RHEL8: Container management by Buildah, Skopeo & Podman [+Video]

Container, LINUX 3 Minutes

With the release of the RHEL 8, there is a new set of container tools which allow users to find, run, build, and share containers are introduced. And are compliant with the same Open Containers Initiative (OCI) standards. It is investing in CRI-O and podman participating in the Open Containers Initiative standards and discouraging the need of docker as container engine.

[Image courtesy RedHat]
pic1
They are simply provided by RHEL image and installed using dnf or yum:

# yum install container-* buildah podman skopeo

pic2

KEY COMPONENT

CRI-O: is meant to provide an integration path between OCI conformant runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes.

BUILDAH: It allows to build containers either from existing container or from scratch or from a DockerFile. The images are all compatible with other container Engines and can be accessed from any container repositories.

PODMAN: It has complete tool set for management of containers and container image.

SKOPEO: With skopeo, we can work with container images from registries without using the docker daemon or the docker command.

WHY BUILDAH OVER DOCKER ?

There are major reasons for choosing buildah, even if you are old docker user:

  • Daemonless so no container environment is required for functionality.
  • Flexibity: The major enhancement over docker, where users are forced to pick a base image to start, rather than building their own.
  • Reduced size of image as no external build tools required for image creation.

IMAGE CREATION USING BUILDAH

Instead of starting with a base image, you can create a new container that holds no content and only a small amount of container metadata. To create a balnk image with no content use below:

# buildah from scratch

pic3
Now in order to use this empty image, mount it over the system and inserting necessary components.

# scratchmnt=$(buildah mount working-container)

This above command has created an overlay file-system, for entering into our scratch image.

# echo $scratchmnt

pic4

Now to use it, initialize a rpm database and the necessary release information to deploy correct packages.

# yum install -y --releasever=8 --installroot=$scratchmnt redhat-release

pic5
Now setting up repositories and their cache along with installing required images

# yum install -y --setopt=reposdir=/etc/yum.repos.d --installroot=$scratchmnt --setopt=cachedir=/var/cache/dnf httpd systemd

pic6
One can explore the image structure to see if necessary changes done
pic7
Now updating image index.html with some customized content.

# echo "Your httpd container from scratch worked." > $scratchmnt/var/www/html/index.html

pic8
Setting up few buildah configs and packing the images (WITH INTENTIONAL ERRORS)

# buildah config --cmd "systemctl start httpd" working-container
# buildah config --port 80/tcp working-container
# time buildah commit working-container localhost/myfirstcontainer:v1

pic10
Checking newly created image

# buildah images -a

pic11

EXPLORING PODMAN FOR CONTAINER MANAGEMENT

We can also check container images with podman command as well

# podman images

pic12

# podman run -p 8080:80 -d --name my-httpd-server localhost/myfirstcontainer:v1

pic13
Analyzing the logs if container ran successful
pic14

FIXING ISSUES WITH existing image

# scratchmnt=$(buildah mount working-container)
# buildah config --cmd "systemctl stop httpd" working-container
# buildah config --cmd "/usr/sbin/httpd -DFOREGROUND" working-container
# buildah commit working-container localhost/myfirstcontainer:v2

pic15
Viewing newly visible image and Creating container with new image
pic16

# podman run -p 8080:80 -d --name my-httpd-server localhost/myfirstcontainer:v2

Testing containers

# curl localhost:8080

pic17

Removing containers using Buildah

# buildah containers
# buildah mount
# buildah umount 9f1e702f9593
# buildah rm 9f1e702f9593

pic18
Tag the image to appropriate repo name

# buildah tag localhost/myfirstcontainer:v2 docker.io/hgangwar/myfirstcontainer:v2

pic20

# buildah push --creds <username>:<Password> docker.io/hgangwar/myfirstcontainer:v2 docker://hgangwar/myfirstcontainer:v2

pic19
Your new image is available on docker hub for use, modify and share 🙂
pic21

INSPECTING CONTAINER IMAGE WITH SKOPEO

To inspect using skopeo we need below information:

  • Location of registry
  • Container format
  • repository/image
# skopeo inspect docker://hgangwar/mysql:latest

pic22

Below is the video link for some of the activities we performed above:

– Image creation & Container Management using Buildah & Podman

 

Published by Hemant Gangwar

10+ years core Experience Linux System Administration, along with working exposure of Containerisation, Automation, Configuration Management, Virtualization, Scripting, Clustering, Database and several opensource technologies. Certified specialist in Linux (RHCA in infrastructure), Vmware, Veritas, Ansible, Puppet, Kubernetes, Openshift, OS Hardening.

Published

2 thoughts on “RHEL8: Container management by Buildah, Skopeo & Podman [+Video]

Leave a comment