-
Notifications
You must be signed in to change notification settings - Fork 766
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Buildah images not so small? #532
Comments
I don't think this is a direct comparison. If you track down the centos 7 base image, it looks like it's built using a base filesystem tarball rather than using yum to install the base system. The centos 7 docker image on docker hub links to the dockerfile, the base filesystem tarball is in the repo: There are likely other unnecessary files stripped out of the centos images. |
@pixdrift Yes, of course its not an exact comparison as they were built differently. |
https://github.com/CentOS/sig-cloud-instance-build/blob/master/docker/centos-7.ks also does a few more cleanups. |
@tdudgeon Could you check to see where the extra size is coming from? du -sM /* To show if there is any weird space being used. |
Could this be the CLanguage bindings? |
It might be helpful to start with determining whether the difference in size is due to the container contents, or due to the tooling. Is the ratio between |
Not a direct comparison, but another data point. Used the provided script to build from Oracle Linux 7 repo.
Then pushed to the docker-daemon using
So there is a minor discrepancy in reported size, but in this case buildah is less than docker. Need to build in docker too for comparison. |
I built the centos:7 container from the upstream Dockerfile using
Pushed to docker:
Looks like the tooling difference. The kickstart used to build the centos 7 filesystem image posted by @mtrmac shows the initial package selection is quite different. |
Pulling apart the ks file posted above, and looking in the image, it looks like the documentation (~4MB) and locale-archive (~99MB) is what is causing the size issues. If you force your locale in the yum installer and specify nodocs, you will get a significantly smaller base image:
Updated buildah script:
Interested to know if this works ok from your CentOS source, and what kind of result you get with regard to size. |
@pixdrift Hey that makes a big difference. In my case it builds an image that is 91.56 MB in size. Much smaller than the original 212.1 MB (though still a fair bit bigger than your one of 56.4 MB). |
@tdudgeon I suspect the difference in size is due to package dependency creep in the included packages. The build I was using may be from a 7.2/7.3 repo (was a random dev instance I had). Will have a closer look tomorrow and point it at 7.4. In total, I believe there were 20 rpms installed. |
@tdudgeon Is Buildah now smaller the docker build? |
@ipbabble Might be worth a blog on how to handle languages and make smaller images. |
@rhatdan Yes, the centos:7 image on Docker Hub is 195 MB whilst my latest equivalent with buildah is 91.56 MB. So just under half the size. |
WooHoo. |
The Docker Hub centos:7 image has 143 packages. |
You guys might also want to take a look at the atomic image https://github.com/CentOS/atomic-container. It is built using microdnf and is already as small as 78 mb |
@mohammedzee1000, Thanks for the suggestion, this image uses essentially the same package selection as I have outlined above with the os release, microdnf and systemd added.. then some manual cleanup of the resulting filesystem.
I am interested to know how my OL7 image ended up so much smaller (package count and size) than CentOS, I can only assume dependency changes. @tdudgeon, can you post an RPM list from your container and I will put together a comparison? The yum installation log from buildah should be enough and won't require modifications to the image contents. |
you can save some space removing the locales you don't need. This should be quite safe to do:
|
@giuseppe, this is redundant if you use the yum parameter I have provided above ( The locale-archive when specifying the language in yum is 1.1M instead of the default 100M, this is the primary change that saved the space for @tdudgeon |
Resulting OL7 package list from my posted buildah script above (image size: 56.4MB)
The same when using RHEL 7.4 (image size: 57.08 MB):
Interested to know why CentOS 7 is larger using the same process. |
Ack. On PTO but will take a look as soon as possible.
Been looking at this for RadAnalytics issues too.
William
On Tue, Mar 27, 2018 at 6:57 AM Daniel J Walsh ***@***.***> wrote:
@ipbabble <https://github.com/ipbabble> Might be worth a blog on how to
handle languages and make smaller images.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#532 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABPpgaOUldcqatj1AlfrF1b8noF5bcBbks5tiikzgaJpZM4S6OS->
.
--
Sent from Gmail Mobile on iPhone
|
Something strange is definitely happening. I just ran the same script as above on a fresh CentOS 7.4 build.. and I also got a 91.57MB result, which is 40MB bigger than either RHEL 7 or OL 7. The package list is the same number (40).. so something is odd. Going to go through and compare images now. Here is the package list from the CentOS 7.4 image.
|
Problem in CentOS was yum cache data not being cleaned up correctly. In my case it was epel repo. This could be solved by using '--disablerepo=epel' to the yum command, but people may want to install packages from here as part of the image creation. I have an updated script here which uses rm to clean up the yum cache, and it brings the CentOS 7 image down below 57MB. |
@pixdrift @tdudgeon FYI, I just posted a little blog on this issue at http://www.projectatomic.io/blog/2018/04/open-source-what-a-concept/. Thanks a bunch for inspiring it and for your contributions here! |
Cull funcs from runtime_img.go which are no longer needed. Also, fix any remaining spots that use the old image technique. Signed-off-by: baude <bbaude@redhat.com> Closes: #532 Approved by: mheon
@TomSweeneyRedHat, thanks for posting the article. It should be noted that I identified two further things in this thread that are worth mentioning in the blog post.
Updated script is here: |
@pixdrift I think the --setop=install_weak_deps might have some effect on a Fedora system. I don't believe RHEL or CENTOS Support week dependencies. |
Thanks @rhatdan, that helps explain it. I would expect a Fedora script to do the same (create a minimal base image) would be using |
Just for completeness, I tried rebuilding the base centos7 image but with the extra Thanks all! |
Maybe an idea to use https://github.com/GoogleCloudPlatform/container-diff as it recently got support for RPM, but it can help with comparing containers even just on file level. |
@pixdrift yep, noted the additional input from you. I didn't want to add it to the blog post as I've found a blog length of about 4 pages in a word processor software is about as long as you want. So I tried to show the initial breadcrumbs in the blog and then gave a couple of pointers and a tease to this issue here so they could dive even deeper. I do very much appreciate your contributions here though, it's been some really great work. |
I might take a stab at a blog on this from a security point of view. |
Would there be value capturing some of these buildah scripts for base OS container builds in |
Sure maybe an examples directory. |
@pixdrift I was thinking about that, didn't know if it made sense there, examples and/or tutorials. But I definitely wanted to save at least the final result somewhere after the dust settled. |
The following may also be interesting to people following this thread: This example uses In this example the pip module is ansible (which could have just as easily been installed as an rpm), but it's really to demonstrate building containers to run Python code as it is a use case I see repeated in EL7 environments. In this case I am developing an apb-base style image using buildah to run Ansible playbooks. The resulting image in this case which includes python + Ansible 2.5.0 and all required dependencies is around 150MB. Leaving pip outside the container looks to save around 10MB (depending on method).. and more if compilers etc. are required. Still determining if there is any impact to the pip installation on the host, but looks good so far. |
@pixdrift Want to write a blog describing this? |
Blogs have been written explaining this. |
Just for the record I finally got round to writing this up as a blog post: |
Excellent news @tdudgeon , thanks for sharing! |
I should probably (finally) mention I did do a write up (months ago) that included the same process for EL8, with comparisons to the Red Hat UBI images. In case someone is stumbling across this thread and looking for additional content on the subject, I posted it here, with the README.md describing the outcomes: |
Description
One of the key points of buildah is that it allows you to build small images without lots of extra fluff like yum and python. What I'm finding is that the images buildah creates are bigger than the traditional docker images, even though they don't contain this extra fluff.
What is happening here?
Steps to reproduce the issue:
This is all done on a new Centos7 cloud image with docker and buildah installed from RPMs.
First let's define our target.
The Docker images is 195MB in size.
Now let's create a minimal image with only coreutils and bash packages added (the dockere image has both of these present). Here is the script I used:
Run this script:
Now let's look at the image that is built:
Hey! The image is 212MB in size, bigger than the Docker image. And looking into it confirms it does have yum or python installed.
Why is it bigger, not smaller?
The text was updated successfully, but these errors were encountered: