Docker file介绍
1、背景:
在Docker file中定义所需要执⾏的指令,使⽤ docker build创建镜 像,过程中会按照dockerfile所定义的内容进⾏打开临时性容器,把 docker file中命令全部执⾏完成,就得到了⼀个容器应⽤镜像,每 ⼀⾏命令都会出现容器,都会使⽤docker commit进⾏提交⼀个临时性的镜像。注意执⾏的命令越多,镜像体积越⼤,所以需要优化镜像。
2、Docker file关键字
1)FORM 指定基础镜像为该镜像的最后修改版本
2)FROM 指定基础镜像为该镜像的⼀个tag版本
3)MAINTAINER 指定镜像创建者,企业内部不⽤指定,对外发 布也可以不指定 3.RUN 运⾏命令,安装软件
4)CMD 设置container启动时进⾏的操作,如果容器镜像中有这 个命名,启动容器时,不要⼿动让容器执⾏其他命令
5)ENTRYPORINT(⼊⼝点)cmd每次只能执⾏⼀个指令, entrypoint可以多⾏执⾏。
6)USER设置容器进程的⼀些⽤户
7)EXPOSE 暴露端⼝ 指定容器需要映射到宿主机的端⼝
8)ENV 设置环境变量 -e
9)ADD 从宿主机src复制⽂件到容器的dest路径
10)volumn 指定挂载点
11)WROKDIR 切换⽬录
12)ONBUILD在⼦镜像中执⾏指令
通过dockerfile创建⼀个在启动容器时,就可以启动httpd服务的镜像的步骤:
1)创建⼀个⽬录,⽤于存储Docker file所使⽤的⽂件
2) 在此⽬录中创建Docker file⽂件,以及镜像制作所使⽤的⽂ 件
3)使⽤docker build创建镜像
4)使⽤创建的镜像启动容器(验证)
思考:
(1)基础镜像 (2)yum -y install httpd (3)使⽤脚本启动服务(httpd -k start) (4)应该将httpd服务放在前端执⾏ (4)暴露端⼝ 80/tcp (5)添加⼀个测试⽂件,⽤于验证软件是否可⽤
过程:
# 1.创建⽬录
[root@docker001 ~]# mkdir test
# 2.跳转到⽬录中
[root@docker001 ~]# cd test/
# 3.编辑启动脚本
[root@docker001 test]# vim start.sh
[root@docker001 test]# cat start.sh ###################################### #!/bin/bah rm -rf /run/httpd/* exec /sbin/httpd -D FOREGROUND ######################################
# 4.编辑index.html⽂件 [root@docker001 test]# vim index.html
# 5.编辑Dockerfile [root@docker001 test]# vim Dockerfile #################################### FROM centos_yum:v0 MAINTAINER "httpd server start 15773141955@163.com" RUN yum clean all RUN yum makecacheRUN yum -y install httpd ADD start.sh /start.sh RUN chmod -v +x /start.sh Add index.html /var/www/html/ EXPOSE 80 WORKDIR / CMD ["/bin/bash","/start.sh"] ####################################
# 6.创建镜像 [root@docker001 test]# docker build -t
centos:httpd .
[+] Building 51.6s (12/12) FINISHED docker:default
=> [internal] load build definition from Dockerfile
0.0s
=> => transferring dockerfile: 309B 0.0s
=> [internal] load metadata for docker.io/library/centos_yum:v0 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s => [1/8] FROM docker.io/library/centos_yum:v0 0.0s => [internal] load build context 0.0s => => transferring context: 180B 0.0s => [2/8] RUN YUM clean all 2.3s => [3/8] RUN YUM makecache 42.7s => [4/8] RUN YUM -y install httpd 5.8s
=> [5/8] ADD START.SH /START.SH 0.0s
=> [6/8] RUN CHMOD -v +x /start.sh 0.2s
=> [7/8] ADD INDEX.HTML /VAR/WWW/HTML/ 0.0s => exporting to image 0.5s
=> => exporting layers 0.4s
=> => writing image sha256:a488bc9f4cfb58a91baa57c2ab9faf615d457ff8714 e4e958e7220a253469ed 0.0s => => naming to docker.io/library/centos:httpd
# 7.查看镜像 [root@docker001 test]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos httpd a488bc9f4cfb About a minute ago 352MB centos nginx 12fea1b890de 41 hours ago 366MB centos java17 b6bf774de7bb 41 hours ago 550MB centos_yum v0 191d9c84f461 2 days ago 260MBmysql latest a82a8f162e18 4 weeks ago 586MB
# 9.创建容器测试 [root@docker001 test]# docker run -d --name c0 centos:httpd c245d9f9f3e0d6526d80e117ebd7b4c2870a1e12558192f1da 1e681cabdc4e87 [root@docker001 test]# docker ps --all CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c245d9f9f3e0 centos:httpd "/bin/bash /start.sh" 21 seconds ago Up 20 seconds 80/tcp c0
# 10.查看ip地址
[root@docker001 test]# docker inspect c0
# 访问测试
[root@docker001 test]# curl 172.17.0.2
p
pp
ppp
pppp
ppppp
测试挂载其他项目
[root@docker001 test]# docker run -d -v /opt:/var/www/html --name c1 centos:httpd 3c97af2d11a56b9c2f2ea4eb6bb0a7ff18d6f26d0f777f68a4 eb4a20b9c61835 [root@docker001 test]# eche "adsfadfafwqrdfqdsafdgdfsgda" > /opt/index.html -bash: eche: 未找到命令
[root@docker001 test]# echo "adsfadfafwqrdfqdsafdgdfsgda" > /opt/index.html [root@docker001 test]# curl 172.17.0.3
adsfadfafwqrdfqdsafdgdfsgda
yum -y install yum-plugin-ovl
###练习 配置nginx应⽤镜像
FROM centos:latest
MAINTAINER "NGINX"
RUN rm -rf /etc/yum.repos.d/*
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault8.5.2111.repo
RUN yum clean all && yum makecache
RUN yum -y install epel-release && yum -y install nginx
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
WORKDIR /
CMD /usr/sbin/nginx
[root@docker001 ~]# docker run -d --name c1 - p80:80 -v /opt/:/usr/share/nginx/html/ centos:nginx 948f20e1ed4758e78759de8f9ce9b34a7f44c431bc8ead75b6 70e1a5b488654c
容器镜像在dockerhost中的保存位置
[root@docker001 ~]# docker info
Client: Docker Engine - Community
Version: 26.1.4
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.14.1
Path: /usr/libexec/docker/cliplugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.27.1 Path: /usr/libexec/docker/cliplugins/docker-compose
Server:
Containers: 2 #容器数量
Running: 2 #正在运⾏的容器
Paused: 0
Stopped: 0
Images: 3
Server Version: 26.1.4
Storage Driver: overlay2 # 存储驱动
Backing Filesystem: xfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false Logging
Driver: json-file Cgroup
Driver: cgroupfs Cgroup
Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald jsonfile local splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: d2d58213f83a351ca8f528a95fbd145f5654e957 runc version: v1.1.12-0-g51d5e94 init version: de40ad0 Security Options: seccomp
Profile: builtin Kernel Version: 3.10.0-1160.119.1.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 972.1MiB Name: docker001.yuanyu.zhangmin ID: 7684bd62-67f2-48c8-a2ee-daaa649abf70 Docker Root
Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://do.nark.eu.org/ https://dc.j8.work/
https://docker.m.daocloud.io/ https://dockerproxy.com/
https://docker.mirrors.ustc.edu.cn/
https://docker.nju.edu.cn/
Live Restore Enabled: false
[DEPRECATION NOTICE]: API is accessible on http://0.0.0.0:2375 without encryption. Access to the remote API is equivalent to root access on the host. Refer to the 'Docker daemon attack surface' section in the documentation for more information: https://docs.docker.com/go/attack-surface/ In future versions this will be a hard failure preventing the daemon from starting! Learn more at: https://docs.docker.com/go/api-security/ WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
[root@docker001 ~]# ls /var/lib/docker/
buildkit containers engine-id image network
overlay2 plugins runtimes swarm tmp volumes
[root@docker001 ~]# tree -L 2 /var/lib/docker/ /var/lib/docker/
查看系统内核:
[root@docker001 l]# uname -r 3.10.0-1160.119.1.el7.x86_64
查看⽂件系统:
[root@docker001 l]# df -i ⽂件系统 Inode 已⽤(I) 可⽤(I) 已⽤ (I)% 挂载点 devtmpfs 121445 390 121055 1% /dev tmpfs 124432 1 124431 1% /dev/shm新建⼀个⽂件之后 可⽤的节点减少⼀个 tmpfs 124432 794 123638 1% /run tmpfs 124432 16 124416 1% /sys/fs/cgroup /dev/mapper/centos-root 8910848 101057 8809791 2% / /dev/sda1 524288 333 523955 1% /boot tmpfs 124432 1 124431 1% /run/user/0 overlay 8910848 101057 8809791 2% /var/lib/docker/overlay2/a0f5901965932b6db0ec37cd3 1654532e08cac14e0b12b1897090cdef1ed9a3d/merged overlay 8910848 101057 8809791 2% /var/lib/docker/overlay2/c8ee533075c8244596da864a5 55935839a9850b450b668720180802707a9a146/merged [root@docker001 ~]# touch 123.txt [root@docker001 ~]# df -i ⽂件系统
Inode 已⽤(I) 可⽤(I) 已⽤ (I)% 挂载点devtmpfs 121445 390 121055 1% /dev tmpfs 124432 1 124431 1% /dev/shm tmpfs 124432 794 123638 1% /run tmpfs 124432 16 124416 1% /sys/fs/cgroup /dev/mapper/centos-root 8910848 101058 8809790 2% / /dev/sda1 524288 333 523955 1% /boot tmpfs 124432 1 124431 1% /run/user/0 overlay 8910848 101058 8809790 2% /var/lib/docker/overlay2/a0f5901965932b6db0ec37cd3 1654532e08cac14e0b12b1897090cdef1ed9a3d/merged overlay 8910848 101058 8809790 2% /var/lib/docker/overlay2/c8ee533075c8244596da864a5 55935839a9850b450b668720180802707a9a146/merged
创建软连接之后,节点减少⼀个
[root@docker001 ~]# ln -s 123.txt 123.lk [root@docker001 ~]# df -i ⽂件系统 Inode 已⽤(I) 可⽤(I) 已⽤ (I)% 挂载点 devtmpfs 121445 390 121055 1% /dev tmpfs 124432 1 124431 1% /dev/shm tmpfs 124432 794 123638 1% /run tmpfs 124432 16 124416 1% /sys/fs/cgroup /dev/mapper/centos-root 8910848 101059 8809789 2% / /dev/sda1 524288 333 523955 1% /boot tmpfs 124432 1 124431 1% /run/user/0 overlay 8910848 101059 8809789 2% /var/lib/docker/overlay2/a0f5901965932b6db0ec37cd3 1654532e08cac14e0b12b1897090cdef1ed9a3d/merged overlay 8910848 101059 8809789 2% /var/lib/docker/overlay2/c8ee533075c8244596da864a5 55935839a9850b450b668720180802707a9a146/merged 在启动docker服务后会新建/var/lib/docker 拉取⼀个新镜像之后,就会在overlay2⽂件夹中保存新的⽂件 [root@docker001 ~]# ls /var/lib/docker ls: ⽆法访问/var/lib/docker: 没有那个⽂件或⽬录 [root@docker001 ~]# systemctl start docker.service [root@docker001 ~]# ls /var/lib/docker buildkit containers engine-id image network overlay2 plugins runtimes swarm tmp volumes [root@docker001 ~]# ls /var/lib/docker/overlay2/ backingFsBlockDev l查看⽂件保存位置 [root@docker001 ~]# docker pull centos Using default tag: latest latest: Pulling from library/centos a1d0c7532777: Pull complete Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534b bdee55bd6c473f432b177 Status: Downloaded newer image for centos:latest docker.io/library/centos:latest [root@docker001 ~]# ls /var/lib/docker/overlay2/ backingFsBlockDev ce54a04e45edb448429f2f7adb8a8a1d23379e300f8e7c1a98 beb4512d932c34 l [root@docker001 ~]# 创建容器后出现2个新的⽂件夹 [root@docker001 ~]# cd /var/lib/docker/overlay2/ce54a04e45edb448429f2f7ad b8a8a1d23379e300f8e7c1a98beb4512d932c34/ [root@docker001 ce54a04e45edb448429f2f7adb8a8a1d23379e300f8e7c1a98 beb4512d932c34]# ls diff link [root@docker001 ce54a04e45edb448429f2f7adb8a8a1d23379e300f8e7c1a98 beb4512d932c34]# ls diff/ bin etc lib lost+found mnt proc run srv tmp var dev home lib64 media opt root sbin sys usr [root@docker001 ce54a04e45edb448429f2f7adb8a8a1d23379e300f8e7c1a98 beb4512d932c34]# [root@docker001 ~]# docker run -it --name c0 centos:latest /bin/bash [root@4c7f96d1a03e /]# [root@docker001 ~]# [root@docker001 ~]# ls /var/lib/docker/overlay2/ backingFsBlockDev ce54a04e45edb448429f2f7adb8a8a1d23379e300f8e7c1a98 beb4512d932c34 e291e027242e013f682fe631b83e89a90f9ba68fa1af92fda2 fe4d9094f7b7eb e291e027242e013f682fe631b83e89a90f9ba68fa1af92fda2 fe4d9094f7b7eb-init
查看容器⽬录
[root@docker001 ~]# cd /var/lib/docker/overlay2/e291e027242e013f682fe631b 83e89a90f9ba68fa1af92fda2fe4d9094f7b7eb [root@docker001 e291e027242e013f682fe631b83e89a90f9ba68fa1af92fda2 fe4d9094f7b7eb]# ls diff link lower merged work [root@docker001 e291e027242e013f682fe631b83e89a90f9ba68fa1af92fda2 fe4d9094f7b7eb]# cat lower l/LBSEYI2LHNHNIYE7AYQMOC6RBP:l/KQTNFI7JQXIRWB3PFKE D2HRWJD[root@docker001 e291e027242e013f682fe631b83e89a90f9ba68fa1af92fda2 fe4d9094f7b7eb]# ls merged/ bin etc lib lost+found mnt proc run srv tmp var dev home lib64 media opt root sbin sys usr
[root@docker001~]#
在外面使⽤exec创建⼀个文件
[root@docker001 ~]# docker exec 4c7f dd if=/dev/zero of=/test bs=10M count=100
100+0 records in
100+0 records out
1048576000 bytes (1.0 GB, 1000 MiB) copied, 2.7744 s, 378 MB/s
[root@docker001 ~]# ls /var/lib/docker/overlay2/e291e027242e013f682fe631b 83e89a90f9ba68fa1af92fda2fe4d9094f7b7eb/merged/ bin etc lib lost+found mnt proc run srv test usr dev home lib64 media opt root sbin sys tmp var
容器保存镜像和数据
1)查看容器挂载
2)容器被移除以后,这个⽂件就会被删除,stop不会删除
[root@docker001 ~]# ls /var/lib/docker/overlay2/ backingFsBlockDevce54a04e45edb448429f2f7adb8a8a1d23379e300f8e7c1a98 beb4512d932c34 e291e027242e013f682fe631b83e89a90f9ba68fa1af92fda2 fe4d9094f7b7eb e291e027242e013f682fe631b83e89a90f9ba68fa1af92fda2 fe4d9094f7b7eb-init l
[root@docker001 ~]# docker stop c0 c0 [root@docker001 ~]# ls /var/lib/docker/overlay2/ backingFsBlockDev ce54a04e45edb448429f2f7adb8a8a1d23379e300f8e7c1a98 beb4512d932c34 e291e027242e013f682fe631b83e89a90f9ba68fa1af92fda2 fe4d9094f7b7eb e291e027242e013f682fe631b83e89a90f9ba68fa1af92fda2 fe4d9094f7b7eb-init l
[root@docker001 ~]# docker rm c0 c0 [root@docker001 ~]# ls /var/lib/docker/overlay2/ backingFsBlockDev ce54a04e45edb448429f2f7adb8a8a1d23379e300f8e7c1a98 beb4512d932c34 l
私有仓库:
# 安装仓库镜像
[root@docker001 ~]# docker pull registry Using default tag: latest latest: Pulling from library/registry 930bdd4d222e: Pull complete a15309931e05: Pull complete 6263fb9c821f: Pull complete 86c1d3af3872: Pull complete a37b1bf6a96f: Pull complete Digest: sha256:12120425f07de11a1b899e418d4b0ea174c8d4d572d 45bdb640f93bc7ca06a3d Status: Downloaded newer image for registry:latest docker.io/library/registry:latest
#查看新安装的镜像
[root@docker001 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest cfb4d9904335 10 months ago 25.4MB centos latest 5d0da3dc9764 2 years ago 231MB
# 创建挂载的⽬录
[root@docker001 ~]# mkdir /opt/dockeregistry # 创建容器,映射端⼝,挂载⽂件 [root@docker001 ~]# docker run -d --name c1 - p5000:5000 -v /opt/dockeregistry/:/var/lib/registry registry:latest 7ec28de22490aee02bd542ef22076f8ba746f7513cf96bf501 d817bc07b38f27
[root@docker001 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7ec28de22490 registry:latest "/entrypoint.sh /etc…" 13 seconds ago Up 12 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp c1
# 访问⽬录⻚
[root@docker001 ~]# curl http://10.1.1.50:5000/v2/_catalog {"repositories":[]}
# 创建仓库
[root@docker001 ~]# vim /etc/docker/daemon.json
[root@docker001 ~]# cat /etc/docker/daemon.json
{
"insecure-registries":[ "http://10.1.1.50:5000"
],
"registry-mirrors": [
"https://do.nark.eu.org",
"https://dc.j8.work",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn"
],
"hosts": [
"tcp://0.0.0.0:2375",
"unix:///var/run/docker.sock"
]
}
# 重启docker服务
[root@docker001 ~]# systemctl restart docker.service # 查看镜像 [root@docker001 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest cfb4d9904335 10 months ago 25.4MB centos latest 5d0da3dc9764 2 years ago 231MB
# 为要上传的镜像添加标记 [root@docker001 ~]# docker tag centos:latest 10.1.1.50:5000/centos:v0 [root@docker001 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry latest cfb4d9904335 10 months ago 25.4MB 10.1.1.50:5000/centos v0 5d0da3dc9764 2 years ago 231MB centos latest 5d0da3dc9764 2 years ago 231MB
10.1.1.50/centos v0 5d0da3dc9764 2 years ago 231MB
[root@docker001 ~]# docker push 10.1.1.50:5000/centos:v0 The push refers to repository [10.1.1.50:5000/centos] Get "http://10.1.1.50:5000/v2/": dial tcp 10.1.1.50:5000: connect: connection refused
[root@docker001 ~]# docker start c1 c1
[root@docker001 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7ec28de22490 registry:latest "/entrypoint.sh
/etc…" 16 minutes ago Up 4 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp c1 [root@docker001 ~]# docker push 10.1.1.50:5000/centos:v0 The push refers to repository [10.1.1.50:5000/centos] 74ddd0ec08fa: Pushed v0: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c8386
3037fa3aab063a7fdb9dc size: 529
[root@docker001 ~]# ls /opt/
1.png assets dist index.html 2.png containerd dockeregistry nohup.out application.properties cvloume favicon.ico Project_ExamSystem-V1.0.0.war [root@docker001 ~]# ls /opt/dockeregistry/ docker
[root@docker001 ~]# ls /opt/dockeregistry/docker/ registry
[root@docker001 ~]# ls /opt/dockeregistry/docker/registry/ v2
[root@docker001 ~]# ls /opt/dockeregistry/docker/registry/v2/ blobs repositories [root@docker001 ~]# ls /opt/dockeregistry/docker/registry/v2/repositories / centos
总结:
1.拉取registry:docker pull registry
2.创建挂载⽬录:mkdir /regist
3.启动容器,映射端⼝,挂载⽬录:
docker run -d --name c0 -v /regist/:/var/lib/rigistry/ -p5000:5000 registry:latest
4.访问仓库:curl http://192.168.71.50:5000/v2/_catelog
5.配置pull和push,修改daemon.json
vim /etc/docker/daemon.json
{ .....,
"insecure-registries":[
"http://192.168.71.50:5000"
]
}
:wq
6.修改了配置⽂件,重启docker服务:systemctl restart docker
7.启动registry容器:
docker start r1
curl localhost:5000/v2/_catalog