Buildah and Skopeo – Podman’s friends with benefits

The title of this chapter mentions Podman and Friends. Well, up until this point, you have probably noticed we didn’t talk much about Podman’s friends. Podman brings along a couple of companions to facilitate all your container management needs. These buddies of Podman are otherwise known as Buildah and Skopeo.

Where Podman is primarily focused on running containers, Buildah focuses on building them, and Skopeo focuses on handling images and transferring them to/from remote container registries.

Getting ready

We will require the following:

• Oracle Linux
• Podman
• Buildah
• Skopeo

How to do it…

In this recipe, we’ll explore the basic usage of Buildah and Skopeo to reveal how these two friends of Podman can enhance your experience and workflow when dealing with containers.

Building container images with Buildah

While Podman can be used for basic container image builds, Buildah is a utility that is fully focused on building OCI-compliant images. Not only can Buildah be used to build images from a Containerfile or Dockerfile, but it can also very neatly change existing container images.

First things first, let’s see how Buildah can be used to build images from a Containerfile. With Podman, we build images using the podman build -t <image_name>. command. When we call on Podman to perform a build, it is actually using a subset of Buildah’s functionality to build the image. To use Buildah directly, we only need to use a slightly different command. For example, let’s say we have a file named Containerfile with the following content:
FROM oraclelinux:8
RUN dnf install -y rhn-setup yum-utils && dnf clean all
ENTRYPOINT [“/bin/bash”]

In order to build it with Buildah. You’ll enter buildah bud -t <image_name>. In this example, I’m going to name the image ol-repo-sync. Let’s do this now:
buildah bud -t ol-repo-sync .

The results in this scenario are the same as if you were to do this with Podman. Where Buildah really shines, is its ability to make changes to working containers, and it can also create new images from working containers.

In order to keep things simple for this recipe, we’re going to replicate what was specified in Containerfile, except instead of using Containerfile directly, we’re going to do things ad hoc with Buildah. So let’s make some changes to a pre-existing Oracle Linux 8 image and store it as a new image. First, we’re going to run buildah from to load up a working container in Buildah:
buildah from oraclelinux:8

That’s going to return the following output:

oraclelinux-working-container

This tells us the name of the newly created working container. Now that we have a Buildah container ready to work with, let’s add some packages to it. In this example, we’re going to add the same packages that Containerfile specified earlier. Enter the following commands:

buildah run oraclelinux-working-container dnf -y install rhn-setup yum-utils
buildah run oraclelinux-working-container dnf clean all

You will see the DNF package manager do its thing, and afterward, you will be left with an Oracle Linux base image plus the new packages we installed as a result of the buildah run command.

Finally, we need to define the entrypoint into this container. We can do this by leveraging the buildah config command:
buildah config –cmd ” oraclelinux-working-container
buildah config –entrypoint ‘[“/bin/bash”]’ oraclelinux-working-container