docker镜像构建详细说明

说明

  • 镜像构建并不是一个从零到有的过程–,而是从一个已经存在的镜像的基础上,开始进
    行修改。

  • 比如,想要一个自定义的centos镜像,这镜像里面有自己想要的服务或命令,那么就得先有一个centos镜像,这个镜像可以直接从官网这些渠道获取,这个镜像就称之为基础镜像。 然后我们在基础镜像上通过dockerfile增加功能,得到一个新的终版镜像。

  • 如:我们从网易云下载的一个centos镜像,这个镜像的命令很少,连最基本的ip a和ifconfig命令都没有,后面我们就以这个镜像增加这2命令为例。
    下面中我创建一个退出就自动删除的centos容器【为了确定上面是没这2个命令的】

[root@ccx ~]# docker images | grep cen
hub.c.163.com/library/centos      latest    328edcd84f1b   3 years ago   193MB
[root@ccx ~]# docker run -it --rm hub.c.163.com/library/centos
[root@bed2a3aa0268 /]# ip a 
bash: ip: command not found
[root@bed2a3aa0268 /]# ifconfig
bash: ifconfig: command not found
[root@903b38da3748 /]# cat /etc/redhat-release 
CentOS Linux release 7.3.1611 (Core) 
[root@903b38da3748 /]# 
[root@bed2a3aa0268 /]# exit
exit
[root@ccx ~]# 

镜像编辑【常用说明】

查找命令依赖的包

  • 我们要安装ifconfig和ip命令,首先就得知道这2命令的包是啥
    我们可以去有这个命令的主机上,执行下面命令即可看到了。
[root@ccx ~]# rpm -qf `which ifconfig`
net-tools-2.0-0.24.20131004git.el7.x86_64
[root@ccx ~]# rpm -qf `which ip`
iproute-4.11.0-14.el7.x86_64
[root@ccx ~]# 

编辑镜像文件【基础使用流程说明】

  • 在任意位置编辑一个配置文件:Dockerfile
[root@ccx ~]# pwd
/root
[root@ccx ~]# cat Dockerfile 
FROM hub.c.163.com/library/centos
MAINTAINER ccx

RUN yum install net-tools -y
RUN yum install iproute -y

CMD ["/bin/bash"]
[root@ccx ~]# 
  • 参数说明

  • FROM:后面跟的是镜像的名称,如果现在有的话,就用命令docker images查看,然后复制名称过来即可,如果没有的话,可以输入一个centos,然后系统会自动从网上拉取这个镜像【建议还是先自行下载,然后复制镜像名称过来】

  • MAINTAINER: 后面跟的是介绍说明,跟啥内容都行。

  • RUN:后面跟的是需要执行的命令操作,就是当镜像启动前会执行这些命令【这个RUN不是越多越好,后面会做说明的】

  • CMD[" "]:这里面放的是编译器,centos的就是/bin/bash了

  • 编译前先查看一个文件值是不是为1【如果不是1的话,下面镜像编译会卡住,无法成功】

[root@ccx ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@ccx ~]#
# 如果上面的值不是1,那么就执行下面命令
[root@ccx ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
  • 上面的文件编译完成以后,就要开始编译镜像了
    命令格式:docker build -t REPOSITORY名称:TAG名称 Dockerfile文件路径 -f Dockerfile名称【默认是Dockerfile文件,如果只有一个默认文件,那么-f就不需要加了】
    如:docker build -t centos:v1 . 【. 表示当前路径啊】,编译过程如下
[root@ccx ~]# docker build -t centos:v1 .
Sending build context to Docker daemon  1.177GB
Step 1/5 : FROM hub.c.163.com/library/centos
 ---> 328edcd84f1b
Step 2/5 : MAINTAINER ccx
 ---> Running in 11d69d710d74
Removing intermediate container 11d69d710d74
 ---> cf8f1b1f7f64
Step 3/5 : RUN yum install net-tools -y
 ---> Running in fec2cd515930
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package         Arch         Version                          Repository  Size
================================================================================
Installing:
 net-tools       x86_64       2.0-0.25.20131004git.el7         base       306 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 306 k
Installed size: 917 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.25.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for net-tools-2.0-0.25.20131004git.el7.x86_64.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-3.1611.el7.centos.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : net-tools-2.0-0.25.20131004git.el7.x86_64                    1/1 
  Verifying  : net-tools-2.0-0.25.20131004git.el7.x86_64                    1/1 

Installed:
  net-tools.x86_64 0:2.0-0.25.20131004git.el7                                   

Complete!
Removing intermediate container fec2cd515930
 ---> 652b957f8a8b
Step 4/5 : RUN yum install iproute -y
 ---> Running in 69691bc80819
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package iproute.x86_64 0:4.11.0-30.el7 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Running transaction check
---> Package iptables.x86_64 0:1.4.21-35.el7 will be installed
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-35.el7.x86_64
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-35.el7.x86_64
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3 will be installed
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                      Arch         Version             Repository  Size
================================================================================
Installing:
 iproute                      x86_64       4.11.0-30.el7       base       805 k
Installing for dependencies:
 iptables                     x86_64       1.4.21-35.el7       base       432 k
 libmnl                       x86_64       1.0.3-7.el7         base        23 k
 libnetfilter_conntrack       x86_64       1.0.6-1.el7_3       base        55 k
 libnfnetlink                 x86_64       1.0.1-4.el7         base        26 k

Transaction Summary
================================================================================
Install  1 Package (+4 Dependent packages)

Total download size: 1.3 M
Installed size: 3.5 M
Downloading packages:
--------------------------------------------------------------------------------
Total                                              1.8 MB/s | 1.3 MB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libmnl-1.0.3-7.el7.x86_64                                    1/5 
  Installing : libnfnetlink-1.0.1-4.el7.x86_64                              2/5 
  Installing : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64                  3/5 
  Installing : iptables-1.4.21-35.el7.x86_64                                4/5 
  Installing : iproute-4.11.0-30.el7.x86_64                                 5/5 
  Verifying  : libnfnetlink-1.0.1-4.el7.x86_64                              1/5 
  Verifying  : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64                  2/5 
  Verifying  : iptables-1.4.21-35.el7.x86_64                                3/5 
  Verifying  : libmnl-1.0.3-7.el7.x86_64                                    4/5 
  Verifying  : iproute-4.11.0-30.el7.x86_64                                 5/5 

Installed:
  iproute.x86_64 0:4.11.0-30.el7                                                

Dependency Installed:
  iptables.x86_64 0:1.4.21-35.el7                                               
  libmnl.x86_64 0:1.0.3-7.el7                                                   
  libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3                                 
  libnfnetlink.x86_64 0:1.0.1-4.el7                                             

Complete!
Removing intermediate container 69691bc80819
 ---> 443471b80ff2
Step 5/5 : CMD ["/bin/bash"]
 ---> Running in 7135ecfff344
Removing intermediate container 7135ecfff344
 ---> 4105c41a4cc1
Successfully built 4105c41a4cc1
Successfully tagged centos:v1
  • 编译完成以后可以通过查看镜像看到我们制作的这个镜像了
    然后查看详细可以看到 前4项就是我们自定义的内容了
[root@ccx ~]# docker images
REPOSITORY                        TAG       IMAGE ID       CREATED              SIZE
centos                            v1        4105c41a4cc1   About a minute ago   433MB
nginx                             latest    d1a364dc548d   3 weeks ago          133MB
hub.c.163.com/library/wordpress   latest    dccaeccfba36   3 years ago          406MB
hub.c.163.com/library/centos      latest    328edcd84f1b   3 years ago          193MB
hub.c.163.com/library/mysql       latest    9e64176cd8a2   4 years ago          407MB
[root@ccx ~]# 
[root@ccx ~]# docker history centos:v1 
IMAGE          CREATED         CREATED BY                                      SIZE      COMMENT
4105c41a4cc1   3 minutes ago   /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B        
443471b80ff2   3 minutes ago   /bin/sh -c yum install iproute -y               121MB     
652b957f8a8b   3 minutes ago   /bin/sh -c yum install net-tools -y             119MB     
cf8f1b1f7f64   4 minutes ago   /bin/sh -c #(nop)  MAINTAINER ccx               0B        
328edcd84f1b   3 years ago     /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B        
<missing>      3 years ago     /bin/sh -c #(nop)  LABEL name=CentOS Base Im…   0B        
<missing>      3 years ago     /bin/sh -c #(nop) ADD file:63492ba809361c51e…   193MB     
[root@ccx ~]# 
  • 现在通过这个镜像生成容器测试
    可以看到这个镜像中这2命令确实有了
[root@ccx ~]# docker run -it --rm centos:v1 
[root@0508e306c79d /]# ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
16: eth0@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@0508e306c79d /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 6  bytes 516 (516.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@0508e306c79d /]# 

编辑镜像文件【注意事项说明】

  • 上面的Dockerfile配置文件中,每多写一个RUN,所生成的镜像都会多一层layer,这样就会导致生成的镜像很大,所以我们尽可能的只写一个RUN让这些命令全部实现,所以修改后如下咯。
  • 我们可以将Dockerfile文件修改为如下
    &&是与的意思,就是前面执行完了执行后面的命令, \是换行的意思【后面不能有空格哈】,如果有很多命令需要执行,则加很多 && \就是了【这样是为了美观】
[root@ccx ~]# cat Dockerfile 
FROM hub.c.163.com/library/centos
MAINTAINER ccx

RUN yum install net-tools -y && \
    yum install iproute -y

CMD ["/bin/bash"]
[root@ccx ~]# 
  • 然后我们重新生成一个 centos:v2版本
    docker build -t centos:v2 .
    过程如下
[root@ccx ~]# docker build -t centos:v2 .
Sending build context to Docker daemon  1.177GB
Step 1/4 : FROM hub.c.163.com/library/centos
 ---> 328edcd84f1b
Step 2/4 : MAINTAINER ccx
 ---> Using cache
 ---> cf8f1b1f7f64
Step 3/4 : RUN yum install net-tools -y &&     yum install iproute -y
 ---> Running in 4ed42d93dd76
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package         Arch         Version                          Repository  Size
================================================================================
Installing:
 net-tools       x86_64       2.0-0.25.20131004git.el7         base       306 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 306 k
Installed size: 917 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.25.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for net-tools-2.0-0.25.20131004git.el7.x86_64.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-3.1611.el7.centos.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : net-tools-2.0-0.25.20131004git.el7.x86_64                    1/1 
  Verifying  : net-tools-2.0-0.25.20131004git.el7.x86_64                    1/1 

Installed:
  net-tools.x86_64 0:2.0-0.25.20131004git.el7                                   

Complete!
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package iproute.x86_64 0:4.11.0-30.el7 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Running transaction check
---> Package iptables.x86_64 0:1.4.21-35.el7 will be installed
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-35.el7.x86_64
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-35.el7.x86_64
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3 will be installed
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                      Arch         Version             Repository  Size
================================================================================
Installing:
 iproute                      x86_64       4.11.0-30.el7       base       805 k
Installing for dependencies:
 iptables                     x86_64       1.4.21-35.el7       base       432 k
 libmnl                       x86_64       1.0.3-7.el7         base        23 k
 libnetfilter_conntrack       x86_64       1.0.6-1.el7_3       base        55 k
 libnfnetlink                 x86_64       1.0.1-4.el7         base        26 k

Transaction Summary
================================================================================
Install  1 Package (+4 Dependent packages)

Total download size: 1.3 M
Installed size: 3.5 M
Downloading packages:
--------------------------------------------------------------------------------
Total                                              1.6 MB/s | 1.3 MB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libmnl-1.0.3-7.el7.x86_64                                    1/5 
  Installing : libnfnetlink-1.0.1-4.el7.x86_64                              2/5 
  Installing : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64                  3/5 
  Installing : iptables-1.4.21-35.el7.x86_64                                4/5 
  Installing : iproute-4.11.0-30.el7.x86_64                                 5/5 
  Verifying  : libnfnetlink-1.0.1-4.el7.x86_64                              1/5 
  Verifying  : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64                  2/5 
  Verifying  : iptables-1.4.21-35.el7.x86_64                                3/5 
  Verifying  : libmnl-1.0.3-7.el7.x86_64                                    4/5 
  Verifying  : iproute-4.11.0-30.el7.x86_64                                 5/5 

Installed:
  iproute.x86_64 0:4.11.0-30.el7                                                

Dependency Installed:
  iptables.x86_64 0:1.4.21-35.el7                                               
  libmnl.x86_64 0:1.0.3-7.el7                                                   
  libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3                                 
  libnfnetlink.x86_64 0:1.0.1-4.el7                                             

Complete!
Removing intermediate container 4ed42d93dd76
 ---> 7e5ab683bf8b
Step 4/4 : CMD ["/bin/bash"]
 ---> Running in 60f0fa6c3965
Removing intermediate container 60f0fa6c3965
 ---> 6f27209158df
Successfully built 6f27209158df
Successfully tagged centos:v2
[root@ccx ~]# 
  • 和基础使用创建结果对比
    只有一个run以后镜像大小明显小了很多,下面TAG的v2是只有一个run创建的
[root@ccx ~]# docker images
REPOSITORY                        TAG       IMAGE ID       CREATED          SIZE
centos                            v2        6f27209158df   2 minutes ago    315MB
centos                            v1        4105c41a4cc1   13 minutes ago   433MB  
  • 创建容器测试结果
    ifconfig和ip a命令依然是有的。
[root@ccx ~]# docker run -it --rm centos:v2
[root@20f2597f6246 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 3  bytes 266 (266.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@20f2597f6246 /]# ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
20: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@20f2597f6246 /]# 

编辑镜像文件【ADD与COPY增加文件】

  • ADD和COPY的区别
    • ADDCOPY是作用是一样的,都是用于文件拷贝
    • ADD带有自动解压功能,适用于拷贝多个文件,拷贝前将这些文件打成一个tar包即可】
    • COPY没有自动解压功能,适用于拷贝单个文件,不用做任何操作【不需要打tar包操作】,但COPY也可以拷贝tar包到容器,只是容器里看到的依然是tar包,不会自动解压罢了。
    • 所以,如果文件多,打成tar包用ADD拷贝,如果仅有一个文件,则用COPY直接拷贝,他们的使用方法是一样的。
  • 这个依然是基于Dockerfile文件实现的功能。
  • ADD使用方法:ADD tar包文件名 路径 ,就是将指定文件拷贝到指定容器的路径里面
    注:tar包文件必须和dockerfile在一个目录中
  • COPY使用方法:COPY 文件名 路径 ,就是将指定文件拷贝到指定容器的路径里面
    注:需要拷贝的文件必须和dockerfile再在一个目录中
  • 如:我们将容器中的yum源替换为本机的yum源为例
    我们先将本地的yum源打成tar包并放在和Dockerfile文件一个目录
[root@ccx ~]# cd /etc/yum.repos.d/
[root@ccx yum.repos.d]# ls
bak  CentOS-Base.repo  docker-ce.repo  epel.repo  k8s.repo
[root@ccx yum.repos.d]# tar zcf repo.tar.gz *.repo
[root@ccx yum.repos.d]# mv repo.tar.gz /root
mv: overwrite ‘/root/repo.tar.gz’? y
[root@ccx yum.repos.d]# cd /root
[root@ccx ~]# ls | grep rep
repo.tar.gz
[root@ccx ~]# 
[root@ccx ~]# tar tf repo.tar.gz 
CentOS-Base.repo
docker-ce.repo
epel.repo
k8s.repo
[root@ccx ~]# 
  • 然后修改Dockerfile文件
    添加文件之前需要先删除原来镜像中的源路径文件,所以需要先定义一个RUN用来删除文件,然后再这个文件下面 添加一个ADD,将文件拷贝到yum文件中【RUN分开的原因是需要先配置完毕yum才能使用yum install】
[root@ccx ~]# cat Dockerfile
FROM hub.c.163.com/library/centos
MAINTAINER ccx

RUN rm -rf /etc/yum.repos.d/*

ADD repo.tar.gz /etc/yum.repos.d/

RUN yum install net-tools -y && \
    yum install iproute -y

CMD ["/bin/bash"]
[root@ccx ~]# 
  • 上面文件保存后重新编译一次,名称为centos:v3,过程如下
[root@ccx ~]# yum build -t centos:v3 .
Loaded plugins: fastestmirror, langpacks
No such command: build. Please use /usr/bin/yum --help
[root@ccx ~]# docker build -t centos:v3 .
Sending build context to Docker daemon  1.177GB
Step 1/6 : FROM hub.c.163.com/library/centos
 ---> 328edcd84f1b
Step 2/6 : MAINTAINER ccx
 ---> Using cache
 ---> cf8f1b1f7f64
Step 3/6 : RUN rm -rf /etc/yum.repos.d/*
 ---> Running in 8eb8c344528c
Removing intermediate container 8eb8c344528c
 ---> e74a3061df3a
Step 4/6 : ADD repo.tar.gz /etc/yum.repos.d/
 ---> 80fe76f4a233
Step 5/6 : RUN yum install net-tools -y &&     yum install iproute -y
 ---> Running in 6277b3c234a9
Loaded plugins: fastestmirror, ovl
Retrieving key from https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
Importing GPG key 0x307EA071:
 Userid     : "Rapture Automatic Signing Key (cloud-rapture-signing-key-2021-03-01-08_01_09.pub)"
 Fingerprint: 7f92 e05b 3109 3bef 5a3c 2d38 feea 9169 307e a071
 From       : https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
Retrieving key from https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
Determining fastest mirrors
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package         Arch         Version                          Repository  Size
================================================================================
Installing:
 net-tools       x86_64       2.0-0.25.20131004git.el7         base       306 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 306 k
Installed size: 917 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.25.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for net-tools-2.0-0.25.20131004git.el7.x86_64.rpm is not installed
Retrieving key from http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 From       : http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : net-tools-2.0-0.25.20131004git.el7.x86_64                    1/1 
  Verifying  : net-tools-2.0-0.25.20131004git.el7.x86_64                    1/1 

Installed:
  net-tools.x86_64 0:2.0-0.25.20131004git.el7                                   

Complete!
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package iproute.x86_64 0:4.11.0-30.el7 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Running transaction check
---> Package iptables.x86_64 0:1.4.21-35.el7 will be installed
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-35.el7.x86_64
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-35.el7.x86_64
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3 will be installed
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                      Arch         Version             Repository  Size
================================================================================
Installing:
 iproute                      x86_64       4.11.0-30.el7       base       805 k
Installing for dependencies:
 iptables                     x86_64       1.4.21-35.el7       base       432 k
 libmnl                       x86_64       1.0.3-7.el7         base        23 k
 libnetfilter_conntrack       x86_64       1.0.6-1.el7_3       base        55 k
 libnfnetlink                 x86_64       1.0.1-4.el7         base        26 k

Transaction Summary
================================================================================
Install  1 Package (+4 Dependent packages)

Total download size: 1.3 M
Installed size: 3.5 M
Downloading packages:
--------------------------------------------------------------------------------
Total                                              2.7 MB/s | 1.3 MB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libmnl-1.0.3-7.el7.x86_64                                    1/5 
  Installing : libnfnetlink-1.0.1-4.el7.x86_64                              2/5 
  Installing : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64                  3/5 
  Installing : iptables-1.4.21-35.el7.x86_64                                4/5 
  Installing : iproute-4.11.0-30.el7.x86_64                                 5/5 
  Verifying  : libnfnetlink-1.0.1-4.el7.x86_64                              1/5 
  Verifying  : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64                  2/5 
  Verifying  : iptables-1.4.21-35.el7.x86_64                                3/5 
  Verifying  : libmnl-1.0.3-7.el7.x86_64                                    4/5 
  Verifying  : iproute-4.11.0-30.el7.x86_64                                 5/5 

Installed:
  iproute.x86_64 0:4.11.0-30.el7                                                

Dependency Installed:
  iptables.x86_64 0:1.4.21-35.el7                                               
  libmnl.x86_64 0:1.0.3-7.el7                                                   
  libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3                                 
  libnfnetlink.x86_64 0:1.0.1-4.el7                                             

Complete!
Removing intermediate container 6277b3c234a9
 ---> 2b86e5699766
Step 6/6 : CMD ["/bin/bash"]
 ---> Running in 1e6ff2ac0399
Removing intermediate container 1e6ff2ac0399
 ---> 0212a1a45667
Successfully built 0212a1a45667
Successfully tagged centos:v3
[root@ccx ~]# 
  • 创建容器测试
    可以看到yum源文件已经边了,且命令已经安装成功了
[root@ccx ~]# docker images
REPOSITORY                        TAG       IMAGE ID       CREATED          SIZE
centos                            v3        0212a1a45667   3 minutes ago    357MB
centos                            v2        6f27209158df   27 minutes ago   315MB
centos                            v1        4105c41a4cc1   38 minutes ago   433MB
[root@ccx ~]# docker run -it --rm centos:v3 
[root@020e9637b5e3 /]# ls /etc/yum.repos.d/
CentOS-Base.repo  docker-ce.repo  epel.repo  k8s.repo
[root@020e9637b5e3 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 8  bytes 656 (656.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@020e9637b5e3 /]# ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
26: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@020e9637b5e3 /]# 

编辑镜像文件【EXPOSE指定端口】

  • 使用方法:EXPOSE 端口号1 端口号2 端口号3
  • 这个我们以nginx服务为例【镜像使用我们上面创建的centos:v3】
    并且这个nginx的CMD文件比较特别,我们可以查看镜像现有的CMD,然后复制过去就行了
    先查看到nginx镜像的CMD路径
[root@ccx ~]# docker history nginx:latest --no-trunc| head -n 2
IMAGE                                                                     CREATED       CREATED BY                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SIZE      COMMENT
sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdee   3 weeks ago   /bin/sh -c #(nop)  CMD ["nginx" "-g" "daemon off;"]                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         0B        
[root@ccx ~]# 
  • 编辑一个新的dockerfile文件
    我们可以拷贝一份刚才的docker模版,然后编辑如下内容【注,CMD中的内容需要将空格改为,】,最后在当前目录新建一个index.html【名称固定的,里面的内容可以随便造一点】
[root@ccx ~]# cp Dockerfile Dockerfile_v2
[root@ccx ~]# vim Dockerfile_v2                                                  
[root@ccx ~]# cat Dockerfile_v2
FROM centos:v3
MAINTAINER ccx

RUN yum install nginx -y
COPY index.html /usr/share/nginx/html
EXPOSE 80

CMD ["nginx","-g","daemon off;"]
[root@ccx ~]# vim index.html                                              
[root@ccx ~]# cat index.html 
<p>
hello word!
</p>
[root@ccx ~]# 
  • 编译镜像为nginx:v1
    因为我们新增的一个dockerfile文件,所以我们需要用 -f 指定文件名
    docker build -t nginx:v1 . -f Dockerfile_v2
    过程如下【如果镜像中没有nginx源,会编译错误】
[root@ccx ~]# docker build -t nginx:v1 . -f Dockerfile_v2 
Sending build context to Docker daemon  1.177GB
Step 1/6 : FROM centos:v3
 ---> 0212a1a45667
Step 2/6 : MAINTAINER ccx
 ---> Running in 3c6429284bf7
Removing intermediate container 3c6429284bf7
 ---> 67508b852318
Step 3/6 : RUN yum install nginx -y
 ---> Running in 59dff0944913
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.20.1-2.el7 will be installed
--> Processing Dependency: nginx-filesystem = 1:1.20.1-2.el7 for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_1)(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: nginx-filesystem for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: openssl for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: redhat-indexhtml for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: system-logos for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libcrypto.so.1.1()(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libprofiler.so.0()(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libssl.so.1.1()(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Running transaction check
---> Package centos-indexhtml.noarch 0:7-9.el7.centos will be installed
---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed
---> Package gperftools-libs.x86_64 0:2.6.1-1.el7 will be installed
---> Package nginx-filesystem.noarch 1:1.20.1-2.el7 will be installed
---> Package openssl.x86_64 1:1.0.2k-21.el7_9 will be installed
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.2k-21.el7_9 for package: 1:openssl-1.0.2k-21.el7_9.x86_64
--> Processing Dependency: make for package: 1:openssl-1.0.2k-21.el7_9.x86_64
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.2)(64bit) for package: 1:openssl-1.0.2k-21.el7_9.x86_64
---> Package openssl11-libs.x86_64 1:1.1.1g-3.el7 will be installed
--> Running transaction check
---> Package make.x86_64 1:3.82-24.el7 will be installed
---> Package openssl-libs.x86_64 1:1.0.1e-60.el7_3.1 will be updated
---> Package openssl-libs.x86_64 1:1.0.2k-21.el7_9 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package               Arch        Version                   Repository    Size
================================================================================
Installing:
 nginx                 x86_64      1:1.20.1-2.el7            epel         586 k
Installing for dependencies:
 centos-indexhtml      noarch      7-9.el7.centos            base          92 k
 centos-logos          noarch      70.0.6-3.el7.centos       base          21 M
 gperftools-libs       x86_64      2.6.1-1.el7               base         272 k
 make                  x86_64      1:3.82-24.el7             base         421 k
 nginx-filesystem      noarch      1:1.20.1-2.el7            epel          23 k
 openssl               x86_64      1:1.0.2k-21.el7_9         updates      493 k
 openssl11-libs        x86_64      1:1.1.1g-3.el7            epel         1.5 M
Updating for dependencies:
 openssl-libs          x86_64      1:1.0.2k-21.el7_9         updates      1.2 M

Transaction Summary
================================================================================
Install  1 Package  (+7 Dependent packages)
Upgrade             ( 1 Dependent package)

Total download size: 26 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
--------------------------------------------------------------------------------
Total                                              4.9 MB/s |  26 MB  00:05     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : centos-logos-70.0.6-3.el7.centos.noarch                     1/10 
  Installing : centos-indexhtml-7-9.el7.centos.noarch                      2/10 
  Installing : 1:make-3.82-24.el7.x86_64                                   3/10 
  Installing : 1:nginx-filesystem-1.20.1-2.el7.noarch                      4/10 
  Installing : 1:openssl11-libs-1.1.1g-3.el7.x86_64                        5/10 
  Installing : gperftools-libs-2.6.1-1.el7.x86_64                          6/10 
  Updating   : 1:openssl-libs-1.0.2k-21.el7_9.x86_64                       7/10 
  Installing : 1:openssl-1.0.2k-21.el7_9.x86_64                            8/10 
  Installing : 1:nginx-1.20.1-2.el7.x86_64                                 9/10 
  Cleanup    : 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64                    10/10 
  Verifying  : 1:nginx-1.20.1-2.el7.x86_64                                 1/10 
  Verifying  : 1:openssl-libs-1.0.2k-21.el7_9.x86_64                       2/10 
  Verifying  : gperftools-libs-2.6.1-1.el7.x86_64                          3/10 
  Verifying  : 1:openssl11-libs-1.1.1g-3.el7.x86_64                        4/10 
  Verifying  : 1:nginx-filesystem-1.20.1-2.el7.noarch                      5/10 
  Verifying  : 1:make-3.82-24.el7.x86_64                                   6/10 
  Verifying  : 1:openssl-1.0.2k-21.el7_9.x86_64                            7/10 
  Verifying  : centos-indexhtml-7-9.el7.centos.noarch                      8/10 
  Verifying  : centos-logos-70.0.6-3.el7.centos.noarch                     9/10 
  Verifying  : 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64                    10/10 

Installed:
  nginx.x86_64 1:1.20.1-2.el7                                                   

Dependency Installed:
  centos-indexhtml.noarch 0:7-9.el7.centos                                      
  centos-logos.noarch 0:70.0.6-3.el7.centos                                     
  gperftools-libs.x86_64 0:2.6.1-1.el7                                          
  make.x86_64 1:3.82-24.el7                                                     
  nginx-filesystem.noarch 1:1.20.1-2.el7                                        
  openssl.x86_64 1:1.0.2k-21.el7_9                                              
  openssl11-libs.x86_64 1:1.1.1g-3.el7                                          

Dependency Updated:
  openssl-libs.x86_64 1:1.0.2k-21.el7_9                                         

Complete!
Removing intermediate container 59dff0944913
 ---> f4aea8fab811
Step 4/6 : COPY index.html /usr/share/nginx/html
 ---> 64f0b3c15c5e
Step 5/6 : EXPOSE 80
 ---> Running in 00c9d88e2742
Removing intermediate container 00c9d88e2742
 ---> 8b6bd0688188
Step 6/6 : CMD ["nginx","-g","daemon off;"]
 ---> Running in 1b7e3750fa72
Removing intermediate container 1b7e3750fa72
 ---> 13ee3750e1c8
Successfully built 13ee3750e1c8
Successfully tagged nginx:v1
[root@ccx ~]# 
  • 通过查看镜像的全部内容,可以看到我们刚才定义的内容
[root@ccx ~]# docker images| grep nginx
nginx                             v1        13ee3750e1c8   52 seconds ago      548MB
nginx                             latest    d1a364dc548d   3 weeks ago         133MB
[root@ccx ~]# docker history nginx:v1 
IMAGE          CREATED              CREATED BY                                      SIZE      COMMENT
13ee3750e1c8   About a minute ago   /bin/sh -c #(nop)  CMD ["nginx" "-g" "daemon…   0B        
8b6bd0688188   About a minute ago   /bin/sh -c #(nop)  EXPOSE 80                    0B        
64f0b3c15c5e   About a minute ago   /bin/sh -c #(nop) COPY file:616c5da4cb1c7de2…   21B       
f4aea8fab811   About a minute ago   /bin/sh -c yum install nginx -y                 191MB     
67508b852318   About a minute ago   /bin/sh -c #(nop)  MAINTAINER ccx               0B        
0212a1a45667   30 minutes ago       /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B        
2b86e5699766   30 minutes ago       /bin/sh -c yum install net-tools -y &&     y…   164MB     
80fe76f4a233   30 minutes ago       /bin/sh -c #(nop) ADD file:9a052aed38285906d…   6.04kB    
e74a3061df3a   30 minutes ago       /bin/sh -c rm -rf /etc/yum.repos.d/*            0B        
cf8f1b1f7f64   About an hour ago    /bin/sh -c #(nop)  MAINTAINER ccx               0B        
328edcd84f1b   3 years ago          /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B        
<missing>      3 years ago          /bin/sh -c #(nop)  LABEL name=CentOS Base Im…   0B        
<missing>      3 years ago          /bin/sh -c #(nop) ADD file:63492ba809361c51e…   193MB     
[root@ccx ~]# 
  • 通过这个镜像创建一个容器,看是否正常
[root@ccx ~]# docker run -dit --name=web --restart=always -p 80:80 nginx:v1 
b245ace740008e48cdbf5f62e57f38ca33bf7cbdef39d84606248b4d4a52a79e
[root@ccx ~]# docker ps
CONTAINER ID   IMAGE      COMMAND                  CREATED         STATUS         PORTS                               NAMES
b245ace74000   nginx:v1   "nginx -g 'daemon of…"   3 seconds ago   Up 2 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp   web
[root@ccx ~]# 
  • 上面容器启动正常,可以看到本机端口80已经映射到容器的端口80了,那么现在使用浏览器,输入本机ip回车后页面是可以显示index中的内容的,成功。
    在这里插入图片描述

编辑镜像文件【ENV指定变量】

  • 当使用 Dockerfile 进行构建镜像时,有时会需要设置容器内的环境变量。
  • 使用方法:ENV <key>=<value> <key2>=<value2>
  • ENV 指令将环境变量 设置为值 。这个值将在构建阶段的所有后续指令的环境中, 也可以被替换使用在其他指令中。 该值将被解释为其他环境变量,因此如果引号字符没有转义,它们将被删除。像命令行解析一样,引号和反斜杠可以用于在值中包含空格。
    例如:
ENV MY_NAME="super hero"
ENV MY_CAT=fluffy
  • 当使用生成的镜像运行容器时,使用 ENV 设置的环境变量将持久存在于容器内。 你可以使用 docker inspect 容器名 查看这些值,并使用 docker run --env <key>=<value>修改它们【也可以docker run的时候 -e 指定参数,这时候的参数会覆盖镜像中的参数】。
  • dockerfile文件如下:我在新增容器的时候指定了变量a=123,然后我在创建容器的时候重新制定a=123_now
[root@ccx ~]# cat dockerfile_v1 
FROM hub.c.163.com/library/centos:latest
MAINTAINER ccx_ssh_server
ENV aa=123
ENV bb=321

RUN useradd ccx && \
    echo root | passwd --stdin root
USER ccx

VOLUME ["/ccx"]

CMD ["/bin/bash"]
[root@ccx ~]# 

# 生成镜像
[root@ccx ~]# docker build -t . -f dockerfile_v1 
invalid argument "." for t: Error parsing reference: "." is not a valid repository/tag: invalid reference format
See 'docker build --help'.
[root@ccx ~]# 
[root@ccx ~]# docker build -t centos:v1 . -f dockerfile_v1 
Sending build context to Docker daemon 1.593 GB
Step 1/8 : FROM hub.c.163.com/library/centos:latest
 ---> 328edcd84f1b
Step 2/8 : MAINTAINER ccx_ssh_server
 ---> Using cache
 ---> 838371e7ae87
Step 3/8 : ENV aa 123
 ---> Using cache
 ---> 9456dedc09b1
Step 4/8 : ENV bb 321
 ---> Using cache
 ---> 6a86a8083e4b
Step 5/8 : RUN useradd ccx &&     echo root | passwd --stdin root
 ---> Running in 35f2637de210

Changing password for user root.
passwd: all authentication tokens updated successfully.
 ---> 711018578e3f
Removing intermediate container 35f2637de210
Step 6/8 : USER ccx
 ---> Running in af9ed521a567
 ---> b81ad3f64b1d
Removing intermediate container af9ed521a567
Step 7/8 : VOLUME /ccx
 ---> Running in ac29ce706baa
 ---> ed2c8f47ca94
Removing intermediate container ac29ce706baa
Step 8/8 : CMD /bin/bash
 ---> Running in ac98417778c5
 ---> c85441b108da
Removing intermediate container ac98417778c5
Successfully built c85441b108da

# 创建容器
[root@ccx ~]# docker run -it --name=test --restart=always -e aa=123_now centos:v1 
[ccx@de97fc9d16ab /]$ echo $aa
123_now
[ccx@de97fc9d16ab /]$ echo $bb
321
[ccx@de97fc9d16ab /]$ 

编辑镜像文件【USER指定用户】

  • 格式
    • USER user
    • USER user:group
    • USER uid
    • USER uid:gid
    • USER user:gid
    • USER uid:group
  • 示例
    一般我们指定的用户,容器中是没有这个用户名的,所以我们指定用户名的时候,在USER前面加一个RUN useradd user创建这个用户,再指定。【也可以不用指定,我们创建好一个用户后,在生成容器的时候 -u user指定用户名】
  • 作用
    • 指定运行时的用户名或UID,后续的RUN也会使用指定的用户。
    • 当服务不需要管理权限时,可以通过该命令指定运行用户。并且可以在之前创建所需要的用户
  • 说明
    要临时获取管理权限可以使用gosu,而不推荐sudo。
  • 注:
    使用USER指定用户后,Dockerfile中其后的命令RUN、CMD、ENTRYPOINT都将使用该用户。镜像构建完成后,通过docker run运行容器时,可以通过-u参数来覆盖所指定的用户。
  • dockerfile文件如下:我创建了一个用户ccx并指定ccx为默认用户
[root@ccx ~]# cat dockerfile_v1 
FROM hub.c.163.com/library/centos:latest
MAINTAINER ccx_ssh_server
ENV aa=123
ENV bb=321

RUN useradd ccx && \
    echo root | passwd --stdin root
USER ccx

VOLUME ["/ccx"]

CMD ["/bin/bash"]
[root@ccx ~]# 

# 生成镜像
[root@ccx ~]# docker build -t . -f dockerfile_v1 
invalid argument "." for t: Error parsing reference: "." is not a valid repository/tag: invalid reference format
See 'docker build --help'.
[root@ccx ~]# 
[root@ccx ~]# docker build -t centos:v1 . -f dockerfile_v1 
Sending build context to Docker daemon 1.593 GB
Step 1/8 : FROM hub.c.163.com/library/centos:latest
 ---> 328edcd84f1b
Step 2/8 : MAINTAINER ccx_ssh_server
 ---> Using cache
 ---> 838371e7ae87
Step 3/8 : ENV aa 123
 ---> Using cache
 ---> 9456dedc09b1
Step 4/8 : ENV bb 321
 ---> Using cache
 ---> 6a86a8083e4b
Step 5/8 : RUN useradd ccx &&     echo root | passwd --stdin root
 ---> Running in 35f2637de210

Changing password for user root.
passwd: all authentication tokens updated successfully.
 ---> 711018578e3f
Removing intermediate container 35f2637de210
Step 6/8 : USER ccx
 ---> Running in af9ed521a567
 ---> b81ad3f64b1d
Removing intermediate container af9ed521a567
Step 7/8 : VOLUME /ccx
 ---> Running in ac29ce706baa
 ---> ed2c8f47ca94
Removing intermediate container ac29ce706baa
Step 8/8 : CMD /bin/bash
 ---> Running in ac98417778c5
 ---> c85441b108da
Removing intermediate container ac98417778c5
Successfully built c85441b108da

# 创建容器
[root@ccx ~]# docker run -it --name=test --restart=always   centos:v1 
[ccx@2000b48aba23 /]$ 
[ccx@2000b48aba23 /]$ su - root
Password: 
[root@2000b48aba23 ~]#

## 容器中默认用户是ccx了,我们现在在创建容器的时候指定用户为root
[root@ccx ~]# docker rm -f test 
test
[root@ccx ~]# docker run -it --name=test --restart=always -u root  centos:v1 
[root@ffbe157ebd26 /]# pwd
/
[root@ffbe157ebd26 /]# exit
exit

编辑镜像文件【VOLUME 持久化目录】

  • 用于指定持久化目录 【下面的目录是容器中的存储目录,会对应在本机默认地址生成路径(下面有查看详细说明的),这种并不好,虽然数据会永久保留到本地,但数据不能共享,每当容器删除并新建后,ID变了,所以默认存储路径也就变了,还是手动创建时指定目录的好一些。】

  • 格式:
    VOLUME ["/path/to/dir"]

  • 示例:
    VOLUME ["/data"]
    VOLUME ["/var/www", "/var/log/apache2", "/etc/apache2"]

  • 注:
    一个卷可以存在于一个或多个容器的指定目录,该目录可以绕过联合文件系统,并具有以下功能:

    • 1 卷可以容器间共享和重用
    • 2 容器并不一定要和其它容器共享卷
    • 3 修改卷后会立即生效
    • 4 对卷的修改不会对镜像产生影响
    • 5 卷会一直存在,直到没有任何容器在使用它
[root@ccx ~]# docker run -it --name=test --restart=always   centos:v1 
[ccx@8c8b1dc9b380 /]$ su - 
Password: 
[root@8c8b1dc9b380 ~]# cd /ccx/
[root@8c8b1dc9b380 ccx]# ls
[root@8c8b1dc9b380 ccx]# touch ccxhero
[root@8c8b1dc9b380 ccx]# ls
ccxhero
[root@8c8b1dc9b380 ccx]# exit
logout
[ccx@8c8b1dc9b380 /]$ 
[ccx@8c8b1dc9b380 /]$ exit
exit
[root@ccx ~]# docker inspect test |egrep -B 1 volume
            {
                "Type": "volume",
                "Name": "4bcec9409e950425ab4a39974a1a91690360a53bf4952c0cbd629a617ef84734",
                "Source": "/var/lib/docker/volumes/4bcec9409e950425ab4a39974a1a91690360a53bf4952c0cbd629a617ef84734/_data",
[root@ccx ~]# ls /var/lib/docker/volumes/4bcec9409e950425ab4a39974a1a91690360a53bf4952c0cbd629a617ef84734/_data/
ccxhero
[root@ccx ~]# 

构建nginx镜像

  • 脚本写好了,需要转换成镜像(执行该命令必须跟dockerfile在同一个目录并且dockerfile必须小写):
#nginx:v1是自定义名称,其他固定的
 docker build -t nginx:v1 .
[root@ciserver p1]# cat dockerfile 
FROM nginx
MAINTAINER ccx
ADD index.html /usr/share/nginx/html/
EXPOSE 80
ENTRYPOINT nginx -g "daemon off;"
[root@ciserver p1]# 
[root@ciserver p1]# docker build -t nginx:v2 .
Sending build context to Docker daemon  70.66kB
Step 1/5 : FROM nginx
 ---> d1a364dc548d
Step 2/5 : MAINTAINER ccx
 ---> Using cache
 ---> cbe0311eaa40
Step 3/5 : ADD index.html /usr/share/nginx/html/
 ---> Using cache
 ---> 42f41d39611a
Step 4/5 : EXPOSE 80
 ---> Using cache
 ---> 2f405d0017f0
Step 5/5 : ENTRYPOINT nginx -g "daemon off;"
 ---> Running in 938471cc0751
Removing intermediate container 938471cc0751
 ---> 318d2d4608a5
Successfully built 318d2d4608a5
Successfully tagged nginx:v2
[root@ciserver p1]# docker images | grep nginx
nginx                                                             v2                    318d2d4608a5   9 seconds ago    133MB
nginx                                                             latest                d1a364dc548d   5 months ago     133MB
[root@ciserver p1]#

搭建一个ssh服务器

  • 需要准备一个镜像,我用的是网易云的默认centos镜像。
  • 在任意位置编辑一个dockerfile文件,里面写ssh服务器的必备组件。
    思路:搭建一个服务器最基本的,就是分多次搭建,后面启动报错以后,查看日志,日志报什么错就添加什么功能就行了,如下面的文件中,文件key和修改的文件日志中都会有报错提示的。
    注,多次编译的话,每次编译后都需要删除本地文件.ssh/known_hosts中的容器ip信息【因为每次修改容器key都会改变,所以会ssh报错】

dockerfile文件内容和编译过程如下

[root@ccx ~]# cat dockerfile 
FROM hub.c.163.com/library/centos:latest
MAINTAINER ccx_ssh_server
RUN yum install openssh-server openssh-clients -y && \
    ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key && \
    ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key && \
    ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_ky && \
    echo root | passwd --stdin root && \
    sed -i '/UseDNS/cUseDNS no' /etc/ssh/sshd_config

EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
[root@ccx ~]# 
[root@ccx ~]# docker build -t centos:ssh .
Sending build context to Docker daemon 1.593 GB
Step 1/5 : FROM hub.c.163.com/library/centos:latest
 ---> 328edcd84f1b
Step 2/5 : MAINTAINER ccx_ssh_server
 ---> Using cache
 ---> 838371e7ae87
Step 3/5 : RUN yum install openssh-server openssh-clients -y &&     ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key &&     ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key &&     ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_ky &&     echo root | passwd --stdin root &&     sed -i '/UseDNS/cUseDNS no' /etc/ssh/sshd_config
 ---> Running in 1e9a85cf5eb9

Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package openssh-clients.x86_64 0:7.4p1-21.el7 will be installed
--> Processing Dependency: openssh = 7.4p1-21.el7 for package: openssh-clients-7.4p1-21.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-7.4p1-21.el7.x86_64
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.2)(64bit) for package: openssh-clients-7.4p1-21.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-7.4p1-21.el7.x86_64
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-7.4p1-21.el7.x86_64
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be installed
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
---> Package openssh.x86_64 0:7.4p1-21.el7 will be installed
---> Package openssl-libs.x86_64 1:1.0.1e-60.el7_3.1 will be updated
---> Package openssl-libs.x86_64 1:1.0.2k-21.el7_9 will be an update
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package               Arch       Version                     Repository   Size
================================================================================
Installing:
 openssh-clients       x86_64     7.4p1-21.el7                base        655 k
 openssh-server        x86_64     7.4p1-21.el7                base        459 k
Installing for dependencies:
 fipscheck             x86_64     1.4.1-6.el7                 base         21 k
 fipscheck-lib         x86_64     1.4.1-6.el7                 base         11 k
 libedit               x86_64     3.0-12.20121213cvs.el7      base         92 k
 openssh               x86_64     7.4p1-21.el7                base        510 k
 tcp_wrappers-libs     x86_64     7.6-77.el7                  base         66 k
Updating for dependencies:
 openssl-libs          x86_64     1:1.0.2k-21.el7_9           updates     1.2 M

Transaction Summary
================================================================================
Install  2 Packages (+5 Dependent packages)
Upgrade             ( 1 Dependent package)

Total download size: 3.0 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-lib-1.4.1-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for fipscheck-lib-1.4.1-6.el7.x86_64.rpm is not installed
Public key for openssl-libs-1.0.2k-21.el7_9.x86_64.rpm is not installed
--------------------------------------------------------------------------------
Total                                              603 kB/s | 3.0 MB  00:05     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-3.1611.el7.centos.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : 1:openssl-libs-1.0.2k-21.el7_9.x86_64                        1/9 
  Installing : fipscheck-1.4.1-6.el7.x86_64                                 2/9 
  Installing : fipscheck-lib-1.4.1-6.el7.x86_64                             3/9 
  Installing : openssh-7.4p1-21.el7.x86_64                                  4/9 
  Installing : tcp_wrappers-libs-7.6-77.el7.x86_64                          5/9 
  Installing : libedit-3.0-12.20121213cvs.el7.x86_64                        6/9 
  Installing : openssh-clients-7.4p1-21.el7.x86_64                          7/9 
  Installing : openssh-server-7.4p1-21.el7.x86_64                           8/9 
  Cleanup    : 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64                      9/9 
  Verifying  : fipscheck-lib-1.4.1-6.el7.x86_64                             1/9 
  Verifying  : openssh-7.4p1-21.el7.x86_64                                  2/9 
  Verifying  : fipscheck-1.4.1-6.el7.x86_64                                 3/9 
  Verifying  : openssh-clients-7.4p1-21.el7.x86_64                          4/9 
  Verifying  : libedit-3.0-12.20121213cvs.el7.x86_64                        5/9 
  Verifying  : tcp_wrappers-libs-7.6-77.el7.x86_64                          6/9 
  Verifying  : 1:openssl-libs-1.0.2k-21.el7_9.x86_64                        7/9 
  Verifying  : openssh-server-7.4p1-21.el7.x86_64                           8/9 
  Verifying  : 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64                      9/9 

Installed:
  openssh-clients.x86_64 0:7.4p1-21.el7   openssh-server.x86_64 0:7.4p1-21.el7  

Dependency Installed:
  fipscheck.x86_64 0:1.4.1-6.el7            fipscheck-lib.x86_64 0:1.4.1-6.el7  
  libedit.x86_64 0:3.0-12.20121213cvs.el7   openssh.x86_64 0:7.4p1-21.el7       
  tcp_wrappers-libs.x86_64 0:7.6-77.el7    

Dependency Updated:
  openssl-libs.x86_64 1:1.0.2k-21.el7_9                                         

Complete!
Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
SHA256:WSZdXGlHGIi3fCei6smn6VuynOun+fGEjBSLTVYjeZc root@c7947be2eb9d
The key's randomart image is:
+---[RSA 2048]----+
|        ..oo.+o=.|
|        .+ooE + .|
|        =.++ o . |
|       = B  + o .|
|      . S  . o o |
|       . o..     |
|        o.= .    |
|       o.Oo+     |
|       +^O. .    |
+----[SHA256]-----+
Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private ecdsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
The key fingerprint is:
SHA256:H89DqtJMeBqw4r/cVKWsEDnDSIo5isgyeO2D4UVA41A root@c7947be2eb9d
The key's randomart image is:
+---[ECDSA 256]---+
|.oE              |
|.* = .           |
|= o B     .      |
|*. o.+ . o       |
|B.o +o .S . .    |
|.+.=..ooo. *     |
| .o.o oB  o +    |
|  .. +o o.   .   |
|   .+....        |
+----[SHA256]-----+
Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private ed25519 key pair.
Your identification has been saved in /etc/ssh/ssh_host_ed25519_ky.
Your public key has been saved in /etc/ssh/ssh_host_ed25519_ky.pub.
The key fingerprint is:
SHA256:tNvw7NqAuYlQluoxicpM0cGhcydbAENyWiOEApoIlo0 root@c7947be2eb9d
The key's randomart image is:
+--[ED25519 256]--+
|X*Oo             |
|OE+oo            |
|*o = o  .        |
|  + *. . .       |
| . o+   S        |
| ..=   o *       |
|..*   o o +      |
|=. + . o +       |
|.o. . o ..o      |
+----[SHA256]-----+
Changing password for user root.
passwd: all authentication tokens updated successfully.
 ---> 1f5218f8c394
Removing intermediate container 1e9a85cf5eb9
Step 4/5 : EXPOSE 22
 ---> Running in 48cc84e52301
 ---> 7adefc98f42a
Removing intermediate container 48cc84e52301
Step 5/5 : CMD /usr/sbin/sshd -D
 ---> Running in 4753b5a05b20
 ---> 74245a4c3090
Removing intermediate container 4753b5a05b20
Successfully built 74245a4c3090
[root@ccx ~]# 
[root@ccx ~]# docker images | ssh
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-E log_file] [-e escape_char]
           [-F configfile] [-I pkcs11] [-i identity_file]
           [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
           [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
           [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
           [user@]hostname [command]
[root@ccx ~]# docker images | grep ssh
centos                            ssh                 74245a4c3090        15 seconds ago      319 MB
[root@ccx ~]# 

创建容器使用测试

[root@ccx ~]# docker run -dit --restart=always --name=ssh centos:ssh 
3c988c5bfffb9c452502aedd8af66913ed8f25daf2a942321a369a178616b82e
[root@ccx ~]# docker ps
CONTAINER ID        IMAGE                             COMMAND                  CREATED             STATUS              PORTS                NAMES
3c988c5bfffb        centos:ssh                        "/usr/sbin/sshd -D"      10 seconds ago      Up 9 seconds        22/tcp               ssh
[root@ccx ~]# docker inspect ssh | grep IPA
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.4",
                    "IPAMConfig": null,
                    "IPAddress": "172.17.0.4",
[root@ccx ~]# ssh 172.17.0.4
The authenticity of host '172.17.0.4 (172.17.0.4)' can't be established.
ECDSA key fingerprint is SHA256:H89DqtJMeBqw4r/cVKWsEDnDSIo5isgyeO2D4UVA41A.
ECDSA key fingerprint is MD5:c5:6e:c3:88:f8:a8:3a:f7:e5:d2:f5:ed:9d:f4:ac:6f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.4' (ECDSA) to the list of known hosts.
root@172.17.0.4's password: 
[root@3c988c5bfffb ~]# 
[root@3c988c5bfffb ~]# 
[root@3c988c5bfffb ~]# pwd
/root
[root@3c988c5bfffb ~]# exit
logout
Connection to 172.17.0.4 closed.
[root@ccx ~]# 
  • 查看sshcmd方法如下:
[root@ccx ~]# ps aux | grep -v grep | grep ssh
root       9735  0.0  0.0 112756  4308 ?        Ss   09:05   0:00 /usr/sbin/sshd -D
root      21042  0.1  0.1 163448  6192 ?        Ss   09:32   0:10 sshd: root@pts/2,pts/3
[root@ccx ~]# 
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

҉人间无事人

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值