Red Hat Enterprise Linux 8 的新玩意 第2篇 之容器工具 buildah

Red Hat Enterprise Linux 8 (RHEL8) 的新玩意 第2篇 之容器工具 buildah

buildah

顾名思义,buildah 是一个用来生成,操作OCI (Open Container Initiative) 容器的工具. 那它都有些什么过人之处,要在RHEL8中引入它?
让我们来看一下:

  • 可以从无到有生成一个容器镜像; 也可以通过一个镜像来生成一个新的容器镜像
  • 如同 podman 一样,不要daemon 的支持,轻量,快捷. 支持容器,容器镜像的查看
  • 更安全,灵活.生成容器镜像时,可以移除make, gcc, fnd 等编译,开发,生级的工具,使生成容器镜像更稳固
  • 直接挂载一个容器镜像,然后对其进行修改; 或者卸载容器的根文件系统
  • 通过更新一个容器的根文件系统,由它作为基础生成一个新的容器镜像
  • 对本地容器的重命名, 删除一个容器或者一个容器镜像

下面我们来通过一些例子看具体看看buildah的特性

容器的生成

1 通过 dockerfile 来生成 (也叫 from scratch ).

  • 编写一个简单的Dockerfile, 生成一个镜像,然后输出 HELLO BUILDAH

    1
    2
    3
    4
    5
    [root@rhel8 buildahbuild]# cat Dockerfile
    # This is a test dockerfile
    FROM docker.io/library/fedora:29
    ENTRYPOINT ["/usr/bin/hello_buildah.sh"]
    RUN echo $'#!/bin/sh \n echo " *** HELLO BUILDAH *** "'>/usr/bin/hello_buildah.sh && chmod +x /usr/bin/hello_buildah.sh
  • 执行命令生成一个容器镜像

    1
    [root@rhel8 buildahbuild]# buildah build-using-dockerfile -t hello_buildah --format oci .
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    [root@rhel8 buildahbuild]# buildah build-using-dockerfile -t hello_buildah --format oci .
    STEP 1: FROM docker.io/library/fedora:29
    STEP 2: ENTRYPOINT ["/usr/bin/hello_buildah.sh"]
    STEP 3: RUN echo $'#!/bin/sh \n echo " *** HELLO BUILDAH *** "'>/usr/bin/hello_buildah.sh && chmod +x /usr/bin/hello_buildah.sh
    STEP 4: COMMIT containers-storage:[overlay@/var/lib/containers/storage+/var/run/containers/storage:overlay.override_kernel_check=true]localhost/hello_buildah:latest
    Getting image source signatures
    Skipping fetch of repeat blob sha256:b7ba3be6a0d6426356fc49f538f0f929ed00e51a0a90906e354a345d46e23a8b
    Copying blob sha256:01e6ea24a0ce0bbd37204075038d46fb8fc345c2c0bf7b18153d01c361f0b3c7
    243 B / 243 B [============================================================] 0s
    Copying config sha256:33fdf51b925a6d02542c94fc3a4bf85a7375e2b039e5592985fdc1ba87498afa
    1.12 KiB / 1.12 KiB [======================================================] 0s
    Writing manifest to image destination
    Storing signatures
    --> 33fdf51b925a6d02542c94fc3a4bf85a7375e2b039e5592985fdc1ba87498afa
  • 查看且运行测试我们刚刚生成的容器镜像

    1
    2
    [root@rhel8 buildahbuild]# podman image ls |grep buildah
    localhost/hello_buildah latest 33fdf51b925a 13 seconds ago 283 MB
    1
    2
    [root@rhel8 buildahbuild]# podman run hello_buildah
    *** HELLO BUILDAH ***

    2 通过修改运行中的容器来生成一个新的容器镜像

  • 先找到我们想要作为基础的镜像

    1
    2
    [root@rhel8 buildahbuild]# buildah images |grep hello_buildah
    localhost/hello_buildah latest 33fdf51b925a May 17, 2019 23:03 283 MB
  • 运行这个容器

    1
    2
    [root@rhel8 buildahbuild]# buildah from hello_buildah
    hello_buildah-working-container
  • 我们基于这个运行中容器来进行修改.

    1
    2
    3
    [root@rhel8 buildahbuild]# buildah containers
    CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
    6d075a79f753 * 33fdf51b925a localhost/hello_buildah:latest hello_buildah-working-container
  • 挂载这个容器的根文件系统

    1
    2
    [root@rhel8 buildahbuild]# buildah mount 6d075a79f753
    /var/lib/containers/storage/overlay/72f5d68a6659af57a198d28733baf8f64d279e29d02095ae2ef3d5c8f2cb9a42/merged
  • 修改它的内容(使用vi 然后添加 AGAIN)

    1
    [root@rhel8 buildahbuild]# vi /var/lib/containers/storage/overlay/72f5d68a6659af57a198d28733baf8f64d279e29d02095ae2ef3d5c8f2cb9a42/merged/usr/bin/hello_buildah.sh
  • 卸载这个容器的根文件

    1
    2
    [root@rhel8 buildahbuild]# buildah unmount 6d075a79f753
    6d075a79f75303c4a8e58f38ebb2997bd11c8238dda43f1bbc4d3ead97e3db17
  • 提交我们刚刚作出的修改

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    [root@rhel8 buildahbuild]# buildah commit 6d075a79f753 hello_buildah:hello_buildah_again
    Getting image source signatures
    Skipping fetch of repeat blob sha256:b7ba3be6a0d6426356fc49f538f0f929ed00e51a0a90906e354a345d46e23a8b
    Skipping fetch of repeat blob sha256:f40cea9cee51b2055a9a2db587680e7ad77236c95af1466c8d61e6a5106f1d7d
    Copying blob sha256:31d09f99841c33a71ad2262826d65ca1e5a07cb153fd160519e6aa90a1dd727b
    219 B / 219 B [============================================================] 0s
    Copying config sha256:098b5186345f406c24a02cb18aa4bc26a5ab4e677b7cbd75500ce51a781387a1
    1.23 KiB / 1.23 KiB [======================================================] 0s
    Writing manifest to image destination
    Storing signatures
    098b5186345f406c24a02cb18aa4bc26a5ab4e677b7cbd75500ce51a781387a1
  • 运行测试验证

    1
    2
    [root@rhel8 buildahbuild]# podman run localhost/hello_buildah:hello_buildah_again
    *** HELLO BUILDAH AGAIN***

    3 通过 buildah run 生成一个容器镜像 (可以实时定制,比如此添加,删除包,作特殊配置等).

  • 启动一个容器镜像

    1
    2
    [root@rhel8 buildahbuild]# buildah from localhost/fedora_29
    fedora_29-working-container
  • 安装gcc开发包(删除包的操作也类似)

    1
    2
    3
    4
    5
    [root@rhel8 buildahbuild]# buildah  run fedora_29-working-container yum install gcc -y
    Fedora Modular 29 -x86_64 68 kB/s | 1.5 MB 00:22
    Fedora Modular 29 - x86_64 - Updates 246 kB/s | 2.4 MB 00:10
    ......
    Complete!
  • 指定要执行的命令

    1
    [root@rhel8 buildahbuild]# buildah config --cmd "gcc -v" fedora_29-working-container
  • 提交修改

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    [root@rhel8 buildahbuild]# buildah commit fedora_29-working-container fedora_29_with_gcc
    Getting image source signatures
    Skipping fetch of repeat blob sha256:b7ba3be6a0d6426356fc49f538f0f929ed00e51a0a90906e354a345d46e23a8b
    Copying blob sha256:bd3948f7d2c959300d42d56af86b97cdfedaf4c9b0268213905dbad7977d4dc1
    214.84 MiB / 214.84 MiB [=================================================] 10s
    Copying config sha256:789cb4f453c30271211fbc0a77c0cb913ff16746be2914377e5cba39839d855d
    1.09 KiB / 1.09 KiB [======================================================] 0s
    Writing manifest to image destination
    Storing signatures
    789cb4f453c30271211fbc0a77c0cb913ff16746be2914377e5cba39839d855d
  • 运行测试验证

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    [root@rhel8 buildahbuild]# podman run fedora_29_with_gcc
    Using built-in specs.
    COLLECT_GCC=gcc
    COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/8/lto-wrapper
    OFFLOAD_TARGET_NAMES=nvptx-none
    OFFLOAD_TARGET_DEFAULT=1
    Target: x86_64-redhat-linux
    Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,fortran,objc,obj-c++,ada,go,lto --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --with-isl --enable-libmpx --enable-offload-targets=nvptx-none --without-cuda-driver --enable-gnu-indirect-function --enable-cet --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
    Thread model: posix
    gcc version 8.3.1 20190223 (Red Hat 8.3.1-2) (GCC)

    查看运行中的容器,查看容器镜像

  • 查看运行中的容器

    1
    2
    3
    [root@rhel8 buildahbuild]# buildah containers
    CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
    3f71cb46good * a80dad1cgood registry.redhat.io/rhel8-beta:latest rhel8-beta-working-container
  • 查看容器镜像

    1
    2
    3
    4
    5
    [root@rhel8 buildahbuild]# buildah images
    IMAGE NAME MAGE TAG IMAGE ID CREATED AT SIZE
    registry.redhat.io/rhel8-beta latest a80dad1c1953 Nov 14, 2018 02:11 210 MB
    docker.io/library/fedora 29 d09302f77cfc Mar 12, 2019 08:20 283 MB
    localhost/hello_buildah latest 33fdf51b925a May 17, 2019 23:03 283 MB

    容器的重命名, 删除容器或者删除容器镜像

  • 容器重新命名命令

    1
    # buildah rename 6d075a79f753 localhost/hello_buildah_again
  • 查看容器,找出容器ID

    1
    2
    3
    [root@rhel8 buildahbuild]# buildah containers
    CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
    6d075a79f753 * 33fdf51b925a localhost/hello_buildah:latest localhost/hello_buildah_again
  • 容器重新命名

    1
    [root@rhel8 buildahbuild]# buildah rename 6d075a79f753 localhost/hello_buildah_again
  • 确认

    1
    2
    3
    [root@rhel8 buildahbuild]# buildah containers
    CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
    6d075a79f753 * 33fdf51b925a localhost/hello_buildah:latest localhost/hello_buildah_again
  • 容器删除命令

    1
    # buildah rm 6d075a79f753
  • 查看容器,找出容器ID

    1
    2
    3
    [root@rhel8 buildahbuild]# buildah containers
    CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
    6d075a79f753 * 33fdf51b925a localhost/hello_buildah:latest localhost/hello_buildah_again
  • 删除容器

    1
    2
    [root@rhel8 buildahbuild]# buildah rm 6d075a79f753
    6d075a79f75303c4a8e58f38ebb2997bd11c8238dda43f1bbc4d3ead97e3db17
  • 确认

    1
    2
    [root@rhel8 buildahbuild]# buildah containers
    CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
  • 容器镜像删除命令

    1
    # buildah rmi a292528dfb8c
  • 查看镜像,找出镜像ID

    1
    2
    [root@rhel8 buildahbuild]# buildah images |grep -w hello_podman
    localhost/rhel8-beta hello_podman a292528dfb8c May 16, 2019 10:43 210 MB
  • 删除镜像

    1
    2
    [root@rhel8 buildahbuild]# buildah rmi a292528dfb8c
    e010d561555d180015d6c0d30a3f67fa602ea1ae54628d5666235db42f43433a
  • 确认

    1
    [root@rhel8 buildahbuild]# buildah images |grep -w hello_podman

    好, Red Hat Enterprise Linux 8 (RHEL8) 的新玩意 第2篇 之容器工具 buildah. 想要了解更多? 可以参考 man buildah 和 buildah -h
    想要亲手玩一下新玩具? 请随时去 https://www.redhat.com 下载最新的 REHL 8 咯

    也欢迎关注 addos 微信公众号获取更多的,有意思的新玩具 :-)