chanciturnervgt2

Integrating Amazon EFS with Podman on Red Hat Enterprise Linux

by

VGT2 Las Vegas
in

Integrating Amazon EFS with Podman on Red Hat Enterprise LinuxMore Info

This article was contributed by Jessica Lee and Alex Carter. Podman is an open-source tool without a daemon, specifically designed for managing applications through Open Containers Initiative (OCI) containers and container images on Red Hat Enterprise Linux (RHEL). Similar to Docker, Podman utilizes an OCI-compliant container runtime to interact with the operating system for container creation. It organizes the container ecosystem, including pods, containers, images, and volumes through the libpod library.

Containers managed by Podman can be executed by either the root user or non-privileged users, making it a secure alternative to Docker by providing user identifier (UID) separation via namespaces and seamless integration with systemd. If you’re using Podman for your containerized applications, you may need to scale both your compute and storage layers.

In this post, we’ll detail how to scale a Podman-based application by leveraging Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic File System (Amazon EFS). Amazon EFS offers a fully managed, scalable NFS file system that allows you to share file data without the hassle of provisioning storage infrastructure. It can integrate with AWS cloud services and on-premises resources, scaling automatically to accommodate growing data needs, which can reach petabytes without affecting application performance.

We will guide you through deploying a sample web application—a photo gallery—using Podman on a RHEL EC2 instance, with images stored on Amazon EFS mounted across multiple Availability Zones for enhanced scalability and high availability (HA).

Prerequisites

Before starting, ensure you have the following:

  • An Amazon Virtual Private Cloud (Amazon VPC) with a public subnet set up.
  • A RHEL EC2 instance running within your Amazon VPC.
  • Podman installed on your EC2 instance.
  • An Amazon EFS created in your Amazon VPC, with your EC2 security group granted access to the EFS.
  • For the photo gallery, we will use the Linuxserver.io photoshow container image.

Solution Overview

We will cover the following steps:

  1. Running a Podman container on a RHEL EC2 instance using the local filesystem (no HA).
  2. Modifying the setup to store images on Amazon EFS (providing storage-level HA).
  3. Enhancing solution availability by adding a second Amazon EC2 instance in a different Availability Zone, along with an Application Load Balancer (implementing compute-level HA).
  4. Managing scaling through an Auto Scaling Group.

Step 1: Launch Podman Container on RHEL EC2 Instance with Local Filesystem

Begin by connecting to your EC2 instance via SSH using your SSH key pair. Next, download the photoshow container image. Choose the appropriate registry:

[ec2-user@ip-172-31-58-150 ~]$ sudo podman pull linuxserver/photoshow

You can verify the image is downloaded by listing available images:

[ec2-user@ip-172-31-58-150 ~]$ sudo podman images

Ensure no containers are running on your EC2 instance:

[ec2-user@ip-172-31-58-150 ~]$ sudo podman ps -a

Next, create a directory on your host machine to store configuration and image files:

[ec2-user@ip-172-31-58-150 ~]$ mkdir -p ~/photo/config ~/photo/pictures ~/photo/thumb

Verify the directory structure:

[ec2-user@ip-172-31-58-150 ~]$ ls -l ~/photo/

Now, execute the container with the Podman command, specifying the volume mounts:

[ec2-user@ip-172-31-58-150 ~]$ sudo podman run -d 
--name=photoshow 
-e PUID=1000 -e PGID=1000 -e TZ=Europe/London -p 8080:80 
-v /home/ec2-user/photo/config:/config:Z 
-v /home/ec2-user/photo/pictures:/Pictures:Z 
-v /home/ec2-user/photo/thumb:/Thumbs:Z 
--restart unless-stopped linuxserver/photoshow

The :Z flag ensures the correct SELinux context is applied:

[ec2-user@ip-172-31-58-150 ~]$ sudo podman ps -a

Next, populate the /photo/pictures directory with images using wget:

[ec2-user@ip-172-31-58-150 ~]$ cd ~/photo/pictures/
[ec2-user@ip-172-31-58-150 ~]$ wget http://<IMAGE_URL>

To verify that no volumes were created, check:

[ec2-user@ip-172-31-58-150 ~]$ sudo podman volume ls

Inspect the container to confirm that the mounts are correct:

[ec2-user@ip-172-31-58-150 ~]$ sudo podman inspect photoshow

You should see the mounts listed correctly, indicating where each directory is bound.

Finally, log into the container to check the directories:

[ec2-user@ip-172-31-58-150 ~]$ sudo podman exec -it photoshow /bin/bash

For further reading on this topic, you might find this excellent resource helpful, or explore another blog post here. For authoritative insights, check out this link.

Related Topics:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *