当前最新版本: 1.21.1
githup地址: https://github.com/containers/buildah
环境需求
在安装buildah之前,需要安装以下软件包
- make
- golang (Requires version 1.13 or higher.)
- bats
- btrfs-progs-devel
- bzip2
- device-mapper-devel
- git
- go-md2man
- gpgme-devel
- glib2-devel
- libassuan-devel
- libseccomp-devel
- runc (Requires version 1.0 RC4 or higher.)
- containers-common (包含大多数的配置文件信息,可由源码编译获取对应配置文件)
- container-selinux
安装
源码安装
安装GO编译环境
GO安装包: https://golang.org/dl/
$ wget https://golang.org/dl/go1.16.5.linux-amd64.tar.gz$ tar -C tar -C /usr/local -xzf go1.16.5.linux-amd64.tar.gz$ echo "export PATH=$PATH:/usr/local/go/bin" /etc/profile <<EOF$ source /etc/profile$ go versiongo version go1.16.5 linux/amd64
获取buildah源码
$ git clone --branch v1.21.1 https://github.com/containers/buildah.git
安装基础依赖
$ yum install make gcc btrfs-progs-devel bzip2 device-mapper-devel gpgme-devel glib2-devel libassuan-devel libseccomp-devel container-selinux
编译
$ make$ make install$ ls -lrt bin/buildah imgtype# 添加至可执行环境变量中$ cp bin/buildah /usr/local/bin/$ buildah --versionbuildah version 1.21.1 (image-spec 1.0.1-dev, runtime-spec 1.0.2-dev)
将源码包的配置文件复制对应路径, 并设置XDG_RUNTIME_DIR变量
XDG_RUNTIME_DIR 变量默认为 /run/user/0 的路径, buildah在login的时候生成一个 ${XDG_RUNTIME_DIR }/containers/auth.json 的文件来记录远程仓库的地址账号密码加密串
所以在这里需要变更实际路径为 /etc , 让buildah寻找指定的路径/etc/contianers/auth.json
mkdir /etc/containerscp ./docs/samples/registries.conf /etc/containers/cp ./tests/policy.json /etc/containers/cp ./vendor/github.com/containers/storage/storage.conf /etc/containers/# 设置全局变量echo "export XDG_RUNTIME_DIR=/etc" >>/etc/profilesource /etc/profile
拉取一个示例nginx
$ build pull docker.io/library/nginxTrying to pull docker.io/library/nginx:latest...Getting image source signaturesCopying blob 30afc0b18f67 doneCopying blob 596b1d696923 doneCopying blob 351ad75a6cfa doneCopying blob 8283eee92e2f doneCopying blob febe5bd23e98 doneCopying blob 69692152171a doneCopying config d1a364dc54 doneWriting manifest to image destinationStoring signaturesd1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdee$ buildah imagesREPOSITORY TAG IMAGE ID CREATED SIZEdocker.io/library/nginx latest d1a364dc548d 2 weeks ago 137 MB$ ls /var/lib/containers/storagecache mounts overlay overlay-containers overlay-images overlay-layers storage.lock tmp userns.lock$ ll /var/lib/containers/storage/overlay-images/drwx------. 2 root root 4096 6月 10 12:03 d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdee-rw-------. 1 root root 1922 6月 10 12:03 images.json-rw-r--r--. 1 root root 64 6月 10 12:03 images.lock
登录https协议的私有仓库harbor
登录https前需要将harbor证书放置在对应环境上,否则会报错
authenticating creds for “120.77.216.9”: error pinging docker registry 120.77.216.9: Get “https://120.77.216.9/v2/“: x509: certificate signed by unknown authority
将harbor证书放置在客户端/etc/containers/certs.d/${仓库名}中, 其中harbor.crt 由harbor服务端提供
mkdir -p /etc/containers/certs.d/120.77.216.9cp harbor.crt /etc/containers/certs.d/120.77.216.9/
$ build login 120.77.216.9username: xxxpassword: 222# 查看auth.json文件$ cat /etc/containers/auth.json{"auths": {"120.77.216.9": {"auth": "xxxxx"}}}
自建Dockerfile文件,使用buildah构建镜像,并上传至私有仓库harbor中
$ cat > Dockerfile <<EOFFROM docker.io/library/nginx:1.21.0RUN echo 'This is version 4' > /usr/share/nginx/html/index.htmlEOF$ buildah bud -f Dockerfile -t 120.77.216.9/admin/nginx:v3.0$ buildah imageREPOSITORY TAG IMAGE ID CREATED SIZE120.77.216.9/admin/nginx v3.0 8e0080526eda 6 minutes ago 137 MB$ buildah push 120.77.216.9/admin/nginx:v3.0
配置文件
storage.conf
路径: /etc/containers/stroage.cof
链接:
registries.conf
路径: /etc/containers/registries.conf
链接: https://github.com/containers/buildah/blob/master/docs/samples/registries.conf
registries.conf 是配置文件,它指定在完成不包含注册表或域部分的映像名称时应咨询哪些容器注册表。
mounts.conf
路径:/usr/share/containers/mounts.conf 或者 可选路径 /etc/containers/mounts.conf
链接: https://src.fedoraproject.org/rpms/skopeo/blob/master/f/mounts.conf
文件指定在执行buildah run 或者 buildah build-using-dockerfile命令时自动挂载在容器内的卷挂载文件或目录。然后容器进程可以使用此内容。卷装入内容不会提交到最终映像
seccomp.json
路径: /usr/share/containers/seccomp.json
链接: https://src.fedoraproject.org/rpms/skopeo/blob/master/f/seccomp.json
seccomp.json 包含允许在容器内使用的 seccomp 规则列表。该文件通常由容器公共包提供。
policy.json
报错
编译报错
$ make cgo: exec gcc: exec: “gcc”: executable file not found in $PATH
make依赖gcc软件包,需要安装
yum install gcc
compilation terminated.
pkg-config —cflags — devmapper
Package devmapper was not found in the pkg-config search path. Perhaps you should add the directory containing `devmapper.pc’ to the PKG_CONFIG_PATH environment variable No package ‘devmapper’ found pkg-config: exit status 1
pkg-config —cflags — libseccomp libseccomp
Package libseccomp was not found in the pkg-config search path. Perhaps you should add the directory containing
libseccomp.pc' to the PKG_CONFIG_PATH environment variable No package 'libseccomp' found Package libseccomp was not found in the pkg-config search path. Perhaps you should add the directory containinglibseccomp.pc’ to the PKG_CONFIG_PATH environment variable No package ‘libseccomp’ found pkg-config: exit status 1 make: * [bin/buildah] 错误 2
buildah依赖 devmapper libseccomp 需要安装
yum install devmapper libseccomp
Error writing blob: Error initiating layer upload to /v2/admin/print-num/blobs/uploads/ in 120.77.216.9: unauthorized: unauthorized to access repository: admin/print-num, action: push: unauthorized to access repository: admin/print-num, action: push
修复建议: 需要提前login登录私有仓库中
buildah bud -f test -t 120.77.216.9/admin/nginx:v1.0STEP 1: FROM docker.io/library/nginx:1.20.0STEP 2: RUN echo 'This is version 4' > /usr/share/nginx/html/index.htmlWARN[0004] Path "/usr/share/rhel/secrets" from "/usr/share/containers/mounts.conf" doesn't exist, skipping/bin/sh: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directoryerror building at STEP "RUN echo 'This is version 4' > /usr/share/nginx/html/index.html": error while running runtime: exit status 127
修复建议: 缺乏 container-selinux 依赖包 yum install container-selinux
若有收获,就点个赞吧
0 人点赞
