Project Atomic, through their efforts on the Open Container Initiative (OCI), have created a great tool called Buildah. Buildah helps with creating, building and updating container images supporting Docker formatted images as well as OCI compliant images.
Buildah handles building container images without the need to have a full container runtime or daemon installed. This particularly shines for setting up a continuous integration and continuous delivery pipeline for building containers.
Buildah makes the container’s filesystem directly available to the build host. Meaning that the build tooling is available on the host and not needed in the container image, keeping the build faster and the image smaller and safer. There are Buildah packages for CentOS, Fedora, and Debian.
Since Fedora 26 Buildah can be installed using dnf.
$ sudo dnf install buildah -y
The current version of buildah is 0.16, which can be displayed by the following command.
$ buildah --version
The first step needed to build a container image is to get a base image, this is done by the FROM statement in a Dockerfile. Buildah does handle this in a similar way.
$ sudo buildah from fedora
This command pulls the Fedora based image and stores it on the host. It is possible to inspect the images available on the host, by running the following.
$ sudo buildah images IMAGE ID IMAGE NAME CREATED AT SIZE 9110ae7f579f docker.io/library/fedora:latest Mar 7, 2018 20:51 234.7 MB
After pulling the base image, a running container instance of this image is available, this is a “working-container”.
The following command displays the running containers.
$ sudo buildah containers CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME 6112db586ab9 * 9110ae7f579f docker.io/library/fedora:latest fedora-working-container
Buildah also provides a very useful command to stop and remove all the containers that are currently running.
$ sudo buildah rm --all
The full list of command is available using the –help option.
$ buildah --help
Building an Apache web server container image
Let’s see how to use Buildah to install an Apache web server on a Fedora base image, then copy a custom index.html to be served by the server.
First let’s create the custom index.html.
$ echo "Hello Fedora Magazine !!!" > index.html
Then install the httpd package inside the running container.
$ sudo buildah from fedora $ sudo buildah run fedora-working-container dnf install httpd -y
Let’s copy index.html to /var/www/html/.
$ sudo buildah copy fedora-working-container index.html /var/www/html/index.html
Then configure the container entrypoint to start httpd.
$ sudo buildah config --entrypoint "/usr/sbin/httpd -DFOREGROUND" fedora-working-container
Now to make the “working-container” available, the commit command saves the container to an image.
$ sudo buildah commit fedora-working-container hello-fedora-magazine
The hello-fedora-magazine image is now available, and can be pushed to a registry to be used.
$ sudo buildah images IMAGE ID IMAGE NAME CREATED AT SIZE 9110ae7f579f docker.io/library/fedora:latest Mar 7, 2018 22:51 234.7 MB 49bd5ec5be71 docker.io/library/hello-fedora-magazine:latest Apr 27, 2018 11:01 427.7 MB
It is also possible to use Buildah to test this image by running the following steps.
$ sudo buildah from --name=hello-magazine docker.io/library/hello-fedora-magazine $ sudo buildah run hello-magazine
Accessing http://localhost will display “Hello Fedora Magazine !!!“
You may have issues with Buildah executing entrypoint as this is not the expected behaviour from Buildah. Your final command to ‘buildah run hello-magazine’ should use ‘podman run’ if you want it to use the configured container entrypoint.
Had tested and works fine
The version used for this test may have worked correctly, but future versions may experience issues as it isn’t expected behaviour:
Apologies, this is related to parameters on entrypoint.
It is very nice Ashutosh sir. I am also working on Aws,Docker,Swarm ,Ec2 etc .Now a days buildah is very useful for updating and building the container images.
Is that same way to install in redhat as well or not ?
Being in New England, gotta love the name! (It is how Builder would be pronounced with a local accent).
Paul W. Frields
@Erik: That’s exactly how it got its name — a tribute to the very pronounced accent of Dan Walsh, who works on container technologies.
I’m a little disappointed, though, because at no point does anyone ever point out that Buildah is “a wicked good tool for maintaining yah containahs”. #MissedOpportunity
“Buildah makes the container’s filesystem directly available to the build host”
That is good news. Perhaps, utilities from container host can be leveraged as a part of the build now and that would in turn enhance the overall performance of the build process.
Impressive and quite self-explanatory article Ashutosh Sir. Good work.
It is very nice Ashutosh sir. I am also working on docker .Now a days buildah is very useful for updating and building the container images.
It is easy to use.
Very helpful article to start with Buildah . People currently working on Docker should definately try out Buildah.
Keecheril Jobin Varghese
Perfectly explained. Thank you for making it easier to understand!
Personally, I don’t understand the ‘sudos’ in every single command. Do they really need to be there? I would like to see a tool that is able to create a container image from host without having to use a privileged user.
Does buildah allows more than one process to run inside a single container? Taking back the httpd example in the article, I need redis server to run in the same container along with httpd. Does builah has an init system to manage multiple services?