1buildah(1) General Commands Manual buildah(1)
2
3
4
6 Buildah - A command line tool that facilitates building OCI container
7 images.
8
9
11 buildah [OPTIONS] COMMAND [ARG...]
12
13
15 The Buildah package provides a command line tool which can be used to:
16
17
18 * Create a working container, either from scratch or using an image as a starting point.
19 * Mount a working container's root filesystem for manipulation.
20 * Unmount a working container's root filesystem.
21 * Use the updated contents of a container's root filesystem as a filesystem layer to create a new image.
22 * Delete a working container or an image.
23 * Rename a local container.
24
25
26
28 --cgroup-manager=manager
29
30
31 The CGroup manager to use for container cgroups. Supported values are
32 cgroupfs or systemd. Default is systemd unless overridden in the con‐
33 tainers.conf file.
34
35
36 Note: Setting this flag can cause certain commands to break when called
37 on containers previously created by the other CGroup manager type.
38 Note: CGroup manager is not supported in rootless mode when using
39 CGroups Version V1.
40
41
42 --log-level value
43
44
45 The log level to be used. Either "trace", "debug", "info", "warn", "er‐
46 ror", "fatal", or "panic", defaulting to "warn".
47
48
49 --help, -h
50
51
52 Show help
53
54
55 --registries-conf path
56
57
58 Pathname of the configuration file which specifies which container reg‐
59 istries should be consulted when completing image names which do not
60 include a registry or domain portion. It is not recommended that this
61 option be used, as the default behavior of using the system-wide con‐
62 figuration (/etc/containers/registries.conf) is most often preferred.
63
64
65 --registries-conf-dir path
66
67
68 Pathname of the directory which contains configuration snippets which
69 specify registries which should be consulted when completing image
70 names which do not include a registry or domain portion. It is not
71 recommended that this option be used, as the default behavior of using
72 the system-wide configuration (/etc/containers/registries.d) is most
73 often preferred.
74
75
76 --root value
77
78
79 Storage root dir (default: "/var/lib/containers/storage" for UID 0,
80 "$HOME/.local/share/containers/storage" for other users) Default root
81 dir is configured in /etc/containers/storage.conf
82
83
84 --runroot value
85
86
87 Storage state dir (default: "/run/containers/storage" for UID 0,
88 "/run/user/$UID" for other users) Default state dir is configured in
89 /etc/containers/storage.conf
90
91
92 --short-name-alias-conf path
93
94
95 Pathname of the file which contains cached mappings between short image
96 names and their corresponding fully-qualified names. It is used for
97 mapping from names of images specified using short names like "ubi8"
98 which don't include a registry component and a corresponding fully-
99 specified name which includes a registry and any other components, such
100 as "registry.access.redhat.com/ubi8". It is not recommended that this
101 option be used, as the default behavior of using the system-wide cache
102 (/var/cache/containers/short-name-aliases.conf) or per-user cache
103 ($HOME/.cache/containers/short-name-aliases.conf) to supplement system-
104 wide defaults is most often preferred.
105
106
107 --storage-driver value
108
109
110 Storage driver. The default storage driver for UID 0 is configured in
111 /etc/containers/storage.conf ($HOME/.config/containers/storage.conf in
112 rootless mode), and is vfs for other users. The STORAGE_DRIVER envi‐
113 ronment variable overrides the default. The --storage-driver specified
114 driver overrides all.
115
116
117 Examples: "overlay", "vfs"
118
119
120 Overriding this option will cause the storage-opt settings in /etc/con‐
121 tainers/storage.conf to be ignored. The user must specify additional
122 options via the --storage-opt flag.
123
124
125 --storage-opt value
126
127
128 Storage driver option, Default storage driver options are configured in
129 /etc/containers/storage.conf ($HOME/.config/containers/storage.conf in
130 rootless mode). The STORAGE_OPTS environment variable overrides the de‐
131 fault. The --storage-opt specified options overrides all.
132
133
134 --userns-gid-map mapping
135
136
137 Directly specifies a GID mapping which should be used to set ownership,
138 at the filesystem level, on the working container's contents. Commands
139 run when handling RUN instructions will default to being run in their
140 own user namespaces, configured using the UID and GID maps.
141
142
143 Entries in this map take the form of one or more colon-separated
144 triples of a starting in-container GID, a corresponding starting host-
145 level GID, and the number of consecutive IDs which the map entry repre‐
146 sents.
147
148
149 This option overrides the remap-gids setting in the options section of
150 /etc/containers/storage.conf.
151
152
153 If this option is not specified, but a global --userns-gid-map setting
154 is supplied, settings from the global option will be used.
155
156
157 If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-
158 gid-map are specified, but --userns-uid-map is specified, the GID map
159 will be set to use the same numeric values as the UID map.
160
161
162 NOTE: When this option is specified by a rootless user, the specified
163 mappings are relative to the rootless usernamespace in the container,
164 rather than being relative to the host as it would be when run rootful.
165
166
167 --userns-uid-map mapping
168
169
170 Directly specifies a UID mapping which should be used to set ownership,
171 at the filesystem level, on the working container's contents. Commands
172 run when handling RUN instructions will default to being run in their
173 own user namespaces, configured using the UID and GID maps.
174
175
176 Entries in this map take the form of one or more colon-separated
177 triples of a starting in-container UID, a corresponding starting host-
178 level UID, and the number of consecutive IDs which the map entry repre‐
179 sents.
180
181
182 This option overrides the remap-uids setting in the options section of
183 /etc/containers/storage.conf.
184
185
186 If this option is not specified, but a global --userns-uid-map setting
187 is supplied, settings from the global option will be used.
188
189
190 If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-
191 uid-map are specified, but --userns-gid-map is specified, the UID map
192 will be set to use the same numeric values as the GID map.
193
194
195 NOTE: When this option is specified by a rootless user, the specified
196 mappings are relative to the rootless usernamespace in the container,
197 rather than being relative to the host as it would be when run rootful.
198
199
200 --version, -v
201
202
203 Print the version
204
205
207 Buildah can set up environment variables from the env entry in the [en‐
208 gine] table in the containers.conf(5). These variables can be overrid‐
209 den by passing environment variables before the buildah commands.
210
211
213 ┌───────────┬───────────────────────┬────────────────────────────────┐
214 │Command │ Man Page │ Description │
215 ├───────────┼───────────────────────┼────────────────────────────────┤
216 │add │ buildah-add(1) │ Add the contents of a file, │
217 │ │ │ URL, or a directory to the │
218 │ │ │ container. │
219 ├───────────┼───────────────────────┼────────────────────────────────┤
220 │build │ buildah-build(1) │ Builds an OCI image using in‐ │
221 │ │ │ structions in one or more Con‐ │
222 │ │ │ tainerfiles. │
223 ├───────────┼───────────────────────┼────────────────────────────────┤
224 │commit │ buildah-commit(1) │ Create an image from a working │
225 │ │ │ container. │
226 ├───────────┼───────────────────────┼────────────────────────────────┤
227 │config │ buildah-config(1) │ Update image configuration │
228 │ │ │ settings. │
229 ├───────────┼───────────────────────┼────────────────────────────────┤
230 │containers │ buildah-containers(1) │ List the working containers │
231 │ │ │ and their base images. │
232 ├───────────┼───────────────────────┼────────────────────────────────┤
233 │copy │ buildah-copy(1) │ Copies the contents of a file, │
234 │ │ │ URL, or directory into a con‐ │
235 │ │ │ tainer's working directory. │
236 ├───────────┼───────────────────────┼────────────────────────────────┤
237 │from │ buildah-from(1) │ Creates a new working con‐ │
238 │ │ │ tainer, either from scratch or │
239 │ │ │ using a specified image as a │
240 │ │ │ starting point. │
241 ├───────────┼───────────────────────┼────────────────────────────────┤
242 │images │ buildah-images(1) │ List images in local storage. │
243 ├───────────┼───────────────────────┼────────────────────────────────┤
244 │info │ buildah-info(1) │ Display Buildah system infor‐ │
245 │ │ │ mation. │
246 ├───────────┼───────────────────────┼────────────────────────────────┤
247 │inspect │ buildah-inspect(1) │ Inspects the configuration of │
248 │ │ │ a container or image │
249 ├───────────┼───────────────────────┼────────────────────────────────┤
250 │login │ buildah-login(1) │ Login to a container registry. │
251 ├───────────┼───────────────────────┼────────────────────────────────┤
252 │logout │ buildah-logout(1) │ Logout of a container registry │
253 ├───────────┼───────────────────────┼────────────────────────────────┤
254 │manifest │ buildah-manifest(1) │ Create and manipulate manifest │
255 │ │ │ lists and image indexes. │
256 ├───────────┼───────────────────────┼────────────────────────────────┤
257 │mkcw │ buildah-mkcw(1) │ Convert a conventional con‐ │
258 │ │ │ tainer image into a confiden‐ │
259 │ │ │ tial workload image. │
260 ├───────────┼───────────────────────┼────────────────────────────────┤
261 │mount │ buildah-mount(1) │ Mount the working container's │
262 │ │ │ root filesystem. │
263 ├───────────┼───────────────────────┼────────────────────────────────┤
264 │prune │ buildah-prune(1) │ Cleanup intermediate images as │
265 │ │ │ well as build and mount cache. │
266 ├───────────┼───────────────────────┼────────────────────────────────┤
267 │pull │ buildah-pull(1) │ Pull an image from the speci‐ │
268 │ │ │ fied location. │
269 ├───────────┼───────────────────────┼────────────────────────────────┤
270 │push │ buildah-push(1) │ Push an image from local stor‐ │
271 │ │ │ age to elsewhere. │
272 ├───────────┼───────────────────────┼────────────────────────────────┤
273 │rename │ buildah-rename(1) │ Rename a local container. │
274 ├───────────┼───────────────────────┼────────────────────────────────┤
275 │rm │ buildah-rm(1) │ Removes one or more working │
276 │ │ │ containers. │
277 ├───────────┼───────────────────────┼────────────────────────────────┤
278 │rmi │ buildah-rmi(1) │ Removes one or more images. │
279 ├───────────┼───────────────────────┼────────────────────────────────┤
280 │run │ buildah-run(1) │ Run a command inside of the │
281 │ │ │ container. │
282 ├───────────┼───────────────────────┼────────────────────────────────┤
283 │source │ buildah-source(1) │ Create, push, pull and manage │
284 │ │ │ source images and associated │
285 │ │ │ source artifacts. │
286 ├───────────┼───────────────────────┼────────────────────────────────┤
287 │tag │ buildah-tag(1) │ Add an additional name to a │
288 │ │ │ local image. │
289 ├───────────┼───────────────────────┼────────────────────────────────┤
290 │umount │ buildah-umount(1) │ Unmount a working container's │
291 │ │ │ root file system. │
292 ├───────────┼───────────────────────┼────────────────────────────────┤
293 │unshare │ buildah-unshare(1) │ Launch a command in a user │
294 │ │ │ namespace with modified ID │
295 │ │ │ mappings. │
296 ├───────────┼───────────────────────┼────────────────────────────────┤
297 │version │ buildah-version(1) │ Display the Buildah Version │
298 │ │ │ Information │
299 └───────────┴───────────────────────┴────────────────────────────────┘
300
302 storage.conf (/etc/containers/storage.conf)
303
304
305 storage.conf is the storage configuration file for all tools using con‐
306 tainers/storage
307
308
309 The storage configuration file specifies all of the available container
310 storage options for tools using shared container storage.
311
312
313 mounts.conf (/usr/share/containers/mounts.conf and optionally /etc/con‐
314 tainers/mounts.conf)
315
316
317 The mounts.conf files specify volume mount files or directories that
318 are automatically mounted inside containers when executing the buildah
319 run or buildah build commands. Container processes can then use this
320 content. The volume mount content does not get committed to the final
321 image.
322
323
324 Usually these directories are used for passing secrets or credentials
325 required by the package software to access remote package repositories.
326
327
328 For example, a mounts.conf with the line "/usr/share/rhel/se‐
329 crets:/run/secrets", the content of /usr/share/rhel/secrets directory
330 is mounted on /run/secrets inside the container. This mountpoint al‐
331 lows Red Hat Enterprise Linux subscriptions from the host to be used
332 within the container. It is also possible to omit the destination if
333 it's equal to the source path. For example, specifying /var/lib/se‐
334 crets will mount the directory into the same container destination path
335 /var/lib/secrets.
336
337
338 Note this is not a volume mount. The content of the volumes is copied
339 into container storage, not bind mounted directly from the host.
340
341
342 registries.conf (/etc/containers/registries.conf)
343
344
345 registries.conf is the configuration file which specifies which con‐
346 tainer registries should be consulted when completing image names which
347 do not include a registry or domain portion.
348
349
350 registries.d (/etc/containers/registries.d)
351
352
353 Directory which contains configuration snippets which specify reg‐
354 istries which should be consulted when completing image names which do
355 not include a registry or domain portion.
356
357
359 containers.conf(5), containers-mounts.conf(5), newuidmap(1),
360 newgidmap(1), containers-registries.conf(5), containers-storage.conf(5)
361
362
364 December 2017, Originally compiled by Tom Sweeney tsweeney@redhat.com
365 ⟨mailto:tsweeney@redhat.com⟩
366
367
368
369buildah March 2017 buildah(1)