Buildah is a valuable tool in the container ecosystem. As an effort to get more familiar with it, and to finally get my hand-rolled version of Keystone to deploy on Kubernetes, I decided to work through building a couple of Keystone based containers with Buildah.
First, I went with the simple approach of modifying my old Dockerfiles to a later release of OpenStack, and kick off the install using buildah. I went with Stein.
Why not Train? Because eventually I want to test 0 down time upgrades. More on that later
The buildah command was just:
buildah bud -t keystone
However, to make that work, I had to adjust the Dockerfile. Here is the diff:
diff --git a/keystoneconfig/Dockerfile b/keystoneconfig/Dockerfile index 149e62f..cd5aa5c 100644 --- a/keystoneconfig/Dockerfile +++ b/keystoneconfig/Dockerfile @@ -1,11 +1,11 @@ -FROM index.docker.io/centos:7 +FROM docker.io/centos:7 MAINTAINER Adam Young <firstname.lastname@example.org> -RUN yum install -y centos-release-openstack-rocky &&\ +RUN yum install -y centos-release-openstack-stein &&\ yum update -y &&\ yum -y install openstack-keystone mariadb openstack-utils &&\ yum -y clean all COPY ./keystone-configure.sql / COPY ./configure_keystone.sh / -CMD /configure_keystone.sh \ No newline at end of file +CMD /configure_keystone.sh
The biggest difference is that I had to specify the name of the base image without the “index.” prefix. Buildah is strictah (heh) in what it accepts.
I also updated the package to stein. When I was done, I had the following:
$ buildah images REPOSITORY TAG IMAGE ID CREATED SIZE localhost/keystone latest e52d224fa8fe 13 minutes ago 509 MB docker.io/library/centos 7 5e35e350aded 3 weeks ago 211 MB
What if I wanted to do these same things via manual steps? Following the advice from the community, I can translate from Dockerfile-ese to buildah. First, I can fetch the original image using the buildah from command:
container=$(buildah from docker.io/centos:7) $ echo $container centos-working-container
Now Add things to the container. We don’t build a new layer with each command, so the && approach is not required. So for the yum installs:
buildah run $container yum install -y centos-release-openstack-stein buildah run $container yum update -y buildah run $container yum -y install openstack-keystone mariadb openstack-utils buildah run $container yum -y clean all
To Get the files into the container, use the copy commands:
buildah copy $container ./keystone-configure.sql / buildah copy $container ./configure_keystone.sh /
The final steps: tell the container what command to run and commit it to an image.
buildah config --cmd /configure_keystone.sh $container buildah commit $container keystone
What do we end up with?
$ buildah images REPOSITORY TAG IMAGE ID CREATED SIZE localhost/keystone latest 09981bc1e95a About a minute ago 509 MB docker.io/library/centos 7 5e35e350aded 3 weeks ago 211 MB
Since I have an old, hard-coded IP address for the MySQL server, it is going to fail. But lets see:
buildah run centos-working-container /configure_keystone.sh 2019-12-03T16:34:16.000691965Z: cannot configure rootless cgroup using the cgroupfs manager Database
And there it hangs. We’ll work on that in a bit.
committed the container before setting the author field. That should be a line like:
buildah config --author "email@example.com"
to map line-to-line with the Dockerfile.