Docker镜像构建

一、手动构建Docker镜像

容器不会继承镜像中的/etc/hosts文件内容;

校正容器时区:/bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

1.Docker单服务镜像

本例示范制作基于CentOS 6的Nginx服务镜像

step 1 启动纯净的Linux发行版容器

docker run -it -p 宿主机端口:容器端口 镜像名称:版本 初始命令
[root@docker01 ~]# docker run -p 80:80 -it centos:6.9 /bin/bash
[root@6cf6bca9da7e /]# cat /etc/redhat-release 
CentOS release 6.9 (Final)
[root@6cf6bca9da7e /]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-6.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2523  100  2523    0     0   6125      0 --:--:-- --:--:-- --:--:-- 37656
[root@6cf6bca9da7e /]# yum install -y wget
Loaded plugins: fastestmirror, ovl
Setting up Install Process
......
Installed:
  wget.x86_64 0:1.12-10.el6                                                                                        

Complete!
[root@6cf6bca9da7e /]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
100%[=========================================================================>] 664         --.-K/s   in 0s      

2020-06-02 02:08:21 (173 MB/s) - `/etc/yum.repos.d/epel.repo' saved [664/664]

step 2 安装应用服务

yum install -y nginx
[root@6cf6bca9da7e /]# cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[root@6cf6bca9da7e /]# yum install -y nginx
Loaded plugins: fastestmirror, ovl
Setting up Install Process
Determining fastest mirrors
......

Complete!
[root@6cf6bca9da7e /]# exit
exit
#测试
[root@6cf6bca9da7e /]# service nginx start 
Starting nginx:                                            [  OK  ]
[root@6cf6bca9da7e /]# curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Tue, 02 Jun 2020 02:16:14 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 21 Apr 2020 15:07:42 GMT
Connection: keep-alive
ETag: "5e9f0c3e-264"
Accept-Ranges: bytes

step 3 将容器提交为镜像

docker container commit 容器ID 镜像名称:版本
[root@docker01 ~]# docker container commit 6cf6bca9da7e nginx_on_centos6.9:v1
sha256:3423707d689f16814a103cb1fea968a9b352525689dd50aa75968d93bc6123c5
[root@docker01 ~]# docker images| head -3
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
nginx_on_centos6.9                               v1                  3423707d689f        52 seconds ago      368MB
nginx                                            latest              540a289bab6c        7 months ago        126MB

step 4 测试镜像功能

docker run -p 宿主机端口:容器端口 镜像名称:版本 初始命令
[root@docker01 ~]# docker run -d -p 81:80 nginx_on_centos6.9:v1 nginx -g 'daemon off;'
c7a3094c5e11d6bf560cbfc11ef215d822a46e3c860817949c01d8fde422b633
[root@docker01 ~]# docker ps -a 
CONTAINER ID        IMAGE                   COMMAND                   CREATED             STATUS                      PORTS                NAMES
c7a3094c5e11        nginx_on_centos6.9:v1   "nginx -g 'daemon of…"    3 seconds ago       Up 2 seconds                0.0.0.0:81->80/tcp   goofy_colden
6cf6bca9da7e        centos:6.9              "/bin/bash"               About an hour ago   Exited (0) 14 minutes ago                        relaxed_easley
#测试 
[root@docker01 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      7176/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      7277/master         
tcp6       0      0 :::81                   :::*                    LISTEN      14802/docker-proxy  
tcp6       0      0 :::22                   :::*                    LISTEN      7176/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      7277/master         
[root@docker01 ~]# curl -I 127.0.0.1:81
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Tue, 02 Jun 2020 03:25:45 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 21 Apr 2020 15:07:42 GMT
Connection: keep-alive
ETag: "5e9f0c3e-264"
Accept-Ranges: bytes

2.Docker多服务镜像

本例示范制作基于CentOS 6的KOD网盘镜像

可道云Explorer
文件提取码:rl1q
官网发布的新版可道云Box需要依赖数据库,因此我们借助旧版。

step 1 启动基于Cent OS 6系统的Nginx服务镜像

docker run -it -p 宿主机端口:容器端口 镜像名称:版本 初始命令
[root@docker01 ~]# docker run -it -p 80:80 nginx_on_centos6.9:v1 /bin/bash

step 2 安装和配置应用服务

yum install -y php-fpm php-gd php-mbstring
[root@4df34e8f468e /]# yum install -y php-fpm php-gd php-mbstring
Loaded plugins: fastestmirror, ovl
Setting up Install Process
......
Dependency Installed:
  freetype.x86_64 0:2.3.11-19.el6_10     libX11.x86_64 0:1.6.4-3.el6      libX11-common.noarch 0:1.6.4-3.el6      
  libXau.x86_64 0:1.0.6-4.el6            libXpm.x86_64 0:3.5.10-2.el6     libjpeg-turbo.x86_64 0:1.2.1-3.el6_5    
  libpng.x86_64 2:1.2.49-2.el6_7         libxcb.x86_64 0:1.12-4.el6       php-common.x86_64 0:5.3.3-50.el6_10     

Complete!
[root@4df34e8f468e /]# awk '/^user/' /etc/nginx/nginx.conf
user  nginx;
[root@4df34e8f468e /]# grep nginx /etc/php-fpm.d/www.conf
user = nginx
group = nginx
[root@4df34e8f468e /]# service php-fpm start 
Starting php-fpm:                                          [  OK  ]
[root@4df34e8f468e /]# cd /etc/nginx/conf.d/
[root@4df34e8f468e conf.d]# cat default.conf
server {
    listen       80;
    server_name  localhost;
    root   /usr/share/nginx/html;
    location / {
        index  index.php index.html index.htm;
    }

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}
[root@4df34e8f468e /]# nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@4df34e8f468e /]# cd /usr/share/nginx/html/
[root@4df34e8f468e html]# rm -rf ./*
[root@4df34e8f468e html]# ll
total 0
[root@4df34e8f468e html]# yum install -y unzip lrzsz
Loaded plugins: fastestmirror, ovl
......
Installed:
  lrzsz.x86_64 0:0.12.20-27.1.el6                                                                                  

Complete!
[root@4df34e8f468e html]# rz -E
rz waiting to receive.
[root@4df34e8f468e html]# ls
kodexplorer4.40.zip
[root@4df34e8f468e html]# unzip kodexplorer4.40.zip 
Archive:  kodexplorer4.40.zip
   creating: app/
   creating: app/core/
......
   creating: data/session/
  inflating: data/session/index.html  
[root@4df34e8f468e html]# ls
app  ChangeLog.md  config  data  index.php  kodexplorer4.40.zip  plugins  README.MD  static
[root@4df34e8f468e html]# chown -R nginx. .
[root@4df34e8f468e html]# ll
total 13676
drwxr-xr-x 10 nginx nginx      115 Mar 21  2019 app
-rw-r--r--  1 nginx nginx    91248 Mar 21  2019 ChangeLog.md
drwxr-xr-x  3 nginx nginx       74 Mar 21  2019 config
drwxr-xr-x  7 nginx nginx       72 Mar 21  2019 data
-rw-r--r--  1 nginx nginx      118 Mar 21  2019 index.php
-rw-r--r--  1 nginx nginx 13894810 Dec 14 10:44 kodexplorer4.40.zip
drwxr-xr-x 15 nginx nginx      218 Mar 21  2019 plugins
-rw-r--r--  1 nginx nginx     7718 Mar 21  2019 README.MD
drwxr-xr-x  6 nginx nginx       57 Mar 21  2019 static
[root@4df34e8f468e html]# nginx
[root@4df34e8f468e html]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      59/php-fpm          
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      99/nginx   
#php-fpm 前台启动命令
[root@docker02 ~]# systemctl cat php-fpm | awk '/^ExecStart/'
ExecStart=/usr/sbin/php-fpm --nodaemonize

默认管理员账户名称:admin

step 3 编写多服务启动脚本

[root@4df34e8f468e html]# cd /
[root@4df34e8f468e /]# cat init.sh 
#!/bin/bash
nginx 
/usr/sbin/php-fpm --nodaemonize

step 4 将容器提交为镜像

docker container commit 容器ID 镜像名称:版本
[root@docker01 ~]# docker commit 4df34e8f468e kod:v1
sha256:ca527ddfca58d456c4fd0f630d862338c3ab9b166e1dc6206daa208b55687412
[root@docker01 ~]# docker images |head -3
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
kod                                              v1                  ca527ddfca58        19 seconds ago      558MB
nginx_on_centos6.9                               v1                  3423707d689f        7 hours ago         368MB

step 5 测试镜像功能

docker run -it -p 宿主机端口:容器端口 镜像名称:版本 /bin/bash 脚本
[root@docker01 ~]# docker run -d -p 83:80 kod:v1 /bin/bash /init.sh
1a8d09d9e865ba5d1013c463c0ab5244619c86acc1d87f56f2b86ae92baca2a7
[root@docker01 ~]# docker ps -al
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                NAMES
1a8d09d9e865        kod:v1              "/bin/bash /init.sh"   26 seconds ago      Up 23 seconds       0.0.0.0:83->80/tcp   sharp_haibt

3. Cent OS 7镜像应用

CentOS 7的镜像中,默认没有启动D-BUS服务,无法使用systemctl管理服务;
因此在CentOS 7镜像中,所有服务均需手工启动。

step 1 启动Cent OS 7系统镜像

docker run -it centos:7
[root@docker01 ~]# docker run -it centos:7 
[root@ff1a65bf18ee /]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 
[root@ff1a65bf18ee /]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2523  100  2523    0     0  24731      0 --:--:-- --:--:-- --:--:-- 24980
[root@ff1a65bf18ee /]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   664  100   664    0     0   6681      0 --:--:-- --:--:-- --:--:--  6640

step 2 安装和配置应用服务

以Nginx服务和SSH服务为例

yum install -y nginx openssh-server
#Nginx
[root@ff1a65bf18ee /]# cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[root@ff1a65bf18ee /]# yum install -y nginx
Loaded plugins: fastestmirror, ovl
......
Complete!
#sshd
[root@ff1a65bf18ee /]# yum install -y openssh-server
Loaded plugins: fastestmirror, ovl
......
Complete!
[root@ff1a65bf18ee /]# systemctl cat sshd
# /usr/lib/systemd/system/sshd.service
[Unit]
Description=OpenSSH server daemon
......
Wants=sshd-keygen.service              #生成密钥对服务

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS   #sshd服务启动命令
ExecReload=/bin/kill -HUP $MAINPID
......
[Install]
WantedBy=multi-user.target

[root@ff1a65bf18ee /]# systemctl cat sshd-keygen
# /usr/lib/systemd/system/sshd-keygen.service
[Unit]
Description=OpenSSH Server Key Generation
......
[Service]
ExecStart=/usr/sbin/sshd-keygen
Type=oneshot
RemainAfterExit=yes

[root@ff1a65bf18ee /]# /usr/sbin/sshd-keygen
/usr/sbin/sshd-keygen: line 10: /etc/rc.d/init.d/functions: No such file or directory
Generating SSH2 RSA host key: /usr/sbin/sshd-keygen: line 63: success: command not found

Generating SSH2 ECDSA host key: /usr/sbin/sshd-keygen: line 105: success: command not found

Generating SSH2 ED25519 host key: /usr/sbin/sshd-keygen: line 126: success: command not found
[root@ff1a65bf18ee /]# ls /etc/ssh
moduli  sshd_config
[root@docker02 ~]# rpm -qf /etc/rc.d/init.d/functions 
initscripts-9.49.46-1.el7.x86_64
[root@ff1a65bf18ee /]# yum install -y initscripts                     
Loaded plugins: fastestmirror, ovl
......
Complete!

[root@ff1a65bf18ee /]# /usr/sbin/sshd-keygen
[root@ff1a65bf18ee /]# ls /etc/ssh
moduli              ssh_host_ecdsa_key.pub  ssh_host_ed25519_key.pub  ssh_host_rsa_key.pub
ssh_host_ecdsa_key  ssh_host_ed25519_key    ssh_host_rsa_key          sshd_config
[root@ff1a65bf18ee /]#  echo '123456' | passwd --stdin root
Changing password for user root.
passwd: all authentication tokens updated successfully.
[root@ff1a65bf18ee /]# ip a show eth0 
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@ff1a65bf18ee /]# /usr/sbin/sshd -D
[root@docker01 ~]# ssh root@172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:/08hPScWkY7eOmltDn89R/sjNVEgNr69+ZJhqk1jpPg.
ECDSA key fingerprint is MD5:8a:d8:58:7c:f3:97:b6:74:ae:75:6a:07:4e:e6:07:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
root@172.17.0.2's password: 
[root@ff1a65bf18ee ~]# ps -ef
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 01:40 pts/0    00:00:00 /bin/bash
root        235      1  0 02:55 pts/0    00:00:00 /usr/sbin/sshd -D
root        236    235  0 02:56 ?        00:00:00 sshd: root@pts/1
root        238    236  0 02:56 pts/1    00:00:00 -bash
root        251    238  0 02:57 pts/1    00:00:00 ps -ef

step 3 编写多服务启动脚本

[root@ff1a65bf18ee ~]# cat /init.sh 
#!/bin/bash
/usr/sbin/sshd
nginx -g 'daemon off;'

step 4 将容器提交为镜像

docker commit 容器ID 镜像名称:版本
[root@docker01 ~]# docker commit ff1a65bf18ee nginx_on_centos7:v1
sha256:e39b909410c612a96b7b2e6a3bd4ad4faa433b0424c72171ab3db5962f345916
[root@docker01 ~]# docker images | head -2
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
nginx_on_centos7                                 v1                  e39b909410c6        13 seconds ago      324MB

step 5 测试镜像功能

docker run -p 宿主机端口1:容器端口1 -p 宿主机端口2:容器端口2 镜像名称:版本 /bin/bash 脚本
[root@docker01 ~]# docker run -d -p 8080:80 -p 2222:22 nginx_on_centos7:v1 /bin/bash /init.sh
a925351dce6110de8b64de7ef1179f74357fd98c1d2c3e621f88228c19028f64
[root@docker01 ~]# docker ps -al
CONTAINER ID        IMAGE                 COMMAND                CREATED             STATUS              PORTS                                        NAMES
a925351dce61        nginx_on_centos7:v1   "/bin/bash /init.sh"   2 seconds ago       Up 2 seconds        0.0.0.0:2222->22/tcp, 0.0.0.0:8080->80/tcp   bold_wing
#测试ssh服务
[D:\~]$ ssh root@10.0.0.110:2222

Connecting to 10.0.0.110:2222...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.

WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Wed Jun  3 02:56:13 2020 from gateway
[root@a925351dce61 ~]# ps -ef
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 03:38 ?        00:00:00 /bin/bash /init.sh
root          7      1  0 03:38 ?        00:00:00 /usr/sbin/sshd
root          8      1  0 03:38 ?        00:00:00 nginx: master process nginx -g daemon off;
nginx         9      8  0 03:38 ?        00:00:00 nginx: worker process
root         10      7  0 03:39 ?        00:00:00 sshd: root@pts/0
root         12     10  0 03:39 pts/0    00:00:00 -bash
root         27     12  0 03:39 pts/0    00:00:00 ps -ef
#测试nginx服务
[root@docker02 ~]# curl 10.0.0.110:8080 -I
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Wed, 03 Jun 2020 03:42:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 21 Apr 2020 15:07:31 GMT
Connection: keep-alive
ETag: "5e9f0c33-264"
Accept-Ranges: bytes

二、DockerFile自动构建镜像

自动构建镜像,DockerFile文件名称必须为dockerfile,否则不能被识别。

1.构建思路

  1. 手动构建Docker镜像,记录历史命令

  2. 根据历史命令,编写dockerfile文件

  3. 构建docker镜像

  4. 测试镜像

    2.常用指令

  • FROM 指定基础镜像
FROM必要指令;所有DockerFile文件第一条指令必须是FROM
FROM 镜像名称:版本
FROM scratch #指定空镜像
FROM centos:7
  • RUN 指定执行命令(制作镜像过程中需要执行的命令)

RUN指定的命令必须是非交互式命令

RUN 命令
RUN yum install -y nginx openssh-server initscripts php-fpm php-gd php-mbstring unzip
  • ADD 将DockerFile目录下的指定文件拷贝到镜像中的指定目录

ADD指令会自动解压tar包,且仅能解压tar包

ADD 文件 /目录/文件
ADD kodexplorer4.40.zip /usr/share/nginx/html/kodexplorer4.40.zip
  • COPY 将DockerFile目录下的指定文件拷贝到镜像中的指定目录

COPY指令不会自动解压tar包

COPY 文件 /目录/文件
COPY nginx.repo /etc/yum.repos.d/nginx.repo
  • WORKDIR 指定镜像默认工作 目录
WORKDIR 目录
WORKDIR /usr/share/nginx/html/
  • ENV
ENV 变量名 变量值
  • EXPOSE 指定所需暴漏的端口
EXPOSE 端口
EXPOSE 80
  • CMD 指定镜像启动的初始命令

初始镜像必须具有CMD指令,CMD指令可以被手动指定的初始命令替换

CMD ["指令","参数1","参数2"......]
CMD ["nginx","-g","daemon off;"]
  • ENTRYPOINT

ENTRYPOINT指令不可被手动指定初始命令替换,手动指定的初始命令会被自动替换为指定初始命令的参数

ENTRYPOINT ["指令","参数1","参数2"......]
ENTRYPOINT ["/bin/bash","/init.sh"]

利用DockerFile构建多服务镜像(KOD+SSH)

FROM centos:7
RUN curl -so /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
RUN curl -so /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
COPY nginx.repo /etc/yum.repos.d/nginx.repo
RUN yum install -y nginx openssh-server initscripts php-fpm php-gd php-mbstring unzip
COPY www.conf /etc/php-fpm.d/www.conf
ADD default.conf /etc/nginx/conf.d/default.conf
ADD kodexplorer4.40.zip /usr/share/nginx/html/kodexplorer4.40.zip
WORKDIR /usr/share/nginx/html/
RUN unzip ./kodexplorer4.40.zip
RUN rm -f kodexplorer4.40.zip
RUN chown -R nginx: . 
RUN /usr/sbin/sshd-keygen
ADD init.sh /init.sh
EXPOSE 80
EXPOSE 22
ENTRYPOINT ["/bin/bash","/init.sh"]
[root@docker01 ~]# cd DockerFile/kod+ssh_on_centos7/
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# ls
dockerfile  init.sh  kodexplorer4.40.zip  nginx.repo
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker run -d kod:v1 
db659bcef9423090ef50fcea8f3d4d2b569e2be27aff19d6bfa26cb59c93551d
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker ps -al
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
db659bcef942        kod:v1              "/bin/bash"         10 seconds ago      Exited (0) 8 seconds ago                       intelligent_raman
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker cp db659bcef942:/etc/nginx/conf.d/default.conf .
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker cp db659bcef942:/etc/php-fpm.d/www.conf .
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# ls
default.conf  dockerfile  init.sh  kodexplorer4.40.zip  nginx.repo  www.conf
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# cat init.sh
#!/bin/bash
if [ -z $SSH_Passwd ];then
   SSH_Passwd=$1
fi
echo $SSH_Passwd |passwd --stdin root
/usr/sbin/php-fpm --daemonize
nginx
/usr/sbin/sshd -D
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker build -t kod:v7.1 .
Sending build context to Docker daemon  13.91MB
Step 1/17 : FROM centos:7
......
Successfully built 93d1d4b2723a
Successfully tagged kod:v7.1
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker images |head -2 
REPOSITORY                                       TAG                 IMAGE ID            CREATED              SIZE
kod                                              v7.1                93d1d4b2723a        About a minute ago   455MB
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker run -d --env "SSH_Passwd=123456" -P kod:v7.1 
6f89359f826bc90969df90b4c4695109d7f459d4352b44534f5691837794e54c
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker ps -al
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                                          NAMES
6f89359f826b        kod:v7.1            "/bin/bash /init.sh"   6 seconds ago       Up 5 seconds        0.0.0.0:32769->22/tcp, 0.0.0.0:32768->80/tcp   laughing_zhukovsky
#测试
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# curl -I 127.0.0.1:32768
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.18.0
Date: Fri, 05 Jun 2020 01:08:57 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Set-Cookie: KOD_SESSION_ID_bdc5e=bsgp2sghfpekau0hdm9o5dd6a6; path=/
Set-Cookie: KOD_SESSION_ID_bdc5e=bsgp2sghfpekau0hdm9o5dd6a6; path=/
Set-Cookie: KOD_SESSION_ID_bdc5e=bsgp2sghfpekau0hdm9o5dd6a6; path=/
Set-Cookie: KOD_SESSION_SSO=h5uketu3qt1ljcp12uqfuvkot1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: KOD_SESSION_ID_bdc5e=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: kod_name=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
Set-Cookie: kodToken=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
Set-Cookie: X-CSRF-TOKEN=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
Location: ./index.php?user/login

[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# ssh root@10.0.0.110 -p 32769
The authenticity of host '[10.0.0.110]:32769 ([10.0.0.110]:32769)' can't be established.
ECDSA key fingerprint is SHA256:3M3MgE8oSGJNnLAMn/iG3UBhaUab/TXVryM5QpczIy0.
ECDSA key fingerprint is MD5:92:43:c2:3d:c3:6b:83:2a:d0:35:0e:77:16:2d:77:8c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[10.0.0.110]:32769' (ECDSA) to the list of known hosts.
root@10.0.0.110's password: 
[root@6f89359f826b ~]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
若CMD指令和ENTRYPOINT指令同时使用,则CMD指令指定的初始命令将会成为ENTRYPOINT指令初始命令的参数。

利用DockerFile构建系镜像

系统文件包下载链接

# 获取系统包
[root@docker01 ~]# mkdir ./DockerFile/alpine
[root@docker01 ~]# cd DockerFile/alpine/
[root@docker01 ~/DockerFile/alpine]# mkdir rootfs && cd rootfs
[root@docker01 ~/DockerFile/alpine/rootfs]# wget https://mirrors.tuna.tsinghua.edu.cn/lxc-images/images/alpine/3.11/amd64/default/20200530_13%3A00/rootfs.tar.xz
......
2020-06-04 11:10:32 (507 KB/s) - ‘rootfs.tar.xz’ saved [2466216/2466216]

[root@docker01 ~/DockerFile/alpine/rootfs]# ls
rootfs.tar.xz
[root@docker01 ~/DockerFile/alpine/rootfs]# tar xf rootfs.tar.xz 
[root@docker01 ~/DockerFile/alpine/rootfs]# rm -f rootfs.tar.xz 
[root@docker01 ~/DockerFile/alpine/rootfs]# ls
bin  etc   lib    mnt  proc  run   srv  tmp  var
dev  home  media  opt  root  sbin  sys  usr
[root@docker01 ~/DockerFile/alpine/rootfs]# tar zcf ../rootfs.tar.gz .
[root@docker01 ~/DockerFile/alpine/rootfs]# ls ../
rootfs  rootfs.tar.gz
[root@docker01 ~/DockerFile/alpine/rootfs]#  tar tf ../rootfs.tar.gz 
......
./sbin/inotifyd
./mnt/
# 编写DokcerFile文件
[root@docker01 ~/DockerFile/alpine/rootfs]# cd ..
[root@docker01 ~/DockerFile/alpine]# vim dockerfile
FROM scratch
ADD rootfs.tar.gz /
CMD ["/bin/sh"]
# 构建镜像
[root@docker01 ~/DockerFile/alpine]# docker build -t alpine:3.11 .
Sending build context to Docker daemon  11.44MB
......
Successfully built db1315fd0fe5
Successfully tagged alpine:3.11
[root@docker01 ~/DockerFile/alpine]# docker images | head -2
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE
alpine                                           3.11                db1315fd0fe5        24 seconds ago      7.77MB
[root@docker01 ~/DockerFile/alpine]# docker run -it alpine:3.11
/ # cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.11.0
PRETTY_NAME="Alpine Linux v3.11"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"

2.制作镜像

docker image bulid dockerfile文件目录
docker bulid dockerfile文件目录

-t 名称 #指定镜像名称
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker build -t kod:v7.1 .
[root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker images |head -2 
REPOSITORY                                       TAG                 IMAGE ID            CREATED              SIZE
kod                                              v7.1                93d1d4b2723a        About a minute ago   455MB

3. 镜像分层

镜像分层的核心优势:镜像复用,节省磁盘空间。

查看镜像文件变化

docker image history 镜像名称:镜像版本
  [root@docker01 ~/DockerFile/kod+ssh_on_centos7]# docker image history nginx_on_centos6.9:v2
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
0381e31c2096        44 hours ago        /bin/sh -c #(nop)  CMD ["nginx" "-g" "daemon…   0B               
1feab85282c1        44 hours ago        /bin/sh -c yum install -y nginx                 265MB           
fdf68dcaeeaa        44 hours ago        /bin/sh -c curl -o /etc/yum.repos.d/epel.rep…   664B             
81654132e8df        44 hours ago        /bin/sh -c curl -o /etc/yum.repos.d/CentOS-B…   2.52kB           
adf829198a7f        22 months ago       /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B               
<missing>           22 months ago       /bin/sh -c #(nop)  LABEL name=CentOS Base Im…   0B               
<missing>           22 months ago       /bin/sh -c #(nop) ADD file:b99efdfca7b4df4ef…   195MB    

[root@docker01 ~]#docker save nginx_on_centos6.9:v2 -o nginx_on_centos6.9.tar.gz
[root@docker01 ~]# scp nginx_on_centos6.9.tar.gz 10.0.0.120:/root
root@10.0.0.120's password: 
nginx_on_centos6.9.tar.gz                                                      100%  449MB  24.1MB/s   00:18    
[root@docker02 ~]# ls
anaconda-ks.cfg  docker_centos6.9.tar.gz  nginx_on_centos6.9.tar.gz
[root@docker02 ~]# docker load -i docker_centos6.9.tar.gz 
b5e11aae8a8e: Loading layer  202.9MB/202.9MB
Loaded image: centos:6.9
[root@docker02 ~]# docker load -i docker_centos6.9.tar.gz 
b5e11aae8a8e: Loading layer  202.9MB/202.9MB
Loaded image: centos:6.9
[root@docker02 ~]# docker load -i nginx_on_centos6.9.tar.gz 
d85daa6e2b9e: Loading layer   5.12kB/5.12kB
446b33ce2525: Loading layer  3.584kB/3.584kB
a31c1b65112f: Loading layer  267.8MB/267.8MB
Loaded image: nginx_on_centos6.9:v2
[root@docker02 ~]# docker rmi nginx_on_centos6.9:v2 
Untagged: nginx_on_centos6.9:v2
Deleted: sha256:0381e31c20960e61eb86ca7dfa0a12857e51b34324603dbeb353ea2ef8bc3036
Deleted: sha256:3f4ab41b2a6ca2ed4d5a46e377a33ec35afa646668e53bc9387672d4774dcae6
Deleted: sha256:e76cb2b290f208a23a60b7badfc13ec155a6a7a4059b526287c9e51d6fb4a34e
Deleted: sha256:6738fdcef4aef9a0d86f0e7d70dd5fed33d034ef1685eeb517d578d26129a02b
[root@docker02 ~]# docker rmi centos:6.9 
Untagged: centos:6.9
Deleted: sha256:adf829198a7f556a2e4ef8982248e75294f246b999b10fee2ffaf00980f6e557
Deleted: sha256:b5e11aae8a8e8fab750bd384393aafa379e21c57c398f5dd4980cd01fcf55b9e
[root@docker02 ~]# docker load -i nginx_on_centos6.9.tar.gz 
b5e11aae8a8e: Loading layer  202.9MB/202.9MB
d85daa6e2b9e: Loading layer   5.12kB/5.12kB
446b33ce2525: Loading layer  3.584kB/3.584kB
a31c1b65112f: Loading layer  267.8MB/267.8MB
Loaded image: nginx_on_centos6.9:v2

4.DockerFile的优化

  • 选用轻量级镜像

  • 清理无用缓存文件

  • 尽可能将DockerFile的变化置于Dockerfile文件末尾

  • 使用.dockerignore文件排除不相关文件

使用DockerFile构建镜像时,默认加载Dockerfile目录所有文件,使用该文件,可以避免在构建镜像时加载无用文件

#基于alpine镜像安装nginx-手动构建
[root@docker01 ~]# docker run -it alpine:3.11 
/ # sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
/ # apk update
fetch http://mirrors.tuna.tsinghua.edu.cn/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://mirrors.tuna.tsinghua.edu.cn/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
v3.11.6-74-g271cc04541 [http://mirrors.tuna.tsinghua.edu.cn/alpine/v3.11/main]
v3.11.6-68-gf6abc2afac [http://mirrors.tuna.tsinghua.edu.cn/alpine/v3.11/community]
OK: 11271 distinct packages available
/ # apk add nginx
(1/2) Installing pcre (8.43-r0)
(2/2) Installing nginx (1.16.1-r6)
Executing nginx-1.16.1-r6.pre-install
Executing busybox-1.31.1-r9.trigger
OK: 10 MiB in 21 packages
/ # grep -Ev '^$|#' /etc/nginx/nginx.conf | tail -2 
    include /etc/nginx/conf.d/*.conf;
}
/ # ls /etc/nginx/conf.d/
default.conf
/ # grep -Ev '^$|#' /etc/nginx/conf.d/default.conf 
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    location / {
        root /html;
        index index.html index.htm;
    }
    location = /404.html {
        internal;
    }
}
/ # nginx
/ # nginx: [emerg] open() "/run/nginx/nginx.pid" failed (2: No such file or directory)

/ # mkdir /run/nginx
/ # mkdir /html
/ # echo "www.aspenhan.com" >/html/index.html
/ # ls /html/
index.html
/ # nginx 
/ # [root@docker01 ~]# docker commit 82ba59041bb5 nginx:a3.11-1
sha256:9407afc192ba7edcb9576a5f8e68b057e6db7b59e33b8b2aeb93f9a68ae0e2d1
[root@docker01 ~]# docker images nginx
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               a3.11-1             9407afc192ba        9 seconds ago       10.8MB
nginx               latest              540a289bab6c        7 months ago        126MB
[root@docker01 ~]# docker images nginx_on_centos6.9
REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
nginx_on_centos6.9   v2                  0381e31c2096        6 days ago          460MB
nginx_on_centos6.9   v1                  3423707d689f        8 days ago          368MB
[root@docker01 ~]# docker run -d -p :80 nginx:a3.11-1 nginx -g "daemon off;"
7d2fbd90414b340adb77d2a1b0b56744048618e12f8522e06ff409009e2bb638
[root@docker01 ~]# docker ps -al
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
7d2fbd90414b        nginx:a3.11-1       "nginx -g 'daemon of…"   6 seconds ago       Up 4 seconds        0.0.0.0:32768->80/tcp   inspiring_ritchie
[root@docker01 ~]# curl 127.0.0.1:32768
www.aspenhan.com    
#基于alpine镜像安装nginx-自动构建
[root@docker01 ~/DockerFile]# mkdir nginx_on_alpine
[root@docker01 ~/DockerFile]# cd nginx_on_alpine/
[root@docker01 ~/DockerFile/nginx_on_alpine]# cat dockerfile 
FROM alpine:3.11
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
RUN apk update
RUN apk add nginx
RUN mkdir /run/nginx
RUN mkdir /html
RUN echo "www.aspenhan.com/645.html" >/html/index.html
ADD default.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
ENTRYPOINT ["nginx","-g","daemon off;"]
[root@docker01 ~/DockerFile/nginx_on_alpine]# docker cp 7d2fbd90414b:/etc/nginx/conf.d/default.conf .
[root@docker01 ~/DockerFile/nginx_on_alpine]# ls
default.conf  dockerfile
[root@docker01 ~/DockerFile/nginx_on_alpine]# docker build -t nginx:a3.11-2 .
Sending build context to Docker daemon  3.072kB
Step 1/10 : FROM alpine:3.11
......
Successfully built a547f59d17a3
Successfully tagged nginx:a3.11-2
[root@docker01 ~/DockerFile/nginx_on_alpine]# docker run -d -P nginx:a3.11-2
23df1d630c9cabe43d2df1f21a5efb43957cdb7b1577ddafe65094d42863b5dd
[root@docker01 ~/DockerFile/nginx_on_alpine]# docker ps -al 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
23df1d630c9c        nginx:a3.11-2       "nginx -g 'daemon of…"   5 seconds ago       Up 4 seconds        0.0.0.0:32770->80/tcp   wonderful_wiles
[root@docker01 ~/DockerFile/nginx_on_alpine]# curl 127.0.0.1:32770
www.aspenhan.com/645.html