- RHEL 7.8
- PostgreSQL 9.2.24-4.el7_8
- Apache 2.4 (via Red Hat Software Collections)
- PHP 7.3 (required by MediaWiki; via Red Hat Software Collections)
- MediaWiki 1.34.2
- one with PostgreSQL
- another with Apache, PHP, and MediaWiki
OUTLINE
- Build two local images with buildah: one for PostgreSQL, one for Apache + PHP-FPM + MediaWiki
- Run containers using local images
- Cleanup
BEFORE WE BEGIN
- container=$( buildah from image_url )
- buildah containers
- buildah rm $container
- buildah rmi image_id
BUILD CONTAINERS
[root@host ~]# yum install buildah podman
[root@host ~]# buildah login registry.redhat.io
PostgreSQL
[root@host ~]# container=$(buildah from registry.access.redhat.com/rhel7)[root@host ~]# echo $containerrhel7-working-container[root@host ~]# buildah copy $container /etc/yum.repos.d/redhat.repo \
/etc/yum.repos.d/redhat.repo1f302312276b6f60ca1189181159d8c8eba378d3ff76a6aff651220c8f8250f2
[root@host ~]# buildah run $container /bin/bash[root@psql /]# yum -y install postgresql-server tmux psmisc nc vim...
Complete![root@psql /]# yum -y updateLoaded plugins: ovl, product-id, search-disabled-repos, subscription-managerNo packages marked for update[root@psql /]# yum clean allLoaded plugins: ovl, product-id, search-disabled-repos, subscription-managerCleaning repos: rhel-7-server-extras-rpms rhel-7-server-optional-rpms rhel-7-server-rpms rhel-server-rhscl-7-rpms
[root@psql /]# cp /usr/bin/postgresql-setup \
/usr/bin/postgresql-setup2
PGDATA=/var/lib/pgsql/data
PGPORT=5432
[root@psql /]# su - postgres-bash-4.2$ /usr/bin/postgresql-setup2 initdbInitializing database ... OK-bash-4.2$ exit
[root@psql /]# sed -i 's/^host/#host/' /var/lib/pgsql/data/pg_hba.conf[root@psql /]# echo "host all all all md5" >> /var/lib/pgsql/data/pg_hba.conf[root@psql /]# echo "listen_addresses = '*'" >> /var/lib/pgsql/data/postgresql.conf[root@psql /]# exit # exit container
[root@host ~]# buildah config --cmd "su - postgres -c \
[root@host ~]# buildah commit $container localhost/postgres-testGetting image source signaturesCopying blob cacea99e9a8c skipped: already existsCopying blob f15a9d9f7ab3 skipped: already existsCopying blob d3e8e97ad524 doneCopying config 7614d3233c doneWriting manifest to image destinationStoring signatures7614d3233c71651cfba0ba4aa149424dd349db55bee18cf762aef7b37e691a31
[root@host ~]# buildah imagesREPOSITORY TAG IMAGE ID CREATED SIZElocalhost/postgres-test latest 8d75ec494b55 About a minute ago 340 MBregistry.access.redhat.com/rhel7 latest 1a9b6d0a58f8 6 weeks ago 215 MB
[root@host ~]# podman run -p 5432:5432 --name psql \
--hostname psql --detach postgres-test...outputs container id...
[root@host ~]# podman psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES8651efee175f localhost/postgres-test:latest su - postgres -c ... 4 seconds ago Up 4 seconds ago 0.0.0.0:5432->5432/tcp psql
[root@host ~]# podman exec --interactive --tty psql bash[root@psql ~]# su - postgres[postgres@psql ~]$ createuser -S -D -R -P -E wikiuser # remember the password you use here[postgres@psql ~]$ createdb -O wikiuser wikidb[postgres@psql ~]$ exit # exit user postgres[root@psql ~]# exit # exit container
[root@host ~]# psql -h 127.0.0.1 -W wikidb wikiuserPassword for user wikiuser:psql (9.2.24)Type "help" for help.wikidb=>
Apache HTTPD, PHP, and MediaWiki
[root@host ~]# container=$( buildah from \
[root@host ~]# echo $containerrhel7-working-container-1
[root@host ~]# buildah copy $container /etc/yum.repos.d/redhat.repo \
/etc/yum.repos.d/redhat.repo1f302312276b6f60ca1189181159d8c8eba378d3ff76a6aff651220c8f8250f2
[root@host ~]# buildah copy $container /etc/yum.repos.d/epel.repo \
/etc/yum.repos.d/epel.repo15a7fc2ebe4c5260256294d2c890bc1ccb5f8097b1a25aa0c38f9b996fa5fc5b
[root@host ~]# buildah run $container -- /usr/bin/bash[root@apache /]# yum install -y wget less procps-ng lsof psmisc \
tmux openssl httpd24 httpd24-httpd httpd24-mod_ssl
[root@apache /]# yum install -y rh-php73 rh-php73-php \
rh-php73-php-gd rh-php73-php-gmp rh-php73-php-intl \
rh-php73-php-mbstring rh-php73-php-pgsql rh-php73-php-opcache \
[root@apache tmp]# scl enable rh-php73 /bin/bash[root@apache tmp]# which php/opt/rh/rh-php73/root/usr/bin/php[root@apache tmp]# php --versionPHP 7.3.11 (cli) (built: Oct 31 2019 08:30:29) ( NTS )Copyright (c) 1997-2018 The PHP GroupZend Engine v3.3.11, Copyright (c) 1998-2018 Zend Technologieswith Zend OPcache v7.3.11, Copyright (c) 1999-2018, by Zend Technologies
[root@apache tmp]# yum update -y tzdata
[root@apache tmp]# wget https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.tar.gz
[root@apache tmp]# cd /opt/rh/httpd24/root/var/www/html[root@apache tmp]# tar xvf /tmp/mediawiki-1.34.2.tar.gz[root@apache tmp]# mv mediawiki-1.34.2 testwiki[root@apache tmp]# exit # exits the rh-php73 environment[root@apache tmp]# exit # exits the container
[root@host ~]# buildah commit $container localhost/apache-test
[root@host ~]# buildah run $container -- /usr/bin/bash
[root@apache ~]# openssl req -new -newkey rsa:4096 > new.cert.csr[root@apache ~]# openssl rsa -in privkey.pem -out new.cert.key[root@apache ~]# openssl x509 -in new.cert.csr -out /etc/pki/tls/certs/localhost.crt \-req -signkey new.cert.key -days 730[root@apache ~]# cp new.cert.key /etc/pki/tls/private/localhost.key[root@apache ~]# openssl req -new -newkey rsa:4096 > new.cert.csrGenerating a 4096 bit RSA private key.............................++......................................................................................................................................................................................................................................................++writing new private key to 'privkey.pem'Enter PEM pass phrase: ***
Verifying - Enter PEM pass phrase: ***
-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:USState or Province Name (full name) []:CaliforniaLocality Name (eg, city) [Default City]:RiversideOrganization Name (eg, company) [Default Company Ltd]:ACME Corp.Organizational Unit Name (eg, section) []:ITCommon Name (eg, your name or your server's hostname) []:myservernameEmail Address []:web@acmecorp.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:[root@apache /]# openssl rsa -in privkey.pem -out new.cert.keyEnter pass phrase for privkey.pem:writing RSA key[root@apache /]# openssl x509 -in new.cert.csr -out /etc/pki/tls/certs/localhost.crt \> -req -signkey new.cert.key -days 730Signature oksubject=/C=US/ST=Pennsylvania/L=Philadelphia/O=Drexel University/OU=URCF/CN=urcfstora-apache/emailAddress=dwc62@drexel.eduGetting Private key[root@apache /]# cp new.cert.key /etc/pki/tls/private/localhost.keycp: overwrite '/etc/pki/tls/private/localhost.key'? y[root@apache /]# exit
[root@host /]# buildah commit $container localhost/apache-test