CREATING A OCI CONTAINER WITHIN DOCKER CONTAINER

This title sounds funny, but I couldn't find a better one. :)
As OCI 1.0 specification was released it no longer remains as just Docker Container, it is now Linux Container. There are tools being built around OCI specification like buildah
, cri-o
, skopeo
and lot more to come.
I will be creating a ubuntu container using docker and will create alpine container within this ubuntu container using buildah
and runc
. The fun part is there is no docker or oci daemon running withing ubuntu container.
buildah
is a tool under project atomic which facilitates building OCI container images.runc
is a CLI tool for spawning and running containers according to the OCI specification.
$ docker run -it --privileged -v libcon:/var/lib/containers/storage -v runcon:/var/run/containers/storage ubuntu bash
root@2faae578f9cf:/#
This will create a privileged ubuntu container. We are bypassing the container layer for /var/lib/containers/storage
and /var/run/containers/storage
folders as we will not be able to create another container layer with this layer.
Prior to installing buildah
, I need to install some packages, use the following commands in the Ubuntu container.
apt-get update
apt-get -y install software-properties-common
add-apt-repository -y ppa:alexlarsson/flatpak
add-apt-repository -y ppa:gophers/archive
apt-add-repository -y ppa:projectatomic/ppa
apt-get update
apt-get -y install bats btrfs-tools git libapparmor-dev libdevmapper-dev libglib2.0-dev libgpgme11-dev libostree-dev libseccomp-dev libselinux1-dev skopeo-containers go-md2man
apt-get -y install golang-1.8
Then to build buildah
on Ubuntu follow the steps...
mkdir ~/buildah
cd ~/buildah
export GOPATH=`pwd`
git clone https://github.com/projectatomic/buildah ./src/github.com/projectatomic/buildah
cd ./src/github.com/projectatomic/buildah
PATH=/usr/lib/go-1.8/bin:$PATH make runc all TAGS="apparmor seccomp"
make install
buildah --help
buildah
uses runc
to run commands in a container so we need to make sure runc
is accessible.
mkdir /etc/containers
cp ~/buildah/src/github.com/projectatomic/buildah/tests/policy.json /etc/containers/
cp ~/buildah/src/github.com/opencontainers/runc/runc /usr/local/bin/
SO IT'S TIME FOR SOME FUN. CREATE A NEW WORKING CONTAINER, FROM A SPECIFIED IMAGE.
root@2faae578f9cf:~# buildah from alpine
Getting image source signatures
Copying blob sha256:88286f41530e93dffd4b964e1db22ce4939fffa4a4c665dab8591fbab03d4926
1.90 MiB / 1.90 MiB [=========================================================]
Copying config sha256:7328f6f8b41890597575cbaadc884e7386ae0acc53b747401ebce5cf0d624560
0 B / 1.48 KiB [--------------------------------------------------------------]
Writing manifest to image destination
Storing signatures
1.48 KiB / 1.48 KiB [=========================================================]alpine-working-container
root@2faae578f9cf:~#
LIST THE WORKING CONTAINERS AND THEIR BASE IMAGES.
root@2faae578f9cf:~# buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
1f3daef44a3d * abf11ad2ca3c docker.io/library/alpine:latest alpine-working-container
root@2faae578f9cf:~#
RUN A COMMAND INSIDE OF THE CONTAINER.
root@2faae578f9cf:~# buildah run --tty alpine-working-container sh
/ # ps aux
PID USER TIME COMMAND
1 root 0:00 sh
7 root 0:00 ps aux
/ # cat /etc/alpine-release
3.6.2
/ #
It just has started and there's more to explore. Stay tuned. :)
Like it? Click here to Tweet your feedback