Buildah usage, when agola executor in docker mode

I’ve tried with buildah in Jenkins, refer to this:

I prefer to buildah other than kaniko, As buildah bud -t myimg . just same usage with docker. And few months ago ADD --chown user:user dirs were not supported by kaniko

As I known:

• 1.need --privileged
• 2.buildah with volume mount to avoid overfs on overfs

The second I can have a try, As the first item, How the task container be set with --privileged?

You have to do two main things:

Set the allowPrivilegedContainers executor configuration option to true

Example:

executor:
  dataDir: ...
  runserviceURL: ...
  web:
    listenAddress: ...
  driver:
    type: ...
  allowPrivilegedContainers: true

Set the task runtime container as privileged:

runs:
  - name: ...
    tasks:
      - name: ...
        runtime:
          containers:
            - image: ...
              privileged: true

We are using this with dind containers doing a docker build and it works.

Will open an agola site issue to document this since it’s currently undocumented.

Agola doc enhancement issue:

Thx for providing the --privileged info, It works for me now:

My cnf: (with tmpfs volumes)

            containers: [
              {
                privileged: true,
                image: 'registry.cn-shenzhen.aliyuncs.com/k-spe/dvp-buildah:v3',
                volumes: [
                  { path: '/var/lib/containers', tmpfs: {size: '5120Mi'} },
                  { path: '/run/containers', tmpfs: {} },
                ],               
              },
            ],

Result:

[root@cd14cad5a1f3 /]# df -h
Filesystem      Size  Used Avail Use% Mounted on
overlay          50G   13G   35G  27% /
tmpfs            64M     0   64M   0% /dev
tmpfs           996M     0  996M   0% /sys/fs/cgroup
/dev/vda1        50G   13G   35G  27% /mnt/agola
shm              64M     0   64M   0% /dev/shm
tmpfs           996M     0  996M   0% /run/containers
tmpfs           5.0G     0  5.0G   0% /var/lib/containers


[root@cd14cad5a1f3 /]# cd /workspace/target_gin/
[root@cd14cad5a1f3 target_gin]# ls
Dockerfile  binary  build_img.sh

[root@78b3cd48d942 target_gin]# bh bud -t ss1 .
STEP 1: FROM registry.xxx.com/xx/alpine-ext:v1.0
Getting image source signatures
Copying blob c87736221ed0 done
Copying blob 38d28e40420d done
Copying blob 0db4201b9759 done
Copying blob 4828f991ea68 done
Copying blob d6b32986f55d done
Copying blob 8774bf595d4d done
Copying config 1f965d7463 done
Writing manifest to image destination
Storing signatures
STEP 2: ENV TIMEZONE Asia/Shanghai
STEP 3: ENV LANG C.UTF-8
STEP 4: ENV ver=v1
STEP 5: ADD binary /dist
STEP 6: USER root
STEP 7: WORKDIR /dist
STEP 8: ENTRYPOINT ["bash","-c","/dist/server"]
STEP 9: COMMIT ss1
Getting image source signatures
Copying blob d9ff549177a9 skipped: already exists
Copying blob d59370a73180 skipped: already exists
Copying blob 9cd0ecd0ec42 skipped: already exists
Copying blob d27eed411231 skipped: already exists
Copying blob 098fe7d33508 skipped: already exists
Copying blob 0556ab5fd70c skipped: already exists
Copying blob a3f88eb79909 done
Copying config ec72183114 done
Writing manifest to image destination
Storing signatures
ec72183114e60376d79d89336d54cb2b6303766b3712527bf29c3833e52b571a