Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 20. Working with containers using Buildah

With Buildah, you can do several operations on a container image or container from the command line. Examples of operations are: create a working container from scratch or from a container image as a starting point, create an image from a working container or using a Containerfile, configure a container’s entrypoint, labels, port, shell, and working directory. You can mount working containers directories for filesystem manipulation, delete a working container or container image, and more.

You can then create an image from a working container and push the image to the registry.

20.1. Running commands inside of the container
Copy link

Use the buildah run command to execute a command from the container.

Prerequisites

  • The container-tools module is installed.
  • A pulled image is available on the local system.

Procedure

  • Display the operating system version: 

    # buildah run ubi-working-container cat /etc/redhat-release
Red Hat Enterprise Linux release 8.4 (Ootpa)
    Copy to Clipboard Toggle word wrap

Use the buildah inspect command to display information about a container or image.

Prerequisites

Procedure

  • Inspect the image:

    • To inspect the myecho image, enter: 

      # buildah inspect localhost/myecho
 {
    "Type": "buildah 0.0.1",
    "FromImage": "localhost/myecho:latest",
    "FromImageID": "b28cd00741b38c92382ee806e1653eae0a56402bcd2c8d31bdcd36521bc267a4",
    "FromImageDigest": "sha256:0f5b06cbd51b464fabe93ce4fe852a9038cdd7c7b7661cd7efef8f9ae8a59585",
    "Config":
    ...
     "Entrypoint": [
                "/bin/sh",
                "-c",
                "\"/usr/local/bin/myecho\""
            ],
    ...
}
      Copy to Clipboard Toggle word wrap

    • To inspect the working container from the myecho image:

      1. Create a working container based on the localhost/myecho image: 

        # buildah from localhost/myecho
        Copy to Clipboard Toggle word wrap

      2. Inspect the myecho-working-container container: 

        # buildah inspect ubi-working-container
{
    "Type": "buildah 0.0.1",
    "FromImage": "registry.access.redhat.com/ubi8/ubi:latest",
    "FromImageID": "272209ff0ae5fe54c119b9c32a25887e13625c9035a1599feba654aa7638262d",
    "FromImageDigest": "sha256:77623387101abefbf83161c7d5a0378379d0424b2244009282acb39d42f1fe13",
    "Config":
    ...
"Container": "ubi-working-container",
"ContainerID": "01eab9588ae1523746bb706479063ba103f6281ebaeeccb5dc42b70e450d5ad0",
"ProcessLabel": "system_u:system_r:container_t:s0:c162,c1000",
"MountLabel": "system_u:object_r:container_file_t:s0:c162,c1000",
...
}
        Copy to Clipboard Toggle word wrap

20.3. Modifying a container using buildah mount
Copy link

Use the buildah mount command to display information about a container or image.

Prerequisites

Procedure

  1. Create a working container based on the registry.access.redhat.com/ubi8/ubi image and save the name of the container to the mycontainer variable: 

    # mycontainer=$(buildah from localhost/myecho)

# echo $mycontainer
myecho-working-container
    Copy to Clipboard Toggle word wrap

  2. Mount the myecho-working-container container and save the mount point path to the mymount variable: 

    # mymount=$(buildah mount $mycontainer)

# echo $mymount
/var/lib/containers/storage/overlay/c1709df40031dda7c49e93575d9c8eebcaa5d8129033a58e5b6a95019684cc25/merged
    Copy to Clipboard Toggle word wrap

  3. Modify the myecho script and make it executable: 

    # echo 'echo "We modified this container."' >> $mymount/usr/local/bin/myecho
# chmod +x $mymount/usr/local/bin/myecho
    Copy to Clipboard Toggle word wrap

  4. Create the myecho2 image from the myecho-working-container container: 

    # buildah commit $mycontainer containers-storage:myecho2
    Copy to Clipboard Toggle word wrap

Verification

  1. List all images in local storage: 

    # buildah images
REPOSITORY                                  TAG      IMAGE ID       CREATED          SIZE
docker.io/library/myecho2                   latest   4547d2c3e436   4 minutes ago    234 MB
localhost/myecho                            latest   b28cd00741b3   56 minutes ago   234 MB
    Copy to Clipboard Toggle word wrap

  2. Run the myecho2 container based on the docker.io/library/myecho2 image: 

    # podman run --name=myecho2 docker.io/library/myecho2
This container works!
We even modified it.
    Copy to Clipboard Toggle word wrap

Use buildah copy command to copy files to a container without mounting it. You can then configure the container using the buildah config command to run the script you created by default.

Prerequisites

Procedure

  1. Create a script named newecho and make it executable: 

    # cat newecho
echo "I changed this container"
# chmod 755 newecho
    Copy to Clipboard Toggle word wrap

  2. Create a new working container: 

    # buildah from myecho:latest
myecho-working-container-2
    Copy to Clipboard Toggle word wrap

  3. Copy the newecho script to /usr/local/bin directory inside the container: 

    # buildah copy myecho-working-container-2 newecho /usr/local/bin
    Copy to Clipboard Toggle word wrap

  4. Change the configuration to use the newecho script as the new entrypoint: 

    # buildah config --entrypoint "/bin/sh -c /usr/local/bin/newecho" myecho-working-container-2
    Copy to Clipboard Toggle word wrap

  5. Optional: Run the myecho-working-container-2 container whixh triggers the newecho script to be executed: 

    # buildah run myecho-working-container-2 -- sh -c '/usr/local/bin/newecho'
I changed this container
    Copy to Clipboard Toggle word wrap

  6. Commit the myecho-working-container-2 container to a new image called mynewecho: 

    # buildah commit myecho-working-container-2 containers-storage:mynewecho
    Copy to Clipboard Toggle word wrap

Verification

  • List all images in local storage: 

    # buildah images
REPOSITORY                                  TAG      IMAGE ID       CREATED         SIZE
docker.io/library/mynewecho                 latest   fa2091a7d8b6   8 seconds ago   234 MB
    Copy to Clipboard Toggle word wrap

20.5. Pushing containers to a private registry
Copy link

Use buildah push command to push an image from local storage to a public or private repository.

Prerequisites

Procedure

  1. Create the local registry on your machine: 

    # podman run -d -p 5000:5000 registry:2
    Copy to Clipboard Toggle word wrap

  2. Push the myecho:latest image to the localhost registry: 

    #  buildah push --tls-verify=false myecho:latest localhost:5000/myecho:latest
Getting image source signatures
Copying blob sha256:e4efd0...
...
Writing manifest to image destination
Storing signatures
    Copy to Clipboard Toggle word wrap

Verification

  1. List all images in the localhost repository: 

    # curl http://localhost:5000/v2/_catalog
{"repositories":["myecho2]}


# curl http://localhost:5000/v2/myecho2/tags/list
{"name":"myecho","tags":["latest"]}
    Copy to Clipboard Toggle word wrap

  2. Inspect the docker://localhost:5000/myecho:latest image: 

    # skopeo inspect --tls-verify=false docker://localhost:5000/myecho:latest | less
{
    "Name": "localhost:5000/myecho",
    "Digest": "sha256:8999ff6050...",
    "RepoTags": [
        "latest"
    ],
    "Created": "2021-06-28T14:44:05.919583964Z",
    "DockerVersion": "",
    "Labels": {
        "architecture": "x86_64",
        "authoritative-source-url": "registry.redhat.io",
    ...
}
    Copy to Clipboard Toggle word wrap

  3. Pull the localhost:5000/myecho image: 

    # podman pull --tls-verify=false localhost:5000/myecho2
# podman run localhost:5000/myecho2
This container works!
    Copy to Clipboard Toggle word wrap

20.6. Pushing containers to the Docker Hub
Copy link

Use your Docker Hub credentials to push and pull images from the Docker Hub with the buildah command.

Prerequisites

Procedure

  1. Push the docker.io/library/myecho:latest to your Docker Hub. Replace username and password with your Docker Hub credentials: 

    # buildah push --creds username:password \
  docker.io/library/myecho:latest docker://testaccountXX/myecho:latest
    Copy to Clipboard Toggle word wrap

Verification

  • Get and run the docker.io/testaccountXX/myecho:latest image:

    • Using Podman tool: 

      # podman run docker.io/testaccountXX/myecho:latest
This container works!
      Copy to Clipboard Toggle word wrap

    • Using Buildah and Podman tools: 

      # buildah from docker.io/testaccountXX/myecho:latest
myecho2-working-container-2
# podman run myecho-working-container-2
      Copy to Clipboard Toggle word wrap

20.7. Removing containers with Buildah
Copy link

Use the buildah rm command to remove containers. You can specify containers for removal with the container ID or name.

Prerequisites

  • The container-tools module is installed.
  • At least one container has been stopped.

Procedure

  1. List all containers: 

    # buildah containers
CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
05387e29ab93     *     c37e14066ac7 docker.io/library/myecho:latest  myecho-working-container
    Copy to Clipboard Toggle word wrap

  2. Remove the myecho-working-container container: 

    # buildah rm myecho-working-container
05387e29ab93151cf52e9c85c573f3e8ab64af1592b1ff9315db8a10a77d7c22
    Copy to Clipboard Toggle word wrap

Verification

  • Ensure that containers were removed: 

    # buildah containers
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat