CREATING A OCI CONTAINER WITHIN DOCKER CONTAINER
This title sounds funny, but I couldn't find a better one. :)
As OCI 1.0 specification was released it no longer remains as just Docker Container, it is now Linux Container. There are tools being built around OCI specification like buildah, cri-o, skopeo and lot more to come.
I will be creating a ubuntu container using docker and will create alpine container within this ubuntu container using buildah and runc. The fun part is there is no docker or oci daemon running withing ubuntu container.
buildahis a tool under project atomic which facilitates building OCI container images.runcis a CLI tool for spawning and running containers according to the OCI specification.
$ docker run -it --privileged -v libcon:/var/lib/containers/storage -v runcon:/var/run/containers/storage ubuntu bash
root@2faae578f9cf:/#
This will create a privileged ubuntu container. We are bypassing the container layer for /var/lib/containers/storage and /var/run/containers/storage folders as we will not be able to create another container layer with this layer.
Prior to installing buildah, I need to install some packages, use the following commands in the Ubuntu container.
apt-get update
apt-get -y install software-properties-common
add-apt-repository -y ppa:alexlarsson/flatpak
add-apt-repository -y ppa:gophers/archive
apt-add-repository -y ppa:projectatomic/ppa
apt-get update
apt-get -y install bats btrfs-tools git libapparmor-dev libdevmapper-dev libglib2.0-dev libgpgme11-dev libostree-dev libseccomp-dev libselinux1-dev skopeo-containers go-md2man
apt-get -y install golang-1.8
Then to build buildah on Ubuntu follow the steps...
mkdir ~/buildah
cd ~/buildah
export GOPATH=`pwd`
git clone https://github.com/projectatomic/buildah ./src/github.com/projectatomic/buildah
cd ./src/github.com/projectatomic/buildah
PATH=/usr/lib/go-1.8/bin:$PATH make runc all TAGS="apparmor seccomp"
make install
buildah --help
buildah uses runc to run commands in a container so we need to make sure runc is accessible.
mkdir /etc/containers
cp ~/buildah/src/github.com/projectatomic/buildah/tests/policy.json /etc/containers/
cp ~/buildah/src/github.com/opencontainers/runc/runc /usr/local/bin/
SO IT'S TIME FOR SOME FUN. CREATE A NEW WORKING CONTAINER, FROM A SPECIFIED IMAGE.
root@2faae578f9cf:~# buildah from alpine
Getting image source signatures
Copying blob sha256:88286f41530e93dffd4b964e1db22ce4939fffa4a4c665dab8591fbab03d4926
1.90 MiB / 1.90 MiB [=========================================================]
Copying config sha256:7328f6f8b41890597575cbaadc884e7386ae0acc53b747401ebce5cf0d624560
0 B / 1.48 KiB [--------------------------------------------------------------]
Writing manifest to image destination
Storing signatures
1.48 KiB / 1.48 KiB [=========================================================]alpine-working-container
root@2faae578f9cf:~#
LIST THE WORKING CONTAINERS AND THEIR BASE IMAGES.
root@2faae578f9cf:~# buildah containers
CONTAINER ID BUILDER IMAGE ID IMAGE NAME CONTAINER NAME
1f3daef44a3d * abf11ad2ca3c docker.io/library/alpine:latest alpine-working-container
root@2faae578f9cf:~#
RUN A COMMAND INSIDE OF THE CONTAINER.
root@2faae578f9cf:~# buildah run --tty alpine-working-container sh
/ # ps aux
PID USER TIME COMMAND
1 root 0:00 sh
7 root 0:00 ps aux
/ # cat /etc/alpine-release
3.6.2
/ #
It just has started and there's more to explore. Stay tuned. :)
Like it? Click here to Tweet your feedback