07. 07. 2022 Lorenzo Candeago DevOps

How to Use a Host’s Redhat Subscription to Run Containers Using Docker instead of Podman

In NetEye 4.23 we shifted our base containers from CentOS to RedHat Enterprise Linux. Within our NetEye image and container we ship packages that come from RedHat Enterprise Linux’s private repositories and are thus subject to subscription, hence we need a way to be able to use our subscription when building NetEye containers.

RedHat allows you to use a host’s subscription for package installation inside containers out of the box when using podman, but not with other Docker versions.

One of the problems we are facing is that our CI infrastructure is still based on Docker Swarm, which is not supported by podman (although we are currently transitioning our CI to OpenShift).

Following a method not officially supported by RedHat, it’s enough to mount the secrets and certificates directory from the host machine onto the container in the correct location:

docker run -it -v /etc/yum.repos.d/redhat.repo:/run/secrets/redhat.repo:ro  \ 
     -v /etc/pki/entitlement/:/run/secrets/etc-pki-entitlement:ro \
     -v /etc/rhsm/:/run/secrets/rhsm:ro redhat/ubi8 bash

Once inside the container, if we now try to run the subscription-manager we’ll get the same error we would get with podman, meaning that the container is using the host’s subscription.

subscription-manager status
subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.

These Solutions are Engineered by Humans

Did you find this article interesting? Are you an “under the hood” kind of person? We’re really big on automation and we’re always looking for people in a similar vein to fill roles like this one as well as other roles here at Würth Phoenix.