Search

Chapter 20. Working with containers using Buildah

download PDF

With Buildah, you can do several operations on a container image or container from the command line. Examples of operations are: create a working container from scratch or from a container image as a starting point, create an image from a working container or using a Containerfile, configure a container’s entrypoint, labels, port, shell, and working directory. You can mount working containers directories for filesystem manipulation, delete a working container or container image, and more.

You can then create an image from a working container and push the image to the registry.

20.1. Running commands inside of the container

Use the buildah run command to execute a command from the container.

Prerequisites

  • The container-tools module is installed.
  • A pulled image is available on the local system.

Procedure

  • Display the operating system version:

    # buildah run ubi-working-container cat /etc/redhat-release
    Red Hat Enterprise Linux release 8.4 (Ootpa)

Additional resources

  • buildah-run man page on your system

20.2. Inspecting containers and images with Buildah

Use the buildah inspect command to display information about a container or image.

Prerequisites

Procedure

  • Inspect the image:

    • To inspect the myecho image, enter:

      # buildah inspect localhost/myecho
       {
          "Type": "buildah 0.0.1",
          "FromImage": "localhost/myecho:latest",
          "FromImageID": "b28cd00741b38c92382ee806e1653eae0a56402bcd2c8d31bdcd36521bc267a4",
          "FromImageDigest": "sha256:0f5b06cbd51b464fabe93ce4fe852a9038cdd7c7b7661cd7efef8f9ae8a59585",
          "Config":
          ...
           "Entrypoint": [
                      "/bin/sh",
                      "-c",
                      "\"/usr/local/bin/myecho\""
                  ],
          ...
      }
    • To inspect the working container from the myecho image:

      1. Create a working container based on the localhost/myecho image:

        # buildah from localhost/myecho
      2. Inspect the myecho-working-container container:

        # buildah inspect ubi-working-container
        {
            "Type": "buildah 0.0.1",
            "FromImage": "registry.access.redhat.com/ubi8/ubi:latest",
            "FromImageID": "272209ff0ae5fe54c119b9c32a25887e13625c9035a1599feba654aa7638262d",
            "FromImageDigest": "sha256:77623387101abefbf83161c7d5a0378379d0424b2244009282acb39d42f1fe13",
            "Config":
            ...
        "Container": "ubi-working-container",
        "ContainerID": "01eab9588ae1523746bb706479063ba103f6281ebaeeccb5dc42b70e450d5ad0",
        "ProcessLabel": "system_u:system_r:container_t:s0:c162,c1000",
        "MountLabel": "system_u:object_r:container_file_t:s0:c162,c1000",
        ...
        }

Additional resources

  • buildah-inspect man page on your system

20.3. Modifying a container using buildah mount

Use the buildah mount command to display information about a container or image.

Prerequisites

Procedure

  1. Create a working container based on the registry.access.redhat.com/ubi8/ubi image and save the name of the container to the mycontainer variable:

    # mycontainer=$(buildah from localhost/myecho)
    
    # echo $mycontainer
    myecho-working-container
  2. Mount the myecho-working-container container and save the mount point path to the mymount variable:

    # mymount=$(buildah mount $mycontainer)
    
    # echo $mymount
    /var/lib/containers/storage/overlay/c1709df40031dda7c49e93575d9c8eebcaa5d8129033a58e5b6a95019684cc25/merged
  3. Modify the myecho script and make it executable:

    # echo 'echo "We modified this container."' >> $mymount/usr/local/bin/myecho
    # chmod +x $mymount/usr/local/bin/myecho
  4. Create the myecho2 image from the myecho-working-container container:

    # buildah commit $mycontainer containers-storage:myecho2

Verification

  1. List all images in local storage:

    # buildah images
    REPOSITORY                                  TAG      IMAGE ID       CREATED          SIZE
    docker.io/library/myecho2                   latest   4547d2c3e436   4 minutes ago    234 MB
    localhost/myecho                            latest   b28cd00741b3   56 minutes ago   234 MB
  2. Run the myecho2 container based on the docker.io/library/myecho2 image:

    # podman run --name=myecho2 docker.io/library/myecho2
    This container works!
    We even modified it.

Additional resources

  • buildah-mount and buildah-commit man pages on your system

20.4. Modifying a container using buildah copy and buildah config

Use buildah copy command to copy files to a container without mounting it. You can then configure the container using the buildah config command to run the script you created by default.

Prerequisites

Procedure

  1. Create a script named newecho and make it executable:

    # cat newecho
    echo "I changed this container"
    # chmod 755 newecho
  2. Create a new working container:

    # buildah from myecho:latest
    myecho-working-container-2
  3. Copy the newecho script to /usr/local/bin directory inside the container:

    # buildah copy myecho-working-container-2 newecho /usr/local/bin
  4. Change the configuration to use the newecho script as the new entrypoint:

    # buildah config --entrypoint "/bin/sh -c /usr/local/bin/newecho" myecho-working-container-2
  5. Optional: Run the myecho-working-container-2 container whixh triggers the newecho script to be executed:

    # buildah run myecho-working-container-2 -- sh -c '/usr/local/bin/newecho'
    I changed this container
  6. Commit the myecho-working-container-2 container to a new image called mynewecho:

    # buildah commit myecho-working-container-2 containers-storage:mynewecho

Verification

  • List all images in local storage:

    # buildah images
    REPOSITORY                                  TAG      IMAGE ID       CREATED         SIZE
    docker.io/library/mynewecho                 latest   fa2091a7d8b6   8 seconds ago   234 MB

Additional resources

  • The buildah-copy, buildah-config, buildah-commit, buildah-run man pages on your system

20.5. Pushing containers to a private registry

Use buildah push command to push an image from local storage to a public or private repository.

Prerequisites

Procedure

  1. Create the local registry on your machine:

    # podman run -d -p 5000:5000 registry:2
  2. Push the myecho:latest image to the localhost registry:

    #  buildah push --tls-verify=false myecho:latest localhost:5000/myecho:latest
    Getting image source signatures
    Copying blob sha256:e4efd0...
    ...
    Writing manifest to image destination
    Storing signatures

Verification

  1. List all images in the localhost repository:

    # curl http://localhost:5000/v2/_catalog
    {"repositories":["myecho2]}
    
    
    # curl http://localhost:5000/v2/myecho2/tags/list
    {"name":"myecho","tags":["latest"]}
  2. Inspect the docker://localhost:5000/myecho:latest image:

    # skopeo inspect --tls-verify=false docker://localhost:5000/myecho:latest | less
    {
        "Name": "localhost:5000/myecho",
        "Digest": "sha256:8999ff6050...",
        "RepoTags": [
            "latest"
        ],
        "Created": "2021-06-28T14:44:05.919583964Z",
        "DockerVersion": "",
        "Labels": {
            "architecture": "x86_64",
            "authoritative-source-url": "registry.redhat.io",
        ...
    }
  3. Pull the localhost:5000/myecho image:

    # podman pull --tls-verify=false localhost:5000/myecho2
    # podman run localhost:5000/myecho2
    This container works!

Additional resources

  • buildah-push man page on your system

20.6. Pushing containers to the Docker Hub

Use your Docker Hub credentials to push and pull images from the Docker Hub with the buildah command.

Prerequisites

Procedure

  1. Push the docker.io/library/myecho:latest to your Docker Hub. Replace username and password with your Docker Hub credentials:

    # buildah push --creds username:password \
      docker.io/library/myecho:latest docker://testaccountXX/myecho:latest

Verification

  • Get and run the docker.io/testaccountXX/myecho:latest image:

    • Using Podman tool:

      # podman run docker.io/testaccountXX/myecho:latest
      This container works!
    • Using Buildah and Podman tools:

      # buildah from docker.io/testaccountXX/myecho:latest
      myecho2-working-container-2
      # podman run myecho-working-container-2

Additional resources

  • buildah-push man page on your system

20.7. Removing containers with Buildah

Use the buildah rm command to remove containers. You can specify containers for removal with the container ID or name.

Prerequisites

  • The container-tools module is installed.
  • At least one container has been stopped.

Procedure

  1. List all containers:

    # buildah containers
    CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
    05387e29ab93     *     c37e14066ac7 docker.io/library/myecho:latest  myecho-working-container
  2. Remove the myecho-working-container container:

    # buildah rm myecho-working-container
    05387e29ab93151cf52e9c85c573f3e8ab64af1592b1ff9315db8a10a77d7c22

Verification

  • Ensure that containers were removed:

    # buildah containers

Additional resources

  • buildah-rm man page on your system
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.