Dockerfile操作指令
| 指令 | 含义 |
|---|---|
| FROM 镜像 | 指定新镜像所基于的镜像,第一条指令必须为FROM指令,每创建一个镜像就需要一条FROM指令 |
| MAINTAINER 名字 | 说明新镜像的维护人信息 |
| RUN 命令 | 在所基于的镜像执行命令,并提交到新的镜像中 |
| CMD [ “要运行的程序”,“参数1”,“参数2”] | 指令启动容器时要运行的命令或者脚本,Dockerfile只能有一条CMD命令,如果指定多条则只能执行最后一条 |
| EXPOSE 端口号 | 指定新镜像加载到Docker时要开启的端口 |
| ENV 环境变量 变量值 | 设置一个环境变量的值,会被后面的RUN使用 |
| ADD 源文件/目录 目标文件/目录 | 将源文件复制到目标文件,源文件要与Dockerfile位于相同目录中,或者是一个URL |
| COPY 源文件/目录 目标文件/目录 | 将本地主机上的文件/目录复制到目标地点,源文件/目录要与Dockerfile在相同的目录中 |
| VOLUME [“目录”] | 在容器中创建一个挂载点 |
| USER 用户名/UID | 指定运行容器时的用户 |
| WORKDIR 路径 | 为后续的RUN、CMD、ENTRYPOINT指定工作目录 |
| ONBUILD 命令 | 指定所生成的镜像作为一个基础镜像时所要运行的命令 |
| HEALTHCHECK | 健康检查 |
一、 构建SSH镜像
lsof的用法,检测端口开启状态
[root@localhost ~]# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 9254 root 3u IPv4 51437 0t0 TCP *:ssh (LISTEN)
sshd 9254 root 4u IPv6 51439 0t0 TCP *:ssh (LISTEN)
sshd 10208 root 3u IPv4 59487 0t0 TCP localhost.localdomain:ssh->14.0.0.1:13277 (ESTABLISHED)
sshd 14638 root 3u IPv4 90145 0t0 TCP localhost.localdomain:ssh->14.0.0.1:taurus-wh (ESTABLISHED)
[root@localhost ~]# cd /opt
[root@localhost opt]# mkdir sshd
[root@localhost opt]# vim Dockerfile
FROM centos:7 ##指定基础镜像
MAINTAINER build image sshd <tang> ##描述信息,可以随便指定
RUN yum -y update ##更新容器yum源
RUN yum -y install openssh* net-tools lsof telnet passwd ##安装环境依赖包
RUN echo "abc123" | passwd --stdin root ##设置root登录密码
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config ##禁用ssh中的pam验证,root账户可以登录
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key ##创建非对称密钥,并指定文件路径
RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/ s/^/#/' /etc/pam.d/sshd ##禁用pam的ssh的pam会话模块
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh ##创建ssh工作目录和权限设置
EXPOSE 22 ##开放22端口
CMD ["/usr/sbin/sshd","-D"] ##容器加载时启动sshd服务
构建sshd镜像
[root@localhost sshd]# docker build -t sshd:centos .
[root@localhost sshd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd centos f41e3bb388c6 5 minutes ago 481MB
centos 7 7e6257c9f8d8 6 weeks ago 203MB
创建容器
[root@localhost sshd]# docker run -d -P sshd:centos ##创建容器
6dc8b8eff3caf9b7cc039910029a63fb21200136fd4b167de29ab7334ab57bc7
[root@localhost sshd]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6dc8b8eff3ca sshd:centos "/usr/sbin/sshd -D" 5 seconds ago Up 4 seconds 0.0.0.0:32769->22/tcp jolly_black
使用sshd服务进入容器
[root@localhost sshd]# ssh localhost -p 32769 ##-p指定端口
The authenticity of host '[localhost]:32769 ([::1]:32769)' can't be established.
RSA key fingerprint is SHA256:aXC5r1sHmedc3TB9NBuTc5Ry7ZYJiFim/SWabizydKw.
RSA key fingerprint is MD5:a3:30:42:0a:6f:20:b7:e5:fd:81:13:d3:8f:92:a3:ee.
Are you sure you want to continue connecting (yes/no)? yes ##输入yes
Warning: Permanently added '[localhost]:32769' (RSA) to the list of known hosts.
root@localhost's password: ##输入之前在Dockerfile文件中设置的密码
[root@6dc8b8eff3ca ~]#
二、 构建systemctl镜像
编辑systemctl的Dockerfile文件,基于上面生成的sshd镜像
[root@localhost ~]# cd /opt
[root@localhost opt]# mkdir /systemctl
[root@localhost opt]# cd /systemctl
[root@docker systemctl]# vim Dockerfile
FROM sshd:centos
MAINTAINER built image systemctl <tang>
ENV container docker ##设置环境变量,container和docker
RUN yum install -y vim
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *;do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \ ##执行先到指定目录,进行for循环遍历目录下所有文件并删除指定的文件。之后进行一系列的删除
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ] ##创建一个挂载卷'
CMD ["/usr/sbin/init"] ##init指执行初始化'
构建systemctl镜像
[root@localhost systemctl]# docker build -t systemctl:centos .
[root@localhost systemctl]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
systemctl centos a4f933d4dac9 About a minute ago 481MB
sshd centos f41e3bb388c6 3 hours ago 481MB
centos 7 7e6257c9f8d8 6 weeks ago 203MB
创建systemctl的容器
[root@localhost systemctl]# docker run --privileged -it -v /sys/fs/cgroup/:/sys/fs/cgroup:ro systemctl:centos /sbin/init & ##--privileged表示不降权处理,privateged container内的root拥有真正的root权限。否则,container内的root只是外部的一个普通用户权限。ro表示read only(只读),放到后台处理是因为在前台就会进入一个无法交互的状态
[3] 70274
[root@localhost systemctl]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec138882e99c systemctl:centos "/sbin/init" 3 minutes ago Up 3 minutes 22/tcp sharp_cannon
6dc8b8eff3ca sshd:centos "/usr/sbin/sshd -D" 3 hours ago Up 3 hours 0.0.0.0:32769->22/tcp jolly_black
进入容器测试systemctl命令
[root@localhost systemctl]# docker exec -it ec138882e99c /bin/bash
[root@ec138882e99c /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:sshd(8)
man:sshd_config(5)
[root@ec138882e99c /]# systemctl start sshd
[root@ec138882e99c /]# systemctl status sshd
三、 构建nginx镜像
编辑nginx的Dockerfile文件,并将ADD后跟的文件或软件包拷贝进来
[root@localhost ~]# cd /opt
[root@localhost opt]# mkdir nginx
[root@localhost opt]# cd nginx/
[root@localhost nginx]# vim Dockerfile
FROM centos:7
MAINTAINER this is nginx
RUN yum -y update
RUN yum -y install gcc gcc-c++ pcre-devel make zlib-devel
ADD nginx-1.12.2.tar.gz /usr/local/src
RUN useradd -M -s /sbin/nologin nginx
WORKDIR /usr/local/src/nginx-1.12.2
RUN ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module
RUN make && make install
ENV PATH /usr/local/nginx/sbin/:$PATH
RUN ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
EXPOSE 80
EXPOSE 443
RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf ##将nginx的守护进程关闭,以容器的守护进程开启
CMD ["/usr/local/nginx/sbin/nginx"]
构建nginx镜像
[root@localhost nginx]# docker build -t nginx:centos .
[root@localhost nginx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx centos b22e05e37213 34 seconds ago 480MB
systemctl centos a4f933d4dac9 39 minutes ago 481MB
sshd centos f41e3bb388c6 4 hours ago 481MB
centos 7 7e6257c9f8d8 6 weeks ago 203MB
创建nginx容器
[root@localhost nginx]# docker run -d -P nginx:centos
1c1111a332ff92a9298fa69f2e8ceff26c4dab691b9ce5c73fd05b5ba9a375e6
[root@localhost nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1c1111a332ff nginx:centos "/usr/local/nginx/sb…" 6 seconds ago Up 6 seconds 0.0.0.0:32771->80/tcp, 0.0.0.0:32770->443/tcp festive_haslett
ec138882e99c systemctl:centos "/sbin/init" 32 minutes ago Up 32 minutes 22/tcp sharp_cannon
6dc8b8eff3ca sshd:centos "/usr/sbin/sshd -D" 4 hours ago Up 4 hours 0.0.0.0:32769->22/tcp jolly_black
四、 构建tomcat镜像
构建tomcat镜像,并将ADD后跟的软件包拷贝过来
[root@localhost ~]# cd /opt
[root@localhost opt]# mkdir tomcat
[root@localhost opt]# cd tomcat/
[root@localhost tomcat]# vim Dockerfile
FROM centos:7
MAINTAINER build image tomcat <tang>
EXPOSE 8080
ADD jdk-8u201-linux-x64.rpm /usr/local/src
WORKDIR /usr/local/src
RUN rpm -ivh jdk-8u201-linux-x64.rpm
ENV JAVA_HOME /usr/java/jdk1.8.0_201-amd64
ENV CLASSPATH $JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
ENV PATH $JAVA_HOME/bin:$PATH
ADD apache-tomcat-9.0.16.tar.gz /usr/local/src
RUN mv apache-tomcat-9.0.16/ /usr/local/tomcat9
ENV PATH /usr/local/tomcat9/bin/:$PATH
#ADD tomcat9.run.sh /usr/local/src
#RUN chmod 755 /usr/local/src/tomcat9.run.sh
#CMD ["/usr/local/src/tomcat9.run.sh"]
ENTRYPOINT ["/usr/local/tomcat9/bin/catalina.sh","run"]
带#注释掉的是另外一种启动方式
1、ENRYPOINT指开启容器前镜像就已经执行了括号内的命令
2、CMD是开启容器时,要执行的指令,设置容器启动后默认执行的命令及其参数,但 CMD 能够被 docker run 后面跟的命令行参数替换
3、基于Dockerfile内有CMD或者ENTRYPOINT创建镜像时,docker run 后面就不要加指令(/bin/bash)了,会覆盖掉Dockerfile中的指令或者语法报错
vim tomcat9.run.sh
#!/bin/bash
/usr/local/tomcat9/bin/catalina.sh run
构建tomcat镜像
[root@localhost tomcat]# docker build -t tomcat:centos .
[root@localhost tomcat]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat centos 6d5e5e5fa719 7 seconds ago 806MB
nginx centos b22e05e37213 41 minutes ago 480MB
systemctl centos a4f933d4dac9 About an hour ago 481MB
sshd centos f41e3bb388c6 4 hours ago 481MB
centos 7 7e6257c9f8d8 6 weeks ago 203MB
创建tomcat容器
[root@localhost tomcat]# docker run -d --name tomcat -p 1234:8080 tomcat:centos ##指定1234端口为容器的8080端口映射
1328baae126024c6aa5b72ed8b52362f3a0d0ad8aa78ec100ee3f6f9d534cc8e
[root@localhost tomcat]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1328baae1260 tomcat:centos "/usr/local/tomcat9/…" 7 seconds ago Up 5 seconds 0.0.0.0:1234->8080/tcp tomcat
1c1111a332ff nginx:centos "/usr/local/nginx/sb…" 42 minutes ago Up 42 minutes 0.0.0.0:32771->80/tcp, 0.0.0.0:32770->443/tcp festive_haslett
ec138882e99c systemctl:centos "/sbin/init" About an hour ago Up About an hour 22/tcp sharp_cannon
6dc8b8eff3ca sshd:centos "/usr/sbin/sshd -D" 4 hours ago Up 4 hours 0.0.0.0:32769->22/tcp jolly_black
五、 构建mysql镜像
写入Dockerfile文件,并将使用到的软件包放到Dockerfile的目录下
[root@localhost opt]# mkdir mysql
[root@localhost opt]# cd mysql/
编辑Dockerfile文件
[root@localhost mysql]# vim Dockerfile
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DMYSQL_DATADIR=/usr/local/mysql/data \
-DWITH_BOOST=boost \
-DWITH_SYSTEMD=1 && make && make install
RUN chown -R mysql:mysql /usr/local/mysql/
RUN rm -rf /etc/my.cnf
ADD my.cnf /etc
RUN chown mysql:mysql /etc/my.cnf
ENV PATH /usr/local/mysql/bin:/usr/local/mysql/lib:$PATH
WORKDIR /usr/local/mysql/
RUN bin/mysqld \
--initialize-insecure \
--user=mysql \
--basedir=/usr/local/mysql \
--datadir=/usr/local/mysql/data
RUN cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/
EXPOSE 3306
RUN echo -e "#!/bin/bash \nsystemctl enable mysqld" > /run.sh
RUN chmod 755 /run.sh
RUN sh /run.sh
CMD ["init"]
编写Dockerfile文件中ADD需要添加的内容
[root@localhost mysql]# vim my.cnf
[client]
port=3306
default-character-set=utf8
socket=/usr/local/mysql/mysql.sock
[mysql]
port=3306
default-character-set=utf8
socket=/usr/local/mysql/mysql.sock
[mysqld]
user=mysql
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
port=3306
character_set_server=utf8
pid-file=/usr/local/mysql/mysqld.pid
socket=/usr/local/mysql/mysql.sock
server-id=1
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
构建mysql镜像
[root@docker mysql]# docker build -t mysql:centos . ##构建MySQL5.7镜像
docker system prune ##清除docker缓存命令
[root@localhost mysql]# docker images ##查看到mysql镜像已经生成
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql centos 213de6dcddcf 4 hours ago 9.9GB
centos 7 7e6257c9f8d8 6 weeks ago 203MB
创建容器,运行mysql服务
[root@localhost mysql]# docker run --name=mysql -d -P --privileged mysql:centos ##--privileged 表示不降权,也就是进入容器的mysql中,也可以是root权限
0d75466654d3f61251f8dfcb7aab7e220d1d5d0dc5bf79eb795343fcabaeb331
[root@localhost mysql]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0d75466654d3 mysql:centos "init" 6 seconds ago Up 5 seconds 0.0.0.0:32768->3306/tcp mysql
进入容器,登录数据库
[root@0d75466654d3 mysql]# mysql -uroot -p
Enter password: ##此时没有设置密码,直接回车登录
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.7.20 Source distribution
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
以下两条语句是放权命令,允许root用户在任何终端登录访问
mysql> grant all privileges on *.* to 'root'@'%' identified by 'abc123';
Query OK, 0 rows affected, 1 warning (0.01 sec)
mysql> grant all privileges on *.* to 'root'@'localhost' identified by 'abc123';
Query OK, 0 rows affected, 1 warning (0.00 sec)
在客户端使用yum方式安装一个mariadb,登录数据库测试
[root@docker ~]# mysql -h 14.0.0.110 -uroot -pabc123 -P 32768
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.20 Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>
526
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
