Docker commint 制作Docker基础镜像

Docker官方默认制作很多基础镜像，为了满足企业不同实际需求，运维人员一般会对其基础镜像做二次修改，再制作。修改后的镜像如何制作Docker镜像？这里介绍一通过.Docker commint 来制作镜像，Docker save来把镜像生成tar文件。其他容器使用时，Docker load导入。

一.Docker commint +save +load方式。通过docker commint制作镜像，再通过docker save把镜像导出。其它容器使用时，可以通过docker load把镜像导入来使用。

实例:
制作前准备：
1.删除已有的Docker镜像

[root@localhost tmp]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
<none>              <none>              efd998bd6817        6 years ago         297 MB
[root@localhost tmp]# docker rmi efd998bd6817
Error response from daemon: conflict: unable to delete efd998bd6817 (must be forced) - image is being used by stopped container 9f9f59edeee5
[root@localhost tmp]# docker rmi -f efd998bd6817
Deleted: sha256:efd998bd6817af509d348b488e3ce4259f9f05632644a7bf574b785bbc8950b8
[root@localhost tmp]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
[root@localhost tmp]#

2.导入CentOS7基础镜像

可以通过docker pull 从docker镜像源服务器拉取指定镜像或者库镜像;为节约时间，这里直接上传下载的Docker镜像，然后docker load导入。

[root@localhost src]# ls
centos6-ssh.tar  centos7-ansible.tar  debug  kernels
[root@localhost src]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
[root@localhost src]# docker load -i centos7-ansible.tar
34e7b85d83e4: Loading layer [==================================================>] 199.9 MB/199.9 MB
0d1585b29470: Loading layer [==================================================>] 171.6 MB/171.6 MB
f8c414e271fb: Loading layer [==================================================>] 2.048 kB/2.048 kB
7794e20d52b7: Loading layer [==================================================>] 3.072 kB/3.072 kB
596e51307fcb: Loading layer [==================================================>] 2.048 kB/2.048 kB
cf4eb7184a66: Loading layer [==================================================>] 91.05 MB/91.05 MB
Loaded image: centos7-ansible:latest
[root@localhost src]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos7-ansible     latest              688353a31fde        3 years ago         447 MB
[root@localhost src]# 

3.基于这个CentOS7基础镜像，,启用一个CentOS7容器，然后进入容器后，通过Linux指令添加各种功能，比如安装NGINX以及SSH远程登录服务

#启动容器
[root@localhost src]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@localhost src]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos7-ansible     latest              688353a31fde        3 years ago         447 MB
[root@localhost src]# docker run -itd centos7-ansible:latest
e32d067139c31b7582355bd73b05062ec55a724352de9019e263a4d58d5a530a
[root@localhost src]# docker ps
CONTAINER ID        IMAGE                    COMMAND             CREATED             STATUS              PORTS               NAMES
e32d067139c3        centos7-ansible:latest   "/bin/bash"         12 seconds ago      Up 9 seconds                            musing_northcutt
[root@localhost src]# 

#登录容器，Yum安装nginx和SSH远程登录服务
[root@localhost src]# docker exec  -i -t e32d067139c3 /bin/bash
[root@e32d067139c3 ansible]# yum install nginx  openssh-server

#确认nginx和openssh-server安装成功，服务启动OK。
[root@localhost src]# docker ps
CONTAINER ID        IMAGE                    COMMAND             CREATED             STATUS              PORTS               NAMES
e32d067139c3        centos7-ansible:latest   "/bin/bash"         25 minutes ago      Up 25 minutes                           musing_northcutt
[root@localhost src]# docker exec -it e32d067139c3 /bin/bash
[root@e32d067139c3 ansible]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      214/nginx: master p 
tcp6       0      0 :::80                   :::*                    LISTEN      214/nginx: master p 
[root@e32d067139c3 ansible]# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
[root@e32d067139c3 ansible]# exit
exit
[root@localhost src]# docker cp /etc/ssh/ssh_host_rsa_key e32d067139c3:/etc/ssh/
[root@localhost src]# docker cp /etc/ssh/ssh_host_ecdsa_key e32d067139c3:/etc/ssh/
[root@localhost src]# docker cp /etc/ssh/ssh_host_ed25519_key e32d067139c3:/etc/ssh/
[root@localhost src]# docker exec -it e32d067139c3 /bin/bash
[root@e32d067139c3 ansible]# /usr/sbin/sshd
[root@e32d067139c3 ansible]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      214/nginx: master p 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      251/sshd            
tcp6       0      0 :::80                   :::*                    LISTEN      214/nginx: master p 
tcp6       0      0 :::22                   :::*                    LISTEN      251/sshd            
[root@e32d067139c3 ansible]# 

#查看容器的IP地址。
[root@localhost src]# docker inspect e32d067139c3 |grep -ai ipaddr
            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.2",
                    "IPAddress": "172.17.0.2",
#确认SSH远程可登录，NGNIX可访问
[root@e32d067139c3 ansible]# ssh 172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:TorTOceE2nsNTohOTfQGGTsICgLx+3Dyz2pSeqdeOiI.
ECDSA key fingerprint is MD5:1d:6f:26:21:d5:7e:6d:0e:81:8d:97:37:cf:62:3c:28.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
root@172.17.0.2's password: 
Last failed login: Mon Aug 10 05:34:45 UTC 2020 from gateway on ssh:notty
There were 2 failed login attempts since the last successful login.
[root@e32d067139c3 ~]# 

[root@e32d067139c3 ~]# curl 172.17.0.2
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>

在物理机192.168.68.129上使用新镜像启用一个容器，并把80，22端口先别映射出给物理机的81，6022端口

[root@localhost ~]# docker run -itd --privileged -p 81:80 -p 6022:22  f1130d65ffc6 /bin/bash
c6c6017fb72abc58ef255b540ad8643ca509fd930822d47142d665a835877b73
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                      NAMES
c6c6017fb72a        f1130d65ffc6        "/bin/bash"         14 seconds ago      Up 12 seconds       0.0.0.0:6022->22/tcp, 0.0.0.0:81->80/tcp   sharp_goodall
[root@localhost ~]# 

物理机上测试，可以NGINX访问，可以SSH远程登录。

开始镜像制作：
4.通过docker commint 制作镜像

[root@localhost src]# docker commit e32d067139c3 centos7-ansible:V2
sha256:f1130d65ffc6e641b9cc7f7f869755feea9ccc5148b50d75f8b18a369c0aa4e1
[root@localhost src]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos7-ansible     V2                  f1130d65ffc6        18 seconds ago      636 MB
centos7-ansible     latest              688353a31fde        3 years ago         447 MB
[root@localhost src]# 

5.通过docker save ，将新制作的镜像centos7-ansible:v2保存为一Tar包。给其它容器使用

[root@localhost src]# ls
centos6-ssh.tar  centos7-ansible.tar  debug  kernels
[root@localhost src]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos7-ansible     V2                  f1130d65ffc6        About an hour ago   636 MB
centos7-ansible     latest              688353a31fde        3 years ago         447 MB
[root@localhost src]# docker save f1130d65ffc6 > centos7-NGINX-SSH.tar
[root@localhost src]# ls
centos6-ssh.tar  centos7-ansible.tar  centos7-NGINX-SSH.tar  debug  kernels
[root@localhost src]# 

其他容器通过docker load导入镜像后，需要手动启动服务。这也是docker commit制作镜像的一个缺点。