This slide intentionally left blank
Bootable
Containers
Note
All material, including source, presentation, build workflow, containers, disk images, etc. are published on
containers
Containerfile
describes content
FROM
RUN, USER
COPY, ADD
what runs
CMD
ENTRYPOINT
or describes runtime use
EXPOSE
VOLUME
Example
CMD
FROM quay.io/fedora/fedora
RUN dnf install -y cowsay
CMD [ "cowsay", "Moo" ]$ podman build -t cowsay -f Containerfile .$ podman run --rm cowsay _____
< Moo >
-----
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||$ podman run -it --rm cowsay bashbash-5.2#Example
ENTRYPOINT
FROM quay.io/fedora/fedora
RUN dnf install -y cowsay
ENTRYPOINT [ "cowsay" ]$ podman build -t cowsay -f Containerfile .$ podman run --rm cowsay MooApplication Containers
Single process
Long running
supervisor process
System Containers
FROM ...
RUN dnf install -y systemd
ENTRYPOINT [ "/sbin/init" ]$ podman run -d --name system system$ podman exec system cowsay Moo
System and Service Manager
Still a container
No 'container'-provided kernel
What if ...
we include a kernel ?
and call it a Machine Container ?
Still a container
the container runtime
runs 'isolated' processes
using a namespace
Bootable Container
FROM quay.io/fedora/fedora-bootc
RUN useradd -m -d /var/home/admin -G wheel admin \
&& echo "admin:password" | chpasswd
...Still a container
therefore easy to build and test
Important
The full container image name is:
ghcr.io/gbraad-redhat/fedora-bootc-example/fedora-bootc:latest
In most slides this will be shortened
$ podman build -t ghcr.io/.../fedora-bootc \
-f Containerfile .$ podman push ghcr.io/.../fedora-bootc$ podman run -it ghcr.io/.../fedora-bootc bashbash-5.2# cat /etc/os-release
NAME="Fedora Linux"
VERSION="41.20250119.0 (Forty One)"
...
OSTREE_VERSION='41.20250119.0'Wait a minute
bootable
machines
run
/sbin/init
$ podman run -d --name test ghcr.io/.../fedora-bootc:latest
52cae56640ff...4840bff9$ podman ps
CONTAINER ID IMAGE COMMAND STATUS NAMES
52cae56640ff ghcr.io/...est /sbin/init Up 4 seconds testsuccess ?
$ podman exec -it test bashbash-5.2# uname -naLinux 52cae56640ff 5.15.167.4-microsoft-standard-WSL2bootable
machines
start a
bootloader
We do not
'boot' containers
We instead
'run' containers
We just ran a
system container
What if ...
We create a
disk image
$ sudo podman run \
-v ./output:/output \
quay.io/centos-bootc/bootc-image-builder
--target-arch amd64 \
--type qcow2 \
--rootfs xfs \
... \
ghcr.io/gbraad-redhat/fedora-bootc-example/fedora-bootcand start a
Virtual Machine
$ sudo virt-install \
--name fedora-bootc \
--cpu host \
--vcpus 2 \
--memory 2048 \
--import --disk ./output/qcow2/disk.qcow2 \
--os-variant fedora-elnLogin
Use console or SSH
Note
Username: admin
Password: password
Groups: wheel
Recap
We used a
Containerfile
to describe the contents
We produced an
OCI
container-image
We converted this into a
qcow2
disk image
run a
container-image
as a
virtual machine
Why does
this matter ?
$ sudo bootc status
No staged image present
Current booted image: ghcr.io/.../fedora-bootc:latest
Image version: 41.2025019.0 (...)
Image digest: sha256:4074...
No rollback image presentForgot to include
cowsay
$ sudo dnf install -y cowsay
Updating and loading repositories:
...
Transaction Summary:
Installing: 1 package
...Running transction
Transaction failed: Rpm transaction failed.
- installing cowsay needs 376KB more on the / filesystemImmutable
As a virtual machine
this runs as an immutable environment
ostree
Version control system on an entire filesystem
/etc, /var
to store configuration, state, ...
Instead we
update the
Containerfile
FROM quay.io/fedora/fedora-bootc
...
RUN dnf install -y cowsay... build the new container image
$ podman build -t ghcr.io/.../fedora-bootc \
-f Containerfile .... we push this new container image
$ podman push ghcr.io/.../fedora-bootc... and update the virtual machine
$ sudo bootc update
layers already present: 65; layers needed: 2 (117.6 MB)
$ sudo bootc update
layers already present: 65; layers needed: 2 (117.6 MB)
Fetching layers ██████████░░░░░░░░░░ 1/2
└ Fetching ███░░░░░░░░░░░░░░░░░ 18.11 MiB/112.12 MiB$ sudo bootc update
layers already present: 65; layers needed: 2 (117.6 MB)
Fetching layers ████████████████████ 2/2
└ Fetching ████████████████████ 112.12 MiB/112.12 MiB$ sudo bootc update
layers already present: 65; layers needed: 2 (117.6 MB)
Fetched layers: 112.12 MiB in 21 seconds (5.39 MiB/s)
⠖ Deploying$ sudo bootc update
layers already present: 65; layers needed: 2 (117.6 MB)
Fetched layers: 112.12 MiB in 21 seconds (5.39 MiB/s)
Deploying: done (4 seconds)
Queued for next boot: ghcr.io/.../fedora-bootc:latest
Version: 41.20250119.0
Digest: sha256:990c...
Total new layers: 67 Size: 948.3 MB
Removed layers: 1 Size: 1.8 kB
Added layers: 2 Size: 117.6 MBReboot
$ sudo bootc status
Current staged image: ghcr.io/.../fedora-bootc:latest
Image version: 41.2025019.0 (...)
Image digest: sha256:990c...
...$ sudo rebootSuccess!
$ cowsay Moo _____
< Moo >
-----
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||Rollback
$ sudo bootc status
No staged image present
Current booted image: ghcr.io/.../fedora-bootc:latest
Image version: 41.2025019.0 (...)
Image digest: sha256:990c...
Current rollback image: ghcr.io/.../fedora-bootc:latest
Image version: 41.2025019.0 (...)
Image digest: sha256:4074...Do I need a
non-bootc
container ?
$ podman images
REPOSITORY IMAGE ID CREATED SIZEghcr.io/.../fedora 0fafe7a42ce5 3 hours ago 164 MBghcr.io/.../fedora-bootc 44b1d53d7593 2 hours ago 1.85 GB$ podman run -it --rm ghcr.io/.../fedora-bootc bashbash-5.2# sudo bootc statusSystem is not deployed via bootc.Mutable
Testable
.devcontainer/devcontainer.json
{
"name": "Fedora bootc example",
"image": "ghcr.io/.../fedora-bootc:latest",
"runArgs": [ ],
"overrideCommand": false,
"privileged": true,
"remoteUser": "admin"
}Containerfile
describes content
There is more
export different disk image types
target different architecture
config.toml for customization
Fedora, CentOS, RHEL
...
Questions
Thank you
This slide intentionally left blank