This title sounds funny, but I couldn't find a better one. :)

As OCI 1.0 specification was released it no longer remains as just Docker Container, it is now Linux Container. There are tools being built around OCI specification like buildah, cri-o, skopeo and lot more to come.

I will be creating a ubuntu container using docker and will create alpine container within this ubuntu container using buildah and runc. The fun part is there is no docker or oci daemon running withing ubuntu container.

buildah is a tool under project atomic which facilitates building OCI container images. runc is a CLI tool for spawning and running containers according to the OCI specification.

$ docker run -it --privileged -v libcon:/var/lib/containers/storage -v runcon:/var/run/containers/storage ubuntu bash

This will create a privileged ubuntu container. We are bypassing the container layer for /var/lib/containers/storage and /var/run/containers/storage folders as we will not be able to create another container layer with this layer.

Prior to installing buildah, I need to install some packages, use the following commands in the Ubuntu container.

apt-get update
apt-get -y install software-properties-common
add-apt-repository -y ppa:alexlarsson/flatpak
add-apt-repository -y ppa:gophers/archive
apt-add-repository -y ppa:projectatomic/ppa
apt-get update
apt-get -y install bats btrfs-tools git libapparmor-dev libdevmapper-dev libglib2.0-dev libgpgme11-dev libostree-dev libseccomp-dev libselinux1-dev skopeo-containers go-md2man
apt-get -y install golang-1.8

Then to build buildah on Ubuntu follow the steps...

mkdir ~/buildah
cd ~/buildah
export GOPATH=`pwd`
git clone ./src/
cd ./src/
PATH=/usr/lib/go-1.8/bin:$PATH make runc all TAGS="apparmor seccomp"
make install
buildah --help

buildah uses runc to run commands in a container so we need to make sure runc is accessible.

mkdir /etc/containers
cp ~/buildah/src/ /etc/containers/
cp ~/buildah/src/ /usr/local/bin/

So it's time for some fun. Create a new working container, from a specified image.
root@2faae578f9cf:~# buildah from alpine

Getting image source signatures
Copying blob sha256:88286f41530e93dffd4b964e1db22ce4939fffa4a4c665dab8591fbab03d4926
 1.90 MiB / 1.90 MiB [=========================================================]
Copying config sha256:7328f6f8b41890597575cbaadc884e7386ae0acc53b747401ebce5cf0d624560
 0 B / 1.48 KiB [--------------------------------------------------------------]
Writing manifest to image destination
Storing signatures
 1.48 KiB / 1.48 KiB [=========================================================]alpine-working-container
List the working containers and their base images.
root@2faae578f9cf:~# buildah containers

1f3daef44a3d     *     abf11ad2ca3c  alpine-working-container

Run a command inside of the container.
root@2faae578f9cf:~# buildah run --tty alpine-working-container sh
/ # ps aux
    1 root       0:00 sh
    7 root       0:00 ps aux
/ # cat /etc/alpine-release 
/ # 

It just has started and there's more to explore. Stay tuned. :)

Like it? Click here to Tweet your feedback