Docker官方默认制作很多基础镜像,为了满足企业不同实际需求,运维人员一般会对其基础镜像做二次修改,再制作。修改后的镜像如何制作Docker镜像?这里介绍一通过.Docker commint 来制作镜像,Docker save来把镜像生成tar文件。其他容器使用时,Docker load导入。
一.Docker commint +save +load方式。通过docker commint制作镜像,再通过docker save把镜像导出。其它容器使用时,可以通过docker load把镜像导入来使用。
实例:
制作前准备:
1.删除已有的Docker镜像
[root@localhost tmp]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> efd998bd6817 6 years ago 297 MB
[root@localhost tmp]# docker rmi efd998bd6817
Error response from daemon: conflict: unable to delete efd998bd6817 (must be forced) - image is being used by stopped container 9f9f59edeee5
[root@localhost tmp]# docker rmi -f efd998bd6817
Deleted: sha256:efd998bd6817af509d348b488e3ce4259f9f05632644a7bf574b785bbc8950b8
[root@localhost tmp]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost tmp]#
2.导入CentOS7基础镜像
可以通过docker pull 从docker镜像源服务器拉取指定镜像或者库镜像;为节约时间,这里直接上传下载的Docker镜像,然后docker load导入。
[root@localhost src]# ls
centos6-ssh.tar centos7-ansible.tar debug kernels
[root@localhost src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost src]# docker load -i centos7-ansible.tar
34e7b85d83e4: Loading layer [==================================================>] 199.9 MB/199.9 MB
0d1585b29470: Loading layer [==================================================>] 171.6 MB/171.6 MB
f8c414e271fb: Loading layer [==================================================>] 2.048 kB/2.048 kB
7794e20d52b7: Loading layer [==================================================>] 3.072 kB/3.072 kB
596e51307fcb: Loading layer [==================================================>] 2.048 kB/2.048 kB
cf4eb7184a66: Loading layer [==================================================>] 91.05 MB/91.05 MB
Loaded image: centos7-ansible:latest
[root@localhost src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7-ansible latest 688353a31fde 3 years ago 447 MB
[root@localhost src]#
3.基于这个CentOS7基础镜像,,启用一个CentOS7容器,然后进入容器后,通过Linux指令添加各种功能,比如安装NGINX以及SSH远程登录服务
#启动容器
[root@localhost src]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7-ansible latest 688353a31fde 3 years ago 447 MB
[root@localhost src]# docker run -itd centos7-ansible:latest
e32d067139c31b7582355bd73b05062ec55a724352de9019e263a4d58d5a530a
[root@localhost src]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e32d067139c3 centos7-ansible:latest "/bin/bash" 12 seconds ago Up 9 seconds musing_northcutt
[root@localhost src]#
#登录容器,Yum安装nginx和SSH远程登录服务
[root@localhost src]# docker exec -i -t e32d067139c3 /bin/bash
[root@e32d067139c3 ansible]# yum install nginx openssh-server
#确认nginx和openssh-server安装成功,服务启动OK。
[root@localhost src]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e32d067139c3 centos7-ansible:latest "/bin/bash" 25 minutes ago Up 25 minutes musing_northcutt
[root@localhost src]# docker exec -it e32d067139c3 /bin/bash
[root@e32d067139c3 ansible]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 214/nginx: master p
tcp6 0 0 :::80 :::* LISTEN 214/nginx: master p
[root@e32d067139c3 ansible]# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
[root@e32d067139c3 ansible]# exit
exit
[root@localhost src]# docker cp /etc/ssh/ssh_host_rsa_key e32d067139c3:/etc/ssh/
[root@localhost src]# docker cp /etc/ssh/ssh_host_ecdsa_key e32d067139c3:/etc/ssh/
[root@localhost src]# docker cp /etc/ssh/ssh_host_ed25519_key e32d067139c3:/etc/ssh/
[root@localhost src]# docker exec -it e32d067139c3 /bin/bash
[root@e32d067139c3 ansible]# /usr/sbin/sshd
[root@e32d067139c3 ansible]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 214/nginx: master p
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 251/sshd
tcp6 0 0 :::80 :::* LISTEN 214/nginx: master p
tcp6 0 0 :::22 :::* LISTEN 251/sshd
[root@e32d067139c3 ansible]#
#查看容器的IP地址。
[root@localhost src]# docker inspect e32d067139c3 |grep -ai ipaddr
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
#确认SSH远程可登录,NGNIX可访问
[root@e32d067139c3 ansible]# ssh 172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:TorTOceE2nsNTohOTfQGGTsICgLx+3Dyz2pSeqdeOiI.
ECDSA key fingerprint is MD5:1d:6f:26:21:d5:7e:6d:0e:81:8d:97:37:cf:62:3c:28.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
root@172.17.0.2's password:
Last failed login: Mon Aug 10 05:34:45 UTC 2020 from gateway on ssh:notty
There were 2 failed login attempts since the last successful login.
[root@e32d067139c3 ~]#
[root@e32d067139c3 ~]# curl 172.17.0.2
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
在物理机192.168.68.129上使用新镜像启用一个容器,并把80,22端口先别映射出给物理机的81,6022端口
[root@localhost ~]# docker run -itd --privileged -p 81:80 -p 6022:22 f1130d65ffc6 /bin/bash
c6c6017fb72abc58ef255b540ad8643ca509fd930822d47142d665a835877b73
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c6c6017fb72a f1130d65ffc6 "/bin/bash" 14 seconds ago Up 12 seconds 0.0.0.0:6022->22/tcp, 0.0.0.0:81->80/tcp sharp_goodall
[root@localhost ~]#
物理机上测试,可以NGINX访问,可以SSH远程登录。
开始镜像制作:
4.通过docker commint 制作镜像
[root@localhost src]# docker commit e32d067139c3 centos7-ansible:V2
sha256:f1130d65ffc6e641b9cc7f7f869755feea9ccc5148b50d75f8b18a369c0aa4e1
[root@localhost src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7-ansible V2 f1130d65ffc6 18 seconds ago 636 MB
centos7-ansible latest 688353a31fde 3 years ago 447 MB
[root@localhost src]#
5.通过docker save ,将新制作的镜像centos7-ansible:v2保存为一Tar包。给其它容器使用
[root@localhost src]# ls
centos6-ssh.tar centos7-ansible.tar debug kernels
[root@localhost src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7-ansible V2 f1130d65ffc6 About an hour ago 636 MB
centos7-ansible latest 688353a31fde 3 years ago 447 MB
[root@localhost src]# docker save f1130d65ffc6 > centos7-NGINX-SSH.tar
[root@localhost src]# ls
centos6-ssh.tar centos7-ansible.tar centos7-NGINX-SSH.tar debug kernels
[root@localhost src]#
其他容器通过docker load导入镜像后,需要手动启动服务。这也是docker commit制作镜像的一个缺点。