KNZLABS :: lab09-containers

Lab 09 — Rootless Podman Containers and systemd Quadlets

Target: rhcsa-node1 (workstation) · Time: 30 minutes · Reboot required: yes

Scenario

Modern RHCSA has dropped Docker and moved to Podman. You'll set up an unprivileged user to run a container, persist its data on a host volume, and have it autostart at boot via systemd.

Tasks (run all under user `alice` from lab01)

  1. Install **podman** as root if not already present.
  2. Switch to user `alice` (e.g. `sudo machinectl shell alice@`). Configure **lingering** for alice so user systemd survives logout: `loginctl enable-linger alice`.
  3. As alice, pull the image **registry.access.redhat.com/ubi9/httpd-24** (or `docker.io/library/nginx:alpine` if you can't reach Red Hat's registry — both grade the same).
  4. Create a host directory `/home/alice/web-content/` containing a single `index.html` with content "RHCSA Lab 09 — alice".
  5. Run the container rootless, named **lab-web**, publishing host port **18080** → container port 80 (or 8080 for httpd-24), with the host directory bind-mounted to the container's document root (`/var/www/html` for httpd-24 or `/usr/share/nginx/html` for nginx). Use `:Z` for SELinux relabel.
  6. Create a **Quadlet** unit at `~/.config/containers/systemd/lab-web.container` so the container runs as a user systemd service on boot.
  7. Reload systemd-user: `systemctl --user daemon-reload`. Enable+start the generated `lab-web.service`.
  8. Verify: from another shell as root, `curl http://localhost:18080/` returns the lab content.

Reboot. Re-run grader (as root; it tests alice's session).

Grading

~/labs/lab09-containers/grader.sh