Dockerfile操作指令
附加:
ADD 源文件/目录目标文件/目录作用如下
1、把这个文件从宿主系统复制到容器内部当中
2、如果这个文件时压缩包,ADD还可以直接将其解压成一个目录
VOLUME[“目录”]:目录是根目录
WORKDIR等同于cd,也区别于cd(即每次变更路径的时候都需要添加WORKDIR)
3.ENTRYPOINT 指令和CMD类似,它也是用户指定容器启动时要执行的命令,但如果dockerfile中也有CMD指令,CMD中的参数会被附加到ENTRYPOINT指令的后面。 如果这时docker run命令带了参数,这个参数会覆盖掉CMD指令的参数,并也会附加到ENTRYPOINT 指令的后面。这样当容器启动后,会执行ENTRYPOINT 指令的参数部分。可以看出,相对来说ENTRYPOINT指令优先级更高
网络报错提示
[Warning] IPv4 forwarding is disabled. Networking will not work.
解决方法:
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl -p //使其生效
service network restart
systemctl restart docker
构建SSH镜像
基础操作
[root@localhost~]#systemctl start docker
[root@localhost~]#iptables -F
[root@localhost~]#setenforce 0
创建并进入目录
[root@server1 ~]# mkdir sshd
[root@server1 ~]# cd sshd
创建Dockerfile文件
[root@server1 sshd]# vi Dockerfile
FROM centos:7 //基础镜像
MAINTAINER hello //作者信息
RUN yum -y update //更新yum源
RUN yum -y install openssh* net-tools lsof telnet passwd //安装依赖软件包 net-tools:安装之后可以使用ifconfig命令
RUN echo "123456" | passwd --stdin root //设置容器内的root用户密码
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config //正则表达式 关闭PAM认证
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key //生成密钥
RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd //注释pam登录功能
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh //创建隐藏. 目录,且授予权限
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"] //启动容器时,启动服务,以守护进程启动
生成镜像
[root@server1 sshd]# docker build -t sshd:new .
启动容器
[root@server1 sshd]# docker run -d -P sshd:new //查看容器状态,随机指定的端口为32768
457b10f1e5b71e7561f732de421cb5000ba4fcdf8fd7277e0f0f7fabb837efb7
[root@server1 sshd]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
457b10f1e5b7 sshd:new "/usr/sbin/sshd -D" 8 seconds ago Up 6 seconds 0.0.0.0:32768->22/tcp inspiring_proskuriakova
在宿主机测试容器的sshd服务,ssh登录容器
[root@server1 sshd]# ssh localhost -p 32768 #容器的映射端口
The authenticity of host '[localhost]:32768 ([::1]:32768)' can't be established.
RSA key fingerprint is SHA256:JMKdwvp2WtRqDvMYWXx1IvZ6dIPS0qOOf8nv+0rJhrA.
RSA key fingerprint is MD5:9e:d5:7a:c7:91:4b:9d:ea:e3:36:73:ea:9f:0d:a7:17.
Are you sure you want to continue connecting (yes/no)? yes
Permission denied, please try again.
root@localhost's password: 输入root的密码123456
[root@457b10f1e5b7 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
构建systemctl镜像
将其建立在sshd:new镜像之上,在sshd服务的基础上搭建,使其能再sshd服务里使用systemctl指令
创建systemctl目录,创建Dockerfile文件
mkdir systemctl
cd systemctl
vim Dockerfile
[root@server1 ~]# mkdir systemctl
[root@server1 ~]# cd systemctl/
[root@server1 systemctl]# vim Dockerfile
FROM sshd:new
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [$i == \
systemd-tmpfiles-setup.service] || rm -f $i; done);\
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*;\
rm -f /lib/systemd/system/sockets.target.wants/*udev*;\
rm -f /lib/systemd/system/sockets.target.wants/*initctl*;\
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME ["/sys/fs/cgroup"]
CMD ["/usr/sbin/init"]
附加 :/表示这句话的结束
创建镜像,运行容器
[root@server1 systemctl]# docker build -t systemd:new .
[root@server1 systemctl]# docker run --privileged -it -v /sys/fs/cgroup:/sys/fs/cgroup:ro systemd:new /sbin/init & #privileged container内的root拥有真正的root权限,否则,container内的root只是外部的一个普通用户权限
[1] 49687
[root@server1 systemctl]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
282c6c3f01a8 systemd:new "/sbin/init" About a minute ago Up About a minute 22/tcp confident
457b10f1e5b7 sshd:new "/usr/sbin/sshd -D" About an hour ago Up About an hour 0.0.0.0:32768->22/tcp inspirin
进入容器,验证
[root@server1 systemctl]# docker exec -it 282c6c3f01a8 /bin/bash
[root@282c6c3f01a8 /]# systemctl start sshd
[root@282c6c3f01a8 /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
Active: active (running) since Sun 2020-11-29 09:59:20 UTC; 16s ago
构建nginx镜像
创建nginx目录,并上传nginx压缩包,创建Dockerfile
[root@server1 ~]# mkdir nginx
[root@server1 ~]# ll
drwxr-xr-x. 2 root root 6 11月 29 18:05 nginx
[root@server1 ~]# cd nginx/
[root@server1 nginx]# vi Dockerfile
FROM centos:7
MAINTAINER xuwenyu
RUN yum -y install pcre-devel zlib-devel gcc gcc-c++ make //安装依赖包
RUN useradd -M -s /sbin/nologin nginx
ADD nginx-1.12.2.tar.gz /usr/local/src //添加并解压安装包
WORKDIR /usr/local/src/nginx-1.12.2 //进入目录编译安装
RUN ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module && make && make install
ENV PATH /usr/local/nginx/sbin:$PATH //设置环境变量
EXPOSE 80 //暴露端口 http服务
EXPOSE 443 //https加密服务端口
RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf //关闭系统守护进程,需要容器的进程启动服务,否则会冲突
ADD run.sh /run.sh //添加启动脚本
RUN chmod 755 /run.sh
CMD ["/run.sh"] //启动容器时,开启服务
创建启动脚本
[root@server1 nginx]# vi run.sh
#!/bin/bash
/usr/local/nginx/sbin/nginx
将安装包上传该路径下
[root@server1 nginx]# rz -E
rz waiting to receive.
[root@server1 nginx]# ll
总用量 968
-rw-r--r--. 1 root root 530 11月 29 18:07 Dockerfile
-rw-r--r--. 1 root root 981687 10月 14 13:46 nginx-1.12.2.tar.gz
-rw-r--r--. 1 root root 40 11月 29 18:07 run.sh
创建镜像,运行容器,查看容器状态,随机指定端口为32770
[root@server1 nginx]# docker build -t nginx:new .
[root@server1 nginx]# docker run -d -P nginx:new
2183827aefdc6bb84c1887f9df04c73d5fa8bc63313a410a28be0e1a6a4675f5
[root@server1 nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2183827aefdc nginx:new "/run.sh" 12 seconds ago Up 10 seconds 0.0.0.0:32770->80/tcp, 0.0.0.0:32769->443/tcp distracted_leavitt
282c6c3f01a8 systemd:new "/sbin/init" 26 minutes ago Up 26 minutes 22/tcp confident_heisenberg
457b10f1e5b7 sshd:new "/usr/sbin/sshd -D" 2 hours ago Up 2 hours 0.0.0.0:32768->22/tcp inspiring_proskuriakova
测试容器nginx服务状态,客户机访问20.0.0.11:32770
构建tomcat镜像
创建目录
[root@server1 ~]# mkdir tomcat
[root@server1 ~]# cd tomcat/
生成Dockerfile文件
[root@server1 tomcat]# vi Dockerfile
FROM centos:7
MAINTAINER tomcat
ADD jdk-8u91-linux-x64.tar.gz /usr/local
WORKDIR /usr/local
RUN mv jdk1.8.0_91 /usr/local/java
ENV JAVA_HOME /usr/local/java
ENV JAVA_BIN /usr/local/java/bin
ENV JRE_HOME /usr/local/java/jre
ENV PATH $PATH:/usr/local/java/bin:/usr/local/java/jre/bin
ENV CLASSPATH /usr/local/java/jre/bin:/usr/local/java/lib:/usr/local/java/jre/lib/charsets.jar
ADD apache-tomcat-8.5.16.tar.gz /usr/local
WORKDIR /usr/local
RUN mv apache-tomcat-8.5.16 /usr/local/tomcat8
EXPOSE 8080
#启动容器时,启动服务,用ENTRTPOINT,不使用CMD
#外部CMD 可以覆盖dokerfile中的cmd 而不会覆盖ENTRTPOINT
ENTRYPOINT ["/usr/local/tomcat8/bin/catalina.sh","run"]
将软件包放入同一级目录下
构建镜像
[root@server1 tomcat]# docker build -t tomcat:new .
运行容器,指定映射端口为8888,容器名为tomcat01
[root@server1 tomcat]# docker run -dit --name tomcat -p 8888:8080 tomcat:new
0448cb537aeb6f6b1d4d78946233ae29ec7ec7d197a4a80f833f381864016ca4
[root@server1 tomcat]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0448cb537aeb tomcat:new "/usr/local/tomcat8/…" 8 seconds ago Up 7 seconds 0.0.0.0:8888->8080/tcp tomcat
2183827aefdc nginx:new "/run.sh" 24 minutes ago Up 24 minutes 0.0.0.0:32770->80/tcp, 0.0.0.0:32769->443/tcp distracted_leavitt
282c6c3f01a8 systemd:new "/sbin/init" 51 minutes ago Up 51 minutes 22/tcp confident_heisenberg
457b10f1e5b7 sshd:new "/usr/sbin/sshd -D" 2 hours ago Up 2 hours 0.0.0.0:32768->22/tcp inspiring_proskuriakova
测试tomcat服务,客户机访问20.0.0.11:8888
构建mysql镜像
创建目录
[root@server1 ~]# mkdir mysql
[root@server1 ~]# cd mysql/
新建my.cnf文件
[root@server1 mysql]# vim my.cnf
[client]
port=3306
default-character-set=utf8
socket=/usr/local/mysql/mysql.sock
[mysql]
port=3306
default-character-set=utf8
socket=/usr/local/mysql/mysql.sock
[mysqld]
user=mysql
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
port=3306
character_set_server=utf8
pid-file=/usr/local/mysql/mysql.pid
socket=/usr/local/mysql/mysql.sock
server-id=1
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
[root@server1 mysql]# ll
总用量 4
-rw-r--r--. 1 root root 536 11月 30 21:16 my.cnf
生成Dockerfile文件
[root@server1 mysql]# vim Dockerfile
FROM centos:7
RUN yum -y install \
gcc \
gcc-c++ \
make \
ncurses \
ncurses-devel \
bison \
cmake
RUN useradd -s /sbin/nologin mysql
ADD mysql-boost-5.7.20.tar.gz /usr/local/src
WORKDIR /usr/local/src/mysql-5.7.20/
RUN cmake \
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
-DSYSCONFDIR=/etc \
-DSYSTEMD_PID_DIR=/usr/local/mysql \
-DDEFAULT_CHARSET=utf8 \
FROM centos:7
RUN yum -y install \
gcc \
gcc-c++ \
make \
ncurses \
ncurses-devel \
bison \
cmake
RUN useradd -s /sbin/nologin mysql
ADD mysql-boost-5.7.20.tar.gz /usr/local/src
WORKDIR /usr/local/src/mysql-5.7.20/
RUN cmake \
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
-DSYSCONFDIR=/etc \
-DSYSTEMD_PID_DIR=/usr/local/mysql \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DMYSQL_DATADIR=/usr/local/mysql/data \
-DWITH_BOOST=boost \
-DWITH_SYSTEMD=1 && make -j2 && make install
RUN chown -R mysql:mysql /usr/local/mysql/
RUN rm -rf /etc/my.cnf
ADD my.cnf /etc
RUN chown mysql:mysql /etc/my.cnf
ENV PATH=/usr/local/mysql/bin:/usr/local/mysql/lib:$PATH
WORKDIR /usr/local/mysql/
RUN bin/mysqld \
--initialize-insecure \
--user=mysql \
--basedir=/usr/local/mysql \
--datadir=/usr/local/mysql/data
RUN cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/
EXPOSE 3306
RUN echo -e "#!/bin/bash \nsystemctl enable mysqld" > /run.sh
RUN chmod 755 /run.sh
RUN sh /run.sh
CMD ["init"]
上传所需安装包
[root@server1 mysql]# rz -E
rz: 详解安装mysql5.gz removed.00e01ddfc [root@server1 mysql]# rz -E
rz waiting to receive.
[root@server1 mysql]# ll
总用量 47700
-rw-r--r--. 1 root root 1230 11月 30 21:29 Dockerfile
-rw-r--r--. 1 root root 536 11月 30 21:16 my.cnf
-rw-r--r--. 1 root root 48833145 10月 23 2017 mysql-boost-5.7.20.tar.gz
构建镜像
[root@server1 mysql]# docker build -t mysql:new .
运行镜像
[root@server1 mysql]# docker run -dit --name=mysql -P --privileged mysql:new
附加:--privileged 表示不做降权处理
0f7cf5f809ad99f03ecb6924e34769df97c005df98f70e85031af7397c90ad37
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0f7cf5f809ad mysql:new "init" 16 hours ago Up 16 hours 0.0.0.0:32768->3306/tcp mysql
查看容器状态
[root@server1 mysql]# docker exec -it 0f7cf5f809ad /bin/bash //进入容器,给授权
[root@0f7cf5f809ad mysql]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.20 Source distribution
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> grant all privileges on *.*to 'root'@'%' identified by 'abc123'; 所有主机
Query OK, 0 rows affected, 1 warning (0.02 sec)
mysql> grant all privileges on *.* to 'root'@'localhost' identified by 'abc123'; 本地终端
Query OK, 0 rows affected, 1 warning (0.00 sec)mysql> flush privileges; //刷新权限
Query OK, 0 rows affected (0.00 sec)
附加:grant sll:若用户不存在,可以直接创建
验证
退出容器后,在宿主机上进入数据库
[root@server1 docker]# yum install mariadb* -y 提供mysql终端,也可以当作服务器
[root@server1 docker]# mysql -h 20.0.0.11 -u root -P 32768 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.7.20 Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> Ctrl-C -- exit!
Aborted
MySQL [(none)]> show databases; //查看并创建数据库school,做测试
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
MySQL [(none)]> create database school;
Query OK, 1 row affected (0.01 sec)
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| school |
| sys |
+--------------------+
5 rows in set (0.00 sec)
进入容器数据库进行验证:
[root@server1 ~]# docker exec -it 0f7cf5f809ad /bin/bash
[root@0f7cf5f809ad mysql]# mysql -uroot -p
Enter password: 密码输入为abc123
mysql> show databases; //发现有数据库school生成
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| school |
| sys |
附加:仅供实验参考,生产环境不建议使用,数据库一般建立在裸金属上
4万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
