Chapter 20. Working with containers using Buildah

With Buildah, you can do several operations on a container image or container from the command line. Examples of operations are: create a working container from scratch or from a container image as a starting point, create an image from a working container or using a Containerfile, configure a container’s entrypoint, labels, port, shell, and working directory. You can mount working containers directories for filesystem manipulation, delete a working container or container image, and more.

You can then create an image from a working container and push the image to the registry.

20.1. Running commands inside of the container

Use the buildah run command to execute a command from the container.

Prerequisites

  • The container-tools meta-package is installed.
  • A pulled image is available on the local system.

Procedure

  • Display the operating system version: 

    # buildah run ubi-working-container cat /etc/redhat-release
Red Hat Enterprise Linux release 8.4 (Ootpa)

Additional resources

  • buildah-run man page

20.2. Inspecting containers and images with Buildah

Use the buildah inspect command to display information about a container or image.

Prerequisites

Procedure

  • Inspect the image:

    • To inspect the myecho image, enter: 

      # buildah inspect localhost/myecho
 {
    "Type": "buildah 0.0.1",
    "FromImage": "localhost/myecho:latest",
    "FromImageID": "b28cd00741b38c92382ee806e1653eae0a56402bcd2c8d31bdcd36521bc267a4",
    "FromImageDigest": "sha256:0f5b06cbd51b464fabe93ce4fe852a9038cdd7c7b7661cd7efef8f9ae8a59585",
    "Config":
    ...
     "Entrypoint": [
                "/bin/sh",
                "-c",
                "\"/usr/local/bin/myecho\""
            ],
    ...
}

    • To inspect the working container from the myecho image:

      1. Create a working container based on the localhost/myecho image: 

        # buildah from localhost/myecho

      2. Inspect the myecho-working-container container: 

        # buildah inspect ubi-working-container
{
    "Type": "buildah 0.0.1",
    "FromImage": "registry.access.redhat.com/ubi8/ubi:latest",
    "FromImageID": "272209ff0ae5fe54c119b9c32a25887e13625c9035a1599feba654aa7638262d",
    "FromImageDigest": "sha256:77623387101abefbf83161c7d5a0378379d0424b2244009282acb39d42f1fe13",
    "Config":
    ...
"Container": "ubi-working-container",
"ContainerID": "01eab9588ae1523746bb706479063ba103f6281ebaeeccb5dc42b70e450d5ad0",
"ProcessLabel": "system_u:system_r:container_t:s0:c162,c1000",
"MountLabel": "system_u:object_r:container_file_t:s0:c162,c1000",
...
}

Additional resources

  • buildah-inspect man page

20.3. Modifying a container using buildah mount

Use the buildah mount command to display information about a container or image.

Prerequisites

Procedure

  1. Create a working container based on the registry.access.redhat.com/ubi8/ubi image and save the name of the container to the mycontainer variable: 

    # mycontainer=$(buildah from localhost/myecho)

# echo $mycontainer
myecho-working-container

  2. Mount the myecho-working-container container and save the mount point path to the mymount variable: 

    # mymount=$(buildah mount $mycontainer)

# echo $mymount
/var/lib/containers/storage/overlay/c1709df40031dda7c49e93575d9c8eebcaa5d8129033a58e5b6a95019684cc25/merged

  3. Modify the myecho script and make it executable: 

    # echo 'echo "We modified this container."' >> $mymount/usr/local/bin/myecho
# chmod +x $mymount/usr/local/bin/myecho

  4. Create the myecho2 image from the myecho-working-container container: 

    # buildah commit $mycontainer containers-storage:myecho2

Verification

  1. List all images in local storage: 

    # buildah images
REPOSITORY                                  TAG      IMAGE ID       CREATED          SIZE
docker.io/library/myecho2                   latest   4547d2c3e436   4 minutes ago    234 MB
localhost/myecho                            latest   b28cd00741b3   56 minutes ago   234 MB

  2. Run the myecho2 container based on the docker.io/library/myecho2 image: 

    # podman run --name=myecho2 docker.io/library/myecho2
This container works!
We even modified it.

Additional resources

  • buildah-mount man page
  • buildah-commit man page

20.4. Modifying a container using buildah copy and buildah config

Use buildah copy command to copy files to a container without mounting it. You can then configure the container using the buildah config command to run the script you created by default.

Prerequisites

Procedure

  1. Create a script named newecho and make it executable: 

    # cat newecho
echo "I changed this container"
# chmod 755 newecho

  2. Create a new working container: 

    # buildah from myecho:latest
myecho-working-container-2

  3. Copy the newecho script to /usr/local/bin directory inside the container: 

    # buildah copy myecho-working-container-2 newecho /usr/local/bin

  4. Change the configuration to use the newecho script as the new entrypoint: 

    # buildah config --entrypoint "/bin/sh -c /usr/local/bin/newecho" myecho-working-container-2

  5. Optional: Run the myecho-working-container-2 container whixh triggers the newecho script to be executed: 

    # buildah run myecho-working-container-2 -- sh -c '/usr/local/bin/newecho'
I changed this container

  6. Commit the myecho-working-container-2 container to a new image called mynewecho: 

    # buildah commit myecho-working-container-2 containers-storage:mynewecho

Verification

  • List all images in local storage: 

    # buildah images
REPOSITORY                                  TAG      IMAGE ID       CREATED         SIZE
docker.io/library/mynewecho                 latest   fa2091a7d8b6   8 seconds ago   234 MB

Additional resources

  • buildah-copy man page
  • buildah-config man page
  • buildah-commit man page
  • buildah-run man page

20.5. Pushing containers to a private registry

Use buildah push command to push an image from local storage to a public or private repository.

Prerequisites

Procedure

  1. Create the local registry on your machine: 

    # podman run -d -p 5000:5000 registry:2

  2. Push the myecho:latest image to the localhost registry: 

    #  buildah push --tls-verify=false myecho:latest localhost:5000/myecho:latest
Getting image source signatures
Copying blob sha256:e4efd0...
...
Writing manifest to image destination
Storing signatures

Verification

  1. List all images in the localhost repository: 

    # curl http://localhost:5000/v2/_catalog
{"repositories":["myecho2]}


# curl http://localhost:5000/v2/myecho2/tags/list
{"name":"myecho","tags":["latest"]}

  2. Inspect the docker://localhost:5000/myecho:latest image: 

    # skopeo inspect --tls-verify=false docker://localhost:5000/myecho:latest | less
{
    "Name": "localhost:5000/myecho",
    "Digest": "sha256:8999ff6050...",
    "RepoTags": [
        "latest"
    ],
    "Created": "2021-06-28T14:44:05.919583964Z",
    "DockerVersion": "",
    "Labels": {
        "architecture": "x86_64",
        "authoritative-source-url": "registry.redhat.io",
    ...
}

  3. Pull the localhost:5000/myecho image: 

    # podman pull --tls-verify=false localhost:5000/myecho2
# podman run localhost:5000/myecho2
This container works!

Additional resources

  • buildah-push man page

20.6. Pushing containers to the Docker Hub

Use your Docker Hub credentials to push and pull images from the Docker Hub with the buildah command.

Prerequisites

Procedure

  1. Push the docker.io/library/myecho:latest to your Docker Hub. Replace username and password with your Docker Hub credentials: 

    # buildah push --creds username:password \
  docker.io/library/myecho:latest docker://testaccountXX/myecho:latest

Verification

  • Get and run the docker.io/testaccountXX/myecho:latest image:

    • Using Podman tool: 

      # podman run docker.io/testaccountXX/myecho:latest
This container works!

    • Using Buildah and Podman tools: 

      # buildah from docker.io/testaccountXX/myecho:latest
myecho2-working-container-2
# podman run myecho-working-container-2

Additional resources

  • buildah-push man page

20.7. Removing containers with Buildah

Use the buildah rm command to remove containers. You can specify containers for removal with the container ID or name.

Prerequisites

  • The container-tools meta-package is installed.
  • At least one container has been stopped.

Procedure

  1. List all containers: 

    # buildah containers
CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
05387e29ab93     *     c37e14066ac7 docker.io/library/myecho:latest  myecho-working-container

  2. Remove the myecho-working-container container: 

    # buildah rm myecho-working-container
05387e29ab93151cf52e9c85c573f3e8ab64af1592b1ff9315db8a10a77d7c22

Verification

  • Ensure that containers were removed: 

    # buildah containers

Additional resources

  • buildah-rm man page