文章目录
说明
-
镜像构建并不是一个从零到有的过程–,而是从一个已经存在的镜像的基础上,开始进
行修改。 -
比如,想要一个自定义的centos镜像,这镜像里面有自己想要的服务或命令,那么就得先有一个centos镜像,这个镜像可以直接从官网这些渠道获取,这个镜像就称之为基础镜像。 然后我们在基础镜像上通过dockerfile增加功能,得到一个新的终版镜像。
-
如:我们从网易云下载的一个centos镜像,这个镜像的命令很少,连最基本的ip a和ifconfig命令都没有,后面我们就以这个镜像增加这2命令为例。
下面中我创建一个退出就自动删除的centos容器【为了确定上面是没这2个命令的】
[root@ccx ~]# docker images | grep cen
hub.c.163.com/library/centos latest 328edcd84f1b 3 years ago 193MB
[root@ccx ~]# docker run -it --rm hub.c.163.com/library/centos
[root@bed2a3aa0268 /]# ip a
bash: ip: command not found
[root@bed2a3aa0268 /]# ifconfig
bash: ifconfig: command not found
[root@903b38da3748 /]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@903b38da3748 /]#
[root@bed2a3aa0268 /]# exit
exit
[root@ccx ~]#
镜像编辑【常用说明】
查找命令依赖的包
- 我们要安装ifconfig和ip命令,首先就得知道这2命令的包是啥
我们可以去有这个命令的主机上,执行下面命令即可看到了。
[root@ccx ~]# rpm -qf `which ifconfig`
net-tools-2.0-0.24.20131004git.el7.x86_64
[root@ccx ~]# rpm -qf `which ip`
iproute-4.11.0-14.el7.x86_64
[root@ccx ~]#
编辑镜像文件【基础使用流程说明】
- 在任意位置编辑一个配置文件:
Dockerfile
[root@ccx ~]# pwd
/root
[root@ccx ~]# cat Dockerfile
FROM hub.c.163.com/library/centos
MAINTAINER ccx
RUN yum install net-tools -y
RUN yum install iproute -y
CMD ["/bin/bash"]
[root@ccx ~]#
-
参数说明
-
FROM
:后面跟的是镜像的名称,如果现在有的话,就用命令docker images查看,然后复制名称过来即可,如果没有的话,可以输入一个centos,然后系统会自动从网上拉取这个镜像【建议还是先自行下载,然后复制镜像名称过来】 -
MAINTAINER
: 后面跟的是介绍说明,跟啥内容都行。 -
RUN
:后面跟的是需要执行的命令操作,就是当镜像启动前会执行这些命令【这个RUN不是越多越好,后面会做说明的】 -
CMD[" "]
:这里面放的是编译器,centos的就是/bin/bash了 -
编译前先查看一个文件值是不是为1【如果不是1的话,下面镜像编译会卡住,无法成功】
[root@ccx ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@ccx ~]#
# 如果上面的值不是1,那么就执行下面命令
[root@ccx ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
- 上面的文件编译完成以后,就要开始编译镜像了
命令格式:docker build -t REPOSITORY名称:TAG名称 Dockerfile文件路径 -f Dockerfile名称
【默认是Dockerfile文件,如果只有一个默认文件,那么-f就不需要加了】
如:docker build -t centos:v1 .
【. 表示当前路径啊】,编译过程如下
[root@ccx ~]# docker build -t centos:v1 .
Sending build context to Docker daemon 1.177GB
Step 1/5 : FROM hub.c.163.com/library/centos
---> 328edcd84f1b
Step 2/5 : MAINTAINER ccx
---> Running in 11d69d710d74
Removing intermediate container 11d69d710d74
---> cf8f1b1f7f64
Step 3/5 : RUN yum install net-tools -y
---> Running in fec2cd515930
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
net-tools x86_64 2.0-0.25.20131004git.el7 base 306 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 306 k
Installed size: 917 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.25.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for net-tools-2.0-0.25.20131004git.el7.x86_64.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-3.1611.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1
Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1
Installed:
net-tools.x86_64 0:2.0-0.25.20131004git.el7
Complete!
Removing intermediate container fec2cd515930
---> 652b957f8a8b
Step 4/5 : RUN yum install iproute -y
---> Running in 69691bc80819
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package iproute.x86_64 0:4.11.0-30.el7 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Running transaction check
---> Package iptables.x86_64 0:1.4.21-35.el7 will be installed
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-35.el7.x86_64
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-35.el7.x86_64
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3 will be installed
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
iproute x86_64 4.11.0-30.el7 base 805 k
Installing for dependencies:
iptables x86_64 1.4.21-35.el7 base 432 k
libmnl x86_64 1.0.3-7.el7 base 23 k
libnetfilter_conntrack x86_64 1.0.6-1.el7_3 base 55 k
libnfnetlink x86_64 1.0.1-4.el7 base 26 k
Transaction Summary
================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 1.3 M
Installed size: 3.5 M
Downloading packages:
--------------------------------------------------------------------------------
Total 1.8 MB/s | 1.3 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libmnl-1.0.3-7.el7.x86_64 1/5
Installing : libnfnetlink-1.0.1-4.el7.x86_64 2/5
Installing : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64 3/5
Installing : iptables-1.4.21-35.el7.x86_64 4/5
Installing : iproute-4.11.0-30.el7.x86_64 5/5
Verifying : libnfnetlink-1.0.1-4.el7.x86_64 1/5
Verifying : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64 2/5
Verifying : iptables-1.4.21-35.el7.x86_64 3/5
Verifying : libmnl-1.0.3-7.el7.x86_64 4/5
Verifying : iproute-4.11.0-30.el7.x86_64 5/5
Installed:
iproute.x86_64 0:4.11.0-30.el7
Dependency Installed:
iptables.x86_64 0:1.4.21-35.el7
libmnl.x86_64 0:1.0.3-7.el7
libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3
libnfnetlink.x86_64 0:1.0.1-4.el7
Complete!
Removing intermediate container 69691bc80819
---> 443471b80ff2
Step 5/5 : CMD ["/bin/bash"]
---> Running in 7135ecfff344
Removing intermediate container 7135ecfff344
---> 4105c41a4cc1
Successfully built 4105c41a4cc1
Successfully tagged centos:v1
- 编译完成以后可以通过查看镜像看到我们制作的这个镜像了
然后查看详细可以看到 前4项就是我们自定义的内容了
[root@ccx ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos v1 4105c41a4cc1 About a minute ago 433MB
nginx latest d1a364dc548d 3 weeks ago 133MB
hub.c.163.com/library/wordpress latest dccaeccfba36 3 years ago 406MB
hub.c.163.com/library/centos latest 328edcd84f1b 3 years ago 193MB
hub.c.163.com/library/mysql latest 9e64176cd8a2 4 years ago 407MB
[root@ccx ~]#
[root@ccx ~]# docker history centos:v1
IMAGE CREATED CREATED BY SIZE COMMENT
4105c41a4cc1 3 minutes ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
443471b80ff2 3 minutes ago /bin/sh -c yum install iproute -y 121MB
652b957f8a8b 3 minutes ago /bin/sh -c yum install net-tools -y 119MB
cf8f1b1f7f64 4 minutes ago /bin/sh -c #(nop) MAINTAINER ccx 0B
328edcd84f1b 3 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 3 years ago /bin/sh -c #(nop) LABEL name=CentOS Base Im… 0B
<missing> 3 years ago /bin/sh -c #(nop) ADD file:63492ba809361c51e… 193MB
[root@ccx ~]#
- 现在通过这个镜像生成容器测试
可以看到这个镜像中这2命令确实有了
[root@ccx ~]# docker run -it --rm centos:v1
[root@0508e306c79d /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
16: eth0@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@0508e306c79d /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 6 bytes 516 (516.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@0508e306c79d /]#
编辑镜像文件【注意事项说明】
- 上面的
Dockerfile
配置文件中,每多写一个RUN
,所生成的镜像都会多一层layer
,这样就会导致生成的镜像很大,所以我们尽可能的只写一个RUN
让这些命令全部实现,所以修改后如下咯。 - 我们可以将Dockerfile文件修改为如下
&&
是与的意思,就是前面执行完了执行后面的命令,\
是换行的意思【后面不能有空格哈】,如果有很多命令需要执行,则加很多&& \
就是了【这样是为了美观】
[root@ccx ~]# cat Dockerfile
FROM hub.c.163.com/library/centos
MAINTAINER ccx
RUN yum install net-tools -y && \
yum install iproute -y
CMD ["/bin/bash"]
[root@ccx ~]#
- 然后我们重新生成一个 centos:v2版本
docker build -t centos:v2 .
过程如下
[root@ccx ~]# docker build -t centos:v2 .
Sending build context to Docker daemon 1.177GB
Step 1/4 : FROM hub.c.163.com/library/centos
---> 328edcd84f1b
Step 2/4 : MAINTAINER ccx
---> Using cache
---> cf8f1b1f7f64
Step 3/4 : RUN yum install net-tools -y && yum install iproute -y
---> Running in 4ed42d93dd76
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
net-tools x86_64 2.0-0.25.20131004git.el7 base 306 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 306 k
Installed size: 917 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.25.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for net-tools-2.0-0.25.20131004git.el7.x86_64.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-3.1611.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1
Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1
Installed:
net-tools.x86_64 0:2.0-0.25.20131004git.el7
Complete!
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package iproute.x86_64 0:4.11.0-30.el7 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Running transaction check
---> Package iptables.x86_64 0:1.4.21-35.el7 will be installed
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-35.el7.x86_64
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-35.el7.x86_64
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3 will be installed
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
iproute x86_64 4.11.0-30.el7 base 805 k
Installing for dependencies:
iptables x86_64 1.4.21-35.el7 base 432 k
libmnl x86_64 1.0.3-7.el7 base 23 k
libnetfilter_conntrack x86_64 1.0.6-1.el7_3 base 55 k
libnfnetlink x86_64 1.0.1-4.el7 base 26 k
Transaction Summary
================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 1.3 M
Installed size: 3.5 M
Downloading packages:
--------------------------------------------------------------------------------
Total 1.6 MB/s | 1.3 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libmnl-1.0.3-7.el7.x86_64 1/5
Installing : libnfnetlink-1.0.1-4.el7.x86_64 2/5
Installing : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64 3/5
Installing : iptables-1.4.21-35.el7.x86_64 4/5
Installing : iproute-4.11.0-30.el7.x86_64 5/5
Verifying : libnfnetlink-1.0.1-4.el7.x86_64 1/5
Verifying : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64 2/5
Verifying : iptables-1.4.21-35.el7.x86_64 3/5
Verifying : libmnl-1.0.3-7.el7.x86_64 4/5
Verifying : iproute-4.11.0-30.el7.x86_64 5/5
Installed:
iproute.x86_64 0:4.11.0-30.el7
Dependency Installed:
iptables.x86_64 0:1.4.21-35.el7
libmnl.x86_64 0:1.0.3-7.el7
libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3
libnfnetlink.x86_64 0:1.0.1-4.el7
Complete!
Removing intermediate container 4ed42d93dd76
---> 7e5ab683bf8b
Step 4/4 : CMD ["/bin/bash"]
---> Running in 60f0fa6c3965
Removing intermediate container 60f0fa6c3965
---> 6f27209158df
Successfully built 6f27209158df
Successfully tagged centos:v2
[root@ccx ~]#
- 和基础使用创建结果对比
只有一个run以后镜像大小明显小了很多,下面TAG的v2是只有一个run创建的
[root@ccx ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos v2 6f27209158df 2 minutes ago 315MB
centos v1 4105c41a4cc1 13 minutes ago 433MB
- 创建容器测试结果
ifconfig和ip a命令依然是有的。
[root@ccx ~]# docker run -it --rm centos:v2
[root@20f2597f6246 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 3 bytes 266 (266.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@20f2597f6246 /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
20: eth0@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@20f2597f6246 /]#
编辑镜像文件【ADD与COPY增加文件】
- ADD和COPY的区别
ADD
和COPY
是作用是一样的,都是用于文件拷贝- 但
ADD
带有自动解压功能,适用于拷贝多个文件,拷贝前将这些文件打成一个tar包即可】 COPY
没有自动解压功能,适用于拷贝单个文件,不用做任何操作【不需要打tar包操作】,但COPY也可以拷贝tar包到容器,只是容器里看到的依然是tar包,不会自动解压罢了。- 所以,如果文件多,打成tar包用ADD拷贝,如果仅有一个文件,则用COPY直接拷贝,他们的使用方法是一样的。
- 这个依然是基于
Dockerfile
文件实现的功能。 - ADD使用方法:
ADD tar包文件名 路径
,就是将指定文件拷贝到指定容器的路径里面
注:tar包文件必须和dockerfile在一个目录中 - COPY使用方法:
COPY 文件名 路径
,就是将指定文件拷贝到指定容器的路径里面
注:需要拷贝的文件必须和dockerfile再在一个目录中 - 如:我们将容器中的yum源替换为本机的yum源为例
我们先将本地的yum源打成tar包并放在和Dockerfile文件一个目录
[root@ccx ~]# cd /etc/yum.repos.d/
[root@ccx yum.repos.d]# ls
bak CentOS-Base.repo docker-ce.repo epel.repo k8s.repo
[root@ccx yum.repos.d]# tar zcf repo.tar.gz *.repo
[root@ccx yum.repos.d]# mv repo.tar.gz /root
mv: overwrite ‘/root/repo.tar.gz’? y
[root@ccx yum.repos.d]# cd /root
[root@ccx ~]# ls | grep rep
repo.tar.gz
[root@ccx ~]#
[root@ccx ~]# tar tf repo.tar.gz
CentOS-Base.repo
docker-ce.repo
epel.repo
k8s.repo
[root@ccx ~]#
- 然后修改Dockerfile文件
添加文件之前需要先删除原来镜像中的源路径文件,所以需要先定义一个RUN用来删除文件,然后再这个文件下面 添加一个ADD,将文件拷贝到yum文件中【RUN分开的原因是需要先配置完毕yum才能使用yum install】
[root@ccx ~]# cat Dockerfile
FROM hub.c.163.com/library/centos
MAINTAINER ccx
RUN rm -rf /etc/yum.repos.d/*
ADD repo.tar.gz /etc/yum.repos.d/
RUN yum install net-tools -y && \
yum install iproute -y
CMD ["/bin/bash"]
[root@ccx ~]#
- 上面文件保存后重新编译一次,名称为centos:v3,过程如下
[root@ccx ~]# yum build -t centos:v3 .
Loaded plugins: fastestmirror, langpacks
No such command: build. Please use /usr/bin/yum --help
[root@ccx ~]# docker build -t centos:v3 .
Sending build context to Docker daemon 1.177GB
Step 1/6 : FROM hub.c.163.com/library/centos
---> 328edcd84f1b
Step 2/6 : MAINTAINER ccx
---> Using cache
---> cf8f1b1f7f64
Step 3/6 : RUN rm -rf /etc/yum.repos.d/*
---> Running in 8eb8c344528c
Removing intermediate container 8eb8c344528c
---> e74a3061df3a
Step 4/6 : ADD repo.tar.gz /etc/yum.repos.d/
---> 80fe76f4a233
Step 5/6 : RUN yum install net-tools -y && yum install iproute -y
---> Running in 6277b3c234a9
Loaded plugins: fastestmirror, ovl
Retrieving key from https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
Importing GPG key 0x307EA071:
Userid : "Rapture Automatic Signing Key (cloud-rapture-signing-key-2021-03-01-08_01_09.pub)"
Fingerprint: 7f92 e05b 3109 3bef 5a3c 2d38 feea 9169 307e a071
From : https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
Retrieving key from https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
Determining fastest mirrors
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
net-tools x86_64 2.0-0.25.20131004git.el7 base 306 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 306 k
Installed size: 917 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.25.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for net-tools-2.0-0.25.20131004git.el7.x86_64.rpm is not installed
Retrieving key from http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
From : http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1
Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 1/1
Installed:
net-tools.x86_64 0:2.0-0.25.20131004git.el7
Complete!
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package iproute.x86_64 0:4.11.0-30.el7 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: iproute-4.11.0-30.el7.x86_64
--> Running transaction check
---> Package iptables.x86_64 0:1.4.21-35.el7 will be installed
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-35.el7.x86_64
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-35.el7.x86_64
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3 will be installed
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
iproute x86_64 4.11.0-30.el7 base 805 k
Installing for dependencies:
iptables x86_64 1.4.21-35.el7 base 432 k
libmnl x86_64 1.0.3-7.el7 base 23 k
libnetfilter_conntrack x86_64 1.0.6-1.el7_3 base 55 k
libnfnetlink x86_64 1.0.1-4.el7 base 26 k
Transaction Summary
================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 1.3 M
Installed size: 3.5 M
Downloading packages:
--------------------------------------------------------------------------------
Total 2.7 MB/s | 1.3 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libmnl-1.0.3-7.el7.x86_64 1/5
Installing : libnfnetlink-1.0.1-4.el7.x86_64 2/5
Installing : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64 3/5
Installing : iptables-1.4.21-35.el7.x86_64 4/5
Installing : iproute-4.11.0-30.el7.x86_64 5/5
Verifying : libnfnetlink-1.0.1-4.el7.x86_64 1/5
Verifying : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64 2/5
Verifying : iptables-1.4.21-35.el7.x86_64 3/5
Verifying : libmnl-1.0.3-7.el7.x86_64 4/5
Verifying : iproute-4.11.0-30.el7.x86_64 5/5
Installed:
iproute.x86_64 0:4.11.0-30.el7
Dependency Installed:
iptables.x86_64 0:1.4.21-35.el7
libmnl.x86_64 0:1.0.3-7.el7
libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3
libnfnetlink.x86_64 0:1.0.1-4.el7
Complete!
Removing intermediate container 6277b3c234a9
---> 2b86e5699766
Step 6/6 : CMD ["/bin/bash"]
---> Running in 1e6ff2ac0399
Removing intermediate container 1e6ff2ac0399
---> 0212a1a45667
Successfully built 0212a1a45667
Successfully tagged centos:v3
[root@ccx ~]#
- 创建容器测试
可以看到yum源文件已经边了,且命令已经安装成功了
[root@ccx ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos v3 0212a1a45667 3 minutes ago 357MB
centos v2 6f27209158df 27 minutes ago 315MB
centos v1 4105c41a4cc1 38 minutes ago 433MB
[root@ccx ~]# docker run -it --rm centos:v3
[root@020e9637b5e3 /]# ls /etc/yum.repos.d/
CentOS-Base.repo docker-ce.repo epel.repo k8s.repo
[root@020e9637b5e3 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 8 bytes 656 (656.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@020e9637b5e3 /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
26: eth0@if27: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@020e9637b5e3 /]#
编辑镜像文件【EXPOSE指定端口】
- 使用方法:
EXPOSE 端口号1 端口号2 端口号3
- 这个我们以nginx服务为例【镜像使用我们上面创建的centos:v3】
并且这个nginx的CMD文件比较特别,我们可以查看镜像现有的CMD,然后复制过去就行了
先查看到nginx镜像的CMD路径
[root@ccx ~]# docker history nginx:latest --no-trunc| head -n 2
IMAGE CREATED CREATED BY SIZE COMMENT
sha256:d1a364dc548d5357f0da3268c888e1971bbdb957ee3f028fe7194f1d61c6fdee 3 weeks ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon off;"] 0B
[root@ccx ~]#
- 编辑一个新的dockerfile文件
我们可以拷贝一份刚才的docker模版,然后编辑如下内容【注,CMD中的内容需要将空格改为,
】,最后在当前目录新建一个index.html
【名称固定的,里面的内容可以随便造一点】
[root@ccx ~]# cp Dockerfile Dockerfile_v2
[root@ccx ~]# vim Dockerfile_v2
[root@ccx ~]# cat Dockerfile_v2
FROM centos:v3
MAINTAINER ccx
RUN yum install nginx -y
COPY index.html /usr/share/nginx/html
EXPOSE 80
CMD ["nginx","-g","daemon off;"]
[root@ccx ~]# vim index.html
[root@ccx ~]# cat index.html
<p>
hello word!
</p>
[root@ccx ~]#
- 编译镜像为nginx:v1
因为我们新增的一个dockerfile文件,所以我们需要用 -f 指定文件名
docker build -t nginx:v1 . -f Dockerfile_v2
过程如下【如果镜像中没有nginx源,会编译错误】
[root@ccx ~]# docker build -t nginx:v1 . -f Dockerfile_v2
Sending build context to Docker daemon 1.177GB
Step 1/6 : FROM centos:v3
---> 0212a1a45667
Step 2/6 : MAINTAINER ccx
---> Running in 3c6429284bf7
Removing intermediate container 3c6429284bf7
---> 67508b852318
Step 3/6 : RUN yum install nginx -y
---> Running in 59dff0944913
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.20.1-2.el7 will be installed
--> Processing Dependency: nginx-filesystem = 1:1.20.1-2.el7 for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_1)(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: nginx-filesystem for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: openssl for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: redhat-indexhtml for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: system-logos for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libcrypto.so.1.1()(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libprofiler.so.0()(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Processing Dependency: libssl.so.1.1()(64bit) for package: 1:nginx-1.20.1-2.el7.x86_64
--> Running transaction check
---> Package centos-indexhtml.noarch 0:7-9.el7.centos will be installed
---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed
---> Package gperftools-libs.x86_64 0:2.6.1-1.el7 will be installed
---> Package nginx-filesystem.noarch 1:1.20.1-2.el7 will be installed
---> Package openssl.x86_64 1:1.0.2k-21.el7_9 will be installed
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.2k-21.el7_9 for package: 1:openssl-1.0.2k-21.el7_9.x86_64
--> Processing Dependency: make for package: 1:openssl-1.0.2k-21.el7_9.x86_64
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.2)(64bit) for package: 1:openssl-1.0.2k-21.el7_9.x86_64
---> Package openssl11-libs.x86_64 1:1.1.1g-3.el7 will be installed
--> Running transaction check
---> Package make.x86_64 1:3.82-24.el7 will be installed
---> Package openssl-libs.x86_64 1:1.0.1e-60.el7_3.1 will be updated
---> Package openssl-libs.x86_64 1:1.0.2k-21.el7_9 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
nginx x86_64 1:1.20.1-2.el7 epel 586 k
Installing for dependencies:
centos-indexhtml noarch 7-9.el7.centos base 92 k
centos-logos noarch 70.0.6-3.el7.centos base 21 M
gperftools-libs x86_64 2.6.1-1.el7 base 272 k
make x86_64 1:3.82-24.el7 base 421 k
nginx-filesystem noarch 1:1.20.1-2.el7 epel 23 k
openssl x86_64 1:1.0.2k-21.el7_9 updates 493 k
openssl11-libs x86_64 1:1.1.1g-3.el7 epel 1.5 M
Updating for dependencies:
openssl-libs x86_64 1:1.0.2k-21.el7_9 updates 1.2 M
Transaction Summary
================================================================================
Install 1 Package (+7 Dependent packages)
Upgrade ( 1 Dependent package)
Total download size: 26 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
--------------------------------------------------------------------------------
Total 4.9 MB/s | 26 MB 00:05
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : centos-logos-70.0.6-3.el7.centos.noarch 1/10
Installing : centos-indexhtml-7-9.el7.centos.noarch 2/10
Installing : 1:make-3.82-24.el7.x86_64 3/10
Installing : 1:nginx-filesystem-1.20.1-2.el7.noarch 4/10
Installing : 1:openssl11-libs-1.1.1g-3.el7.x86_64 5/10
Installing : gperftools-libs-2.6.1-1.el7.x86_64 6/10
Updating : 1:openssl-libs-1.0.2k-21.el7_9.x86_64 7/10
Installing : 1:openssl-1.0.2k-21.el7_9.x86_64 8/10
Installing : 1:nginx-1.20.1-2.el7.x86_64 9/10
Cleanup : 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64 10/10
Verifying : 1:nginx-1.20.1-2.el7.x86_64 1/10
Verifying : 1:openssl-libs-1.0.2k-21.el7_9.x86_64 2/10
Verifying : gperftools-libs-2.6.1-1.el7.x86_64 3/10
Verifying : 1:openssl11-libs-1.1.1g-3.el7.x86_64 4/10
Verifying : 1:nginx-filesystem-1.20.1-2.el7.noarch 5/10
Verifying : 1:make-3.82-24.el7.x86_64 6/10
Verifying : 1:openssl-1.0.2k-21.el7_9.x86_64 7/10
Verifying : centos-indexhtml-7-9.el7.centos.noarch 8/10
Verifying : centos-logos-70.0.6-3.el7.centos.noarch 9/10
Verifying : 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64 10/10
Installed:
nginx.x86_64 1:1.20.1-2.el7
Dependency Installed:
centos-indexhtml.noarch 0:7-9.el7.centos
centos-logos.noarch 0:70.0.6-3.el7.centos
gperftools-libs.x86_64 0:2.6.1-1.el7
make.x86_64 1:3.82-24.el7
nginx-filesystem.noarch 1:1.20.1-2.el7
openssl.x86_64 1:1.0.2k-21.el7_9
openssl11-libs.x86_64 1:1.1.1g-3.el7
Dependency Updated:
openssl-libs.x86_64 1:1.0.2k-21.el7_9
Complete!
Removing intermediate container 59dff0944913
---> f4aea8fab811
Step 4/6 : COPY index.html /usr/share/nginx/html
---> 64f0b3c15c5e
Step 5/6 : EXPOSE 80
---> Running in 00c9d88e2742
Removing intermediate container 00c9d88e2742
---> 8b6bd0688188
Step 6/6 : CMD ["nginx","-g","daemon off;"]
---> Running in 1b7e3750fa72
Removing intermediate container 1b7e3750fa72
---> 13ee3750e1c8
Successfully built 13ee3750e1c8
Successfully tagged nginx:v1
[root@ccx ~]#
- 通过查看镜像的全部内容,可以看到我们刚才定义的内容
[root@ccx ~]# docker images| grep nginx
nginx v1 13ee3750e1c8 52 seconds ago 548MB
nginx latest d1a364dc548d 3 weeks ago 133MB
[root@ccx ~]# docker history nginx:v1
IMAGE CREATED CREATED BY SIZE COMMENT
13ee3750e1c8 About a minute ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B
8b6bd0688188 About a minute ago /bin/sh -c #(nop) EXPOSE 80 0B
64f0b3c15c5e About a minute ago /bin/sh -c #(nop) COPY file:616c5da4cb1c7de2… 21B
f4aea8fab811 About a minute ago /bin/sh -c yum install nginx -y 191MB
67508b852318 About a minute ago /bin/sh -c #(nop) MAINTAINER ccx 0B
0212a1a45667 30 minutes ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
2b86e5699766 30 minutes ago /bin/sh -c yum install net-tools -y && y… 164MB
80fe76f4a233 30 minutes ago /bin/sh -c #(nop) ADD file:9a052aed38285906d… 6.04kB
e74a3061df3a 30 minutes ago /bin/sh -c rm -rf /etc/yum.repos.d/* 0B
cf8f1b1f7f64 About an hour ago /bin/sh -c #(nop) MAINTAINER ccx 0B
328edcd84f1b 3 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 3 years ago /bin/sh -c #(nop) LABEL name=CentOS Base Im… 0B
<missing> 3 years ago /bin/sh -c #(nop) ADD file:63492ba809361c51e… 193MB
[root@ccx ~]#
- 通过这个镜像创建一个容器,看是否正常
[root@ccx ~]# docker run -dit --name=web --restart=always -p 80:80 nginx:v1
b245ace740008e48cdbf5f62e57f38ca33bf7cbdef39d84606248b4d4a52a79e
[root@ccx ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b245ace74000 nginx:v1 "nginx -g 'daemon of…" 3 seconds ago Up 2 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@ccx ~]#
- 上面容器启动正常,可以看到本机端口80已经映射到容器的端口80了,那么现在使用浏览器,输入本机ip回车后页面是可以显示index中的内容的,成功。
编辑镜像文件【ENV指定变量】
- 当使用 Dockerfile 进行构建镜像时,有时会需要设置容器内的环境变量。
- 使用方法:
ENV <key>=<value> <key2>=<value2>
- ENV 指令将环境变量 设置为值 。这个值将在构建阶段的所有后续指令的环境中, 也可以被替换使用在其他指令中。 该值将被解释为其他环境变量,因此如果引号字符没有转义,它们将被删除。像命令行解析一样,引号和反斜杠可以用于在值中包含空格。
例如:
ENV MY_NAME="super hero"
ENV MY_CAT=fluffy
- 当使用生成的镜像运行容器时,使用 ENV 设置的环境变量将持久存在于容器内。 你可以使用
docker inspect 容器名
查看这些值,并使用docker run --env <key>=<value>
修改它们【也可以docker run的时候 -e 指定参数,这时候的参数会覆盖镜像中的参数】。 - dockerfile文件如下:我在新增容器的时候指定了变量a=123,然后我在创建容器的时候重新制定a=123_now
[root@ccx ~]# cat dockerfile_v1
FROM hub.c.163.com/library/centos:latest
MAINTAINER ccx_ssh_server
ENV aa=123
ENV bb=321
RUN useradd ccx && \
echo root | passwd --stdin root
USER ccx
VOLUME ["/ccx"]
CMD ["/bin/bash"]
[root@ccx ~]#
# 生成镜像
[root@ccx ~]# docker build -t . -f dockerfile_v1
invalid argument "." for t: Error parsing reference: "." is not a valid repository/tag: invalid reference format
See 'docker build --help'.
[root@ccx ~]#
[root@ccx ~]# docker build -t centos:v1 . -f dockerfile_v1
Sending build context to Docker daemon 1.593 GB
Step 1/8 : FROM hub.c.163.com/library/centos:latest
---> 328edcd84f1b
Step 2/8 : MAINTAINER ccx_ssh_server
---> Using cache
---> 838371e7ae87
Step 3/8 : ENV aa 123
---> Using cache
---> 9456dedc09b1
Step 4/8 : ENV bb 321
---> Using cache
---> 6a86a8083e4b
Step 5/8 : RUN useradd ccx && echo root | passwd --stdin root
---> Running in 35f2637de210
Changing password for user root.
passwd: all authentication tokens updated successfully.
---> 711018578e3f
Removing intermediate container 35f2637de210
Step 6/8 : USER ccx
---> Running in af9ed521a567
---> b81ad3f64b1d
Removing intermediate container af9ed521a567
Step 7/8 : VOLUME /ccx
---> Running in ac29ce706baa
---> ed2c8f47ca94
Removing intermediate container ac29ce706baa
Step 8/8 : CMD /bin/bash
---> Running in ac98417778c5
---> c85441b108da
Removing intermediate container ac98417778c5
Successfully built c85441b108da
# 创建容器
[root@ccx ~]# docker run -it --name=test --restart=always -e aa=123_now centos:v1
[ccx@de97fc9d16ab /]$ echo $aa
123_now
[ccx@de97fc9d16ab /]$ echo $bb
321
[ccx@de97fc9d16ab /]$
编辑镜像文件【USER指定用户】
- 格式
- USER user
- USER user:group
- USER uid
- USER uid:gid
- USER user:gid
- USER uid:group
- 示例
一般我们指定的用户,容器中是没有这个用户名的,所以我们指定用户名的时候,在USER前面加一个RUN useradd user
创建这个用户,再指定。【也可以不用指定,我们创建好一个用户后,在生成容器的时候-u user
指定用户名】 - 作用
- 指定运行时的用户名或UID,后续的RUN也会使用指定的用户。
- 当服务不需要管理权限时,可以通过该命令指定运行用户。并且可以在之前创建所需要的用户
- 说明
要临时获取管理权限可以使用gosu,而不推荐sudo。 - 注:
使用USER指定用户后,Dockerfile中其后的命令RUN、CMD、ENTRYPOINT都将使用该用户。镜像构建完成后,通过docker run运行容器时,可以通过-u参数来覆盖所指定的用户。 - dockerfile文件如下:我创建了一个用户ccx并指定ccx为默认用户
[root@ccx ~]# cat dockerfile_v1
FROM hub.c.163.com/library/centos:latest
MAINTAINER ccx_ssh_server
ENV aa=123
ENV bb=321
RUN useradd ccx && \
echo root | passwd --stdin root
USER ccx
VOLUME ["/ccx"]
CMD ["/bin/bash"]
[root@ccx ~]#
# 生成镜像
[root@ccx ~]# docker build -t . -f dockerfile_v1
invalid argument "." for t: Error parsing reference: "." is not a valid repository/tag: invalid reference format
See 'docker build --help'.
[root@ccx ~]#
[root@ccx ~]# docker build -t centos:v1 . -f dockerfile_v1
Sending build context to Docker daemon 1.593 GB
Step 1/8 : FROM hub.c.163.com/library/centos:latest
---> 328edcd84f1b
Step 2/8 : MAINTAINER ccx_ssh_server
---> Using cache
---> 838371e7ae87
Step 3/8 : ENV aa 123
---> Using cache
---> 9456dedc09b1
Step 4/8 : ENV bb 321
---> Using cache
---> 6a86a8083e4b
Step 5/8 : RUN useradd ccx && echo root | passwd --stdin root
---> Running in 35f2637de210
Changing password for user root.
passwd: all authentication tokens updated successfully.
---> 711018578e3f
Removing intermediate container 35f2637de210
Step 6/8 : USER ccx
---> Running in af9ed521a567
---> b81ad3f64b1d
Removing intermediate container af9ed521a567
Step 7/8 : VOLUME /ccx
---> Running in ac29ce706baa
---> ed2c8f47ca94
Removing intermediate container ac29ce706baa
Step 8/8 : CMD /bin/bash
---> Running in ac98417778c5
---> c85441b108da
Removing intermediate container ac98417778c5
Successfully built c85441b108da
# 创建容器
[root@ccx ~]# docker run -it --name=test --restart=always centos:v1
[ccx@2000b48aba23 /]$
[ccx@2000b48aba23 /]$ su - root
Password:
[root@2000b48aba23 ~]#
## 容器中默认用户是ccx了,我们现在在创建容器的时候指定用户为root
[root@ccx ~]# docker rm -f test
test
[root@ccx ~]# docker run -it --name=test --restart=always -u root centos:v1
[root@ffbe157ebd26 /]# pwd
/
[root@ffbe157ebd26 /]# exit
exit
编辑镜像文件【VOLUME 持久化目录】
-
用于指定持久化目录 【下面的目录是容器中的存储目录,会对应在本机默认地址生成路径(下面有查看详细说明的),这种并不好,虽然数据会永久保留到本地,但数据不能共享,每当容器删除并新建后,ID变了,所以默认存储路径也就变了,还是手动创建时指定目录的好一些。】
-
格式:
VOLUME ["/path/to/dir"]
-
示例:
VOLUME ["/data"]
VOLUME ["/var/www", "/var/log/apache2", "/etc/apache2"]
-
注:
一个卷可以存在于一个或多个容器的指定目录,该目录可以绕过联合文件系统,并具有以下功能:- 1 卷可以容器间共享和重用
- 2 容器并不一定要和其它容器共享卷
- 3 修改卷后会立即生效
- 4 对卷的修改不会对镜像产生影响
- 5 卷会一直存在,直到没有任何容器在使用它
[root@ccx ~]# docker run -it --name=test --restart=always centos:v1
[ccx@8c8b1dc9b380 /]$ su -
Password:
[root@8c8b1dc9b380 ~]# cd /ccx/
[root@8c8b1dc9b380 ccx]# ls
[root@8c8b1dc9b380 ccx]# touch ccxhero
[root@8c8b1dc9b380 ccx]# ls
ccxhero
[root@8c8b1dc9b380 ccx]# exit
logout
[ccx@8c8b1dc9b380 /]$
[ccx@8c8b1dc9b380 /]$ exit
exit
[root@ccx ~]# docker inspect test |egrep -B 1 volume
{
"Type": "volume",
"Name": "4bcec9409e950425ab4a39974a1a91690360a53bf4952c0cbd629a617ef84734",
"Source": "/var/lib/docker/volumes/4bcec9409e950425ab4a39974a1a91690360a53bf4952c0cbd629a617ef84734/_data",
[root@ccx ~]# ls /var/lib/docker/volumes/4bcec9409e950425ab4a39974a1a91690360a53bf4952c0cbd629a617ef84734/_data/
ccxhero
[root@ccx ~]#
构建nginx镜像
- 脚本写好了,需要转换成镜像(执行该命令必须跟dockerfile在同一个目录并且dockerfile必须小写):
#nginx:v1是自定义名称,其他固定的
docker build -t nginx:v1 .
- 如
[root@ciserver p1]# cat dockerfile
FROM nginx
MAINTAINER ccx
ADD index.html /usr/share/nginx/html/
EXPOSE 80
ENTRYPOINT nginx -g "daemon off;"
[root@ciserver p1]#
[root@ciserver p1]# docker build -t nginx:v2 .
Sending build context to Docker daemon 70.66kB
Step 1/5 : FROM nginx
---> d1a364dc548d
Step 2/5 : MAINTAINER ccx
---> Using cache
---> cbe0311eaa40
Step 3/5 : ADD index.html /usr/share/nginx/html/
---> Using cache
---> 42f41d39611a
Step 4/5 : EXPOSE 80
---> Using cache
---> 2f405d0017f0
Step 5/5 : ENTRYPOINT nginx -g "daemon off;"
---> Running in 938471cc0751
Removing intermediate container 938471cc0751
---> 318d2d4608a5
Successfully built 318d2d4608a5
Successfully tagged nginx:v2
[root@ciserver p1]# docker images | grep nginx
nginx v2 318d2d4608a5 9 seconds ago 133MB
nginx latest d1a364dc548d 5 months ago 133MB
[root@ciserver p1]#
搭建一个ssh服务器
- 需要准备一个镜像,我用的是网易云的默认centos镜像。
- 在任意位置编辑一个
dockerfile
文件,里面写ssh服务器的必备组件。
思路:搭建一个服务器最基本的,就是分多次搭建,后面启动报错以后,查看日志,日志报什么错就添加什么功能就行了,如下面的文件中,文件key和修改的文件日志中都会有报错提示的。
注,多次编译的话,每次编译后都需要删除本地文件.ssh/known_hosts
中的容器ip信息【因为每次修改容器key都会改变,所以会ssh报错】
dockerfile文件内容和编译过程如下
[root@ccx ~]# cat dockerfile
FROM hub.c.163.com/library/centos:latest
MAINTAINER ccx_ssh_server
RUN yum install openssh-server openssh-clients -y && \
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key && \
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key && \
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_ky && \
echo root | passwd --stdin root && \
sed -i '/UseDNS/cUseDNS no' /etc/ssh/sshd_config
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
[root@ccx ~]#
[root@ccx ~]# docker build -t centos:ssh .
Sending build context to Docker daemon 1.593 GB
Step 1/5 : FROM hub.c.163.com/library/centos:latest
---> 328edcd84f1b
Step 2/5 : MAINTAINER ccx_ssh_server
---> Using cache
---> 838371e7ae87
Step 3/5 : RUN yum install openssh-server openssh-clients -y && ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_ky && echo root | passwd --stdin root && sed -i '/UseDNS/cUseDNS no' /etc/ssh/sshd_config
---> Running in 1e9a85cf5eb9
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package openssh-clients.x86_64 0:7.4p1-21.el7 will be installed
--> Processing Dependency: openssh = 7.4p1-21.el7 for package: openssh-clients-7.4p1-21.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-7.4p1-21.el7.x86_64
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.2)(64bit) for package: openssh-clients-7.4p1-21.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-7.4p1-21.el7.x86_64
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-7.4p1-21.el7.x86_64
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be installed
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
---> Package openssh.x86_64 0:7.4p1-21.el7 will be installed
---> Package openssl-libs.x86_64 1:1.0.1e-60.el7_3.1 will be updated
---> Package openssl-libs.x86_64 1:1.0.2k-21.el7_9 will be an update
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
openssh-clients x86_64 7.4p1-21.el7 base 655 k
openssh-server x86_64 7.4p1-21.el7 base 459 k
Installing for dependencies:
fipscheck x86_64 1.4.1-6.el7 base 21 k
fipscheck-lib x86_64 1.4.1-6.el7 base 11 k
libedit x86_64 3.0-12.20121213cvs.el7 base 92 k
openssh x86_64 7.4p1-21.el7 base 510 k
tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k
Updating for dependencies:
openssl-libs x86_64 1:1.0.2k-21.el7_9 updates 1.2 M
Transaction Summary
================================================================================
Install 2 Packages (+5 Dependent packages)
Upgrade ( 1 Dependent package)
Total download size: 3.0 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-lib-1.4.1-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for fipscheck-lib-1.4.1-6.el7.x86_64.rpm is not installed
Public key for openssl-libs-1.0.2k-21.el7_9.x86_64.rpm is not installed
--------------------------------------------------------------------------------
Total 603 kB/s | 3.0 MB 00:05
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-3.1611.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 1:openssl-libs-1.0.2k-21.el7_9.x86_64 1/9
Installing : fipscheck-1.4.1-6.el7.x86_64 2/9
Installing : fipscheck-lib-1.4.1-6.el7.x86_64 3/9
Installing : openssh-7.4p1-21.el7.x86_64 4/9
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 5/9
Installing : libedit-3.0-12.20121213cvs.el7.x86_64 6/9
Installing : openssh-clients-7.4p1-21.el7.x86_64 7/9
Installing : openssh-server-7.4p1-21.el7.x86_64 8/9
Cleanup : 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64 9/9
Verifying : fipscheck-lib-1.4.1-6.el7.x86_64 1/9
Verifying : openssh-7.4p1-21.el7.x86_64 2/9
Verifying : fipscheck-1.4.1-6.el7.x86_64 3/9
Verifying : openssh-clients-7.4p1-21.el7.x86_64 4/9
Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 5/9
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 6/9
Verifying : 1:openssl-libs-1.0.2k-21.el7_9.x86_64 7/9
Verifying : openssh-server-7.4p1-21.el7.x86_64 8/9
Verifying : 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64 9/9
Installed:
openssh-clients.x86_64 0:7.4p1-21.el7 openssh-server.x86_64 0:7.4p1-21.el7
Dependency Installed:
fipscheck.x86_64 0:1.4.1-6.el7 fipscheck-lib.x86_64 0:1.4.1-6.el7
libedit.x86_64 0:3.0-12.20121213cvs.el7 openssh.x86_64 0:7.4p1-21.el7
tcp_wrappers-libs.x86_64 0:7.6-77.el7
Dependency Updated:
openssl-libs.x86_64 1:1.0.2k-21.el7_9
Complete!
Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
SHA256:WSZdXGlHGIi3fCei6smn6VuynOun+fGEjBSLTVYjeZc root@c7947be2eb9d
The key's randomart image is:
+---[RSA 2048]----+
| ..oo.+o=.|
| .+ooE + .|
| =.++ o . |
| = B + o .|
| . S . o o |
| . o.. |
| o.= . |
| o.Oo+ |
| +^O. . |
+----[SHA256]-----+
Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private ecdsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
The key fingerprint is:
SHA256:H89DqtJMeBqw4r/cVKWsEDnDSIo5isgyeO2D4UVA41A root@c7947be2eb9d
The key's randomart image is:
+---[ECDSA 256]---+
|.oE |
|.* = . |
|= o B . |
|*. o.+ . o |
|B.o +o .S . . |
|.+.=..ooo. * |
| .o.o oB o + |
| .. +o o. . |
| .+.... |
+----[SHA256]-----+
Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private ed25519 key pair.
Your identification has been saved in /etc/ssh/ssh_host_ed25519_ky.
Your public key has been saved in /etc/ssh/ssh_host_ed25519_ky.pub.
The key fingerprint is:
SHA256:tNvw7NqAuYlQluoxicpM0cGhcydbAENyWiOEApoIlo0 root@c7947be2eb9d
The key's randomart image is:
+--[ED25519 256]--+
|X*Oo |
|OE+oo |
|*o = o . |
| + *. . . |
| . o+ S |
| ..= o * |
|..* o o + |
|=. + . o + |
|.o. . o ..o |
+----[SHA256]-----+
Changing password for user root.
passwd: all authentication tokens updated successfully.
---> 1f5218f8c394
Removing intermediate container 1e9a85cf5eb9
Step 4/5 : EXPOSE 22
---> Running in 48cc84e52301
---> 7adefc98f42a
Removing intermediate container 48cc84e52301
Step 5/5 : CMD /usr/sbin/sshd -D
---> Running in 4753b5a05b20
---> 74245a4c3090
Removing intermediate container 4753b5a05b20
Successfully built 74245a4c3090
[root@ccx ~]#
[root@ccx ~]# docker images | ssh
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
[-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
[root@ccx ~]# docker images | grep ssh
centos ssh 74245a4c3090 15 seconds ago 319 MB
[root@ccx ~]#
创建容器使用测试
[root@ccx ~]# docker run -dit --restart=always --name=ssh centos:ssh
3c988c5bfffb9c452502aedd8af66913ed8f25daf2a942321a369a178616b82e
[root@ccx ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3c988c5bfffb centos:ssh "/usr/sbin/sshd -D" 10 seconds ago Up 9 seconds 22/tcp ssh
[root@ccx ~]# docker inspect ssh | grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.4",
"IPAMConfig": null,
"IPAddress": "172.17.0.4",
[root@ccx ~]# ssh 172.17.0.4
The authenticity of host '172.17.0.4 (172.17.0.4)' can't be established.
ECDSA key fingerprint is SHA256:H89DqtJMeBqw4r/cVKWsEDnDSIo5isgyeO2D4UVA41A.
ECDSA key fingerprint is MD5:c5:6e:c3:88:f8:a8:3a:f7:e5:d2:f5:ed:9d:f4:ac:6f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.4' (ECDSA) to the list of known hosts.
root@172.17.0.4's password:
[root@3c988c5bfffb ~]#
[root@3c988c5bfffb ~]#
[root@3c988c5bfffb ~]# pwd
/root
[root@3c988c5bfffb ~]# exit
logout
Connection to 172.17.0.4 closed.
[root@ccx ~]#
- 查看sshcmd方法如下:
[root@ccx ~]# ps aux | grep -v grep | grep ssh
root 9735 0.0 0.0 112756 4308 ? Ss 09:05 0:00 /usr/sbin/sshd -D
root 21042 0.1 0.1 163448 6192 ? Ss 09:32 0:10 sshd: root@pts/2,pts/3
[root@ccx ~]#