Red Hat SummitChapter 21. Working with containers using Buildah
With Buildah, you can do several operations on a container image or container from the command line. Examples of operations are: create a working container from scratch or from a container image as a starting point, create an image from a working container or using a Containerfile, configure a container’s entrypoint, labels, port, shell, and working directory. You can mount working containers directories for filesystem manipulation, delete a working container or container image, and more.
You can then create an image from a working container and push the image to the registry.
21.1. Running commands inside of the container
Use the buildah run command to execute a command from the container.
Prerequisites
-
The
container-toolsmeta-package is installed. - A pulled image is available on the local system.
Procedure
Display the operating system version:
# buildah run ubi-working-container cat /etc/redhat-release Red Hat Enterprise Linux release 8.4 (Ootpa)
21.2. Inspecting containers and images with Buildah
Use the buildah inspect command to display information about a container or image.
Prerequisites
-
The
container-toolsmeta-package is installed. - An image was built using instructions from Containerfile. For details, see section Building an image from a Containerfile with Buildah.
Procedure
Inspect the image:
To inspect the myecho image, enter:
# buildah inspect localhost/myecho { "Type": "buildah 0.0.1", "FromImage": "localhost/myecho:latest", "FromImageID": "b28cd00741b38c92382ee806e1653eae0a56402bcd2c8d31bdcd36521bc267a4", "FromImageDigest": "sha256:0f5b06cbd51b464fabe93ce4fe852a9038cdd7c7b7661cd7efef8f9ae8a59585", "Config": ... "Entrypoint": [ "/bin/sh", "-c", "\"/usr/local/bin/myecho\"" ], ... }To inspect the working container from the
myechoimage:Create a working container based on the
localhost/myechoimage:# buildah from localhost/myechoInspect the
myecho-working-containercontainer:# buildah inspect ubi-working-container { "Type": "buildah 0.0.1", "FromImage": "registry.access.redhat.com/ubi8/ubi:latest", "FromImageID": "272209ff0ae5fe54c119b9c32a25887e13625c9035a1599feba654aa7638262d", "FromImageDigest": "sha256:77623387101abefbf83161c7d5a0378379d0424b2244009282acb39d42f1fe13", "Config": ... "Container": "ubi-working-container", "ContainerID": "01eab9588ae1523746bb706479063ba103f6281ebaeeccb5dc42b70e450d5ad0", "ProcessLabel": "system_u:system_r:container_t:s0:c162,c1000", "MountLabel": "system_u:object_r:container_file_t:s0:c162,c1000", ... }
21.3. Modifying a container using buildah mount
Use the buildah mount command to display information about a container or image.
Prerequisites
-
The
container-toolsmeta-package is installed. - An image built using instructions from Containerfile. For details, see section Building an image from a Containerfile with Buildah.
Procedure
Create a working container based on the
registry.access.redhat.com/ubi8/ubiimage and save the name of the container to themycontainervariable:# mycontainer=$(buildah from localhost/myecho) # echo $mycontainer myecho-working-containerMount the
myecho-working-containercontainer and save the mount point path to themymountvariable:# mymount=$(buildah mount $mycontainer) # echo $mymount /var/lib/containers/storage/overlay/c1709df40031dda7c49e93575d9c8eebcaa5d8129033a58e5b6a95019684cc25/mergedModify the
myechoscript and make it executable:# echo 'echo "We modified this container."' >> $mymount/usr/local/bin/myecho # chmod +x $mymount/usr/local/bin/myechoCreate the
myecho2image from themyecho-working-containercontainer:# buildah commit $mycontainer containers-storage:myecho2
Verification
List all images in local storage:
# buildah images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/myecho2 latest 4547d2c3e436 4 minutes ago 234 MB localhost/myecho latest b28cd00741b3 56 minutes ago 234 MBRun the
myecho2container based on thedocker.io/library/myecho2image:# podman run --name=myecho2 docker.io/library/myecho2 This container works! We even modified it.
21.4. Modifying a container using buildah copy and buildah config
Use buildah copy command to copy files to a container without mounting it. You can then configure the container using the buildah config command to run the script you created by default.
Prerequisites
-
The
container-toolsmeta-package is installed. - An image built using instructions from Containerfile. For details, see section Building an image from a Containerfile with Buildah.
Procedure
Create a script named
newechoand make it executable:# cat newecho echo "I changed this container" # chmod 755 newechoCreate a new working container:
# buildah from myecho:latest myecho-working-container-2Copy the newecho script to
/usr/local/bindirectory inside the container:# buildah copy myecho-working-container-2 newecho /usr/local/binChange the configuration to use the
newechoscript as the new entrypoint:# buildah config --entrypoint "/bin/sh -c /usr/local/bin/newecho" myecho-working-container-2Optional: Run the
myecho-working-container-2container whixh triggers thenewechoscript to be executed:# buildah run myecho-working-container-2 -- sh -c '/usr/local/bin/newecho' I changed this containerCommit the
myecho-working-container-2container to a new image calledmynewecho:# buildah commit myecho-working-container-2 containers-storage:mynewecho
Verification
List all images in local storage:
# buildah images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/mynewecho latest fa2091a7d8b6 8 seconds ago 234 MB
21.5. Pushing containers to a private registry
Use buildah push command to push an image from local storage to a public or private repository.
Prerequisites
-
The
container-toolsmeta-package is installed. - An image was built using instructions from Containerfile. For details, see section Building an image from a Containerfile with Buildah.
Procedure
Create the local registry on your machine:
# podman run -d -p 5000:5000 registry:2Push the
myecho:latestimage to thelocalhostregistry:# buildah push --tls-verify=false myecho:latest localhost:5000/myecho:latest Getting image source signatures Copying blob sha256:e4efd0... ... Writing manifest to image destination Storing signatures
Verification
List all images in the
localhostrepository:# curl http://localhost:5000/v2/_catalog {"repositories":["myecho2]} # curl http://localhost:5000/v2/myecho2/tags/list {"name":"myecho","tags":["latest"]}Inspect the
docker://localhost:5000/myecho:latestimage:# skopeo inspect --tls-verify=false docker://localhost:5000/myecho:latest | less { "Name": "localhost:5000/myecho", "Digest": "sha256:8999ff6050...", "RepoTags": [ "latest" ], "Created": "2021-06-28T14:44:05.919583964Z", "DockerVersion": "", "Labels": { "architecture": "x86_64", "authoritative-source-url": "registry.redhat.io", ... }Pull the
localhost:5000/myechoimage:# podman pull --tls-verify=false localhost:5000/myecho2 # podman run localhost:5000/myecho2 This container works!
21.6. Pushing containers to the Docker Hub
Use your Docker Hub credentials to push and pull images from the Docker Hub with the buildah command.
Prerequisites
-
The
container-toolsmeta-package is installed. - An image built using instructions from Containerfile. For details, see section Building an image from a Containerfile with Buildah.
Procedure
Push the
docker.io/library/myecho:latestto your Docker Hub. Replaceusernameandpasswordwith your Docker Hub credentials:# buildah push --creds username:password \ docker.io/library/myecho:latest docker://testaccountXX/myecho:latest
Verification
Get and run the
docker.io/testaccountXX/myecho:latestimage:Using Podman tool:
# podman run docker.io/testaccountXX/myecho:latest This container works!Using Buildah and Podman tools:
# buildah from docker.io/testaccountXX/myecho:latest myecho2-working-container-2 # podman run myecho-working-container-2
21.7. Removing containers with Buildah
Use the buildah rm command to remove containers. You can specify containers for removal with the container ID or name.
Prerequisites
-
The
container-toolsmeta-package is installed. - At least one container has been stopped.
Procedure
List all containers:
# buildah containers CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME 05387e29ab93 * c37e14066ac7 docker.io/library/myecho:latest myecho-working-containerRemove the myecho-working-container container:
# buildah rm myecho-working-container 05387e29ab93151cf52e9c85c573f3e8ab64af1592b1ff9315db8a10a77d7c22
Verification
Ensure that containers were removed:
# buildah containers
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}