EX188

Question 1

See if DNS enabled on container

Answer 1

podman network inspect <NETWORK_NAME> - look for "dns_enabled": false,

Question 2

Create podman network linked to eth0 interface

Answer 2

sudo podman network create -d macvlan -o parent=eth0 webnetwork

Question 3

Access another container in slirp4netns

Answer 3

must use full host address and mapped host port

Question 4

Inspect Mounts[0].Source

Answer 4

podman inspect --format="{{ (index .Mounts 0).Source}}" custom-advanced

Question 5

Run container, bind to localhost, set environment variable, connect to multiple networks

Answer 5

podman run -p 127.0.0.1:8075:80 -e NAME='Red Hat' --net postgres-net,redis-net

Question 6

Stop all containers, kill after 10 seconds

Answer 6

podman stop --all --time=10

Question 7

Connect container to a network

Answer 7

podman network connect example-net my-container

Question 8

See port mapping of a container

Answer 8

podman port my-app

Question 9

Podman stores the credentials in the

Answer 9

${XDG_RUNTIME_DIR}/containers/auth.json

Question 10

Login to OpenShift repo

Answer 10

oc login -u admin -p admin REPO_ADDR
podman login -u $(oc whoami) -p $(oc whoami -t) REPO_ADDR

Question 11

Look for nginx in repositories

Answer 11

podman search nginx

Question 12

Build image with single layer

Answer 12

podman build --squash-all -t localhost/squashed-all .

Question 13

Podman repository config file

Answer 13

/etc/containers/registries.conf

Question 14

Get information on remote docker image

Answer 14

skopeo inspect docker://registry.access.redhat.com/ubi9/nodejs-18

Question 15

Copy image from remote repo to local file,ignore tls errors

Answer 15

skopeo copy --dest-tls-verify=false docker://registry.access.redhat.com/ubi9/nodejs-18 dir:/var/lib/images/nodejs-18

Question 16

Containerfile: add multiple labels

Answer 16

LABEL name=”my-namespace/my-image-name” \
vendor=”My Company, Inc.” \
version=”1.2.3” \

Question 17

Containerfile: Set env var according to argument during build

Answer 17

ARG VERSION=”1.16.8”
ENV VERSION=${VERSION}

Question 18

Containerfile: Copy file from URL to container

Answer 18

ADD http://someserver.com/filename.pdf /var/www/html

Question 19

Containerfile: Different container runtime commands, explain difference

Answer 19

ENTRYPOINT [“/usr/sbin/httpd”]
CMD [“-D”, “FOREGROUND”]

Question 20

Pass argument during image build

Answer 20

podman build --build-arg VERSION=2.0.0

Question 21

Containerfile: Create user for rootless container run (inside a container)

Answer 21

RUN adduser --no-create-home --system --shell /usr/sbin/nologin python-server

Question 22

Setup build stage, copy file from it later (and change permissions) on

Answer 22

FROM nodejs-14:1 as builder

COPY --from=builder --chown=default /app/numbers.txt materials/numbers.txt

Question 23

Podman defines the allowed user and group ID ranges in

Answer 23

/etc/subuid and /etc/subgid files

Question 24

Add user and group ID ranges

Answer 24

sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 student
podman system migrate

Question 25

See user / group ID mappings inside a container

Answer 25

sudo podman exec root-gitea cat /proc/self/uid_map /proc/self/gid_map

Question 26

Allow bind to port 80 and higher.

Answer 26

sudo sysctl -w "net.ipv4.ip_unprivileged_port_start=79"

Question 27

Set group IDs that are allowed to use the ping utility

Answer 27

`sudo sysctl -w "net.ipv4.ping_group_range=0 2000000"`

Question 28

See image layers

Answer 28

podman image tree ubi-httpd

Question 29

mount read only directory to container

Answer 29

podman run --volume /www:/var/www/html:ro httpd-24

Question 30

mount directory with selinux errors (explain flags)

Answer 30

podman run -v ./SQL_FILE:/tmp/SQL_FILE:Z - Lower case `z` lets different containers share access to a bind mount. - Upper case `Z` provides the container with exclusive access to the bind mount.

Question 31

Backup, restore backup of a volume

Answer 31

`podman volume export http_data --output web_data.tar.gz` `podman volume import http_data web_data.tar.gz`

Question 32

Run container with temporary volume

Answer 32

`podman run --mount type=tmpfs,tmpfs-size=512M,destination=/var/lib/pgsql/data httpd-24`

Question 33

Get owner/group IDs of a folder inside of container.

Answer 33

`podman unshare ls -ln --directory ~/www`

Question 34

See SElinux label on localfile system

Answer 34

ls -Zd /www

Question 35

See ports used inside of container, explain flags

Answer 35

podman exec -it CONTAINER ss -pant -p # display the process using the socket -a # display listening and established connections -n # display numeric ports instead of mapped service names -t # display TCP sockets

Question 36

See ports inside of container when the image does not include diagnostic tools

Answer 36

sudo nsenter -n -t CONTAINER_PID ss -pant

Question 37

Compose: top level keywords

Answer 37

version services networks volumes

Question 38

Compose: Empty network and external network

Answer 38

networks: app-net: {} db-net: external: true

Question 39

Compose: Empty volume and external volume

Answer 39

volumes: db-vol: {} my-volume: external: true

Question 40

Compose: Container depending on another container (database)

Answer 40

services: database-admin: depends_on: - database # start after the database container.

Question 41

database service with postgress image, custom name, port mapping, environment variables, custom runtime command, attached to few networks and volume

Answer 41

``` services: database: # database container image: "registry.redhat.io/rhel9/postgresql-13" container_name: "appdev-postgresql" ports: - 3030:8080 environment: ACCOUNTS_SERVICE: http://accounts command: sh -c "COMMAND" networks: - app-net - db-net volumes: - db-vol:/var/lib/postgresql/data # ```

Question 42

Re-create compose containers on start and anonymous volumes.

Answer 42

`podman-compose up --force-recreate -V`

Question 43

Get podman events from 5 minutes ago, dont follow logs

Answer 43

`podman events --since 5m --stream=false --filter 'event=stop'`

Question 44

Start podman container with secret stored in a file

Answer 44

`echo "Gr8P@ssword!" | podman secret create my-password -` `podman run --secret=my-password ubi9`

Question 45

Path where podman secret is available

Answer 45

`/run/secrets/my_secret`

Question 46

COMPOSE: Define file secret

Answer 46

``` secrets: my_secret: file: ./my_secret.txt ```

Question 47

Install podman compose

Answer 47

`pip3 install podman-compose`