目录
- Dockerfile操作指令
- 一、构建SSH镜像
- 二、构建Systemctl镜像
- 三、构建nginx镜像
- 四、构建Tomcat镜像
Dockerfile操作指令
Dockerfile是由一组指令组成的文件
Dockerfile结构四部分
● 基础镜像信息
● 维护者信息
● 镜像操作指令
● 容器启动时执行指令
Dockerfile每行支持一条指令,每条指令可携带多个参数,支持使用以"#"号开头的注释
指令 | 说明 |
FROM 镜像 | 指定新镜像所基于的镜像,第一条指令必须为FROM指令,每创建一个镜像就需要一条FROM指令 |
MAINTAINER 名字 | 说明新镜像的维护人信息 |
RUN 命令 | 在所基于的镜像上执行命令,并提交到新的镜像中 |
CMD [“要运行的程序”,“参数1”,“参数2 ”] | 指令启动容器时要运行的命令或者脚本,Dockerfile只能由一条CMD命令,如果指定多条则只能最后一条被执行 |
EXPOSE 端口号 | 指定新镜像加载到Docker时要开启的端口 |
ENV 环境变量 变量值 | 设置一个环境变量的值,会被后面的RUN使用 |
ADD 源文件/目录 目标文件/目录 | 将源文件复制到目标文件,源文件要与Dockerfile位于相同目录中,或者是一个URL |
COPY 源文件/目录 目标文件/目录 | 将本地主机上的文件/目录复制到目标地点,源文件/目录要与Dockerfile在相同的目录中 |
VOLUME [“目录”] | 在容器中创建一个挂载点 |
USER 用户名/UID | 指定运行容器时的用户 |
WORKDIR 路径 | 为后续的RUN、CMD、ENTRYPOINT指定工作目录 |
ONBUILD 命令 | 指定所生成的镜像作为一个基础镜像时所要运行的命令 |
HEALTHCHECK | 健康检查 |
一、构建SSH镜像
[root@localhost ~]# mkdir sshd
[root@localhost ~]# cd sshd/
[root@localhost sshd]# vim Dockerfile
FROM centos:7
MAINTAINER This is zhangsan project
RUN yum -y update
RUN yum -y install openssh* net-tools lsof telnet passwd
RUN echo '123456' | passwd --stdin root
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
:wq
● 生成镜像
[root@localhost sshd]# docker build -t sshd:new .#注意末尾有" ."
[root@localhost sshd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd new 09147906d0d9 8 minutes ago 540MB
centos 7 8652b9f0cb4c 2 weeks ago 204MB
● 启动容器并输入root密码
[root@localhost sshd]# docker run -d -P sshd:new
bb848e56f665c2586dc54235731f073882fc490447c107271c79de188a677b9f
[root@localhost sshd]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bb848e56f665 sshd:new "/usr/sbin/sshd -D" 28 seconds ago Up 27 seconds 0.0.0.0:32768->22/tcp crazy_kepler
[root@localhost sshd]# ssh localhost -p 32768
The authenticity of host '[localhost]:32768 ([::1]:32768)' can't be established.
RSA key fingerprint is SHA256:CbTXXBRXZ0vdQ1xqPMD3qfFi08wuAuWGRxt5eJex95I.
RSA key fingerprint is MD5:72:b7:bc:09:ba:46:57:cc:8d:92:31:0d:54:db:ec:7b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:32768' (RSA) to the list of known hosts.
root@localhost's password: #输入刚才设置的密码123456
[root@bb848e56f665 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 115 bytes 11767 (11.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 71 bytes 9363 (9.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
二、构建Systemctl镜像
[root@localhost ~]# mkdir systemctl
[root@localhost ~]# cd systemctl/
[root@localhost systemctl]# vim Dockerfile
FROM sshd:new
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
● 生成镜像
[root@localhost systemctl]# docker build -t systemd:new .#注意末尾有" ."
[root@localhost systemctl]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
systemd new 0c593615b26f 4 hours ago 540MB
● 新镜像运行容器
#pricateged container内的root拥有真正的root权限。否则,container内的root只是外部的一个普通用户权限
[root@localhost systemctl]# docker run --privileged -it -v /sys/fs/cgroup:/sys/fs/cgroup:ro systemd:new /sbin/init &
[1] 50771
[root@localhost systemctl]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c5ce1b2b9910 systemd:new "/sbin/init" 54 seconds ago Up 51 seconds 22/tcp inspiring_jang
bb848e56f665 sshd:new "/usr/sbin/sshd -D" 33 minutes ago Up 33 minutes 0.0.0.0:32768->22/tcp crazy_kepler
● 进入容器并验证
[root@localhost systemctl]# docker exec -it c5ce1b2b9910 bash
[root@c5ce1b2b9910 /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:sshd(8)
man:sshd_config(5)
[root@c5ce1b2b9910 /]# systemctl start sshd
[root@c5ce1b2b9910 /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2020-11-28 03:57:59 UTC; 2s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 51 (sshd)
CGroup: /docker/c5ce1b2b9910e5a5ca96e22f0b605279ff4ad649988f15197a61dfc6620d568d/system.slice/sshd.service
└─51 /usr/sbin/sshd -D
Nov 28 03:57:59 c5ce1b2b9910 systemd[1]: Starting OpenSSH server daemon...
Nov 28 03:57:59 c5ce1b2b9910 sshd[51]: WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several problems.
Nov 28 03:57:59 c5ce1b2b9910 sshd[51]: Server listening on 0.0.0.0 port 22.
Nov 28 03:57:59 c5ce1b2b9910 sshd[51]: Server listening on :: port 22.
Nov 28 03:57:59 c5ce1b2b9910 systemd[1]: Started OpenSSH server daemon.
三、构建nginx镜像
[root@localhost ~]# mkdir nginx
[root@localhost ~]# cd nginx/
[root@localhost nginx]# ls
[root@localhost nginx]# vim Dockerfile
#基于基础镜像
FROM centos:7
#用户信息
MAINTAINER this is nginx image <zhangsan>
#添加环境包
RUN yum -y update
RUN yum -y install pcre-devel zlib-devel gcc gcc-c++ make
#下载nginx软件包
RUN useradd -M -s /sbin/nologin nginx
ADD nginx-1.12.2.tar.gz /usr/local/src
WORKDIR /usr/local/src
#指定工作目录
WORKDIR nginx-1.12.2
RUN ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module && make install
ENV PATH /usr/local/nginx/sbin:$PATH
#指定http和https端口
EXPOSE 80
EXPOSE 443
#需要关闭nginx的守护进程,否则会和容器的守护进程冲突
RUN echo "daemon off;">>/usr/local/nginx/conf/nginx.conf
#添加宿主机中run.sh到容器中
ADD run.sh /run.sh
RUN chmod 755 /run.sh
CMD ["/run.sh"]
:wq
[root@localhost nginx]# vim run.sh
#!/bin/bash
/usr/local/nginx/sbin/nginx
● 拷贝nginx-1.12.2源码包到nginx/中
[root@localhost nginx]# ls
Dockerfile nginx-1.12.2.tar.gz run.sh
● 生成镜像
[root@localhost nginx]# docker build -t nginx:new .
[root@localhost nginx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx new 8838723ab010 About a minute ago 537MB
● 新镜像运行容器
[root@localhost nginx]# docker run -d -P nginx:new
6807251bd3bce61891963f448d805a0b119476d1c8f1dec4d41219878a84ea6f
[root@localhost nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6807251bd3bc nginx:new "/run.sh" 5 seconds ago Up 4 seconds 0.0.0.0:32770->80/tcp, 0.0.0.0:32769->443/tcp recursing_elbakyan
● 测试
四、构建Tomcat镜像
[root@localhost ~]# mkdir /opt/tomcat
[root@localhost ~]# cd /opt/tomcat/
[root@localhost tomcat]# ls
[root@localhost tomcat]# vim Dockerfile
FROM centos:7
MAINTAINER this is tomcat image <zhangsan>
ADD jdk-8u91-linux-x64.tar.gz /usr/local
WORKDIR /usr/local/
RUN mv jdk1.8.0_91 /usr/local/java
ENV JAVA_HOME /usr/local/java
ENV JAVA_BIN /usr/local/java/bin
ENV JRE_HOME /usr/local/java/jre
ENV PATH $PATH:/usr/local/java/bin:/usr/local/java/jre/bin
ENV CLASSPATH /usr/local/java/jre/bin:/usr/local/java/lib:/usr/local/java/jre/lib/charsets.jar
ADD apache-tomcat-8.5.16.tar.gz /usr/local
WORKDIR /usr/local/
RUN mv apache-tomcat-8.5.16 /usr/local/tomcat8
EXPOSE 8080
#CMD ["/usr/local/tomcat8/bin/catalina.sh","run"]
ENTRYPOINT ["/usr/local/tomcat8/bin/catalina.sh","run"]
:wq
● 拷贝jdk-8u91-linux-x64.tar.gz和apache-tomcat-8.5.16.tar.gz到/opt/tomcat下
[root@localhost tomcat]# ls
apache-tomcat-8.5.16.tar.gz Dockerfile jdk-8u91-linux-x64.tar.gz
● 生成镜像
[root@localhost tomcat]# docker build -t tomcat:new .#注意末尾有" .
● 新镜像运行容器
[root@localhost tomcat]# docker run -d --name tomcat01 -p 1216:8080 tomcat:new
e0c2de2aac76e71d543ff4b918d74b896b9db54bacc3487e3695fea2192dee31
[root@localhost tomcat]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e0c2de2aac76 tomcat:new "/usr/local/tomcat8/…" 32 seconds ago Up 31 seconds 0.0.0.0:1216->8080/tcp tomcat01
● 测验