1.概述
1.1 简介
1.1.1 概述
Dockerfile是用来构建Docker镜像的构建文件,是由一系列命令和参数构成的脚本。
1.1.2 步骤
编写Dockerfile文件---->docker build---->docker run
1.1.3 Dockerfile 样例查看
进入https://hub.docker.com/,搜索查找,得到列表后,点击Supported tags and respective Dockerfile links
中的链接:
https://github.com/CentOS/sig-cloud-instance-images/blob/f32666d2af356ed6835942ed753a4970e18bca94/docker/Dockerfile
1.2 语法规则
1:每条保留字指令都必须为大写字母且后面要跟随至少一个参数
2:指令按照从上到下,顺序执行
3:#表示注释
4:每条指令都会创建一个新的镜像层,并对镜像进行提交
1.3 执行流程
- docker从基础镜像运行一个容器
- 执行一条指令并对容器作出修改
- 执行类似docker commit的操作提交一个新的镜像层
- docker再基于刚提交的镜像运行一个新容器
- 执行dockerfile中的下一条指令直到所有指令都执行完成
1.4 用途
从应用软件的角度来看,Dockerfile、Docker镜像与Docker容器分别代表软件的三个不同阶段,
- Dockerfile是软件的原材料
- Docker镜像是软件的交付品
- Docker容器则可以认为是软件的运行态。
- Dockerfile面向开发,Docker镜像成为交付标准,Docker容器则涉及部署与运维,三者缺一不可,合力充当Docker体系的基石。
-
Dockerfile,需要定义一个Dockerfile,Dockerfile定义了进程需要的一切东西。Dockerfile涉及的内容包括执行代码或者是文件、环境变量、依赖包、运行时环境、动态链接库、操作系统的发行版、服务进程和内核进程(当应用进程需要和系统服务和内核进程打交道,这时需要考虑如何设计namespace的权限控制)等等;
-
Docker镜像,在用Dockerfile定义一个文件之后,docker build时会产生一个Docker镜像,当运行 Docker镜像时,会真正开始提供服务;
-
Docker容器,容器是直接提供服务的。
2.关键字
2.1 Base镜像
Base镜像(scratch),类似Object;
Docker Hub 中 99% 的镜像都是通过在 base 镜像中安装和配置需要的软件构建出来的
2.2 FROM
基础镜像,当前新镜像是基于哪个镜像的
2.3 MAINTAINER
镜像维护者的姓名和邮箱地址
2.4 RUN
容器构建时需要运行的命令,RUN 是在 docker build时执行。
2.5 EXPOSE
当前容器对外暴露出的端口
2.6 WORKDIR
指定在创建容器后,终端默认登陆的进来工作目录,一个落脚点
2.7 ENV
用来在构建镜像过程中设置环境变量
ENV MY_PATH /usr/mytest
这个环境变量可以在后续的任何RUN指令中使用,这就如同在命令前面指定了环境变量前缀一样;
也可以在其它指令中直接使用这些环境变量,
2.9 ADD
将宿主机目录下的文件拷贝进镜像且ADD命令会自动处理URL和解压tar压缩包
2.9 COPY
类似ADD,拷贝文件和目录到镜像中。 将从构建上下文目录中 <源路径> 的文件/目录复制到新的一层的镜像内的 <目标路径> 位置
2.10 VOLUME
设置容器数据卷,用于数据保存和持久化工作,run image的时候会自动创建;
//路径1,路径2指的是容器内的绝对路径
VOLUME ["<路径1>", "<路径2>"...]
Docker挂载主机目录Docker访问如果出现cannot open directory .: Permission denied
解决办法:在挂载目录后多加一个--privileged=true参数即可
如果要知道在宿主机对应的路径,则需要 docker inspect imageId,然后查看到其中的 属性Volumes中能看到在宿主机中默认随机的映射路径地址,容器数据卷和宿主机的文件是相互共享可见的;
2.11 CMD
指定一个容器启动时要运行的命令
Dockerfile 中可以有多个 CMD 指令,但只有最后一个生效,CMD 会被 docker run 之后追加的参数替换, CMD 在docker run 时运行.
//例:如果dockerfile执行的最后:
CMD ["ll", "s"]
//执行结果为 ll -s
//如果docker run containerId ll -a;
//则最终就只会执行ll -a,会覆盖dockerfile中的CMD
2.12 ENTRYPOINT
指定一个容器启动时要运行的命令
ENTRYPOINT 的目的和 CMD 一样,都是在指定容器启动程序及参数,docker run 之后的参数会被当做参数传递给 ENTRYPOINT,之后形成新的命令组合
//例:如果dockerfile执行的最后:
ENTRYPOINT ["ll", "s"]
//执行结果为 ll -s
//如果docker run containerId -a;
//则最终就只会执行ll -sa,会同时执行ENTRYPOINT并追加run 后面跟随的命令;
2.13 ONBUILD
当构建一个被继承的Dockerfile时运行命令,父镜像在被子继承后父镜像(FROM imageA即为继承镜像A)的onbuild被触发,当子镜像在build的时候会首先执行父镜像的onbuild后的命令;
2.14 USER
2.15 .dockerignore
3.案例
3.1 centos案例
3.1.1 官方
https://github.com/CentOS/sig-cloud-instance-images/blob/f32666d2af356ed6835942ed753a4970e18bca94/docker/Dockerfile
FROM scratch
MAINTAINER The CentOS Project <cloud-ops@centos.org>
ADD c68-docker.tar.xz /
LABEL name="CentOS Base Image" \
vendor="CentOS" \
license="GPLv2" \
build-date="2016-06-02"
# Default command
CMD ["/bin/bash"]
3.1.2 根据centos修改后的镜像
[root@bogon mydocker]# pwd
/mydocker
[root@bogon mydocker]# ll
total 4
-rw-r--r--. 1 root root 197 May 4 08:43 myDockerFile1
myDockerFile1内容如下:
# 基础镜像,当前新镜像是基于centos镜像的
FROM centos
#镜像维护者信息
MAINTAINER testtest
#设置环境变量MYPATH的值为/usr/local
ENV MYPATH /usr/local
#创建容器后,终端默认登陆的进来工作目录为来自变量$MYPATH
WORKDIR $MYPATH
#执行命令安装vim
RUN yum -y install vim
#执行命令安装net-tools
RUN yum -y install net-tools
#帮助镜像使用者理解这个镜像服务的守护端口为80,以方便配置映射
EXPOSE 80
#打印信息
CMD echo $MYPATH
#打印信息
CMD echo "my centos success"
CMD /bin/bash
3.1.3 build
docker build -t 新镜像名字:TAG .
docker build -f /mydocker/myDockerFile1 -t mycentos1:0.1 .
执行过程如下:
[root@bogon mydocker]# docker build -f /mydocker/myDockerFile1 -t mycentos1:0.1 .
Sending build context to Docker daemon 2.048 kB
Sending build context to Docker daemon
Step 0 : FROM centos
---> 495a24dc98e8
Step 1 : MAINTAINER testtest
---> Running in 979a9bc0327e
---> 9f849601e2a2
Removing intermediate container 979a9bc0327e
Step 2 : ENV MYPATH /usr/local
---> Running in 45173704cf0e
---> d48e92e409bf
Removing intermediate container 45173704cf0e
Step 3 : WORKDIR $MYPATH
---> Running in 4fc1427b0547
---> cc85955931b3
Removing intermediate container 4fc1427b0547
Step 4 : RUN yum -y install vim
---> Running in cd43c089aa1a
CentOS-8 - AppStream 1.7 MB/s | 7.0 MB 00:04
CentOS-8 - Base 520 kB/s | 2.2 MB 00:04
CentOS-8 - Extras 4.7 kB/s | 5.5 kB 00:01
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vim-enhanced x86_64 2:8.0.1763-13.el8 AppStream 1.4 M
Installing dependencies:
gpm-libs x86_64 1.20.7-15.el8 AppStream 39 k
vim-common x86_64 2:8.0.1763-13.el8 AppStream 6.3 M
vim-filesystem noarch 2:8.0.1763-13.el8 AppStream 48 k
which x86_64 2.21-10.el8 BaseOS 49 k
Transaction Summary
================================================================================
Install 5 Packages
Total download size: 7.8 M
Installed size: 31 M
Downloading Packages:
(1/5): gpm-libs-1.20.7-15.el8.x86_64.rpm 163 kB/s | 39 kB 00:00
(2/5): vim-filesystem-8.0.1763-13.el8.noarch.rp 973 kB/s | 48 kB 00:00
(3/5): vim-enhanced-8.0.1763-13.el8.x86_64.rpm 1.6 MB/s | 1.4 MB 00:00
(4/5): which-2.21-10.el8.x86_64.rpm 22 kB/s | 49 kB 00:02
(5/5): vim-common-8.0.1763-13.el8.x86_64.rpm 2.4 MB/s | 6.3 MB 00:02
--------------------------------------------------------------------------------
Total 1.1 MB/s | 7.8 MB 00:06
warning: /var/cache/dnf/AppStream-02e86d1c976ab532/packages/gpm-libs-1.20.7-15.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS-8 - AppStream 97 kB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : which-2.21-10.el8.x86_64 1/5
Installing : vim-filesystem-2:8.0.1763-13.el8.noarch 2/5
Installing : vim-common-2:8.0.1763-13.el8.x86_64 3/5
Installing : gpm-libs-1.20.7-15.el8.x86_64 4/5
Running scriptlet: gpm-libs-1.20.7-15.el8.x86_64 4/5
Installing : vim-enhanced-2:8.0.1763-13.el8.x86_64 5/5
Running scriptlet: vim-enhanced-2:8.0.1763-13.el8.x86_64 5/5
Running scriptlet: vim-common-2:8.0.1763-13.el8.x86_64 5/5
Verifying : gpm-libs-1.20.7-15.el8.x86_64 1/5
Verifying : vim-common-2:8.0.1763-13.el8.x86_64 2/5
Verifying : vim-enhanced-2:8.0.1763-13.el8.x86_64 3/5
Verifying : vim-filesystem-2:8.0.1763-13.el8.noarch 4/5
Verifying : which-2.21-10.el8.x86_64 5/5
Installed:
vim-enhanced-2:8.0.1763-13.el8.x86_64 gpm-libs-1.20.7-15.el8.x86_64
vim-common-2:8.0.1763-13.el8.x86_64 vim-filesystem-2:8.0.1763-13.el8.noarch
which-2.21-10.el8.x86_64
Complete!
---> 05bf85deec3a
Removing intermediate container cd43c089aa1a
Step 5 : RUN yum -y install net-tools
---> Running in ae688f8b4566
Last metadata expiration check: 0:00:17 ago on Mon May 4 15:51:48 2020.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
net-tools x86_64 2.0-0.51.20160912git.el8 BaseOS 323 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 323 k
Installed size: 1.0 M
Downloading Packages:
net-tools-2.0-0.51.20160912git.el8.x86_64.rpm 692 kB/s | 323 kB 00:00
--------------------------------------------------------------------------------
Total 269 kB/s | 323 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : net-tools-2.0-0.51.20160912git.el8.x86_64 1/1
Running scriptlet: net-tools-2.0-0.51.20160912git.el8.x86_64 1/1
Verifying : net-tools-2.0-0.51.20160912git.el8.x86_64 1/1
Installed:
net-tools-2.0-0.51.20160912git.el8.x86_64
Complete!
---> 79d734bed501
Removing intermediate container ae688f8b4566
Step 6 : EXPOSE 80
---> Running in 18f59d0baea2
---> 334317afa237
Removing intermediate container 18f59d0baea2
Step 7 : CMD echo $MYPATH
---> Running in 3c7d6b0b0e3c
---> 71bf73249485
Removing intermediate container 3c7d6b0b0e3c
Step 8 : CMD echo "my centos success"
---> Running in f4e93416792d
---> b524949673b3
Removing intermediate container f4e93416792d
Step 9 : CMD /bin/bash
---> Running in 1738165c6367
---> 46ddbf042661
Removing intermediate container 1738165c6367
Successfully built 46ddbf042661
[root@bogon mydocker]#
查看build结果:
[root@bogon mydocker]# docker images;
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
mycentos1 0.1 46ddbf042661 7 minutes ago 311.1 MB
tomcat 7 f8d0c8917802 9 days ago 529.3 MB
tomcat 8 5825432eaa9a 9 days ago 529.1 MB
tomcat latest 052a153114e9 9 days ago 647.2 MB
centos latest 495a24dc98e8 3 months ago 237.1 MB
centos centos7 cedef0cc26e8 5 months ago 203 MB
[root@bogon mydocker]#
查看build历史:
[root@bogon mydocker]# docker history 46ddbf042661
IMAGE CREATED CREATED BY SIZE COMMENT
46ddbf042661 10 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "/bin/b 0 B
b524949673b3 10 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "echo \ 0 B
71bf73249485 10 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "echo $ 0 B
334317afa237 10 minutes ago /bin/sh -c #(nop) EXPOSE 80/tcp 0 B
79d734bed501 11 minutes ago /bin/sh -c yum -y install net-tools 14.32 MB
05bf85deec3a 11 minutes ago /bin/sh -c yum -y install vim 59.7 MB
cc85955931b3 11 minutes ago /bin/sh -c #(nop) WORKDIR /usr/local 0 B
d48e92e409bf 11 minutes ago /bin/sh -c #(nop) ENV MYPATH=/usr/local 0 B
9f849601e2a2 11 minutes ago /bin/sh -c #(nop) MAINTAINER testtest 0 B
495a24dc98e8 3 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
3a22279ab8ee 3 months ago /bin/sh -c #(nop) LABEL org.label-schema.sch 0 B
f0d54888b16a 3 months ago /bin/sh -c #(nop) ADD file:aa54047c80ba30064f 237.1 MB
[root@bogon mydocker]# docker history cedef0cc26e8
IMAGE CREATED CREATED BY SIZE COMMENT
cedef0cc26e8 5 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
8da6d29be907 5 months ago /bin/sh -c #(nop) LABEL org.label-schema.sch 0 B
eb005c722abd 5 months ago /bin/sh -c #(nop) ADD file:45a381049c52b5664e 203 MB
[root@bogon mydocker]#
3.2 tomcat
tomcat/9.0/jdk14/openjdk-oracle/Dockerfile:
https://github.com/docker-library/tomcat/blob/236eadcac2f760d0b88ef8a950c4d0f33ad3da45/9.0/jdk14/openjdk-oracle/Dockerfile
FROM centos
MAINTAINER testtest
#把宿主机当前上下文的c.txt拷贝到容器/usr/local/路径下
COPY c.txt /usr/local/cincontainer.txt
#把java与tomcat添加到容器中
ADD jdk-8u171-linux-x64.tar.gz /usr/local/
ADD apache-tomcat-9.0.34.tar.gz /usr/local/
#安装vim编辑器
RUN yum -y install vim
#设置工作访问时候的WORKDIR路径,登录落脚点
ENV MYPATH /usr/local
WORKDIR $MYPATH
#配置java与tomcat环境变量
ENV JAVA_HOME /usr/local/jdk1.8.0_171
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.34
ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.34
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
#容器运行时监听的端口
EXPOSE 8080
#启动时运行tomcat
# ENTRYPOINT ["/usr/local/apache-tomcat-9.0.34/bin/startup.sh" ]
# CMD ["/usr/local/apache-tomcat-9.0.34/bin/catalina.sh","run"]
CMD /usr/local/apache-tomcat-9.0.34/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.34/bin/logs/catalina.out
docker run -d -p 9080:8090 --name myt9 -v /test/mydockerfile/tomcat9/test:/usr/local/apache-tomcat-9.0.34/webapps/test -v /test/mydockerfile/tomcat9/tomcat9logs/:/usr/local/apache-tomcat-9.0.34/logs --privileged=true testtomcat9
3.3 mysql
docker run -p 3306:3306 --name mysql
-v /testtest/mysql/conf:/etc/mysql/conf.d
-v /testtest/mysql/logs:/logs -v
/testtest/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 -d mysql:5.6
命令说明:
-p 3306:3306:将主机的3306端口映射到docker容器的3306端口。
--name mysql:运行服务名字
-v /testtest/mysql/conf:/etc/mysql/conf.d :将主机/testtest/mysql录下的conf/my.cnf 挂载到容器的 /etc/mysql/conf.d
-v /testtest/mysql/logs:/logs:将主机/testtest/mysql目录下的 logs 目录挂载到容器的 /logs。
-v /testtest/mysql/data:/var/lib/mysql :将主机/testtest/mysql目录下的data目录挂载到容器的 /var/lib/mysql
-e MYSQL_ROOT_PASSWORD=123456:初始化 root 用户的密码。
-d mysql:5.6 : 后台程序运行mysql5.6
3.4redis
docker run -p 6379:6379
--name redis32
-v /testtest/myredis/data:/data
-v /testtest/myredis/conf/redis.conf:/usr/local/etc/redis/redis.conf
-d redis:3.2 redis-server /usr/local/etc/redis/redis.conf
--appendonly yes
命令说明:
-p 6379:6379 :将主机的6379端口映射到docker容器的6379端口。
--name redis32:运行服务名字
-v /testtest/myredis/data:/data 挂在数据信息
-v /testtest/myredis/conf/redis.conf:/usr/local/etc/redis/redis.conf 挂在配置文件
-d redis:3.2 redis-server /usr/local/etc/redis/redis.conf --appendonly yes 运行redis:3.2,后面紧跟命令redis-server及conf配置并开启aof