Podman (Pod Manager) is an open-source container management tool for creating, managing, and running Open Container Initiative (OCI) containers and container images on a Linux system. With Podman, you can run, build, modify and troubleshoot OCI containers in your Kubernetes cluster. Podman’s REST API socket allows remote applications to launch on-demand containers and supports Docker API and Compose to interact with Podman as a service.
Buildah is a tool that facilitates building Open Container Initiative (OCI) container images. Buildah commands replicate the commands in a Dockerfile. Images can be built from scratch, from a container pulled from a registry, or by using a Dockerfile. Buildah allows developers to use other scripting languages to build container images without requiring a daemon.
Install Podman and Buildah on Rocky / AlmaLinux
Buildah and Podman packages are available by default on the AppStream repositories.
Installing Buildah
To install Buildah, execute the command below:
sudo dnf -y install buildah
Confirm the Buildah version installed
$ buildah --version
buildah version 1.33.8 (image-spec 1.1.0-rc.5, runtime-spec 1.1.0)
You have successfully installed Buildah in your system.
Podman Installation
To install Podman, run the following command:
sudo dnf -y install podman
Congratulations, you have installed Podman in your system. Check for the version using command below:
$ podman --version
podman version 4.9.4-rhel
How To Use Podman on Linux System
To demonstrate the Usage of Podman, we will run a sample container that will run a basic httpd server that serves only its index page. This container will be run in detached mode.
Copy this command on your terminal.
podman run -dt -p 8080:8080/tcp \
-e HTTPD_VAR_RUN=/run/httpd \
-e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
-e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
-e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd
The -d in the podman run
command states that we are running our container in a detached mode.
Note: We use port forwarding (HTTP port 8080 )to be able to access the HTTP server.
1 – List running containers
To list all the running containers, execute the podman ps command :
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ae528c64affd registry.fedoraproject.org/f29/httpd:latest /usr/bin/run-http... 15 minutes ago Up 15 minutes ago 0.0.0.0:8080->8080/tcp agitated_moore
Using -a
option lists all containers.
2 – Inspect running containers
To view, the details about your running container use the podman inspect command. You can pass -l option to see the details of the latest container being run.
podman inspect -l
This command gives loads of metadata about the container image. For example, to check the HostPort in use, we can grep the output as shown below.
podman inspect -l | grep "HostPort"
Command output:
"HostPort": "8080"
"HostPort": "8080"
3 – Testing your service access
To test network communication between the host operating system and the container, use the curl command. From the podman inspect command above, our container does not have an IP address, and therefore testing the network communication should give us a failed test.
Run this command :
curl http://localhost:8080
sample output:
<div class="content-middle">
<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly, but has not yet been configured.</p>
</div>
<hr />
<div class="content-columns">
<div class="content-column-left">
<h2>If you are a member of the general public:</h2>
<p>The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.</p>
<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>
4 – View container logs
To view logs, run the command below:
podman logs <container_id>
podman logs --latest
The check latest logs from all pods:
$ podman logs --latest
=> sourcing 10-set-mpm.sh ...
=> sourcing 20-copy-config.sh ...
=> sourcing 40-ssl-certs.sh ...
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Wed Oct 06 11:09:58.907693 2021] [ssl:warn] [pid 1:tid 139941390855552] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1b FIPS 26 Feb 2019, version currently loaded is OpenSSL 1.1.1 FIPS 11 Sep 2018) - may result in undefined or erroneous behavior
[Wed Oct 06 11:09:58.910475 2021] [ssl:warn] [pid 1:tid 139941390855552] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Wed Oct 06 11:09:58.981252 2021] [ssl:warn] [pid 1:tid 139941390855552] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1b FIPS 26 Feb 2019, version currently loaded is OpenSSL 1.1.1 FIPS 11 Sep 2018) - may result in undefined or erroneous behavior
[Wed Oct 06 11:09:58.982484 2021] [ssl:warn] [pid 1:tid 139941390855552] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 06 11:09:58.983541 2021] [lbmethod_heartbeat:notice] [pid 1:tid 139941390855552] AH02282: No slotmem from mod_heartmonitor
[Wed Oct 06 11:09:58.986948 2021] [mpm_event:notice] [pid 1:tid 139941390855552] AH00489: Apache/2.4.39 (Fedora) OpenSSL/1.1.1 configured -- resuming normal operations
[Wed Oct 06 11:09:58.986979 2021] [core:notice] [pid 1:tid 139941390855552] AH00094: Command line: 'httpd -D FOREGROUND'
[Wed Oct 06 11:46:08.473776 2021] [autoindex:error] [pid 28:tid 139940771919616] [client 10.0.2.100:39404] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive
10.0.2.100 - - [06/Oct/2021:11:46:08 +0000] "GET / HTTP/1.1" 403 4650 "-" "curl/7.61.1"
[Wed Oct 06 11:59:28.671807 2021] [autoindex:error] [pid 30:tid 139941052491520] [client 10.0.2.100:39412] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive
10.0.2.100 - - [06/Oct/2021:11:59:28 +0000] "GET / HTTP/1.1" 403 4650 "-" "curl/7.61.1"
Jil @ rocky-linux-01 in ~ |14:06:44
5 – View container’s pid’s
To see all the running container processes, employ top command as shown below.
podman top <container_id>
In our case, we use our container ID as shown below.
podman top 2704401df76e
The output is as below.
$ podman top 2704401df76e
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
default 1 0 0.000 1h2m8.676330659s pts/0 0s httpd -D FOREGROUND
default 23 1 0.000 1h2m8.676793569s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 24 1 0.000 1h2m8.6769012s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 25 1 0.000 1h2m8.676997063s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 26 1 0.000 1h2m8.677091471s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 27 1 0.000 1h2m8.677206765s pts/0 0s httpd -D FOREGROUND
default 28 1 0.000 1h2m8.677308098s pts/0 0s httpd -D FOREGROUND
default 30 1 0.000 1h2m8.67741503s pts/0 0s httpd -D FOREGROUND
default 42 1 0.000 1h2m8.677532271s pts/0 0s httpd -D FOREGROUND
Jil @ rocky-linux-01 in ~ |14:12:06
6 – Stop a container
To stop a container, issue the command :
podman stop <container_id>
This executes as shown :
$ podman stop --latest
ae528c64affd23ac4803926fd472839ac46034dfaa55c0d18b2236d1d79650ca
7 – Remove a container
To remove a container, run the command :
podman rm <container_id>
This removes latest container created:
$ podman rm --latest
ae528c64affd23ac4803926fd472839ac46034dfaa55c0d18b2236d1d79650ca
That is a brief on the usage of Podman. for more information kindly check on podman documentation.
Usage of Buildah
To demonstrate the usage of Buildah, we will create an Apache web server that will run inside a container.
Step 1 : Pull a linux based image
To pull a Linux based image, example from the centos stream repository to install on host machine, run the following command :
container=$(buildah from centos:stream9)
To inspect your images, issue the buildah images command :
$ buildah images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.fedoraproject.org/fedora latest b20dcbb06f5c 6 hours ago 233 MB
quay.io/centos/centos stream9 aa3ca5a18a06 5 days ago 164 MB
registry.fedoraproject.org/f29/httpd latest 25c76f9dcdb5 5 years ago 482 MB
Show container list:
$ buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
2e68350a6852 * 25c76f9dcdb5 registry.fedoraproject.org/f2... 2e68350a6852
f8527aef51cb * b20dcbb06f5c registry.fedoraproject.org/fe... fedora-working-container
a2e047f7876f * aa3ca5a18a06 quay.io/centos/centos:stream9 centos-working-container
Step 2 : Install Apache Web-server
To install httpd Apache web server inside the container, run this command :
buildah run $container yum install -y httpd
Step 3 : Create an index file
To create a HTML index file:
echo "Hello from CloudSpinx" > index.html
Step 4 : Copy index file to container
Copy your index file to Apache public web directory file via the command below.
buildah copy $container index.html /var/www/html/index.html
Our Container image is now copied to the /var/www/html/
file. Run the command below to see container image.
$ buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
58a1965b0b8a * scratch working-container
53cb2720b721 * 300e315adb2f quay.io/centos/centos:latest centos-working-container
Step 5 : Run your container
To run the container, build an entry point for the container:
$ buildah config --entrypoint "/usr/sbin/httpd -D FOREGROUND" $container
WARN[0000] cmd "/bin/bash" exists but will be ignored because of entrypoint settings
Step 6 : Deploy your container
Execute the command buildah commit to save your changes.
$ buildah commit $container cloudspinx
Getting image source signatures
Copying blob 1c0876688e28 skipped: already exists
Copying blob 6e3312a81dfa done |
Copying config e4ba21aa87 done |
Writing manifest to image destination
e4ba21aa8774ccd0fff9f8e46199aea61b21e9c70d443f49088c4b44b8c4d2b5
When we issue the command buildah images, we should be able to see our container image.
$ buildah images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/cloudspinx latest e4ba21aa8774 18 seconds ago 286 MB
registry.fedoraproject.org/fedora latest b20dcbb06f5c 6 hours ago 233 MB
quay.io/centos/centos stream9 aa3ca5a18a06 5 days ago 164 MB
registry.fedoraproject.org/f29/httpd latest 25c76f9dcdb5 5 years ago 482 MB
Congratulations, you have used buildah to build your container image.
To remove a container image, you use the command buildah rmi followed by IMAGE ID
# buildah rmi <IMAGE ID>
Conclusion
That sums up our article. Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain container images in a production environment using familiar container CLI commands. Both form a strong support for OCI container image and container tools.
CloudSpinx Engineers are available to help our with any container related challenges you may be facing. If you need our help use contact us section to reach out.