Install Podman and Buildah on Rocky / AlmaLinux

Podman (Pod Manager) is an open-source container management tool for creating, managing, and running Open Container Initiative (OCI) containers and container images on a Linux system. With Podman, you can run, build, modify and troubleshoot OCI containers in your Kubernetes cluster. Podman’s REST API socket allows remote applications to launch on-demand containers and supports Docker API and Compose to interact with Podman as a service.

Buildah is a tool that facilitates building Open Container Initiative (OCI) container images. Buildah commands replicate the commands in a Dockerfile. Images can be built from scratch, from a container pulled from a registry, or by using a Dockerfile. Buildah allows developers to use other scripting languages to build container images without requiring a daemon.

Install Podman and Buildah on Rocky / AlmaLinux

Buildah and Podman packages are available by default on the AppStream repositories.

Installing Buildah

To install Buildah, execute the command below:

sudo dnf -y install buildah

Confirm the Buildah version installed

$ buildah --version
buildah version 1.33.8 (image-spec 1.1.0-rc.5, runtime-spec 1.1.0)

You have successfully installed Buildah in your system.

Podman Installation

To install Podman, run the following command:

sudo dnf -y install podman

Congratulations, you have installed Podman in your system. Check for the version using command below:

$ podman  --version
podman version 4.9.4-rhel

How To Use Podman on Linux System

To demonstrate the Usage of Podman, we will run a sample container that will run a basic httpd server that serves only its index page. This container will be run in detached mode.

Copy this command on your terminal.

podman run -dt -p 8080:8080/tcp \
  -e HTTPD_VAR_RUN=/run/httpd \
  -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
  -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
  -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
  registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd

The -d in the podman run command states that we are running our container in a detached mode.

Note: We use port forwarding (HTTP port 8080 )to be able to access the HTTP server.

1 – List running containers

To list all the running containers, execute the podman ps command :

$ podman ps -a
CONTAINER ID  IMAGE                                        COMMAND               CREATED         STATUS             PORTS                   NAMES
ae528c64affd  registry.fedoraproject.org/f29/httpd:latest  /usr/bin/run-http...  15 minutes ago  Up 15 minutes ago  0.0.0.0:8080->8080/tcp  agitated_moore

Using -a option lists all containers.

2 – Inspect running containers

To view, the details about your running container use the podman inspect command. You can pass -l option to see the details of the latest container being run.

podman inspect -l 

This command gives loads of metadata about the container image. For example, to check the HostPort in use, we can grep the output as shown below.

podman inspect -l | grep "HostPort"

Command output:

                              "HostPort": "8080"
                              "HostPort": "8080"

3 – Testing your service access

To test network communication between the host operating system and the container, use the curl command. From the podman inspect command above, our container does not have an IP address, and therefore testing the network communication should give us a failed test.

Run this command :

curl http://localhost:8080

sample output:

	<div class="content-middle">
				<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly, but has not yet been configured.</p>
			</div>
			<hr />

			<div class="content-columns">
				<div class="content-column-left">
					<h2>If you are a member of the general public:</h2>

					<p>The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.</p>

					<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>

4 – View container logs

To view logs, run the command below:

podman logs <container_id>
podman logs --latest

The check latest logs from all pods:

$ podman logs --latest
=> sourcing 10-set-mpm.sh ...
=> sourcing 20-copy-config.sh ...
=> sourcing 40-ssl-certs.sh ...
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Wed Oct 06 11:09:58.907693 2021] [ssl:warn] [pid 1:tid 139941390855552] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1b FIPS  26 Feb 2019, version currently loaded is OpenSSL 1.1.1 FIPS  11 Sep 2018) - may result in undefined or erroneous behavior
[Wed Oct 06 11:09:58.910475 2021] [ssl:warn] [pid 1:tid 139941390855552] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Wed Oct 06 11:09:58.981252 2021] [ssl:warn] [pid 1:tid 139941390855552] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1b FIPS  26 Feb 2019, version currently loaded is OpenSSL 1.1.1 FIPS  11 Sep 2018) - may result in undefined or erroneous behavior
[Wed Oct 06 11:09:58.982484 2021] [ssl:warn] [pid 1:tid 139941390855552] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 06 11:09:58.983541 2021] [lbmethod_heartbeat:notice] [pid 1:tid 139941390855552] AH02282: No slotmem from mod_heartmonitor
[Wed Oct 06 11:09:58.986948 2021] [mpm_event:notice] [pid 1:tid 139941390855552] AH00489: Apache/2.4.39 (Fedora) OpenSSL/1.1.1 configured -- resuming normal operations
[Wed Oct 06 11:09:58.986979 2021] [core:notice] [pid 1:tid 139941390855552] AH00094: Command line: 'httpd -D FOREGROUND'
[Wed Oct 06 11:46:08.473776 2021] [autoindex:error] [pid 28:tid 139940771919616] [client 10.0.2.100:39404] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive
10.0.2.100 - - [06/Oct/2021:11:46:08 +0000] "GET / HTTP/1.1" 403 4650 "-" "curl/7.61.1"
[Wed Oct 06 11:59:28.671807 2021] [autoindex:error] [pid 30:tid 139941052491520] [client 10.0.2.100:39412] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive
10.0.2.100 - - [06/Oct/2021:11:59:28 +0000] "GET / HTTP/1.1" 403 4650 "-" "curl/7.61.1"
Jil @ rocky-linux-01 in ~ |14:06:44  

5 – View container’s pid’s

To see all the running container processes, employ top command as shown below.

podman top <container_id>

In our case, we use our container ID as shown below.

podman top 2704401df76e

The output is as below.

$ podman top 2704401df76e 
USER        PID         PPID        %CPU        ELAPSED           TTY         TIME        COMMAND
default     1           0           0.000       1h2m8.676330659s  pts/0       0s          httpd -D FOREGROUND 
default     23          1           0.000       1h2m8.676793569s  pts/0       0s          /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default     24          1           0.000       1h2m8.6769012s    pts/0       0s          /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default     25          1           0.000       1h2m8.676997063s  pts/0       0s          /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default     26          1           0.000       1h2m8.677091471s  pts/0       0s          /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat 
default     27          1           0.000       1h2m8.677206765s  pts/0       0s          httpd -D FOREGROUND 
default     28          1           0.000       1h2m8.677308098s  pts/0       0s          httpd -D FOREGROUND 
default     30          1           0.000       1h2m8.67741503s   pts/0       0s          httpd -D FOREGROUND 
default     42          1           0.000       1h2m8.677532271s  pts/0       0s          httpd -D FOREGROUND 
Jil @ rocky-linux-01 in ~ |14:12:06  

6 – Stop a container

To stop a container, issue the command :

podman stop <container_id>

This executes as shown :

$ podman stop --latest
ae528c64affd23ac4803926fd472839ac46034dfaa55c0d18b2236d1d79650ca

7 – Remove a container

To remove a container, run the command :

podman rm <container_id>

This removes latest container created:

$ podman rm --latest
ae528c64affd23ac4803926fd472839ac46034dfaa55c0d18b2236d1d79650ca

That is a brief on the usage of Podman. for more information kindly check on podman documentation.

Usage of Buildah

To demonstrate the usage of Buildah, we will create an Apache web server that will run inside a container.

Step 1 : Pull a linux based image

To pull a Linux based image, example from the centos stream repository to install on host machine, run the following command :

container=$(buildah from centos:stream9) 

To inspect your images, issue the buildah images command :

$ buildah images
REPOSITORY                             TAG       IMAGE ID       CREATED       SIZE
registry.fedoraproject.org/fedora      latest    b20dcbb06f5c   6 hours ago   233 MB
quay.io/centos/centos                  stream9   aa3ca5a18a06   5 days ago    164 MB
registry.fedoraproject.org/f29/httpd   latest    25c76f9dcdb5   5 years ago   482 MB

Show container list:

$ buildah containers
CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
2e68350a6852     *     25c76f9dcdb5 registry.fedoraproject.org/f2... 2e68350a6852
f8527aef51cb     *     b20dcbb06f5c registry.fedoraproject.org/fe... fedora-working-container
a2e047f7876f     *     aa3ca5a18a06 quay.io/centos/centos:stream9    centos-working-container

Step 2 : Install Apache Web-server

To install httpd Apache web server inside the container, run this command :

buildah run $container yum install -y httpd

Step 3 : Create an index file

To create a HTML index file:

echo "Hello from CloudSpinx" > index.html

Step 4 : Copy index file to container

Copy your index file to Apache public web directory file via the command below.

buildah copy $container index.html /var/www/html/index.html

Our Container image is now copied to the /var/www/html/ file. Run the command below to see container image.

$ buildah containers 
CONTAINER ID  BUILDER  IMAGE ID     IMAGE NAME                       CONTAINER NAME
58a1965b0b8a     *                  scratch                          working-container
53cb2720b721     *     300e315adb2f quay.io/centos/centos:latest     centos-working-container

Step 5 : Run your container

To run the container, build an entry point for the container:

$ buildah config --entrypoint "/usr/sbin/httpd -D FOREGROUND" $container
WARN[0000] cmd "/bin/bash" exists but will be ignored because of entrypoint settings 

Step 6 : Deploy your container

Execute the command buildah commit to save your changes.

$ buildah commit $container cloudspinx
Getting image source signatures
Copying blob 1c0876688e28 skipped: already exists
Copying blob 6e3312a81dfa done   |
Copying config e4ba21aa87 done   |
Writing manifest to image destination
e4ba21aa8774ccd0fff9f8e46199aea61b21e9c70d443f49088c4b44b8c4d2b5

When we issue the command buildah images, we should be able to see our container image.

$ buildah images
REPOSITORY                             TAG       IMAGE ID       CREATED          SIZE
localhost/cloudspinx                   latest    e4ba21aa8774   18 seconds ago   286 MB
registry.fedoraproject.org/fedora      latest    b20dcbb06f5c   6 hours ago      233 MB
quay.io/centos/centos                  stream9   aa3ca5a18a06   5 days ago       164 MB
registry.fedoraproject.org/f29/httpd   latest    25c76f9dcdb5   5 years ago      482 MB

Congratulations, you have used buildah to build your container image.

To remove a container image, you use the command buildah rmi followed by IMAGE ID

# buildah rmi <IMAGE ID>

Conclusion

That sums up our article. Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain container images in a production environment using familiar container CLI commands. Both form a strong support for OCI container image and container tools.

CloudSpinx Engineers are available to help our with any container related challenges you may be facing. If you need our help use contact us section to reach out.

Your IT Journey Starts Here!

Ready to level up your IT skills? Our new eLearning platform is coming soon to help you master the latest technologies.

Be the first to know when we launch! Join our waitlist now.

Join our Linux and open source community. Subscribe to our newsletter for tips, tricks, and collaboration opportunities!

Recent Post

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Post

The web browser is the key arsenal that we use to browse the internet. If you want to access information […]

In this guide,we will look at how you can install Java 11 on Oracle Linux 8. Java is a widely […]

The adoption of Containers and microservice architectures has been amazing and speedy in the past few years. Docker is widely […]

Let's Connect

Unleash the full potential of your business with CloudSpinx. Our expert solutions specialists are standing by to answer your questions and tailor a plan that perfectly aligns with your unique needs.
You will get a response from our solutions specialist within 12 hours
We understand emergencies can be stressful. For immediate assistance, chat with us now

Contact CloudSpinx today!

Download CloudSpinx Profile

Discover the full spectrum of our expertise and services by downloading our detailed Company Profile. Simply enter your first name, last name, and email address.