Chapter 20. Working with containers using Buildah
With Buildah, you can do several operations on a container image or container from the command line. Examples of operations are: create a working container from scratch or from a container image as a starting point, create an image from a working container or using a Containerfile
, configure a container’s entrypoint, labels, port, shell, and working directory. You can mount working containers directories for filesystem manipulation, delete a working container or container image, and more.
You can then create an image from a working container and push the image to the registry.
20.1. Running commands inside of the container
Use the buildah run
command to execute a command from the container.
Prerequisites
-
The
container-tools
module is installed. - A pulled image is available on the local system.
Procedure
Display the operating system version:
# buildah run ubi-working-container cat /etc/redhat-release Red Hat Enterprise Linux release 8.4 (Ootpa)
Additional resources
-
buildah-run
man page on your system
20.2. Inspecting containers and images with Buildah
Use the buildah inspect
command to display information about a container or image.
Prerequisites
-
The
container-tools
module is installed. - An image was built using instructions from Containerfile. For details, see section Building an image from a Containerfile with Buildah.
Procedure
Inspect the image:
To inspect the myecho image, enter:
# buildah inspect localhost/myecho { "Type": "buildah 0.0.1", "FromImage": "localhost/myecho:latest", "FromImageID": "b28cd00741b38c92382ee806e1653eae0a56402bcd2c8d31bdcd36521bc267a4", "FromImageDigest": "sha256:0f5b06cbd51b464fabe93ce4fe852a9038cdd7c7b7661cd7efef8f9ae8a59585", "Config": ... "Entrypoint": [ "/bin/sh", "-c", "\"/usr/local/bin/myecho\"" ], ... }
To inspect the working container from the
myecho
image:Create a working container based on the
localhost/myecho
image:# buildah from localhost/myecho
Inspect the
myecho-working-container
container:# buildah inspect ubi-working-container { "Type": "buildah 0.0.1", "FromImage": "registry.access.redhat.com/ubi8/ubi:latest", "FromImageID": "272209ff0ae5fe54c119b9c32a25887e13625c9035a1599feba654aa7638262d", "FromImageDigest": "sha256:77623387101abefbf83161c7d5a0378379d0424b2244009282acb39d42f1fe13", "Config": ... "Container": "ubi-working-container", "ContainerID": "01eab9588ae1523746bb706479063ba103f6281ebaeeccb5dc42b70e450d5ad0", "ProcessLabel": "system_u:system_r:container_t:s0:c162,c1000", "MountLabel": "system_u:object_r:container_file_t:s0:c162,c1000", ... }
Additional resources
-
buildah-inspect
man page on your system
20.3. Modifying a container using buildah mount
Use the buildah mount
command to display information about a container or image.
Prerequisites
-
The
container-tools
module is installed. - An image built using instructions from Containerfile. For details, see section Building an image from a Containerfile with Buildah.
Procedure
Create a working container based on the
registry.access.redhat.com/ubi8/ubi
image and save the name of the container to themycontainer
variable:# mycontainer=$(buildah from localhost/myecho) # echo $mycontainer myecho-working-container
Mount the
myecho-working-container
container and save the mount point path to themymount
variable:# mymount=$(buildah mount $mycontainer) # echo $mymount /var/lib/containers/storage/overlay/c1709df40031dda7c49e93575d9c8eebcaa5d8129033a58e5b6a95019684cc25/merged
Modify the
myecho
script and make it executable:# echo 'echo "We modified this container."' >> $mymount/usr/local/bin/myecho # chmod +x $mymount/usr/local/bin/myecho
Create the
myecho2
image from themyecho-working-container
container:# buildah commit $mycontainer containers-storage:myecho2
Verification
List all images in local storage:
# buildah images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/myecho2 latest 4547d2c3e436 4 minutes ago 234 MB localhost/myecho latest b28cd00741b3 56 minutes ago 234 MB
Run the
myecho2
container based on thedocker.io/library/myecho2
image:# podman run --name=myecho2 docker.io/library/myecho2 This container works! We even modified it.
Additional resources
-
buildah-mount
andbuildah-commit
man pages on your system
20.4. Modifying a container using buildah copy and buildah config
Use buildah copy
command to copy files to a container without mounting it. You can then configure the container using the buildah config
command to run the script you created by default.
Prerequisites
-
The
container-tools
module is installed. - An image built using instructions from Containerfile. For details, see section Building an image from a Containerfile with Buildah.
Procedure
Create a script named
newecho
and make it executable:# cat newecho echo "I changed this container" # chmod 755 newecho
Create a new working container:
# buildah from myecho:latest myecho-working-container-2
Copy the newecho script to
/usr/local/bin
directory inside the container:# buildah copy myecho-working-container-2 newecho /usr/local/bin
Change the configuration to use the
newecho
script as the new entrypoint:# buildah config --entrypoint "/bin/sh -c /usr/local/bin/newecho" myecho-working-container-2
Optional: Run the
myecho-working-container-2
container whixh triggers thenewecho
script to be executed:# buildah run myecho-working-container-2 -- sh -c '/usr/local/bin/newecho' I changed this container
Commit the
myecho-working-container-2
container to a new image calledmynewecho
:# buildah commit myecho-working-container-2 containers-storage:mynewecho
Verification
List all images in local storage:
# buildah images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/mynewecho latest fa2091a7d8b6 8 seconds ago 234 MB
Additional resources
-
The
buildah-copy
,buildah-config
,buildah-commit
,buildah-run
man pages on your system
20.5. Pushing containers to a private registry
Use buildah push
command to push an image from local storage to a public or private repository.
Prerequisites
-
The
container-tools
module is installed. - An image was built using instructions from Containerfile. For details, see section Building an image from a Containerfile with Buildah.
Procedure
Create the local registry on your machine:
# podman run -d -p 5000:5000 registry:2
Push the
myecho:latest
image to thelocalhost
registry:# buildah push --tls-verify=false myecho:latest localhost:5000/myecho:latest Getting image source signatures Copying blob sha256:e4efd0... ... Writing manifest to image destination Storing signatures
Verification
List all images in the
localhost
repository:# curl http://localhost:5000/v2/_catalog {"repositories":["myecho2]} # curl http://localhost:5000/v2/myecho2/tags/list {"name":"myecho","tags":["latest"]}
Inspect the
docker://localhost:5000/myecho:latest
image:# skopeo inspect --tls-verify=false docker://localhost:5000/myecho:latest | less { "Name": "localhost:5000/myecho", "Digest": "sha256:8999ff6050...", "RepoTags": [ "latest" ], "Created": "2021-06-28T14:44:05.919583964Z", "DockerVersion": "", "Labels": { "architecture": "x86_64", "authoritative-source-url": "registry.redhat.io", ... }
Pull the
localhost:5000/myecho
image:# podman pull --tls-verify=false localhost:5000/myecho2 # podman run localhost:5000/myecho2 This container works!
Additional resources
-
buildah-push
man page on your system
20.6. Pushing containers to the Docker Hub
Use your Docker Hub credentials to push and pull images from the Docker Hub with the buildah
command.
Prerequisites
-
The
container-tools
module is installed. - An image built using instructions from Containerfile. For details, see section Building an image from a Containerfile with Buildah.
Procedure
Push the
docker.io/library/myecho:latest
to your Docker Hub. Replaceusername
andpassword
with your Docker Hub credentials:# buildah push --creds username:password \ docker.io/library/myecho:latest docker://testaccountXX/myecho:latest
Verification
Get and run the
docker.io/testaccountXX/myecho:latest
image:Using Podman tool:
# podman run docker.io/testaccountXX/myecho:latest This container works!
Using Buildah and Podman tools:
# buildah from docker.io/testaccountXX/myecho:latest myecho2-working-container-2 # podman run myecho-working-container-2
Additional resources
-
buildah-push
man page on your system
20.7. Removing containers with Buildah
Use the buildah rm
command to remove containers. You can specify containers for removal with the container ID or name.
Prerequisites
-
The
container-tools
module is installed. - At least one container has been stopped.
Procedure
List all containers:
# buildah containers CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME 05387e29ab93 * c37e14066ac7 docker.io/library/myecho:latest myecho-working-container
Remove the myecho-working-container container:
# buildah rm myecho-working-container 05387e29ab93151cf52e9c85c573f3e8ab64af1592b1ff9315db8a10a77d7c22
Verification
Ensure that containers were removed:
# buildah containers
Additional resources
-
buildah-rm
man page on your system