用Dockerfile创建ssh,apache和nginx镜像,并优化nginx镜像
[[email protected] opt]# docker ps # 查看正在运行的容器
[[email protected] opt]# docker rm vm1 # 删除正在使用的容器,不能删除
[[email protected] opt]# docker rm -f vm1 # 必须强制删除
vm1
1.创建apache镜像
[[email protected] opt]# pwd
/opt
[[email protected] opt]# mkdir docker
[[email protected] docker]# cd /var/www/html/images/
[[email protected] images]# docker load -i rhel7.tar
[[email protected] images]# docker run -it --name rhel7 bash
bash-4.2# yum repolist # 没有可用的yum源
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
repolist: 0
bash-4.2# cd /etc/yum.repos.d/
bash-4.2# ls
rhel7.repo
bash-4.2# vi dvd.repo # 我们自己编写一个yum源
[dvd]
name=rhel7.3
baseurl=http://172.25.254.78/rhel7.3
gpgcheck=0
bash-4.2# yum repolist
[[email protected] images]# cd /opt/docker/
[[email protected] docker]# vim dvd.repo
[dvd]
name=rhel7.3
baseurl=http://172.25.254.78/rhel7.3
gpgcheck=0
[[email protected] docker]# vim Dockerfile
FROM rhel7 # 指定从哪个镜像构建,如果指定的镜像没有,会自动从互联网上下载
COPY dvd.repo /etc/yum.repos.d
RUN yum install -y httpd # 在容器内运行指令(构建时)
EXPOSE 80 # 暴露端口号
CMD ["/usr/sbin/httpd","-D","FOREGROUND"] # 指定默认httpd的容器主进程的启动命令
[[email protected] docker]# docker build -t rhel7:v1 . # 开始构建,有报错
[[email protected] docker]# vim Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
RUN rpmdb --rebuilddb && yum install -y httpd
EXPOSE 80
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
[[email protected] docker]# docker build -t rhel7:v1 . # 在当前路径下重新构建
[[email protected] docker]# docker run -d --name vm2 rhel7:v1
e7dc139b3069f2999fef0e4346a14d04c6fde624980e13a878d4168fbe6e4030
[[email protected] docker]# docker ps
[[email protected] docker]# vim index.html
<h1>www.westos.org --apache</h1>
[[email protected] docker]# docker container cp index.html vm2:/var/www/html
[[email protected] docker]# docker inspect vm2 # 查看ip
# 测试,访问到发布目录里的内容就说明搭建成功
[[email protected] docker]# curl 172.17.0.3
<h1>www.westos.org --apache</h1>
# 申明数据卷
[[email protected] docker]# pwd
/opt/docker
[[email protected] docker]# vim Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
RUN rpmdb --rebuilddb && yum install -y httpd
VOLUME ["/var/www/html"]
EXPOSE 80
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
[[email protected] docker]# docker build -t rhel7:v2 . # 重新构建,因为刚才构建过一次,所以这次的构建大部分都是从缓存中获得
# 比较v1和v2
[[email protected] docker]# docker history rhel7:v1
[[email protected] docker]# docker history rhel7:v2
[[email protected] docker]# mkdir webdata
[[email protected] docker]# mv index.html webdata/
[[email protected] docker]# ls
Dockerfile dvd.repo webdata
[[email protected] docker]# docker rm -f vm1
vm1
[[email protected] docker]# docker run -d --name vm1 -v /opt/docker/webdata/:/var/www.html rhel7:v2 # 挂载数据卷,-v 物理路经:容器路径
87452d5927a922365ad32abae633b89434ef754c445f6f09400f72920c165b61
[[email protected] docker]# docker inspect vm1
[[email protected] docker]# cd /var/lib/docker/volumes/40f414f8485f9cc59a346ec6fa2a16306906af289fb88e796e0d932db5bb5da7/_data # 切换到vm1的默认数据目录中,编写默认发布文件
[[email protected] _data]# ls
[[email protected] _data]# cp /opt/docker/webdata/index.html .
[[email protected] _data]# ls
index.html
# 测试
[[email protected] _data]# curl 172.17.0.2
<h1>www.westos.org --apache</h1>
2.比较CMD与ENTRYPOINT
(1)比较shell格式和exec格式
[[email protected] test]# cd /var/www/html/images/
[[email protected] images]# ls
busybox.tar centos.tar demo.tar game2048.tar nginx.tar rhel7.tar ubuntu.tar
[[email protected] images]# docker load -i busybox.tar
[[email protected] images]# cd /opt/docker/
[[email protected] docker]# mkdir test
[[email protected] docker]# cd test/
# 1.用shell格式直接编写
[[email protected] test]# vim Dockerfile
FROM busybox
ENV name world
CMD echo "hello, $name"
[[email protected] test]# docker build -t busybox:v1 . # 构建容器
[[email protected] test]# docker run --rm busybox:v1 # 运行容器,解析name变量
hello, world
# 2.用exec格式编写
[[email protected] test]# vim Dockerfile
FROM busybox
ENV name world
CMD ["/bin/echo", "hello, $name"]
[[email protected] test]# docker build -t busybox:v2 .
[[email protected] test]# docker run --rm busybox:v2 # 不会解析变量
hello, $name
# 3.exec格式下解析变量
[[email protected] test]# vim Dockerfile
FROM busybox
ENV name world
CMD ["/bin/sh","-c", "echo hello, $name"]
[[email protected] test]# docker build -t busybox:v3 .
[[email protected] test]# docker run --rm busybox:v3
hello, world
(2)比较CMD和ENTRYPOINT
[[email protected] test]# vim Dockerfile
FROM busybox
ENTRYPOINT ["/bin/echo", "hello"]
CMD ["world"]
[[email protected] test]# docker build -t busybox:v4 .
[[email protected] test]# docker run --rm busybox:v4
hello world
[[email protected] test]# docker run --rm busybox:v4 westos # 当shell后面有名称时,直接会覆盖掉CMD的输出内容
hello westos
3.创建ssh镜像
[[email protected] test]# cd ..
[[email protected] docker]# docker rmi rhel7:v2
[[email protected] docker]# docker rm -f vm2
[[email protected] docker]# mkdir ssh
[[email protected] docker]# cp dvd.repo ssh/
[[email protected] docker]# cd ssh/
[[email protected] ssh]# vim Dockerfile
FROM rhel7
EXPOSE 80
COPY dvd.repo /etc/yum.repos.d
RUN rpmdb --rebuilddb && yum install -y openssh-server openssh-clients && yum clean all && ssh-****** -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N “” && ssh-****** -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N “” && ssh-****** -q -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N “” && echo root:redhat | chpasswd
CMD ["/usr/sbin/sshd","-D"]
[[email protected] ssh]# docker build -t rhel7:v2 .
[[email protected] ssh]# docker run -d --name vm2 rhel7:v2
[[email protected] ssh]# docker inspect vm2
[[email protected] ssh]# ssh 172.17.0.3 # 登录成功,说明ssh镜像搭建成功
-bash-4.2# ls
anaconda-ks.cfg
4.搭建nginx镜像
[[email protected] ssh]# cd ..
[[email protected] docker]# pwd
/opt/docker
[[email protected] docker]# ls
Dockerfile dvd.repo nginx-1.15.6.tar.gz test webdata
[[email protected] docker]# vim Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
RUN yum install -y gcc pcre-devel zlib-devel make # 下载依赖包
ADD nginx-1.15.6.tar.gz /mnt # ADD可以自解压
WORKDIR /mnt/nginx-1.15.6 # WORKDIR,定义,相当于切换路径
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc # 关闭debug日志
RUN ./configure --prefix=/usr/local/nginx
RUN make
RUN make install
VOLUME ["/usr/local/nginx/html"] # 数据卷位置
EXPOSE 80 # 暴露端口
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
[[email protected] docker]# docker build -t rhel7:v3 .
[[email protected] docker]# docker stop vm1
vm1
[[email protected] docker]# docker stop vm2
vm2
[[email protected] docker]# docker run -d --name nginx rhel7:v3
21a77f73c62102a878610bb13322c15ee4d397bdcc49bd8d22aece91456368c3
[[email protected] docker]# docker inspect nginx # 查看id以及数据目录
[[email protected] docker]# cd /var/lib/docker/volumes/76479ee4c23d36b62f36c85371b7a71d32f7384988b1d56419fb1689a331c4eb/_data # 进入到数据目录中
[[email protected] _data]# ls
50x.html index.html
[[email protected] _data]# vim index.html # 编写默认发布目录
<h1>www.westos.org --nginx</h1>
# 测试
[[email protected] docker]# docker images rhel7
[[email protected] docker]# docker rmi -f rhel7:v1
[[email protected] docker]# docker rmi -f rhel7:v2
[[email protected] docker]# docker images rhel7 # 只保留了nginx镜像
4.优化nginx镜像
(1)尽可能减少层数,清理一下输出
[[email protected] docker]# vim Dockerfile # 尽可能减少层数,清理一下输出
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
ADD nginx-1.15.6.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.6
RUN yum install -y gcc pcre-devel zlib-devel make && yum clean all && sed -i ‘s/CFLAGS="$ CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g’ auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && rm -fr /mnt/nginx-1.15.6
VOLUME ["/usr/local/nginx/html"]
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx","-g",“daemon off;”]
[[email protected] docker]# docker build -t rhel7:v4 . # 重新构建
[[email protected] docker]# docker images rhel7
(2)继续优化,分阶段构建
[[email protected] docker]# vim Dockerfile
FROM rhel7 as build
COPY dvd.repo /etc/yum.repos.d
ADD nginx-1.15.6.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.6
RUN yum install -y gcc pcre-devel zlib-devel make && yum clean all && sed -i 's/CFLAGS=" $ CFLAGS -g “/ #CFLAGS=”$CFLAGS -g"/g ’ auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && rm -fr /mnt/nginx-1.15.6
FROM rhel7
COPY --from=build /usr/local/nginx /usr/local/nginx
VOLUME ["/usr/local/nginx/html"]
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx","-g",“daemon off;”]
[[email protected] docker]# docker build -t rhel7:v5 .
[[email protected] docker]# docker images rhel7
[[email protected] docker]# cd test/
[[email protected] test]# vim Dockerfile # 从官方nginx库里把nginx全部分离
FROM nginx as base
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARG Asia/shanghai # 修改时区
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base
COPY --from=base /opt /
EXPOSE 80
ENTRYPOINT ["nginx", "-g", "daemon off;"]
[[email protected] test]# docker build -t rhel7:v6 . # 构建失败,原因正在排查中