镜像与仓库
一、Docker镜像特征
1、Docker镜像特性一
容器创建时需要指定镜像,每个镜像都由唯一的标识Image ID,和容器的Container ID一样,默认128位,可以使用前16位缩略形式,也可以使用镜像名与版本号两部分组合唯一标识,如果省略版本号,默认使用最新版本标签(latest)
镜像的分层:Docker的镜像通过**联合文件系统(union filesystem)**将各层文件系统叠加在一起。
-
bootfs:用于系统引导的文件系统,包括bootloader和kernel,容器启动完成后会被卸载以节省内存资源。
-
rootfs:位于bootfs之上,表现为Docker容器的根文件系统
-
传统模式中,系统启动时,内核挂载rootfs时会首先将其挂载为“只读”模式,完整性自检完成后将其挂载为读写模式
-
Docker中,rootfs由内核挂载为“只读”模式,而后通过UFS技术挂载一个“可写”层
-
2、Docker镜像特性二
- 已有的分层只能读不能修改
- 上层镜像优先级大于底层镜像
二、DockerFile
- 容器 > 镜像 :docker commit CID -t xx.xx.xx
镜像如果可以正常运行,需要拥有工作在前台的守护进程至少一个,不然镜像启动之后会自动停止
#使用容器构造镜像
#从网易蜂巢下载基础镜像: https://c.163yun.com/hub#/home
[root@nod ~]# docker pull hub.c.163.com/public/centos:6.7-tools
#启动
[root@nod ~]# docker run --name mysql -d hub.c.163.com/public/centos:6.7-tools
#进入到容器
[root@nod ~]# docker exec -it 417e2dd943d8 /bin/bash
[root@417e2dd943d8 /]#
#在容器内部安装mysql
[root@417e2dd943d8 /]# yum install -y mysql mysql-server
#使用命令把容器生成为镜像
[root@nod ~]# docker commit 417e2dd943d8 mysql:5.6
[root@nod ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.6 b0840dd9df3a 17 seconds ago 623 MB
#使用当前镜像进行启动
[root@nod ~]# docker run --name tsmysql -d mysql:5.6
- DockerFile
DockerFile是一种被Docker程序解析的脚本,DockerFile由一条一条的指令组成,每条指令对应Linux下面的一条命令。Docker程序将这些DockerFile指令翻译真正的Linux命令。DockerFile有自己书写格式和支持的命令,Docker程序解决这些命令间的依赖关系。Docker程序将读取DockerFile,根据指令生成定制的image。最大不超过128行
生成命令:docker build -t xxx/jdk-tomcat
Dockerfile的书写规则和指令的使用方法
#注释
INSTRUCTION argument
指令忽略大小写,建议使用大写;每一行只支持一条指令,每条指令可以携带多个参数。Dockerfile的指令根据作用可以分为两种:构建指令和设置指令。
构建指令(用于构建镜像,其指定的操作不会在由镜像运行的容器上执行)
1、FROM(指定基础image)
构建指令,必须指定且需要在Dockerfile其他指令的前面。后续的指令都依赖于该指令指定的image。FROM指令指定的基础image可以是官方远程仓库中的,也可以位于本地仓库。
格式:
FROM <image>
FROM <image>:<tag>
例:
FROM centos:7.2
FROM centos
2、MAINTAINER(用来指定镜像创建者信息)
构建指令,用于将image的制作者相关的信息写入到image中,当我们对该image执行docker inspect命令时,输出中有相应的字段记录该信息。
格式:
MAINTAINER <author> "e-mail" #指定作者名和E-mail
例:
MAINTAINER www "www@163.com"
3、RUN(安装软件用)
构建指令,RUN可以运行任何被基础image执行的命令。如基础image选择了Centos,那么软件管理部分只能使用Centos的包管理命令。
格式:
RUN <command> #shell模式,以#/bin/sh -c command形式执行,如RUN echo hello
RUN ["executeable","param1","param2"……]
#exec模式,指定其他形式的shell来运行指令,如:RUN["/bin/bash","-c","echo hello"]
例:
RUN cd /tmp && curl 'http://xxx/apache-tomcat.tar.gz' (常用)
RUN ["/bin/bash","-c","echo hello"]
4、ENV(用于设置环境变量)
构建指令,在image中设置一个环境变量
格式:
ENV <key> <value>
#设置了后,后续的RUN命令都可以使用,container启动后,可以通过docker inspect查看这个环境变量,#也可以通过在docker run --env key=value时设置或修改环境变量。
例:
ENV JAVA_HOME /path/to/java/dirent
#在容器中安装了JAVA程序,需要设置JAVA_HOME
5、ADD/COPY(将本地文件或目录复制到由dockerfile构建的镜像中)
所有拷贝到container中的文件和文件夹权限为0755,uid和gid为0;如果是一个目录,
格式:
ADD <src> <dest>
#<src>:是相对被构建的源目录的相对路径,可以是文件或目录的路径,也可以是一个远程的文件url(docker不推荐,更建议使用wget或curl获取文件)
#<dest>:是container中的绝对路径
ADD ["<src>" "<dest>"] # 适用于文件路径中有空格的情况,同理有COPY的情况
COPY <src> <dest>
COPY ["<src>" "<dest>"]
例:
COPY index.html /usr/share/nginx/html/
#把当前config目录下所有文件拷贝到/config/目录下
ADD config/ /config/
ADD test1.txt test1.txt
ADD test1.txt test1.txt.bak
ADD test1.txt /mydir/
ADD data1 data1
ADD data2 data2
ADD zip.tar /myzip
有如下注意事项:
1、如果源路径是个文件,且目标路径是以 / 结尾, 则docker会把目标路径当作一个目录,会把源文件拷贝到该目录下。如果目标路径不存在,则会自动创建目标路径。
2、如果源路径是个文件,且目标路径是不是以 / 结尾,则docker会把目标路径当作一个文件。
如果目标路径不存在,会以目标路径为名创建一个文件,内容同源文件;
如果目标文件是个存在的文件,会用源文件覆盖它,当然只是内容覆盖,文件名还是目标文件名。
如果目标文件实际是个存在的目录,则会源文件拷贝到该目录下。 注意,这种情况下,最好显示的以 / 结尾,以避免混淆。
3、如果源路径是个目录,且目标路径不存在,则docker会自动以目标路径创建一个目录,把源路径目录下的文件拷贝进来。如果目标路径是个已经存在的目录,则docker会把源路径目录下的文件拷贝到该目录下。
4、如果源文件是个归档文件(压缩文件),则docker会自动帮解压。
ADD与COPY的区别:ADD指令包含类似tar的解压功能,而COPY只单纯复制文件。
设置指令(用于设置image的属性,其指定的操作将在由image运行的容器中执行)
1、CMD(设置container启动时执行的操作)
设置指令,用于container启动时指定的操作。该操作可以是执行自定义脚本,也可以是执行系统命令。该指令只能在文件中存在一次,如果有多个,则只执行最后一条。在镜像转换为容器和容器start启动时,都会执行CMD设置的指令。如果需要启动很多命令,使用&&连接,执行多命令。设置的命令通过docker ps查看,COMMAND字段显示的就是。
格式:
CMD ["executable","param1","param2"] #exec模式
CMD commad param1 param2 #shell模式
CMD ["param1","param2"]
例:
CMD echo "Hello,World!"
# docker run --name test -d repository cmd //构建容器中的CMD指令被run的cmd覆盖,不会执行
# docker run --name test -d repository //执行构建容器中的CMD指令
2、ENTRYPOINT(设置container启动时执行的操作)
设置指令,指定容器启动时执行的命令,可以多次设置,但是只有最后一个有效。
格式:
ENTRYPOINT ["executable","param1","param2"] #exec模式
ENTRYPOINT command param1 param2 #shell模式
例:
该指令的使用分两种情况,一种是独自使用,另一种和CMD指令配合使用。当独自使用时,如果你还使用了CMD命令且CMD是一个完整的可执行的命令,那么CMD指令和ENTRYPOINT会互相覆盖只有最后一个CMD或者ENTRYPOINT有效。
#CMD指令将不会被执行,只有ENTRYPOINT指令被执行
CMD echo "Hello,World!"
ENTRYPOINT ls -l
另一种用法和CMD指令配合使用来指定ENTRYPOINT的默认参数,这时CMD指令不是一个完整的可执行命令,仅仅是参数部分;ENTRYPOINT指令只能使用JSON方式指定执行命令,而不能指定参数
FROM ubuntu
CMD ["-l"]
ENTRYPOINT ["/usr/bin/ls"]
3、USER(设置container容器的用户)
设置指令,设置启动容器的用户,默认是root用户。容器启动之后需要使用其他用户执行时使用
格式:
USER user
USER uid
USER user:group
USER uid:gid
USER user:gid
USER uid:group
例:
#指定指令memcached的运行用户为daemon
ENTRYPOINT["memcached"]
USER daemon
或
USER daemon=ENTRYPOINT["memcached","-u","daemon"]
4、EXPOSE(指定容器需要映射到宿主机器的端口)
设置指令,该指令会将容器中的端口映射成宿主机器中的某个端口。当你需要访问容器的时候,可以不是用容器的IP地址而是使用宿主机器的IP地址和映射后的端口。要完成整个操作需要两个步骤,首先在Dockerfile使用EXPOSE设置需要映射的容器端口,然后在运行容器的时候指定-p选型加上EXPOSE设置的端口,这样EXPOSE设置的端口号会被随机映射成宿主机器中的一个端口号。也可以指定需要映射到宿主机器的那个端口,这时要确保宿主机器上的端口号没有被使用。EXPOSE指令可以一次设置多个端口号,相应的运行容器的时候,可以配套的多次使用-p选型。通过EXPOSE设置的端口,可通过docker ps中PORTS字段查看。
格式:
EXPOSE <port> [<port>...]
例:
#映射一个端口
EXPOSE 22
#相应的运行容器使用的命令
docker run -p port1 image
#映射多个端口
EXPOSE port1 port2 port3
#相应的运行容器使用的命令
docker run -p port1 -p port2 -p port3 image
#还可以指定需要映射到宿主机器上某个端口号
docker run -p host_port1:port1 -p host_port2:port2 -p host_port3:port3 image
5、VOLUME(指定挂载点)
设置指令,使容器中的一个目录具有持久化存储数据的功能,该目录可以被容器本身使用,也可以共享给其他容器使用。我们知道容器使用的是AUFS,这种文件系统不能持久化数据,当容器关闭后,所有的更改都会丢失。当容器中的应用有持久化数据的需求时可以在Dockerfile中使用该指令。
格式:
VOLUME ["<mountpoint>"]
例:
FROM base
VOLUME ["/tmp/data"]
6、WORKDIR(工作目录,切换目录)
设置指令,可以多次切换(相当于cd命令),对RUN,CMD,ENTRYPOINT生效
格式:
WORKDIR /path/to/workdir #一定要使用绝对路径,如果使用相对路径,那么路径会传递下去
WORKDIR a
WORKDIR b
WORKDIR c
#相当于#cd /a/b/c
例:
WORKDIR /p1 WORKDIR p2 RUN vim a.txt => RUN cd /p1/p2 && vim a.txt
7、ONBUILD(在子镜像中执行)
ONBUILD指定的命令在构建镜像时并不执行,而是在它的子镜像中执行。
格式:
ONBUILD <Dockerfile关键字>
例:
ONBUILD ADD . /app/src
ONBUILD RUN /usr/local/bin/python-build --dir /app/src
- CMD与ENTRYPOINT的区别
CMD #指定这个容器启动的时候要运行的命令,只有最后一个会生效,可被替代
ENTRYPOINT #指定这个容器启动的时候要运行的命令,可以追加命令
测试CMD
#1、编写dockerfile文件
[root@nod dockerfile]# cat dockerfile-cmd-test
FROM centos
CMD ["ls","-a"]
#2、构建镜像
[root@nod dockerfile]# docker build -f dockerfile-cmd-test -t cmdtest .
Sending build context to Docker daemon 15.87 kB
Step 1/2 : FROM centos
---> 5d0da3dc9764
Step 2/2 : CMD ls -a
---> Running in 748514e4ec7d
---> 4942d6be2fc5
Removing intermediate container 748514e4ec7d
Successfully built 4942d6be2fc5
#run运行,发现我们的ls -a命令生效
[root@nod dockerfile]# docker run 4942d6be2fc5
.
..
.dockerenv
bin
dev
etc
home
lib
lib64
lost+found
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
#想追加一个命令-l, ls -al
[root@nod dockerfile]# docker run 4942d6be2fc5 -l
container_linux.go:247: starting container process caused "exec: \"-l\": executable file not found in $PATH"
docker: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "exec: \"-l\": executable file not found in $PATH".
#cmd的情况下,-l替换了CMD ["ls","-a"]命令,-l不是命令所以报错。
[root@nod dockerfile]# docker run 4942d6be2fc5 ls -al
total 0
drwxr-xr-x 1 root root 46 Dec 5 09:15 .
drwxr-xr-x 1 root root 46 Dec 5 09:15 ..
-rwxr-xr-x 1 root root 0 Dec 5 09:15 .dockerenv
lrwxrwxrwx 1 root root 7 Nov 3 2020 bin -> usr/bin
drwxr-xr-x 5 root root 340 Dec 5 09:15 dev
drwxr-xr-x 1 root root 66 Dec 5 09:15 etc
drwxr-xr-x 2 root root 6 Nov 3 2020 home
lrwxrwxrwx 1 root root 7 Nov 3 2020 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Nov 3 2020 lib64 -> usr/lib64
drwx------ 2 root root 6 Sep 15 14:17 lost+found
drwxr-xr-x 2 root root 6 Nov 3 2020 media
drwxr-xr-x 2 root root 6 Nov 3 2020 mnt
drwxr-xr-x 2 root root 6 Nov 3 2020 opt
dr-xr-xr-x 134 root root 0 Dec 5 09:15 proc
dr-xr-x--- 2 root root 162 Sep 15 14:17 root
drwxr-xr-x 11 root root 163 Sep 15 14:17 run
lrwxrwxrwx 1 root root 8 Nov 3 2020 sbin -> usr/sbin
drwxr-xr-x 2 root root 6 Nov 3 2020 srv
dr-xr-xr-x 13 root root 0 Dec 5 09:15 sys
drwxrwxrwt 7 root root 171 Sep 15 14:17 tmp
drwxr-xr-x 12 root root 144 Sep 15 14:17 usr
drwxr-xr-x 20 root root 262 Sep 15 14:17 var
测试ENTRYPOINT
#1、编写dockerfile文件
[root@nod dockerfile]# cat dockerfile-entrypoint-test
FROM centos
ENTRYPOINT ["ls","-a"]
#2、构建镜像
[root@nod dockerfile]# docker build -f dockerfile-entrypoint-test -t myentry .
Sending build context to Docker daemon 18.43 kB
Step 1/2 : FROM centos
---> 5d0da3dc9764
Step 2/2 : ENTRYPOINT ls -a
---> Running in 1371fbe22312
---> d500c3247a80
Removing intermediate container 1371fbe22312
Successfully built d500c3247a80
#3、追加命令是直接拼接在我们的ENTRYPOINT命令后面的
[root@nod dockerfile]# docker run d500c3247a80 -l
total 0
drwxr-xr-x 1 root root 46 Dec 5 09:20 .
drwxr-xr-x 1 root root 46 Dec 5 09:20 ..
-rwxr-xr-x 1 root root 0 Dec 5 09:20 .dockerenv
lrwxrwxrwx 1 root root 7 Nov 3 2020 bin -> usr/bin
drwxr-xr-x 5 root root 340 Dec 5 09:20 dev
drwxr-xr-x 1 root root 66 Dec 5 09:20 etc
drwxr-xr-x 2 root root 6 Nov 3 2020 home
lrwxrwxrwx 1 root root 7 Nov 3 2020 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Nov 3 2020 lib64 -> usr/lib64
drwx------ 2 root root 6 Sep 15 14:17 lost+found
drwxr-xr-x 2 root root 6 Nov 3 2020 media
drwxr-xr-x 2 root root 6 Nov 3 2020 mnt
drwxr-xr-x 2 root root 6 Nov 3 2020 opt
dr-xr-xr-x 136 root root 0 Dec 5 09:20 proc
dr-xr-x--- 2 root root 162 Sep 15 14:17 root
drwxr-xr-x 11 root root 163 Sep 15 14:17 run
lrwxrwxrwx 1 root root 8 Nov 3 2020 sbin -> usr/sbin
drwxr-xr-x 2 root root 6 Nov 3 2020 srv
dr-xr-xr-x 13 root root 0 Dec 5 09:15 sys
drwxrwxrwt 7 root root 171 Sep 15 14:17 tmp
drwxr-xr-x 12 root root 144 Sep 15 14:17 usr
drwxr-xr-x 20 root root 262 Sep 15 14:17 var
Dockerfile实战
Docker Hub中99%镜像都是从这个基础镜像过来的 FROM scratch,然后配置需要的软件和配置来进行构建。
编写自己的Centos
#1、编写Dockerfile的文件
[root@nod ~]# mkdir dockerfile
[root@nod dockerfile]# vim mydockerfile-centos
[root@nod dockerfile]# cat mydockerfile-centos
FROM centos
MAINTAINER wangwc "791486420@qq.com"
ENV MYPATH /usr/local
WORKDIR $MYPATH
RUN yum -y install vim
RUN yum -y install net-tools
EXPOSE 80
CMD echo $MYPATH
CMD echo "---end-----"
CMD /bin/bash
#2、通过这个文件构建镜像
#命令 docker build -f dockerfile文件路径 -t 镜像名:[tag]
[root@nod dockerfile]# docker build -f mydockerfile-centos -t mycentos:1.0 .
Sending build context to Docker daemon 14.85 kB
Step 1/10 : FROM centos
---> 5d0da3dc9764
Step 2/10 : MAINTAINER wangwc "791486420@qq.com"
---> Running in 919643035d24
---> 878b7631faa1
Removing intermediate container 919643035d24
Step 3/10 : ENV MYPATH /usr/local
---> Running in 6b373b059cb0
---> f34494184388
Removing intermediate container 6b373b059cb0
Step 4/10 : WORKDIR $MYPATH
---> 0d4f848fe811
Removing intermediate container d1e7c136cf95
Step 5/10 : RUN yum -y install vim
---> Running in 7929cb99d1b0
CentOS Linux 8 - AppStream 736 kB/s | 8.2 MB 00:11
CentOS Linux 8 - BaseOS 1.8 MB/s | 3.5 MB 00:01
CentOS Linux 8 - Extras 6.5 kB/s | 10 kB 00:01
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vim-enhanced x86_64 2:8.0.1763-16.el8 appstream 1.4 M
Installing dependencies:
gpm-libs x86_64 1.20.7-17.el8 appstream 39 k
vim-common x86_64 2:8.0.1763-16.el8 appstream 6.3 M
vim-filesystem noarch 2:8.0.1763-16.el8 appstream 49 k
which x86_64 2.21-16.el8 baseos 49 k
Transaction Summary
================================================================================
Install 5 Packages
Total download size: 7.8 M
Installed size: 30 M
Downloading Packages:
(1/5): gpm-libs-1.20.7-17.el8.x86_64.rpm 53 kB/s | 39 kB 00:00
(2/5): vim-filesystem-8.0.1763-16.el8.noarch.rp 261 kB/s | 49 kB 00:00
(3/5): which-2.21-16.el8.x86_64.rpm 387 kB/s | 49 kB 00:00
(4/5): vim-enhanced-8.0.1763-16.el8.x86_64.rpm 676 kB/s | 1.4 MB 00:02
(5/5): vim-common-8.0.1763-16.el8.x86_64.rpm 766 kB/s | 6.3 MB 00:08
--------------------------------------------------------------------------------
Total 625 kB/s | 7.8 MB 00:12
CentOS Linux 8 - AppStream 1.6 MB/s | 1.6 kB 00:00
warning: /var/cache/dnf/appstream-02e86d1c976ab532/packages/gpm-libs-1.20.7-17.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : which-2.21-16.el8.x86_64 1/5
Installing : vim-filesystem-2:8.0.1763-16.el8.noarch 2/5
Installing : vim-common-2:8.0.1763-16.el8.x86_64 3/5
Installing : gpm-libs-1.20.7-17.el8.x86_64 4/5
Running scriptlet: gpm-libs-1.20.7-17.el8.x86_64 4/5
Installing : vim-enhanced-2:8.0.1763-16.el8.x86_64 5/5
Running scriptlet: vim-enhanced-2:8.0.1763-16.el8.x86_64 5/5
Running scriptlet: vim-common-2:8.0.1763-16.el8.x86_64 5/5
Verifying : gpm-libs-1.20.7-17.el8.x86_64 1/5
Verifying : vim-common-2:8.0.1763-16.el8.x86_64 2/5
Verifying : vim-enhanced-2:8.0.1763-16.el8.x86_64 3/5
Verifying : vim-filesystem-2:8.0.1763-16.el8.noarch 4/5
Verifying : which-2.21-16.el8.x86_64 5/5
Installed:
gpm-libs-1.20.7-17.el8.x86_64 vim-common-2:8.0.1763-16.el8.x86_64
vim-enhanced-2:8.0.1763-16.el8.x86_64 vim-filesystem-2:8.0.1763-16.el8.noarch
which-2.21-16.el8.x86_64
Complete!
---> 67dfbf14d12a
Removing intermediate container 7929cb99d1b0
Step 6/10 : RUN yum -y install net-tools
---> Running in 9526618798dd
Last metadata expiration check: 0:01:04 ago on Sun Dec 5 08:48:06 2021.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
net-tools x86_64 2.0-0.52.20160912git.el8 baseos 322 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 322 k
Installed size: 942 k
Downloading Packages:
net-tools-2.0-0.52.20160912git.el8.x86_64.rpm 1.6 MB/s | 322 kB 00:00
--------------------------------------------------------------------------------
Total 416 kB/s | 322 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : net-tools-2.0-0.52.20160912git.el8.x86_64 1/1
Running scriptlet: net-tools-2.0-0.52.20160912git.el8.x86_64 1/1
Verifying : net-tools-2.0-0.52.20160912git.el8.x86_64 1/1
Installed:
net-tools-2.0-0.52.20160912git.el8.x86_64
Complete!
---> b1a7e7a11979
Removing intermediate container 9526618798dd
Step 7/10 : EXPOSE 80
---> Running in 9ace37e3621b
---> 4740a7d8f80d
Removing intermediate container 9ace37e3621b
Step 8/10 : CMD echo $MYPATH
---> Running in bec3f5e13958
---> acc9a2ab1d65
Removing intermediate container bec3f5e13958
Step 9/10 : CMD echo "---end-----"
---> Running in f1132a8594fa
---> 19023c37cb42
Removing intermediate container f1132a8594fa
Step 10/10 : CMD /bin/bash
---> Running in 9d8fed33c8bd
---> 63a1703170ce
Removing intermediate container 9d8fed33c8bd
Successfully built 63a1703170ce
##在构建过程中,会临时生成中间运行容器
[root@nod nginx]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3a283a935748 eeb6ee3f44bd "/bin/sh -c 'yum i..." 28 seconds ago Up 14 seconds modest_haibt
#3、查看构建完成的镜像
[root@nod dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mycentos 1.0 63a1703170ce About a minute ago 310 MB
#4、测试构建的镜像
[root@nod dockerfile]# docker run -it mycentos:1.0
[root@d8a0a0a14009 local]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:acff:fe11:2 prefixlen 64 scopeid 0x20<link>
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 5 bytes 426 (426.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 516 (516.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#5、通过docker history查看镜像构建的历史
[root@nod dockerfile]# docker history 63a1703170ce
IMAGE CREATED CREATED BY SIZE COMMENT
63a1703170ce 9 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "/b... 0 B
19023c37cb42 9 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "ec... 0 B
acc9a2ab1d65 9 minutes ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "ec... 0 B
4740a7d8f80d 9 minutes ago /bin/sh -c #(nop) EXPOSE 80/tcp 0 B
b1a7e7a11979 9 minutes ago /bin/sh -c yum -y install net-tools 14.6 MB
67dfbf14d12a 9 minutes ago /bin/sh -c yum -y install vim 64 MB
0d4f848fe811 10 minutes ago /bin/sh -c #(nop) WORKDIR /usr/local 0 B
f34494184388 11 minutes ago /bin/sh -c #(nop) ENV MYPATH=/usr/local 0 B
878b7631faa1 11 minutes ago /bin/sh -c #(nop) MAINTAINER wangwc "7914... 0 B
5d0da3dc9764 2 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0 B
<missing> 2 months ago /bin/sh -c #(nop) LABEL org.label-schema.... 0 B
<missing> 2 months ago /bin/sh -c #(nop) ADD file:805cb5e15fb6e0b... 231 MB
制作tomcat镜像
1、准备镜像文件tomcat压缩包,jdk的压缩包
[root@nod dockerfile]# cd tomcat/
[root@nod tomcat]# ll
total 201736
-rw-r--r-- 1 root root 11579748 Dec 5 17:29 apache-tomcat-9.0.55.tar.gz
-rw-r--r-- 1 root root 194990602 Dec 5 17:29 jdk-8u211-linux-x64.tar.gz
2、编写dockerfile文件,官方命名Dockerfile,build会自动寻找这个文件,就不需要-f指定了。
#1、编写Dockerfile文件
[root@nod tomcat]# cat Dockerfile
FROM centos
MAINTAINER wangwch "791486420@qq.com"
COPY readme.txt /usr/local/readme.txt
ADD jdk-8u211-linux-x64.tar.gz /usr/local/
ADD apache-tomcat-9.0.55.tar.gz /usr/local/
RUN yum -y install vim
ENV MYPATH /usr/local
WORKDIR $MYPATH
ENV JAVA_HOME /usr/local/jdk1.8.0_211
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.55
ENV CATALINA_BASH /usr/local/apache-tomcat-9.0.55
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
EXPOSE 8080
CMD /usr/local/apache-tomcat-9.0.55/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.55/bin/logs/catalina.out
3、构建镜像
[root@nod tomcat]# docker build -t diytomcat .
Sending build context to Docker daemon 206.6 MB
Step 1/15 : FROM centos
---> 5d0da3dc9764
Step 2/15 : MAINTAINER wangwch "791486420@qq.com"
---> Running in 8f18b73492d1
---> bf1c5c92354f
Removing intermediate container 8f18b73492d1
Step 3/15 : COPY readme.txt /usr/local/readme.txt
---> 5a62d18066fa
Removing intermediate container 01b7550b9c4f
Step 4/15 : ADD jdk-8u211-linux-x64.tar.gz /usr/local/
Error processing tar file(exit status 1): write /jdk1.8.0_211/jre/lib/rt.jar: no space left on device
[root@nod tomcat]# docker build -t diytomcat .
Sending build context to Docker daemon 206.6 MB
Step 1/15 : FROM centos
---> 5d0da3dc9764
Step 2/15 : MAINTAINER wangwch "791486420@qq.com"
---> Using cache
---> bf1c5c92354f
Step 3/15 : COPY readme.txt /usr/local/readme.txt
---> Using cache
---> 5a62d18066fa
Step 4/15 : ADD jdk-8u211-linux-x64.tar.gz /usr/local/
---> 6b7e0b29302a
Removing intermediate container e0d0771e25db
Step 5/15 : ADD apache-tomcat-9.0.55.tar.gz /usr/local/
---> 694e98d717e9
Removing intermediate container 1c452b985900
Step 6/15 : RUN yum -y install vim
---> Running in 22327c2fbd94
CentOS Linux 8 - AppStream 2.2 MB/s | 8.2 MB 00:03
CentOS Linux 8 - BaseOS 1.2 MB/s | 3.5 MB 00:02
CentOS Linux 8 - Extras 490 B/s | 10 kB 00:21
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vim-enhanced x86_64 2:8.0.1763-16.el8 appstream 1.4 M
Installing dependencies:
gpm-libs x86_64 1.20.7-17.el8 appstream 39 k
vim-common x86_64 2:8.0.1763-16.el8 appstream 6.3 M
vim-filesystem noarch 2:8.0.1763-16.el8 appstream 49 k
which x86_64 2.21-16.el8 baseos 49 k
Transaction Summary
================================================================================
Install 5 Packages
Total download size: 7.8 M
Installed size: 30 M
Downloading Packages:
(1/5): gpm-libs-1.20.7-17.el8.x86_64.rpm 200 kB/s | 39 kB 00:00
(2/5): vim-filesystem-8.0.1763-16.el8.noarch.rp 219 kB/s | 49 kB 00:00
(3/5): which-2.21-16.el8.x86_64.rpm 198 kB/s | 49 kB 00:00
(4/5): vim-enhanced-8.0.1763-16.el8.x86_64.rpm 1.9 MB/s | 1.4 MB 00:00
(5/5): vim-common-8.0.1763-16.el8.x86_64.rpm 3.4 MB/s | 6.3 MB 00:01
--------------------------------------------------------------------------------
Total 2.2 MB/s | 7.8 MB 00:03
warning: /var/cache/dnf/appstream-02e86d1c976ab532/packages/gpm-libs-1.20.7-17.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS Linux 8 - AppStream 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : which-2.21-16.el8.x86_64 1/5
Installing : vim-filesystem-2:8.0.1763-16.el8.noarch 2/5
Installing : vim-common-2:8.0.1763-16.el8.x86_64 3/5
Installing : gpm-libs-1.20.7-17.el8.x86_64 4/5
Running scriptlet: gpm-libs-1.20.7-17.el8.x86_64 4/5
Installing : vim-enhanced-2:8.0.1763-16.el8.x86_64 5/5
Running scriptlet: vim-enhanced-2:8.0.1763-16.el8.x86_64 5/5
Running scriptlet: vim-common-2:8.0.1763-16.el8.x86_64 5/5
Verifying : gpm-libs-1.20.7-17.el8.x86_64 1/5
Verifying : vim-common-2:8.0.1763-16.el8.x86_64 2/5
Verifying : vim-enhanced-2:8.0.1763-16.el8.x86_64 3/5
Verifying : vim-filesystem-2:8.0.1763-16.el8.noarch 4/5
Verifying : which-2.21-16.el8.x86_64 5/5
Installed:
gpm-libs-1.20.7-17.el8.x86_64 vim-common-2:8.0.1763-16.el8.x86_64
vim-enhanced-2:8.0.1763-16.el8.x86_64 vim-filesystem-2:8.0.1763-16.el8.noarch
which-2.21-16.el8.x86_64
Complete!
---> 437f3353c80b
Removing intermediate container 22327c2fbd94
Step 7/15 : ENV MYPATH /usr/local
---> Running in c0a77af1e486
---> 12d64fbc8716
Removing intermediate container c0a77af1e486
Step 8/15 : WORKDIR $MYPATH
---> 4f9b2f209603
Removing intermediate container 222430f01c68
Step 9/15 : ENV JAVA_HOME /usr/local/jdk1.8.0_211
---> Running in c15a9384a2c2
---> e1834fe81ab1
Removing intermediate container c15a9384a2c2
Step 10/15 : ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
---> Running in fae4ded23d0b
---> 1ab0c608351c
Removing intermediate container fae4ded23d0b
Step 11/15 : ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.55
---> Running in 1611d44e8f39
---> 22e0f40daddc
Removing intermediate container 1611d44e8f39
Step 12/15 : ENV CATALINA_BASH /usr/local/apache-tomcat-9.0.55
---> Running in 929361c8f083
---> d93a6a83978f
Removing intermediate container 929361c8f083
Step 13/15 : ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
---> Running in a5841a781186
---> 79387fc479d3
Removing intermediate container a5841a781186
Step 14/15 : EXPOSE 8080
---> Running in 753584ca9197
---> 45f5d41e0fce
Removing intermediate container 753584ca9197
Step 15/15 : CMD /usr/local/apache-tomcat-9.0.55/bin/startup.sh && tail -F /usr/local/apache-tomcat-9.0.55/bin/logs/catalina.out
---> Running in 8cbeed72a52a
---> dc8ef19fc663
Removing intermediate container 8cbeed72a52a
Successfully built dc8ef19fc663
4、查看容器
[root@nod tomcat]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
diytomcat latest dc8ef19fc663 7 seconds ago 718 MB
5、启动容器进行测试
[root@nod tomcat]# docker run -d -p 9090:8080 --name diytomcat -v /root/dockerfile/tomcat/test:/usr/local/apache-tomcat-9.0.55/webapps/test -v /root/dockerfile/tomcat/tomcatlogs/:/usr/local/apache-tomcat-9.0.55/logs diytomcat
#访问测试
[root@nod tomcat]# curl localhost:9090
三、Docker仓库构建
1、官方仓库构建(小环境推荐)
-
仓库服务器配置
[root@nod ~]# docker run -d -v /opt/registry:/var/lib/registry -p 5000:5000 --restart=always registry #docker内部默认端口是443 #添加5000端口为安全端口 [root@nod ~]# vim /etc/docker/daemon.json { "insecure-registries":["192.168.1.102:5000"] } #重启容器 [root@nod ~]# systemctl start docker #镜像的格式:仓库地址/用户名/镜像名:版本 #修改标签 [root@nod ~]# docker tag mysql:5.6 192.168.1.102:5000/mysql:5.6 #把docker镜像推上仓库 [root@nod ~]# docker push 192.168.1.102:5000/mysql:5.6 #查看仓库中的镜像 [root@nod ~]# curl -XGET http://192.168.1.102:5000/v2/_catalog {"repositories":["mysql"]}
-
客户端配置
#修改添加信息
[root@nod ~]# vim /etc/docker/daemon.json
{
"insecure-registries":["192.168.1.102:5000"]
}
#重启docker
[root@nodc ~]# systemctl restart docker
#下载镜像
[root@nodc ~]# docker pull 192.168.1.102:5000/mysql:5.6
2、Harbor构建,在官方镜像的基础上添加了权限认证等
Harbor是由VMware公司开源的容器镜像仓库,是在Docker Registry上进行了相应企业级扩展,企业特性包括:管理用户界面,基于角色的访问控制,AD/LDAP集成以及审计日志等,足以满足基本企业需求。
组件
- harbor-adminserver 配置管理中心
- harbor-db Mysql数据库
- harbor-jobservice 负责镜像复制
- harbor-log 记录操作日志
- harbor-ui Web管理页面和API
- nginx 前端代理,负责前端页面和镜像上传、下载和转发
- redis 会话保持
- registry 镜像存储
#1、安装docker与docker-compose
curl -L "https://get.daocloud.io/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose version # 查看版本号,测试是否安装成功
#2、解压离线包部署
[root@nod ~]# tar -zxvf harbor-offline-installer-v1.9.1.tgz
harbor/harbor.v1.9.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/harbor.yml
#进入到harbor目录
[root@nod ~]# cd harbor/
[root@nod harbor]# pwd
/root/harbor
#修改配置文件harbor.yml
[root@nod harbor]# vim harbor.yml
hostname: 192.168.1.102
#执行./prepare
[root@nod harbor]# ./prepare
#执行./install.sh
[root@nod harbor]# ./install.sh
#访问,通过浏览器访问
http://192.168.1.102
用户:admin
密码:参见配置文件harbor.yml
仓库使用
#1、配置http镜像仓库可信任
[root@nod ~]# vim /etc/docker/daemon.json
{
"insecure-registries":["192.168.1.102"]
}
[root@nod ~]# systemctl daemon-reload
[root@nod ~]# systemctl restart docker
#2、打标签
[root@nod tomcat]# docker tag diytomcat:v1 192.168.1.102/library/diytomcat:v1
#3、上传
[root@nod tomcat]# docker login 192.168.1.102
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@nod tomcat]# docker push 192.168.1.102/library/diytomcat:v1
#4、下载
[root@nod tomcat]# docker pull 192.168.1.102/library/diytomcat:v1
参考:
https://www.cnblogs.com/lovezbs/p/14054256.html
https://www.cnblogs.com/wenqiangit/p/10298369.html
https://blog.csdn.net/wxy_csdn_world/article/details/116860193