Podman, Buildah and Skopeo coreutils for containers who am i - - PowerPoint PPT Presentation

podman buildah and skopeo
SMART_READER_LITE
LIVE PREVIEW

Podman, Buildah and Skopeo coreutils for containers who am i - - PowerPoint PPT Presentation

Oct 27, 2022 279 likes •523 views

Podman, Buildah and Skopeo coreutils for containers who am i Aleksandra Fedorova DevOps/CI/Build Engineer CI Engineer at Red Hat Fedora Linux Ambassador https://medium.com/quantum-integration Fedora User Group NRW @

slide-1
SLIDE 1

Podman, Buildah and Skopeo

“coreutils” for containers

slide-2
SLIDE 2

who am i

bookwar @ IRC https://telegram.me/bookwar bookwar@fedoraproject.org

Aleksandra Fedorova

DevOps/CI/Build Engineer

CI Engineer at Red Hat

Fedora Linux Ambassador

https://medium.com/quantum-integration

Fedora User Group NRW @ Meetup.com

slide-3
SLIDE 3

coreutils

  • cd, cp, ls, cat, sort,..
  • small, simple, consistent
  • easy to use
  • easy to embed
  • available for any user
  • available on any system(*)

https://opensource.com/article/18/4/gnu-core-utilities

slide-4
SLIDE 4

Docker

slide-5
SLIDE 5

docker, docker, docker, docker...

slide-6
SLIDE 6
  • pen container initiative
  • Organization established by Docker and other companies in 2015
  • Defjnes open specifjcations for containers and container images
  • OCI Image Specifjcation
  • OCI Runtime Specifjcation
  • Sets a framework for container ecosystem

https://www.opencontainers.org/

slide-7
SLIDE 7

Toolbox

slide-8
SLIDE 8

https://buildah.io

slide-9
SLIDE 9

basics

$ cat ./message Hello world! $ cat ./Dockerfile FROM fedora RUN touch somefile ADD message . CMD cat message $ buildah bud -t myImage . … $ podman run myImage Hello world!

slide-10
SLIDE 10

buildah build-using-docker

man buildah-bud

$ buildah bud . test -t 1.0.0 $ cat ~/Dockerfile | buildah bud -f - . $ buildah bud -f Dockerfile.first -f Dockerfile.second . $ buildah bud github.com/somewhere/something $ buildah bud -f dev/Dockerfile https://10.0.0.10/context.tar.gz

slide-11
SLIDE 11

buildah scripting

man buildah

#!/bin/bash containerId=$(buildah from fedora) buildah run $containerId touch somefile buildah add $containerId message buildah config --cmd "cat message" $containerId buildah commit $containerId myImage

slide-12
SLIDE 12

buildah mount

man buildah-mount

# containerId=$(buildah from scratch) # mountpath=$(buildah mount $containerId) # dnf install --installroot $mountpath --release=29 buildah \

  • -setopt install_weak_deps=false -y

# dnf --installroot $mountpath clean all # buildah umount $containerId # buildah commit $containerId myimage # podman run myimage buildah --help

slide-13
SLIDE 13

buildah

  • Does not require access to system-wide service
  • Stores temporary data and images in the user directory
  • Supports multiple Dockerfjles, from local fs and network
  • Allows interactive debugging of the image building process
  • Easily embeddable in scripts

https://buildah.io

slide-14
SLIDE 14

https://github.com/containers/libpod

slide-15
SLIDE 15

alias docker=podman

...running-containers-with-podman

$ podman run -it fedora /bin/bash $ podman ps -a $ podman rm deda2991f9fd $ podman image rm fedora $ podman pull debian:latest $ podman inspect 7ac0a23445fe

slide-16
SLIDE 16

embedding podman in a systemd unit

...intro-to-podman

[root@localhost ~]# cat /etc/systemd/system/mariadb-podman.service [Unit] Description=Custom MariaDB Podman Container After=network.target [Service] Type=simple TimeoutStartSec=5m ExecStartPre=-/usr/bin/podman rm "mariadbpodman" ExecStart=/usr/bin/podman run --name mariadbpodman -v /root/mysql-data:/var/lib/mysql/data:Z -e MYSQL_USER=user -e MYSQL_PASSWORD=pass -e MYSQL_DATABASE=db -p 3306:3306 registry.access.redhat.com/rhscl/mariadb-102-rhel7 ExecReload=-/usr/bin/podman stop "mariadbpodman" ExecReload=-/usr/bin/podman rm "mariadbpodman" ExecStop=-/usr/bin/podman stop "mariadbpodman" Restart=always RestartSec=30 [Install]

slide-17
SLIDE 17

podman

  • Does not require access to system-wide service
  • Stores temporary data and images in the user directory
  • Drop-in replacement for docker
  • Runs container as a child process
  • Provides resource isolation
  • Easily embeddable in systemd unit fjles with cgroups, resource

management, socket activation and so on https://github.com/containers/libpod

slide-18
SLIDE 18

https://github.com/containers/skopeo

Skopeo

slide-19
SLIDE 19

skopeo inspect

https://github.com/containers/skopeo

$ skopeo inspect docker://docker.io/fedora { "Name": "docker.io/library/fedora", "Digest": "sha256:4a861283a7f0a8ce3d19b42f4c0a10d7012a4d12f785149d82a0800cdb4498b0", "RepoTags": [ "29", "30", "latest", "modular", ], "Created": "2018-11-07T00:23:59.230741167Z", "DockerVersion": "17.06.2-ce", "Labels": null, "Architecture": "amd64", "Os": "linux", "Layers": [ "sha256:d0483bd5a55488f5ba6383a5cc8553d5101864f03acd07eabc5df7563c3692cf" ] }

slide-20
SLIDE 20

skopeo copy

https://github.com/containers/skopeo

$ mkdir output $ skopeo copy docker://fedora:latest dir:output $ ls output/ 8c568f1043264e34f0a8774587266565c7e5e54e9ea6b97ab459086d18ac5175 d0483bd5a55488f5ba6383a5cc8553d5101864f03acd07eabc5df7563c3692cf manifest.json version

slide-21
SLIDE 21

skopeo

  • Does not require access to system-wide service
  • Stores temporary data and images in the user directory
  • Inspect images without downloading them
  • Copy images without retagging them
  • Supports multiple storage formats – registries, fjlesystems

https://github.com/containers/libpod

slide-22
SLIDE 22

...docker-registry-infrastructure

slide-23
SLIDE 23

storages and registries

$ ls /etc/containers/ policy.json registries.conf registries.d storage.conf $ man storage.conf

slide-24
SLIDE 24

q&a

Aleksandra Fedorova

Fedora User Group NRW @ Meetup.com

bookwar @ IRC

https://telegram.me/bookwar

bookwar@fedoraproject.org