在使用docker的过程中,我们会不断的使用Dockerfile来构建镜像。网上的镜像虽然多,但是未必适用于自己的环境。在真正使用的过程中,要根据自己公司和团队的技术栈来构建不同的Docker镜像。日常的一些基础镜像,像是CentOS基础镜像、java环境镜像、tomcat镜像、jenkins镜像等等,都是我们平常会经常用到的,所以制作这些基础镜像,显然是有必要的。
一、构建CentOS7.6(包含SSH)
1、思路
思路其实很简单:
1)在官方镜像中安装一些自己要用的命令
2)设置镜像中的ssh密码
3)用supervisor来管理sshd进程,关于supervisor的详细介绍,可以查看我的另外一篇文章《使用supervisor管理进程》
2、文件
构建CentOS7.6镜像的时候,用到三个文件
[root@docker centos7-ssh]# ls
Dockerfile sshd.ini supervisord.conf
1)Dockerfile
# Docker for CentOS
# Base image
FROM daocloud.io/library/centos:centos7.6.1810
# Who
MAINTAINER wangchao xxx@163.com
# EPEL
RUN rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
# Base pkg
RUN yum -y install wget
RUN wget -P /etc/yum.repos.d http://mirrors.aliyun.com/repo/Centos-7.repo
RUN yum -y install vim screen lrzsz tree openssl openssh-clients openssl-devel openssh-server telnet iftop iotop sysstat wget ntpdate dos2unix lsof net-tools mtr gcc gcc-c++ cmake zip unzip supervisor git sudo psmisc && yum clean all
# For SSHD
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
RUN ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
# Set timezone
RUN rm -f /etc/localtime && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# Set root password
RUN echo "root:wangchao123" | chpasswd
# Supervisord config
ADD supervisord.conf /etc/supervisord.conf
ADD sshd.ini /etc/supervisord.d/sshd.ini
# Outside Port
EXPOSE 22
# supervisord start
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
2)supervisord.conf
[root@docker centos7-ssh]# cat supervisord.conf
; Sample supervisor config file.
;
; For more information on the config file, please see:
; http://supervisord.org/configuration.html
;
; Notes:
; - Shell expansion ("~" or "$HOME") is not supported. Environment
; variables can be expanded using this syntax: "%(ENV_HOME)s".
; - Quotes around values are not supported, except in the case of
; the environment= options as shown below.
; - Comments must have a leading space: "a=b ;comment" not "a=b;comment".
; - Command will be truncated if it looks like a config file comment, e.g.
; "command=bash -c 'foo ; bar'" will truncate to "command=bash -c 'foo ".
[unix_http_server]
file=/tmp/supervisor.sock ; the path to the socket file
;chmod=0700 ; socket file mode (default 0700)
;chown=nobody:nogroup ; socket file uid:gid owner
;username=user ; default is no username (open server)
;password=123 ; default is no password (open server)
[inet_http_server] ; inet (TCP) server disabled by default
port=0.0.0.0:9001 ; ip_address:port specifier, *:port for all iface
username=user ; default is no username (open server)
password=321 ; default is no password (open server)
[supervisord]
logfile=/tmp/supervisord.log ; main log file; default $CWD/supervisord.log
logfile_maxbytes=50MB ; max main logfile bytes b4 rotation; default 50MB
logfile_backups=10 ; # of main logfile backups; 0 means none, default 10
loglevel=info ; log level; default info; others: debug,warn,trace
pidfile=/tmp/supervisord.pid ; supervisord pidfile; default supervisord.pid
nodaemon=true ; start in foreground if true; default false
minfds=1024 ; min. avail startup file descriptors; default 1024
minprocs=200 ; min. avail process descriptors;default 200
;umask=022 ; process file creation umask; default 022
;user=chrism ; default is current user, required if root
;identifier=supervisor ; supervisord identifier, default is 'supervisor'
;directory=/tmp ; default is not to cd during start
;nocleanup=true ; don't clean up tempfiles at start; default false
;childlogdir=/tmp ; 'AUTO' child log dir, default $TEMP
;environment=KEY="value" ; key value pairs to add to environment
;strip_ansi=false ; strip ansi escape codes in logs; def. false
; The rpcinterface:supervisor section must remain in the config file for
; RPC (supervisorctl/web interface) to work. Additional interfaces may be
; added by defining them in separate [rpcinterface:x] sections.
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
; The supervisorctl section configures how supervisorctl will connect to
; supervisord. configure it match the settings in either the unix_http_server
; or inet_http_server section.
[supervisorctl]
serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
;username=chris ; should be same as in [*_http_server] if set
;password=123 ; should be same as in [*_http_server] if set
;prompt=mysupervisor ; cmd line prompt (default "supervisor")
;history_file=~/.sc_history ; use readline history if available
; The sample program section below shows all possible program subsection values.
; Create one or more 'real' program: sections to be able to control them under
; supervisor.
;[program:theprogramname]
;command=/bin/cat ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1 ; number of processes copies to start (def 1)
;directory=/tmp ; directory to cwd to before exec (def no cwd)
;umask=022 ; umask for process (default None)
;priority=999 ; the relative start priority (default 999)
;autostart=true ; start at supervisord start (default: true)
;startsecs=1 ; # of secs prog must stay up to be running (def. 1)
;startretries=3 ; max # of serial start failures when starting (default 3)
;autorestart=unexpected ; when to restart if exited after running (def: unexpected)
;exitcodes=0,2 ; 'expected' exit codes used with autorestart (default 0,2)
;stopsignal=QUIT ; signal used to kill process (default TERM)
;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false ; send stop signal to the UNIX process group (default false)
;killasgroup=false ; SIGKILL the UNIX process group (def false)
;user=chrism ; setuid to this UNIX account to run the program
;redirect_stderr=true ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10)
;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)
;stdout_events_enabled=false ; emit events on stdout writes (default false)
;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)
;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)
;stderr_events_enabled=false ; emit events on stderr writes (default false)
;environment=A="1",B="2" ; process environment additions (def no adds)
;serverurl=AUTO ; override serverurl computation (childutils)
; The sample eventlistener section below shows all possible eventlistener
; subsection values. Create one or more 'real' eventlistener: sections to be
; able to handle event notifications sent by supervisord.
;[eventlistener:theeventlistenername]
;command=/bin/eventlistener ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1 ; number of processes copies to start (def 1)
;events=EVENT ; event notif. types to subscribe to (req'd)
;buffer_size=10 ; event buffer queue size (default 10)
;directory=/tmp ; directory to cwd to before exec (def no cwd)
;umask=022 ; umask for process (default None)
;priority=-1 ; the relative start priority (default -1)
;autostart=true ; start at supervisord start (default: true)
;startsecs=1 ; # of secs prog must stay up to be running (def. 1)
;startretries=3 ; max # of serial start failures when starting (default 3)
;autorestart=unexpected ; autorestart if exited after running (def: unexpected)
;exitcodes=0,2 ; 'expected' exit codes used with autorestart (default 0,2)
;stopsignal=QUIT ; signal used to kill process (default TERM)
;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false ; send stop signal to the UNIX process group (default false)
;killasgroup=false ; SIGKILL the UNIX process group (def false)
;user=chrism ; setuid to this UNIX account to run the program
;redirect_stderr=false ; redirect_stderr=true is not allowed for eventlisteners
;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10)
;stdout_events_enabled=false ; emit events on stdout writes (default false)
;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)
;stderr_events_enabled=false ; emit events on stderr writes (default false)
;environment=A="1",B="2" ; process environment additions
;serverurl=AUTO ; override serverurl computation (childutils)
; The sample group section below shows all possible group values. Create one
; or more 'real' group: sections to create "heterogeneous" process groups.
;[group:thegroupname]
;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions
;priority=999 ; the relative start priority (default 999)
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisord.d/*.ini
3)sshd.ini
[root@docker centos7-ssh]# cat sshd.ini
[program:sshd]
command=/usr/sbin/sshd -D
process_name=%(program_name)s
autostart=true
stdout_logfile_maxbytes=100MB
stdout_logfile_backups=10
3、构建镜像
开始构建镜像,名称定义为自己私服的地址。
[root@docker centos7-ssh]# docker build -t docker.mynexus.com/myimages/centos:7.6 .
...... #中间省略n行输出
Successfully built 9a3dc3024f39
Successfully tagged docker.mynexus.com/myimages/centos:7.6
构建完成之后查看下镜像。
[root@docker centos7-ssh]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.mynexus.com/myimages/centos 7.6 9a3dc3024f39 12 seconds ago 496MB
daocloud.io/library/centos centos7.6.1810 f1cb7c7d58b7 9 months ago 202MB
把镜像推动到私服中。
[root@docker centos7-ssh]# docker push docker.mynexus.com/myimages/centos:7.6
用镜像构建容器。
[root@docker centos7-ssh]# docker run -d --name centos7-ssh-supervisor -p 3322:22 docker.mynexus.com/myimages/centos:7.6
7d56105e34c98e22076474535472f560c96c713b1fdd03262d55db1469162ebc
[root@docker centos7-ssh]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d56105e34c9 docker.mynexus.com/myimages/centos:7.6 "/usr/bin/supervisor…" About a minute ago Up About a minute 0.0.0.0:3322->22/tcp centos7-ssh-supervisor
使用ssh连接容器
[root@docker centos7-ssh]# ssh root@192.168.0.151 -p 3322
root@192.168.0.151's password:
Last login: Wed Jan 8 08:10:11 2020 from 192.168.0.151
[root@4c69dc480eeb ~]#
可以看到,顺利地连接上了这个刚构建的容器。
二、构建jdk镜像
1、思路
思路其实很简单:在上面构建好的CentOS7.6镜像的基础上,再加一个jdk即可。
2、文件
一共用到两个文件
[root@docker jdk1.8]# ls
Dockerfile jdk-8u202-linux-x64.tar.gz
1)Dockerfile
# Docker for Jdk
# Base image
FROM docker.mynexus.com/myimages/centos:7.6
# Who
MAINTAINER wangchao xxx@163.com
# Install JAVA
ADD jdk-8u202-linux-x64.tar.gz /usr/local/
# JAVA_HOME
ENV JAVA_HOME /usr/local/jdk1.8.0_202
ENV PATH $PATH:$JAVA_HOME/bin
# Outside Port
EXPOSE 22
# supervisord start
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
2)jdk压缩包
去jdk官网下载就行。
3、构建镜像
构建镜像
[root@docker jdk1.8]# docker build -t docker.mynexus.com/myimages/jdk:1.8 .
...... #中间省略n行输出
Successfully built 1d56be97ef09
Successfully tagged docker.mynexus.com/myimages/jdk:1.8
用镜像构建容器并验证
[root@docker jdk1.8]# docker run -d --name centos7-jdk -p 4422:22 docker.mynexus.com/myimages/jdk:1.8
0347886dc9a38f26102f885e93d5c5ac350a5180b90a72c024884174ba2792c7
[root@docker jdk1.8]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0347886dc9a3 docker.mynexus.com/myimages/jdk:1.8 "/usr/bin/supervisor…" 11 seconds ago Up 10 seconds 0.0.0.0:4422->22/tcp centos7-jdk
[root@docker jdk1.8]# docker exec -it centos7-jdk bash
[root@0347886dc9a3 yum.repos.d]# java -version
java version "1.8.0_202"
Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)
三、构建tomcat镜像
1、思路
思路很简单:在上面构建好的jdk镜像的基础上,再加一个tomcat就行。
2、文件
需要三个文件。
[root@docker tomcat]# ls
Dockerfile tomcat8.5.38.tar.gz tomcat.ini
1)Dockerfile
[root@docker tomcat]# cat Dockerfile
# Docker for CentOS
# Base image
FROM docker.mynexus.com/myimages/jdk:1.8
# Who
MAINTAINER wangchao xxx@163.com
# Tomcat
ADD tomcat8.5.38.tar.gz /usr/local/
ADD tomcat.ini /etc/supervisord.d/tomcat.ini
ENV TOMCAT_HOME /usr/local/tomcat
# Outside Port
EXPOSE 22 8080
# supervisord start
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
2)tomcat.ini
[root@docker tomcat]# cat tomcat.ini
[program:tomcat]
command=/usr/local/tomcat/bin/catalina.sh run
stdout_logfile=/usr/local/tomcat/logs/catalina.out
stderr_logfile=/usr/local/tomcat/logs/catalina.out
environment=JAVA_HOME="/usr/local/jdk1.8.0_202",JAVA_BIN="/usr/local/jdk1.8.0_202/bin"
autorestart=false
startsecs=30
priority=1
stopasgroup=true
killasgroup=true
3)tomcat软件包
去官网下载即可,当然最好是已经做好调优的。
3、构建镜像
构建镜像
[root@docker tomcat]# docker build -t docker.mynexus.com/myimages/tomcat:8.5 .
...... #中间省略n行输出
Successfully built d7dcd3f88433
Successfully tagged docker.mynexus.com/myimages/tomcat:8.5
用镜像构建容器并验证
[root@docker tomcat]# docker run -d --name centos7-tomcat -p 8080:8080 -p 5522:22 docker.mynexus.com/myimages/tomcat:8.5
b01b167aec586f6794bd992403c551730661f3af76ff50781b3263214ee43e16
[root@docker tomcat]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b01b167aec58 docker.mynexus.com/myimages/tomcat:8.5 "/usr/bin/supervisor…" About a minute ago Up About a minute 0.0.0.0:8080->8080/tcp, 0.0.0.0:5522->22/tcp centos7-tomcat
[root@docker tomcat]# ssh root@192.168.0.151 -p 5522
root@192.168.0.151's password:
[root@b01b167aec58 ~]# supervisorctl status tomcat
tomcat RUNNING pid 8, uptime 0:03:53
四、构建Jenkins镜像
1、思路
思路:直接将war包放到tomcat目录下。
2、文件
需要三个文件。
[root@docker jenkins]# ls
apache-maven-3.6.1-bin.tar.gz Dockerfile ROOT.war
apache-maven-3.6.1-bin.tar.gz为maven的压缩包,ROOT.war是Jenkins的war包,版本为2.213。
1)Dockerfile
[root@docker jenkins]# cat Dockerfile
# Docker for CentOS
# Base image
FROM docker.mynexus.com/myimages/tomcat:8.5
# Who
MAINTAINER wangchao xxx@163.com
# Maven
ADD apache-maven-3.6.1-bin.tar.gz /usr/local/
# Jenkins
ADD ROOT.war /usr/local/tomcat/webapps/
# ENV
ENV JAVA_HOME /usr/local/jdk1.8.0_202
ENV MAVEN_HOME /usr/local/apache-maven-3.6.1
ENV JENKINS_HOME /home/.jenkins
ENV PATH $PATH:$JAVA_HOME/bin:$MAVEN_HOME/bin
# Outside Port
EXPOSE 22 8080
# supervisord start
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
3、构建镜像
构建镜像
[root@docker jenkins]# docker build -t docker.mynexus.com/myimages/jenkins:2.213 .
...... #中间省略n行输出
Successfully built b7692f1a5dea
Successfully tagged docker.mynexus.com/myimages/jenkins:2.213
启动
[root@docker home]# docker run -d -p 6622:22 -p 9080:8080 --name jenkins -v /home/.jenkins:/home/.jenkins -v /usr/bin/docker:/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock docker.mynexus.com/myimages/jenkins:2.213
1d4d28476edc698bf2e760230a876f48062669264700c2b38478942ba8657525
这样将宿主机的目录挂载到容器中,即使这个jenkins容器在运行的过程中挂了,但是数据还是在的,重启之后,还是可以放心店的使用的。
启动之后,浏览器访问下
这个页面我们再熟悉不过了,很简单,直接去容器中获取密码
[root@docker home]# docker exec -it jenkins bash
[root@1d4d28476edc yum.repos.d]# cat /home/.jenkins/secrets/initialAdminPassword
58a9cb4da94a491989381a9c62d6b7b7
耐心等待,等安装完插件之后,我们把这个容器重新提交成为镜像,这样下次就可以拿来直接用了,不用再花时间进行安装了插件了。
安装完插件之后,我们点击"使用admin账户继续",等之后再设置admin的密码。
OK,进来了,这个时候我们去修改下admin的密码为admin123,改好密码之后,这时候我们重新提交成为镜像。以后可以直接用这个镜像,登录用户名密码为admin/admin123。
获取Container ID
[root@docker home]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1d4d28476edc docker.mynexus.com/myimages/jenkins:2.213 "/usr/bin/supervisor…" 35 minutes ago Up 35 minutes 0.0.0.0:6622->22/tcp, 0.0.0.0:9080->8080/tcp jenkins
提交新的镜像
[root@docker home]# docker commit -m "jenkins login" 1d4d28476edc docker.mynexus.com/myimages/jenkins:2.213-login
sha256:0ceb3de8ca91c9483c9dbd33b427ffab7f4a198eb2350f04903ef4390aad31f6
哈哈,现在可以直接使用的Jenkins镜像诞生了,赶紧来创建一个容器。
[root@docker home]# docker run -d -p 7722:22 -p 9180:8080 --name jenkins-login -v /home/.jenkins:/home/.jenkins -v /usr/bin/docker:/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock docker.mynexus.com/myimages/jenkins:2.213-login
ae99786b0e94c13d7487a09e2bdc99540cd300cbe89dd5f47a2d6d23a259daef
访问Jenkins容器,用admin/admin123进行登录。
把镜像push到私服中,以后可以直接用
[root@docker home]# docker push docker.mynexus.com/myimages/jenkins:2.213-login
参考文章:
http://k8s.unixhot.com/docker/docker-image.html#app-jenkins
http://www.eryajf.net/2030.html
扫一扫
324
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
