How to Install Docker on Linux Mint 20.

How to Install Docker on Linux Mint 20.

Hi hope you are doing well, lets learn about “How to Setup and Install Docker on Linux Mint 20”, the Docker is the fastest growing technology in the IT market. Docker is the container technology. Many industries are moving towards docker from the normal EC2 instances. It is PAAS (Platform as a Service), which uses a OS virtualisation to deliver software in packages called containers. The…

View On WordPress

Redis an acronym for REmote DIctionary Server is an open-source, in-memory key-value pair NoSQL database written in ANSI C. It is a data structure store that can be used as a primary database, message broker, session store, or as a cache to web and gaming applications. This in-memory database is optimized for speed with both high read and write speeds since all the data in Redis is stored in the RAM. It also supports graphs, search, analytics, real-time streaming, and many more features than that of a simple data store. To give maximum CPU optimization, Redis is designed to use the single-threaded event loop model. Data structures used internally are as well implemented for maximum performance. Other features associated with Redis are: High availability and scalability – witht the primary-replica architecture, you can build highly available solutions providing consistent performance and reliability. It can be scaled vertically and horizontally Data Persistence – Saved data lasts even if the server failure occurs. For data persistent, redis must write on permanent storage such as hard disk. Rich Data Structures – It offers an innumerable variety of data structures to meet the desired application needs. Simplicity – it simple in design with very fewer number of lines to be integrated to be able to store, access, and use data. In-memory datastore – in contrast to conventional relational databases such as SQL, Oracle, e.t.c that store most data on disks, Redis and other in-memory datastores do not suffer the same penalty to access to access disks, this in turn gives applications super-fast performance and support for innumerable operations per second. Redis can be deployed on clouds, on-premises, hybrid environments, and over the Edge devices. This guide offers an in-depth illustration of how to run Redis in Podman / Docker Container. Step 1 – Install Podman|Docker on your system We will begin by installing Podman|Docker on our system. Install the desired container engine on your system. Install Docker using the aid from the below guide. How To Install Docker CE on Linux Systems For Podman, proceed using the commands below. #On CentOS/Rocky Linux sudo yum install podman #On Debian sudo apt-get install podman #On Ubuntu . /etc/os-release echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list curl -L "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/Release.key" | sudo apt-key add - sudo apt update sudo apt -y install podman #On Fedora sudo dnf install podman #On RHEL 7 sudo subscription-manager repos --enable=rhel-7-server-extras-rpms sudo yum -y install podman #On RHEL 8 sudo yum module enable -y container-tools:rhel8 sudo yum module install -y container-tools:rhel8 Verify the installation as below. $ podman info host: arch: amd64 buildahVersion: 1.23.1 cgroupControllers: [] cgroupManager: cgroupfs cgroupVersion: v1 conmon: package: conmon-2.0.29-1.module+el8.4.0+643+525e162a.x86_64 path: /usr/bin/conmon version: 'conmon version 2.0.29, commit: ce0221c919d8326c218a7d4d355d11848e8dd21f' cpus: 2 distribution: distribution: '"rocky"' version: "8.4" eventLogger: file hostname: localhost.localdomain idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 uidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 ..... For Debian/Ubuntu systems, you may be required to make the below configurations to work with OCI registries. $ sudo vim /etc/containers/registries.conf unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]

Once the desired container engine has been installed, proceed to the below step. Step 2 – Create a Persistent Volume for the Redis Container Persistent volumes here help data to survive after the main process of the particular data has ended. To achieve this, we need to create volumes on the hard disk to store the data. sudo mkdir -p /var/redis/data sudo mkdir $PWD/redis-data sudo chmod 775 -R /var/redis/data sudo chmod 775 -R $PWD/redis-data On Rhel-based systems, you are required to set SELinux in permissive mode otherwise, the created path will be inaccessible. sudo setenforce 0 sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config Step 3 – Provision the Redis Container First, pull the Redis container image. ##For Podman podman pull docker.io/redis ##For Docker docker pull docker.io/redis Sample output: Using default tag: latest latest: Pulling from library/redis 5eb5b503b376: Pull complete 6530a7ea3479: Pull complete 91f5202c6d9b: Pull complete 9f1ac212e389: Pull complete 82c311187b72: Pull complete da84aa65ce64: Pull complete Digest: sha256:0d9c9aed1eb385336db0bc9b976b6b49774aee3d2b9c2788a0d0d9e239986cb3 Status: Downloaded newer image for redis:latest docker.io/library/redis:latest Once pulled, verify if the image exists on your local registry. ##For Podman $ podman images REPOSITORY TAG IMAGE ID CREATED SIZE redis latest f1b6973564e9 3 weeks ago 113MB ##For Docker $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/redis latest f1b6973564e9 3 weeks ago 116 MB Step 4 – Run the Redis Container With the image available in the local registry, we can now spin the Redis container with Podman\Docker or with Podman-Compose|Docker-compose 1. Using Podman|Docker Using Podman podman run -d \ --name redis_server \ -v $PWD/redis-data:/var/redis/data \ -p 6379:6379 \ redis --requirepass StrongPassword Using Docker docker run -d \ --name redis_server \ -v $PWD/redis-data:/var/redis/data \ -p 6379:6379 \ docker.io/library/redis --requirepass StrongPassword 2. Using Podman-Compose|Docker-compose You can as well use Podman-Compose|Docker-compose to spin the container. All you need is to have Podman-Compose|Docker-compose installed. Install Podman-compose using the commands: First, install Python and PIP. # Install Python3 on CentOS 7 sudo yum -y install epel-release sudo yum -y install python3 python3-pip python3-devel # Install Python3 on Rocky Linux 8 / CentOS Stream 8 / AlmaLinux 8 sudo yum -y install python3 python3-pip python3-devel # Install Python3 on Debian / Ubuntu sudo apt update sudo apt install python3 python3-pip Now install dotenv and podman-compose as below. sudo pip3 install python-dotenv sudo curl -o /usr/local/bin/podman-compose https://raw.githubusercontent.com/containers/podman-compose/devel/podman_compose.py sudo chmod +x /usr/local/bin/podman-compose Install docker-compose with the commands: curl -s https://api.github.com/repos/docker/compose/releases/latest | grep browser_download_url | grep docker-compose-linux-x86_64 | cut -d '"' -f 4 | wget -qi - chmod +x docker-compose-linux-x86_64 sudo mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose Now create the YAML file to be used when running the container. vim docker-compose.yml In the file, add the lines below. version: '3' services: cache: image: redis container_name: redis_server restart: always ports: - '6379:6379' command: redis-server --requirepass StrongPassword volumes: - $PWD/redis-data:/var/redis/data - $PWD/redis.conf:/usr/local/etc/redis/redis.conf In the file above, the –requirepass command has been used to specify a password for our Redis. Now start the container using the command: ##For Podman podman-compose up -d ##For Docker docker-compose up -d With

any other the above methods used, the container will start and can be checked using the command: ##For Podman $ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cee0b9192ccb docker.io/library/redis:latest --requirepass Str... 7 seconds ago Up 8 seconds ago 0.0.0.0:6379->6379/tcp redis_server ##For Docker $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 90775de4796b redis "docker-entrypoint.s…" 32 seconds ago Up 30 seconds 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp redis_server To start/stop the container, issue the command: ##For Podman podman stop redis_server podman start redis_server ##For Docker docker stop redis_server docker start redis_server Step 5 – Run the Redis Container as a systemd service. The container can be managed like any other systems service. We will create a systems service file for the container as below. sudo vim /etc/systemd/system/redis-container.service In the file, add the content below replacing the name of your Container engine. For example for docker: [Unit] Description=Redis container [Service] Restart=always ExecStart=/usr/bin/docker start -a redis_server ExecStop=/usr/bin/docker stop -t 2 redis_server [Install] WantedBy=local.target With Podman, you can also generate the service file and copy it to /etc/systemd/system/redis-container.service as below podman generate systemd redis_server Copy the generated file to to /etc/systemd/system/redis-container.service and proceed as below. Reload the system daemon. sudo systemctl daemon-reload Now start and enable the service. sudo systemctl start redis-container.service sudo systemctl enable redis-container.service Once started, check the status as below. $ systemctl status redis-container.service ● redis-container.service - Redis container Loaded: loaded (/etc/systemd/system/redis-container.service; disabled; vendor preset: enabled) Active: active (running) since Sun 2022-02-20 05:15:00 EST; 8s ago Main PID: 5880 (docker) Tasks: 7 (limit: 7075) Memory: 18.5M CPU: 29ms CGroup: /system.slice/redis-container.service └─5880 /usr/bin/docker start -a redis_server In case you find any errors such as “restarted too quickly” when starting the Redis container, it is because of permissions and you can correct this by running the Redis container with sudo or with elevated privileges as root Step 6 – Connect to the Redis container You can now connect to the Redis container locally or remotely using redis-cli. Locally, you will access the container as below: ##For docker docker exec -it redis_server redis-cli ##For Podman podman exec -it redis_server redis-cli Sample Output: Remotely, you need to have redis-tools installed and proceed as below. sudo redis-cli -h [host IP or domain name] -p 6379 For example for this guide, the command will be: sudo redis-cli -h 192.168.205.4 -p 6379 Provide the password for the Redis server. Voila! That was enough learning! I hope this guide has been of great importance to you. You can as give any feedback pertaining to this guide in the comments below.

How to install Docker CE on AlmaLinux 8 or Rocky Linux 8

How to install Docker CE on AlmaLinux 8 or Rocky Linux 8

Docker is an open source project that allows you to create, test, and deploy applications quickly and easily. Docker organizes software in containers that contain everything the software needs to run, e.g. B. Libraries, system tools, code and runtime. With Docker, you can quickly deploy and scale applications in any environment. Developers can use the development environments on Windows, Linux or…

View On WordPress

Instalar docker en Almalinux y Rocky Linux

Instalar docker en Almalinux y Rocky Linux

En esta breve guía, vamos a ver como realizar la instalación de Docker CE en AlmaLinux OS 8 y además en Rocky Linux, por medio de repositorios y con unos comandos quedará listo para ser utilizado. 1- Paquete necesario sudo dnf install -y yum-utils 2- Repositorios Con YUM sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo Con DNF sudo dnf config-manager…

View On WordPress

How to Install Docker on Ubuntu 20.04.

How to Install Docker on Ubuntu 20.04.

Hi hope you are doing well, lets learn about “How to Setup and Install Docker on Ubuntu 20.04”, the Docker is the fastest growing technology in the IT market. Docker is the container technology. Many industries are moving towards docker from the normal EC2 instances. It is PAAS (Platform as a Service), which uses a OS virtualisation to deliver software in packages called containers. The…

View On WordPress

How to Install Docker on Amazon Linux 2 AWS EC2.

How to Install Docker on Amazon Linux 2 AWS EC2.

Hi hope you are doing well, lets learn about “How to Setup and Install Docker on amazon linux 2 AWS EC2”, the Docker is the fastest growing technology in the IT market. Many industries are moving towards docker from the normal EC2 instances. Docker is the container technology. It is PAAS (Platform as a Service), which uses a OS virtualisation to deliver software in packages called…

View On WordPress

Install Docker and Docker Compose on Rocky Linux 8.

Install Docker and Docker Compose on Rocky Linux 8.

Hi hope you are doing well, lets learn about “How to Setup and Install Docker and Docker Compose on Rocky Linux 8”, the Docker is the fastest growing technology in the IT market. Many industries are moving towards docker from the normal EC2 instances. Docker is the container technology. It is PAAS (Platform as a Service), which uses a OS virtualisation to deliver software in packages called…

View On WordPress

How to Install Docker on Rocky Linux 8.

How to Install Docker on Rocky Linux 8.

Hi hope you are doing well, lets learn about “How to Setup and Install Docker on Rocky Linux 8”, the Docker is the fastest growing technology in the IT market. Many industries are moving towards docker from the normal EC2 instances. Docker is the container technology. It is PAAS (Platform as a Service), which uses a OS virtualisation to deliver software in packages called containers. The…

View On WordPress

Welcome to this guide on how to run Microsoft SQL Server in Podman|Docker Container. Podman is a tool developed by RedHat to act as a drop-in replacement of docker. It is used to run images and containers just like docker. The only difference between the two is that Podman does not require a Docker Engine to run containers but still implements all the Docker CLI commands. Podman is preferred when running containers since it allows one to run containers directly from Kubernetes as long as the container is OCI-compliant. Since Docker is not officially supported by RedHat, Podman, therefore, drops in to run these containers. In this guide, we will run the Microsoft SQL server in a Podman container. A database is key in any production environment. Microsoft SQL is the most widely used relational database management system that offers the following features: It is secure Client/ Server Architecture It is scalable High Flexibility Compatible on many operating systems It is a very fast database language with a large number of benchmark test. Allows roll-back Offers high performance Dual Password Support Run Microsoft SQL Server in Podman|Docker Container This guide offers a systematic illustration of how to run Microsoft SQL Server in Podman Docker Container. Step 1. Install Podman|Docker on your System. In this guide, I will illustrate how to run a Microsoft SQL server container on both Podman and Docker. Install a tool of your choice and proceed. Install Podman on Linux Installing Podman on a Linux system is easy. It will be used to manage the Microsoft SQL server container. This can be accomplished as below. #On Debian/Ubuntu sudo apt install podman #On CentOS/Rocky Linux sudo yum install podman #On Fedora sudo dnf install podman #On RHEL 8 sudo yum module enable -y container-tools:rhel8 sudo yum module install -y container-tools:rhel8 #On RHEL 7 sudo subscription-manager repos --enable=rhel-7-server-extras-rpms sudo yum -y install podman Verify your Podman installation. $ podman info host: arch: amd64 buildahVersion: 1.22.3 cgroupControllers: [] cgroupManager: cgroupfs cgroupVersion: v1 conmon: package: conmon-2.0.29-1.module+el8.4.0+643+525e162a.x86_64 path: /usr/bin/conmon version: 'conmon version 2.0.29, commit: ce0221c919d8326c218a7d4d355d11848e8dd21f' ......... On Debian/Ubuntu, you will be required to configure your system to work with OCI registries by editing the file as below. $ sudo vim /etc/containers/registries.conf unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"] Install Docker on Linux. Those who want to use Docker, install Docker CE on your Linux system with the aid of the dedicated guide below. How To Install Docker CE on Linux Systems Version of Docker installed can be checked using the command below: $ docker --version Docker version 20.10.17, build 100c701 Add your user account to docker group: sudo usermod -aG docker $USER newgrp docker Step 2. Create a Persistent Volume for the Microsoft SQL Server container. Now we will begin by creating a persistent data volume for the Microsoft SQL server. In other words, this directory will be used to store database files by Microsoft SQL server. sudo mkdir -p /var/mssql/data sudo chmod 755 -R /var/mssql/data For RHEL based systems, you need to set SELinux in permissive mode to allow the above directory to be accessible. sudo setenforce 0 sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config Step 3. Provision the Microsoft SQL Server container Then proceed fourth and pull the latest Microsoft SQL server image. ##For Podman podman pull mcr.microsoft.com/mssql/server:2019-latest ##For Docker docker pull mcr.microsoft.com/mssql/server:2019-latest Sample Output. Trying to pull mcr.microsoft.com/mssql/server:2019-latest... Getting image source signatures

Copying blob 84a6a587b3fb done Copying blob 912596dfeaeb done Copying blob be2aa0ec326c done Copying blob 35807b77a593 done Copying blob a0ceb3206273 done Copying config 80bdc8efc8 done Writing manifest to image destination Storing signatures 80bdc8efc8890107b8b5be642bf9e88cb5b3c336e6f9730b5ba9b08ced942c43 Check the downloaded image. ##For Podman $ podman images REPOSITORY TAG IMAGE ID CREATED SIZE registry.access.redhat.com/ubi8/pause latest 20b34168e325 2 weeks ago 3.49 MB mcr.microsoft.com/mssql/server 2019-latest 80bdc8efc889 7 weeks ago 1.56 GB ##For Docker $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.access.redhat.com/ubi8/pause latest 20b34168e325 2 weeks ago 3.49 MB mcr.microsoft.com/mssql/server 2019-latest 80bdc8efc889 7 weeks ago 1.56 GB Now the image is available in the local registry. Step 4. Run the Microsoft SQL Server container. Now with the Microsoft SQL server image downloaded, we can easily spin the container using the command below. 1. For Podman, issue the commands below: podman run -d -e 'ACCEPT_EULA=Y' -e \ 'MSSQL_SA_PASSWORD=Passw0rd' \ --name MSSQL \ -p 1460:1433 \ -v /var/mssql/data:/var/mssql/data:Z \ mcr.microsoft.com/mssql/server:2019-latest 2. For Docker, use the commands below: docker run -d -e 'ACCEPT_EULA=Y' -e \ 'MSSQL_SA_PASSWORD=Passw0rd' \ --name MSSQL \ -p 1460:1433 \ -v /var/mssql/data:/var/mssql/data:Z \ mcr.microsoft.com/mssql/server:2019-latest In the command above, replace Passw0rd with the preferred password you want to set for your Microsoft SQL database server. Check if the container is running: ##For Podman $ podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 89decb0a54d1 mcr.microsoft.com/mssql/server:2019-latest /opt/mssql/bin/sq... 15 seconds ago Up 15 seconds ago 0.0.0.0:1460->1433/tcp MSSQL ##For Docker $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 89decb0a54d1 mcr.microsoft.com/mssql/server:2019-latest /opt/mssql/bin/sq... 15 seconds ago Up 15 seconds ago 0.0.0.0:1460->1433/tcp MSSQL Check the dependencies in the CRI-O implementation. $ pstree systemd─┬─ModemManager───2*[ModemManager] ├─NetworkManager───2*[NetworkManager] ├─accounts-daemon───2*[accounts-daemon] ├─atd ├─auditd─┬─sedispatch │ └─2*[auditd] ├─avahi-daemon───avahi-daemon ....... From the output, it is amazing that there are no dependencies with any daemon(docker). In this guide, we ran the Microsoft SQL server container in isolation mode through Linux namespaces. Verify this as below. $ ps aux | grep sqlservr 110000 33459 0.3 0.3 61116 22908 ? Ssl 03:34 0:00 /opt/mssql/bin/sqlservr 110000 33473 4.8 11.4 11330728 676760 ? Sl 03:34 0:06 /opt/mssql/bin/sqlservr thor 33808 0.0 0.0 12136 1188 pts/0 S+ 03:36 0:00 grep --color=auto sqlservr $ sudo lsns 4026532582 uts 2 33459 110000 /opt/mssql/bin/sqlservr 4026532583 ipc 2 33459 110000 /opt/mssql/bin/sqlservr 4026532584 pid 2 33459 110000 /opt/mssql/bin/sqlservr 4026532712 mnt 1 2008 colord /usr/libexec/colord From the output, the Microsoft SQL server is running with PID 33459 in isolation mode. Step 5. Connect to Microsoft SQL server. Now that we have the container running, we need to connect to the Microsoft SQL server instance. This is achieved in the steps below. First, start an interactive shell inside the container as below. ##For Podman podman exec -it MSSQL "bash" ##For Docker docker exec -it MSSQL "bash" Sample output: mssql@89decb0a54d1:/$ The command above specifies the name of the container, here the container name is MSSQL.

Now while in the container, we will use the sqlcmdcommand to connect to the instance locally. You also have to specify the path where sqlcmd is. /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "Passw0rd" Passw0rd is the password you set while deploying the Microsoft SQL server container. On successful login, you will see this. mssql@89decb0a54d1:/$ /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "Passw0rd" 1> Step 6. Create and query data in Microsoft SQL server. With sqlcmd, you can create new databases, add data and run queries. To create a new database, testdb run the command below. CREATE DATABASE testdb Then list all available databases on your system. SELECT Name from sys.Databases To execute previous commands type GO on a new line as shown. 3> GO Sample Output: Name -------------------------------------------------------------------------------------------------------------------------------- master tempdb model msdb testdb (5 rows affected) Now add data to the created database. USE testdb CREATE TABLE Inventory (id INT, name NVARCHAR(50), quantity INT) GO We have created a new inventory table in the database. Query data from the new table (Inventory) SELECT * FROM Inventory WHERE quantity > 152; GO Exit the sqlcmd as below. 3> QUIT mssql@6506b1d33351:/$ exit exit Step 7. Manage your Microsoft SQL server Container. If you want to manage your Microsoft SQL container, use the below commands. Start and stop the container. ##For Podman podman stop MSSQL podman start MSSQL ##For Docker docker stop MSSQL docker start MSSQL In case you want to delete the container, stop it and remove it as below. ##For Podman podman rm MSSQL ##For Docker docker rm MSSQL Conclusion. That is it! I hope you learned a lot from this guide on how to run Microsoft SQL Server in Podman|Docker Container. We have seen that the two containerization tools Podman and docker have many more similarities than differences. I hope you enjoyed it.  

Welcome lovely people to today’s guide on how to install Docker CE on Rocky Linux 8 / AlmaLinux OS 8. Docker CE is a free to use and open source containerization platform designed to run on Windows, Linux and macOS. The CE version of Docker is a rebrand of the Docker open source solution. There is an Enterprise Edition if you need support from Docker Inc on your container platform. Docker is used throughout the development lifecycle from Development to Production – for fast, easy and portable application development, both on-prem and in the cloud. The Docker’s comprehensive end to end platform includes UIs, CLIs, APIs and security that are engineered to work together across the entire application delivery lifecycle. In this guide we will walk you through the installation of Docker CE on AlmaLinux OS 8. AlmaLinux OS is an open source Linux distribution derived from RHEL source. It is created by the community and for the community. Step 1: Update AlmaLinux / Rocky Linux 8 System Start the installation by updating AlmaLinux / Rocky Linux 8 system OS packages to the latest versions. sudo dnf -y update If you have kernel related updates it is recommended to perform a system restart: sudo reboot Step 2: Add Docker CE repository There is an open Docker CE repository with rpm packages for Red Hat based Linux systems. We’ll add this repository before we can install Docker CE on Rocky Linux 8 / AlmaLinux OS 8. Install yum-utils which provides yum-config-manager command line tool. sudo dnf install -y yum-utils Once the tool is installed run the commands below to add Docker CE repository to your AlmaLinux / Rocky Linux 8 system: sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo Confirm repository is available for use: $ sudo dnf repolist repo id repo name appstream AlmaLinux 8 - AppStream baseos AlmaLinux 8 - BaseOS docker-ce-stable Docker CE Stable - x86_64 epel Extra Packages for Enterprise Linux 8 - x86_64 epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64 extras AlmaLinux 8 - Extras powertools AlmaLinux 8 - PowerTools Step 3: Install Docker CE on Rocky Linux 8 / AlmaLinux 8 Now that Docker repository has been added to our system we can proceed to install Docker CE on AlmaLinux 8 / Rocky Linux 8: sudo dnf install docker-ce docker-ce-cli containerd.io docker-compose-plugin The commands above will install the latest version of Docker Engine and containerd. ================================================================================================================================================================== Install 12 Packages Total download size: 107 M Installed size: 438 M Wait for the installation commands to complete then start the service: sudo systemctl enable --now docker Check service status: $ systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2021-04-21 12:38:02 EAT; 15s ago Docs: https://docs.docker.com Main PID: 73811 (dockerd) Tasks: 11 Memory: 48.9M CGroup: /system.slice/docker.service └─73811 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock Apr 21 12:38:01 almalinux.computingpost.com dockerd[73811]: time="2021-04-21T12:38:01.563762210+03:00" level=warning msg="Your kernel does not support cgroup blkio>

Apr 21 12:38:01 almalinux.computingpost.com dockerd[73811]: time="2021-04-21T12:38:01.563813612+03:00" level=warning msg="Your kernel does not support cgroup blkio> Apr 21 12:38:01 almalinux.computingpost.com dockerd[73811]: time="2021-04-21T12:38:01.564044629+03:00" level=info msg="Loading containers: start." Apr 21 12:38:02 almalinux.computingpost.com dockerd[73811]: time="2021-04-21T12:38:02.354851079+03:00" level=info msg="Default bridge (docker0) is assigned with an> Apr 21 12:38:02 almalinux.computingpost.com dockerd[73811]: time="2021-04-21T12:38:02.488424916+03:00" level=info msg="Firewalld: interface docker0 already part of> Apr 21 12:38:02 almalinux.computingpost.com dockerd[73811]: time="2021-04-21T12:38:02.635890639+03:00" level=info msg="Loading containers: done." Apr 21 12:38:02 almalinux.computingpost.com dockerd[73811]: time="2021-04-21T12:38:02.658887803+03:00" level=info msg="Docker daemon" commit=8728dd2 graphdriver(s)> Apr 21 12:38:02 almalinux.computingpost.com dockerd[73811]: time="2021-04-21T12:38:02.659112755+03:00" level=info msg="Daemon has completed initialization" Apr 21 12:38:02 almalinux.computingpost.com systemd[1]: Started Docker Application Container Engine. Add your user to docker group sudo usermod -aG docker $USER newgrp docker Confirm if you’re able to run any docker commands without sudo: $ docker --version Docker version 20.10.17, build 100c701 Step 4: Run docker container Let’s test our Docker CE installation on AlmaLinux 8 / Rocky Linux 8 by pulling alpine linux and hello-world images: $ docker pull alpine:latest latest: Pulling from library/alpine 540db60ca938: Pull complete Digest: sha256:69e70a79f2d41ab5d637de98c1e0b055206ba40a8145e7bddb55ccc04e13cf8f Status: Downloaded newer image for alpine:latest docker.io/library/alpine:latest $ docker pull hello-world Using default tag: latest latest: Pulling from library/hello-world b8dfde127a29: Pull complete Digest: sha256:f2266cbfc127c960fd30e76b7c792dc23b588c0db76233517e1891a4e357d519 Status: Downloaded newer image for hello-world:latest docker.io/library/hello-world:latest Run a docker container from the alpine image: $ docker run hello-world Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/ We can confirm our Docker installation on AlmaLinux OS 8 / Rocky Linux 8 is working fine. You can now build your containerized applications with Docker and helpful tools such as Docker Compose. And eventually migrating them to Kubernetes environment.

Welcome to this guide where we shall be discussing how to set up FreeIPA server on Docker/Podman containers. FreeIPA is an Open Source project sponsored by Red Hat. It is upstream for the commercial Red Hat Identity Manager. On the client-side, there is a client application used to configure target systems. There are many reasons as to why one would want to install FreeIPA on containers as opposed to running natively on your systems. For other installation methods, have a look at: How to Install FreeIPA Server on CentOS 7 How to Install FreeIPA Server on Ubuntu How to Install and Configure FreeIPA Server on RHEL / CentOS 8 Install FreeIPA Server on Rocky Linux 9 / AlmaLinux 9 FreeIPA system is an ideal system for centrally managing identity, policy, and audit for users and services. It can provide integrated identity management services to clients on Linux, Mac and Windows. Features of using FreeIPA Below are some of the features of using FreeIPA Central Authentication Management – Centralized management of users, machines, and services within large Linux/Unix enterprise environments. One Time Password (OTP): Provides a popular method for achieving two-factor authentication (2FA). Fine-grained Access Control: Provides a clear method of defining access control policies to govern user identities and delegation of administrative tasks. Direct Connect to Active Directory: You can retrieve information from Active Directory (AD) and join a domain or realm in a standard way. Active Directory Cross-Realm Trust: As System Administrator, you can establish cross-forest Kerberos trusts with Microsoft Active Directory. This allows external Active Directory (AD) users convenient access to resources in the Identity Management domain. Integrated Public Key Infrastructure (PKI) Service: This provides PKI services that sign and publish certificates for hosts and services, Certificate Revocation List (CRL) and OCSP services for software validating the published certificate, and an API to request, show, and find certificates. Components of FreeIPA Server FreeIPA server is comprised of the following projects: 389 Directory Server – Main data store and provides a full multi-master LDAPv3 directory infrastructure. MIT Kerberos KDC – Provides Single-Sign-on authentication. Dogtag Certificate System – Provides CA & RA for certificate management functions. ISC Bind DNS server – for managing Domain names. Web UI / ipa Command Line tool – Used to centrally manage access control, the delegation of administrative tasks and other network administration tasks. NTP Server – For time synchronization with local time servers Run FreeIPA Server in Docker / Podman Containers In the following sections we show you how to install Docker / Podman and use it to run FreeIPA server in containers. FreeIPA installation Minimum requirements 4GB RAM 4 vCPUs Docker/Podman installed Before you can run FreeIPA server on Docker/Podman, you should ensure that Docker/Podman is installed on your system. Follow the links below to install Podman/Docker Install and Use Podman on CentOS 8 / RHEL 8 How To Install Podman on Ubuntu How To Install Docker CE on Linux Systems Install Docker CE on Rocky Linux 8 / AlmaLinux 8 Add your user account to docker group: sudo usermod -aG docker $USER newgrp docker For Docker Dev quick and automated installation run the commands: wget -qO- https://get.docker.com/ | sudo bash To run Docker as a non-privileged user, consider setting up the Docker daemon in rootless mode for your user: dockerd-rootless-setuptool.sh install Or adding user to docker group: sudo usermod -aG docker $USER newgrp docker Step 1. Build FreeIPA server image We need to build a FreeIPA image based on your operating system before we can run the container. Install git tool: ### Ubuntu / Debian ### sudo apt update sudo apt install git -y ### CentOS / Fedora ###

sudo yum -y install git Before that, we will need to clone FreeIPA’s GitHub repo which contains docker files for different Operating Systems. git clone https://github.com/freeipa/freeipa-container.git cd freeipa-container For RHEL based systems, you are required to either set SELinux context or disable SELinux. sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config sudo setenforce 0 Build an image as shown below, replacing the DockerFile with one that suits your OS. These DockerFiles are available in the directory we cloned from GitHub. [root@server freeipa-container]# ls -lh total 352K -rw-rw-r-- 1 jkmutai jkmutai 5.2K Ago 20 09:48 Dockerfile.almalinux-8 -rw-rw-r-- 1 jkmutai jkmutai 5.6K Ago 20 09:48 Dockerfile.centos-7 -rw-rw-r-- 1 jkmutai jkmutai 5.2K Ago 20 09:48 Dockerfile.centos-8 -rw-rw-r-- 1 jkmutai jkmutai 5.2K Ago 20 09:48 Dockerfile.centos-8-stream -rw-rw-r-- 1 jkmutai jkmutai 5.3K Ago 20 09:48 Dockerfile.centos-9-stream -rw-rw-r-- 1 jkmutai jkmutai 5.0K Ago 20 09:48 Dockerfile.fedora-23 -rw-rw-r-- 1 jkmutai jkmutai 5.0K Ago 20 09:48 Dockerfile.fedora-24 -rw-rw-r-- 1 jkmutai jkmutai 4.9K Ago 20 09:48 Dockerfile.fedora-25 -rw-rw-r-- 1 jkmutai jkmutai 4.8K Ago 20 09:48 Dockerfile.fedora-26 -rw-rw-r-- 1 jkmutai jkmutai 4.8K Ago 20 09:48 Dockerfile.fedora-27 -rw-rw-r-- 1 jkmutai jkmutai 4.8K Ago 20 09:48 Dockerfile.fedora-28 -rw-rw-r-- 1 jkmutai jkmutai 4.7K Ago 20 09:48 Dockerfile.fedora-29 -rw-rw-r-- 1 jkmutai jkmutai 4.7K Ago 20 09:48 Dockerfile.fedora-30 -rw-rw-r-- 1 jkmutai jkmutai 4.6K Ago 20 09:48 Dockerfile.fedora-31 -rw-rw-r-- 1 jkmutai jkmutai 4.9K Ago 20 09:48 Dockerfile.fedora-32 -rw-rw-r-- 1 jkmutai jkmutai 4.8K Ago 20 09:48 Dockerfile.fedora-33 -rw-rw-r-- 1 jkmutai jkmutai 4.9K Ago 20 09:48 Dockerfile.fedora-34 -rw-rw-r-- 1 jkmutai jkmutai 4.8K Ago 20 09:48 Dockerfile.fedora-35 -rw-rw-r-- 1 jkmutai jkmutai 4.8K Ago 20 09:48 Dockerfile.fedora-36 -rw-rw-r-- 1 jkmutai jkmutai 4.9K Ago 20 09:48 Dockerfile.fedora-rawhide -rw-rw-r-- 1 jkmutai jkmutai 5.5K Ago 20 09:48 Dockerfile.rhel-7 -rw-rw-r-- 1 jkmutai jkmutai 4.9K Ago 20 09:48 Dockerfile.rhel-8 -rw-rw-r-- 1 jkmutai jkmutai 5.2K Ago 20 09:48 Dockerfile.rocky-8 .... In my case, I’ll be running FreeIPA on CentOS 8 or RHEL 8 image. For Docker: #Build from Rocky Linux 8 image docker build -t freeipa-rocky8 -f Dockerfile.rocky-8 . #Build from AlmaLinux 8 image docker build -t freeipa-alma8 -f Dockerfile.almalinux-8 . #Build from RHEL 8 image docker build -t freeipa-rhel8 -f Dockerfile.rhel-8 . #Build from Fedora image docker build -t freeipa-fed36 -f Dockerfile.fedora-36 . For Podman: #Build from Rocky Linux 8 image podman build -t freeipa-rocky8 -f Dockerfile.rocky-8 . #Build from AlmaLinux 8 image podman build -t freeipa-alma8 -f Dockerfile.almalinux-8 . #Build from RHEL 8 image podman build -t freeipa-rhel8 -f Dockerfile.rhel-8 . #Build from Fedora image podman build -t freeipa-fed36 -f Dockerfile.fedora-36 . The build process should take some minutes. A complete build will exit with the information below: ..... Step 49/51 : EXPOSE 53/udp 53 80 443 389 636 88 464 88/udp 464/udp 123/udp ---> Running in da8d1fe2c58c Removing intermediate container da8d1fe2c58c ---> 876327439584 Step 50/51 : RUN uuidgen > /data-template/build-id ---> Running in aa40a4e5f35a Removing intermediate container aa40a4e5f35a ---> ce1ab7ef5832 Step 51/51 : LABEL maintainer="FreeIPA Developers " ---> Running in f7962c72763b Removing intermediate container f7962c72763b ---> ea0c2442d175 Successfully built ea0c2442d175 Successfully tagged freeipa-rocky8:latest List images on Podman / Docker: #Docker $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE freeipa-fed36 latest 4a2fc4dd7bd3 53 minutes ago 863MB freeipa-alma8 latest f52d912f2c6e About an hour ago 914MB freeipa-rocky8 latest 44c6e6219250 About an hour ago 883MB

registry.fedoraproject.org/fedora 36 2ecb6df95994 4 weeks ago 163MB rockylinux/rockylinux 8 523ffac7fb2e 6 weeks ago 196MB almalinux/almalinux 8 6adabb67011e 13 months ago 209MB Step 2. Running FreeIPA server Container The next step is to run the FreeIPA server on Podman/Docker containers. The FreeIPA server runs systemd to manage the services in a single container. This means that if you are running on an SELinux enabled system, you need to allow systemd to run in containers by setting the SELinux boolean as below: sudo setsebool -P container_manage_cgroup 1 Create a data directory for persistent volume of the FreeIPA container. We shall then mount the volume at /data path of the container. sudo mkdir -p /var/lib/ipa-data Create the FreeIPA container with the following command. For Podman: podman run --name freeipa-server-container -ti \ -h ipa.example.com --read-only \ -v /var/lib/ipa-data:/data:Z localhost/freeipa-rocky8 For Docker: docker run --name freeipa-server-container -ti \ -h ipa.example.com --read-only \ -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ -v /var/lib/ipa-data:/data:Z freeipa-rocky8 Replace ipa.example.com with your FreeIPA domain. If you run into an error like this below: IPv6 stack is enabled in the kernel but there is no interface that has ::1 address assigned. Add ::1 address resolution to 'lo' interface. You might need to enable IPv6 on the interface 'lo' in sysctl.conf. You will be required to add the option below. --sysctl net.ipv6.conf.all.disable_ipv6=0 The above two commands for Podman and Docker automatically initializes the ipa-server-install script of FreeIPA. You will then be required to key in the information from the prompts. $ sudo docker run --name freeipa-server-container -ti \ -h ipa.example.com --read-only \ --sysctl net.ipv6.conf.all.disable_ipv6=0 \ -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ -v /var/lib/ipa-data:/data:Z freeipa-server systemd 239 (239-41.el8_3) running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy) Detected virtualization container-other. Detected architecture x86-64. Set hostname to . Sun Aug 22 07:02:27 UTC 2021 /usr/sbin/ipa-server-configure-first The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the IPA Server. Version 4.9.2 This includes: * Configure a stand-alone CA (dogtag) for certificate management * Configure the NTP client (chronyd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure the KDC to enable PKINIT To accept the default shown in brackets, press the Enter key. Do you want to configure integrated DNS (BIND)? [no]: Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form . Example: master.example.com. Server host name [ipa.example.com]: The domain name has been determined based on the host name. Please confirm the domain name [example.com]: The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [EXAMPLE.COM]: Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long. Directory Manager password: Password (confirm): The IPA server requires an administrative user, named 'admin'.

This user is a regular system account used for IPA server administration. IPA admin password: Password (confirm): Do you want to configure chrony with NTP server or pool address? [no]: The IPA Master Server will be configured with: Hostname: ipa.example.com IP address(es): 172.17.0.2 Domain name: example.com Realm name: EXAMPLE.COM The CA will be configured with: Subject DN: CN=Certificate Authority,O=EXAMPLE.COM Subject base: O=EXAMPLE.COM Chaining: self-signed Continue to configure the system with these values? [no]: yes The following operations may take some minutes to complete. Please wait until the prompt is returned. ....... The above prompt will: Configure a stand-alone CA (dogtag) for certificate management Configure the NTP client (chronyd) Create and configure an instance of Directory Server Create and configure a Kerberos Key Distribution Center (KDC) Configure Apache (httpd) Configure the KDC to enable PKINIT A complete installation will give the output below: Configuring example.com as NIS domain. Client configuration complete. The ipa-client-install command was successful Please add records in this file to your DNS system: /tmp/ipa.system.records.jafe12ca.db ============================================================================== Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos UDP Ports: * 88, 464: kerberos * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. 3. Kerberos requires time synchronization between clients and servers for correct operation. You should consider enabling chronyd. Be sure to back up the CA certificates stored in /root/cacert.p12 These files are required to create replicas. The password for these files is the Directory Manager password The ipa-server-install command was successful FreeIPA server does not run DNS server, skipping update-self-ip-address. Created symlink /etc/systemd/system/container-ipa.target.wants/ipa-server-update-self-ip-address.service → /usr/lib/systemd/system/ipa-server-update-self-ip-address.service. Created symlink /etc/systemd/system/container-ipa.target.wants/ipa-server-upgrade.service → /usr/lib/systemd/system/ipa-server-upgrade.service. Removed /etc/systemd/system/container-ipa.target.wants/ipa-server-configure-first.service. FreeIPA server configured. FreeIPA External access If you intend to use FreeIPA externally, you will have to forward the neccessary ports to the host with the -p flag. You can also specify the environment variables during the installation such as the password. docker run -e PASSWORD=Secret@123 -p 53:53/udp -p 53:53 \ -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 \ -p 88:88/udp -p 464:464/udp -p 123:123/udp ... A complete command with the ports exposed would look like this: docker run --name freeipa-server -ti \ -h ipa.example.com -p 53:53/udp -p 53:53 \ -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 -p 88:88/udp \ -p 464:464/udp -p 123:123/udp --read-only \ --sysctl net.ipv6.conf.all.disable_ipv6=0 -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ -v /var/lib/ipa-data:/data:Z freeipa-server:latest Step 3. Access FreeIPA server on Web The next step is to access FreeIPA on the web interface. Navigate to https://ipa.example.com or the IP/Hostname of the Docker/Podman host. You will be required to login with the user admin and the password you created during the installation. After a successful login, you will be redirected to the FreeIPA dashoard Step 4. Manage users using FreeIPA The next step is to manage users using FreeIPA Users can be added using the command-line interface of the Docker/Podman container or the web interface.

For the web option, click on the “Add” button under the “Active users” section to add the user. Step 5: Connect Clients to FreeIPA Server To connect a client to the FreeIPA instance, we need to have installed IPA client on your system. Follow the guide below to set up IPA client: How To Install FreeIPA Client on CentOS 8 / RHEL 8 Add the client to FreeIPA server sudo ipa-client-install --hostname=centos8.example.com \ --mkhomedir \ --server=ipa.example.com \ --domain example.com \ --realm EXAMPLE.COM Check and verify that the added user is available: $ id user1 uid=1676000008(user1) gid=1676000008(user1) groups=1676000008(user1),1676000007(wheel-users) Step 6: Securing FreeIPA Server With Let’s Encrypt If your FreeIPA Server is on a Cloud instance you can secure it with Let’s Encrypt Certificate as discussed in our guide: Secure FreeIPA Server With Let’s Encrypt SSL Certificate Conclusion The above steps summarize how to set up FreeIPA server on Docker/Podman. Feel free to get in touch in case you encounter problems setting up this environment. Cheers!