inside the container.

129
00:06:23,670 --> 00:06:25,830
Now if I use podman ps,

130
00:06:25,830 --> 00:06:28,980
then we can see that the nginx container,

131
00:06:28,980 --> 00:06:31,920
right here, has the port forwarding.

132
00:06:31,920 --> 00:06:36,920
And the result is that I
can use curl localhost:8080.

133
00:06:36,960 --> 00:06:38,227
That's easy enough, isn't it?

134
00:06:38,227 --> 00:06:39,690
"Welcome to nginx".

135
00:06:39,690 --> 00:06:41,340
So that's working.

136
00:06:41,340 --> 00:06:42,690
The last thing we need to know about

137
00:06:42,690 --> 00:06:45,453
is about working with
environment variables.

138
00:06:48,300 --> 00:06:50,838
So to use specific
parameters in a container,

139
00:06:50,838 --> 00:06:52,620
variables are typically used,

140
00:06:52,620 --> 00:06:55,200
because you cannot hard code
your specific parameters

141
00:06:55,200 --> 00:06:56,760
in a container image.

142
00:06:56,760 --> 00:06:59,343
Well you can, but that
will be very inefficient.

143
00:07:00,480 --> 00:07:02,700
In order to pass environment variables,

144
00:07:02,700 --> 00:07:05,130
you can use --env key=value

145
00:07:05,130 --> 00:07:08,490
to provide the variable
while starting the container.

146
00:07:08,490 --> 00:07:12,703
Like podman run --env
key=value busybox env,

147
00:07:13,630 --> 00:07:15,030
which is doing what?

148
00:07:15,030 --> 00:07:17,610
while it's setting the
environment variable key

149
00:07:17,610 --> 00:07:20,670
to the value value, and
then it runs busybox.

150
00:07:20,670 --> 00:07:23,220
And in busy box, it runs the command env,

151
00:07:23,220 --> 00:07:25,200
which prints the environment variables,

152
00:07:25,200 --> 00:07:28,053
to show you the currently
used environment variables.

153
00:07:29,490 --> 00:07:32,073
Now let me show you how
to do this in this demo.

154
00:07:38,550 --> 00:07:41,050
So podman run --name

155
00:07:44,130 --> 00:07:46,743
is mydb mariadb.

156
00:07:48,690 --> 00:07:50,130
Oh boy, what do we get here?

157
00:07:50,130 --> 00:07:55,130
Well this is a case where
apparently the MariaDB image is

158
00:07:55,170 --> 00:07:57,000
in different registries.

159
00:07:57,000 --> 00:07:59,580
So podman is asking which
one do you wanna use?

160
00:07:59,580 --> 00:08:01,593
Well, I want to use docker.io one.

161
00:08:03,090 --> 00:08:05,310
The red hat registries
are possible as well,

162
00:08:05,310 --> 00:08:08,280
but sometimes they require authentication,

163
00:08:08,280 --> 00:08:10,350
and that only works if
you have an account.

164
00:08:10,350 --> 00:08:12,300
I have an account, maybe you don't,

165
00:08:12,300 --> 00:08:14,883
and that's why I rather
go for the docker.io one.

166
00:08:15,810 --> 00:08:17,580
And oh boy, what do we see?

167
00:08:17,580 --> 00:08:20,820
Well, we see an error while
starting this container.

168
00:08:20,820 --> 00:08:24,330
If you want to further
investigate, podman ps -a.

169
00:08:24,330 --> 00:08:26,850
It's showing right here that this Maria DB

170
00:08:26,850 --> 00:08:29,130
was created 11 seconds ago,

171
00:08:29,130 --> 00:08:33,720
and the status is exited
with one 12 seconds ago.

172
00:08:33,720 --> 00:08:36,450
Exited with a one, That means
that the main application

173
00:08:36,450 --> 00:08:40,230
has generated an exit
status one, exit code one,

174
00:08:40,230 --> 00:08:42,810
which means that it did
not run successfully.

175
00:08:42,810 --> 00:08:45,510
So we need to investigate,

176
00:08:45,510 --> 00:08:49,200
if you want to investigate the
logs that have been created

177
00:08:49,200 --> 00:08:52,803
by the application, podman
logs is the command to use.

178
00:08:54,510 --> 00:08:56,760
And podman logs is printing the message.

179
00:08:56,760 --> 00:08:58,117
And the message is,

180
00:08:58,117 --> 00:09:01,410
"You need to specify
one of these variables."

181
00:09:01,410 --> 00:09:02,790
So how are we going to do that?

182
00:09:02,790 --> 00:09:07,027
Well, first I'm going
to use podman rm mydb

183
00:09:07,920 --> 00:09:08,970
and then I'm going

184
00:09:08,970 --> 00:09:10,887
to use podman run --name

185
00:09:12,932 --> 00:09:13,765
mydb --env

186
00:09:15,986 --> 00:09:20,986
MARIADB_ROOT_PASSWORD=password

187
00:09:24,840 --> 00:09:25,923
mariadb.

188
00:09:29,940 --> 00:09:31,710
And now what do we see?

189
00:09:31,710 --> 00:09:34,140
Oh boy, we see this MariaDB thing running

190
00:09:34,140 --> 00:09:35,850
in the foreground.

191
00:09:35,850 --> 00:09:38,403
Well, I'm not sure if I want that,

192
00:09:39,480 --> 00:09:41,250
but once it is running in the foreground,

193
00:09:41,250 --> 00:09:43,800
it's not so easy to get rid of it.

194
00:09:43,800 --> 00:09:46,410
Let me open a second terminal,

195
00:09:46,410 --> 00:09:49,740
because from a second terminal
node you can manage it.

196
00:09:49,740 --> 00:09:52,410
Podman ps is showing MariaDB,

197
00:09:52,410 --> 00:09:56,830
and I am going to use podman stop MariaDB

198
00:09:58,418 --> 00:09:59,251
to stop it.

199
00:10:00,300 --> 00:10:02,130
That will get me my terminal back.

200
00:10:02,130 --> 00:10:03,720
If I wanted to run it in background,

201
00:10:03,720 --> 00:10:06,153
of course I need to add the option -d.

202
00:10:08,970 --> 00:10:11,010
Oops, am I doing something wrong?

203
00:10:11,010 --> 00:10:12,330
Yeah, I'm doing something wrong.

204
00:10:12,330 --> 00:10:16,320
The name of the container
is mydb, not mariadb.

205
00:10:16,320 --> 00:10:18,270
There we go, now it is stopped,

206
00:10:18,270 --> 00:10:20,700
and here it is stopped as well.

207
00:10:20,700 --> 00:10:22,020
The thing is that we have seen that

208
00:10:22,020 --> 00:10:23,850
by passing this environment variable,

209
00:10:23,850 --> 00:10:26,013
the container has now
started successfully.