Red Hat Enterprise Linux 8 (RHEL8) 的新玩意 第2篇 之容器工具 buildah
buildah
顾名思义,buildah 是一个用来生成,操作OCI (Open Container Initiative) 容器的工具. 那它都有些什么过人之处,要在RHEL8中引入它?
让我们来看一下:
- 可以从无到有生成一个容器镜像; 也可以通过一个镜像来生成一个新的容器镜像
- 如同 podman 一样,不要daemon 的支持,轻量,快捷. 支持容器,容器镜像的查看
- 更安全,灵活.生成容器镜像时,可以移除make, gcc, fnd 等编译,开发,生级的工具,使生成容器镜像更稳固
- 直接挂载一个容器镜像,然后对其进行修改; 或者卸载容器的根文件系统
- 通过更新一个容器的根文件系统,由它作为基础生成一个新的容器镜像
- 对本地容器的重命名, 删除一个容器或者一个容器镜像
下面我们来通过一些例子看具体看看buildah的特性
容器的生成
1 通过 dockerfile 来生成 (也叫 from scratch ).
编写一个简单的Dockerfile, 生成一个镜像,然后输出 HELLO BUILDAH
1
2
3
4
5[root@rhel8 buildahbuild]# cat Dockerfile
# This is a test dockerfile
FROM docker.io/library/fedora:29
ENTRYPOINT ["/usr/bin/hello_buildah.sh"]
RUN echo $'#!/bin/sh \n echo " *** HELLO BUILDAH *** "'>/usr/bin/hello_buildah.sh && chmod +x /usr/bin/hello_buildah.sh执行命令生成一个容器镜像
1
[root@rhel8 buildahbuild]# buildah build-using-dockerfile -t hello_buildah --format oci .
1
2
3
4
5
6
7
8
9
10
11
12
13
14[root@rhel8 buildahbuild]# buildah build-using-dockerfile -t hello_buildah --format oci .
STEP 1: FROM docker.io/library/fedora:29
STEP 2: ENTRYPOINT ["/usr/bin/hello_buildah.sh"]
STEP 3: RUN echo $'#!/bin/sh \n echo " *** HELLO BUILDAH *** "'>/usr/bin/hello_buildah.sh && chmod +x /usr/bin/hello_buildah.sh
STEP 4: COMMIT containers-storage:[overlay@/var/lib/containers/storage+/var/run/containers/storage:overlay.override_kernel_check=true]localhost/hello_buildah:latest
Getting image source signatures
Skipping fetch of repeat blob sha256:b7ba3be6a0d6426356fc49f538f0f929ed00e51a0a90906e354a345d46e23a8b
Copying blob sha256:01e6ea24a0ce0bbd37204075038d46fb8fc345c2c0bf7b18153d01c361f0b3c7
243 B / 243 B [============================================================] 0s
Copying config sha256:33fdf51b925a6d02542c94fc3a4bf85a7375e2b039e5592985fdc1ba87498afa
1.12 KiB / 1.12 KiB [======================================================] 0s
Writing manifest to image destination
Storing signatures
--> 33fdf51b925a6d02542c94fc3a4bf85a7375e2b039e5592985fdc1ba87498afa查看且运行测试我们刚刚生成的容器镜像
1
2[root@rhel8 buildahbuild]# podman image ls |grep buildah
localhost/hello_buildah latest 33fdf51b925a 13 seconds ago 283 MB1
2[root@rhel8 buildahbuild]# podman run hello_buildah
*** HELLO BUILDAH ***2 通过修改运行中的容器来生成一个新的容器镜像
先找到我们想要作为基础的镜像
1
2[root@rhel8 buildahbuild]# buildah images |grep hello_buildah
localhost/hello_buildah latest 33fdf51b925a May 17, 2019 23:03 283 MB运行这个容器
1
2[root@rhel8 buildahbuild]# buildah from hello_buildah
hello_buildah-working-container我们基于这个运行中容器来进行修改.
1
2
3[root@rhel8 buildahbuild]# buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
6d075a79f753 * 33fdf51b925a localhost/hello_buildah:latest hello_buildah-working-container挂载这个容器的根文件系统
1
2[root@rhel8 buildahbuild]# buildah mount 6d075a79f753
/var/lib/containers/storage/overlay/72f5d68a6659af57a198d28733baf8f64d279e29d02095ae2ef3d5c8f2cb9a42/merged修改它的内容(使用vi 然后添加 AGAIN)
1
[root@rhel8 buildahbuild]# vi /var/lib/containers/storage/overlay/72f5d68a6659af57a198d28733baf8f64d279e29d02095ae2ef3d5c8f2cb9a42/merged/usr/bin/hello_buildah.sh
卸载这个容器的根文件
1
2[root@rhel8 buildahbuild]# buildah unmount 6d075a79f753
6d075a79f75303c4a8e58f38ebb2997bd11c8238dda43f1bbc4d3ead97e3db17提交我们刚刚作出的修改
1
2
3
4
5
6
7
8
9
10
11[root@rhel8 buildahbuild]# buildah commit 6d075a79f753 hello_buildah:hello_buildah_again
Getting image source signatures
Skipping fetch of repeat blob sha256:b7ba3be6a0d6426356fc49f538f0f929ed00e51a0a90906e354a345d46e23a8b
Skipping fetch of repeat blob sha256:f40cea9cee51b2055a9a2db587680e7ad77236c95af1466c8d61e6a5106f1d7d
Copying blob sha256:31d09f99841c33a71ad2262826d65ca1e5a07cb153fd160519e6aa90a1dd727b
219 B / 219 B [============================================================] 0s
Copying config sha256:098b5186345f406c24a02cb18aa4bc26a5ab4e677b7cbd75500ce51a781387a1
1.23 KiB / 1.23 KiB [======================================================] 0s
Writing manifest to image destination
Storing signatures
098b5186345f406c24a02cb18aa4bc26a5ab4e677b7cbd75500ce51a781387a1运行测试验证
1
2[root@rhel8 buildahbuild]# podman run localhost/hello_buildah:hello_buildah_again
*** HELLO BUILDAH AGAIN***3 通过 buildah run 生成一个容器镜像 (可以实时定制,比如此添加,删除包,作特殊配置等).
启动一个容器镜像
1
2[root@rhel8 buildahbuild]# buildah from localhost/fedora_29
fedora_29-working-container安装gcc开发包(删除包的操作也类似)
1
2
3
4
5[root@rhel8 buildahbuild]# buildah run fedora_29-working-container yum install gcc -y
Fedora Modular 29 -x86_64 68 kB/s | 1.5 MB 00:22
Fedora Modular 29 - x86_64 - Updates 246 kB/s | 2.4 MB 00:10
......
Complete!指定要执行的命令
1
[root@rhel8 buildahbuild]# buildah config --cmd "gcc -v" fedora_29-working-container
提交修改
1
2
3
4
5
6
7
8
9
10[root@rhel8 buildahbuild]# buildah commit fedora_29-working-container fedora_29_with_gcc
Getting image source signatures
Skipping fetch of repeat blob sha256:b7ba3be6a0d6426356fc49f538f0f929ed00e51a0a90906e354a345d46e23a8b
Copying blob sha256:bd3948f7d2c959300d42d56af86b97cdfedaf4c9b0268213905dbad7977d4dc1
214.84 MiB / 214.84 MiB [=================================================] 10s
Copying config sha256:789cb4f453c30271211fbc0a77c0cb913ff16746be2914377e5cba39839d855d
1.09 KiB / 1.09 KiB [======================================================] 0s
Writing manifest to image destination
Storing signatures
789cb4f453c30271211fbc0a77c0cb913ff16746be2914377e5cba39839d855d运行测试验证
1
2
3
4
5
6
7
8
9
10[root@rhel8 buildahbuild]# podman run fedora_29_with_gcc
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/8/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-redhat-linux
Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,fortran,objc,obj-c++,ada,go,lto --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --with-isl --enable-libmpx --enable-offload-targets=nvptx-none --without-cuda-driver --enable-gnu-indirect-function --enable-cet --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 8.3.1 20190223 (Red Hat 8.3.1-2) (GCC)查看运行中的容器,查看容器镜像
查看运行中的容器
1
2
3[root@rhel8 buildahbuild]# buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
3f71cb46good * a80dad1cgood registry.redhat.io/rhel8-beta:latest rhel8-beta-working-container查看容器镜像
1
2
3
4
5[root@rhel8 buildahbuild]# buildah images
IMAGE NAME MAGE TAG IMAGE ID CREATED AT SIZE
registry.redhat.io/rhel8-beta latest a80dad1c1953 Nov 14, 2018 02:11 210 MB
docker.io/library/fedora 29 d09302f77cfc Mar 12, 2019 08:20 283 MB
localhost/hello_buildah latest 33fdf51b925a May 17, 2019 23:03 283 MB容器的重命名, 删除容器或者删除容器镜像
容器重新命名命令
1
# buildah rename 6d075a79f753 localhost/hello_buildah_again
查看容器,找出容器ID
1
2
3[root@rhel8 buildahbuild]# buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
6d075a79f753 * 33fdf51b925a localhost/hello_buildah:latest localhost/hello_buildah_again容器重新命名
1
[root@rhel8 buildahbuild]# buildah rename 6d075a79f753 localhost/hello_buildah_again
确认
1
2
3[root@rhel8 buildahbuild]# buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
6d075a79f753 * 33fdf51b925a localhost/hello_buildah:latest localhost/hello_buildah_again容器删除命令
1
# buildah rm 6d075a79f753
查看容器,找出容器ID
1
2
3[root@rhel8 buildahbuild]# buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
6d075a79f753 * 33fdf51b925a localhost/hello_buildah:latest localhost/hello_buildah_again删除容器
1
2[root@rhel8 buildahbuild]# buildah rm 6d075a79f753
6d075a79f75303c4a8e58f38ebb2997bd11c8238dda43f1bbc4d3ead97e3db17确认
1
2[root@rhel8 buildahbuild]# buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME容器镜像删除命令
1
# buildah rmi a292528dfb8c
查看镜像,找出镜像ID
1
2[root@rhel8 buildahbuild]# buildah images |grep -w hello_podman
localhost/rhel8-beta hello_podman a292528dfb8c May 16, 2019 10:43 210 MB删除镜像
1
2[root@rhel8 buildahbuild]# buildah rmi a292528dfb8c
e010d561555d180015d6c0d30a3f67fa602ea1ae54628d5666235db42f43433a确认
1
[root@rhel8 buildahbuild]# buildah images |grep -w hello_podman
好, Red Hat Enterprise Linux 8 (RHEL8) 的新玩意 第2篇 之容器工具 buildah. 想要了解更多? 可以参考 man buildah 和 buildah -h
想要亲手玩一下新玩具? 请随时去 https://www.redhat.com 下载最新的 REHL 8 咯也欢迎关注
addos
微信公众号获取更多的,有意思的新玩具 :-)