记一次dockerfile打包运行python程序
*以注册程序login为例
一、基于centos 7 打包python 3.9 images
官方镜像(需注意操作系统)
查看镜像的构建历史,从中找出操作系统痕迹。
[root@i-9d1eq6no ~]# docker images | grep python
python 3.7 2dfc79879562 8 days ago 907MB
[root@i-9d1eq6no ~]# docker history 2dfc79879562
IMAGE CREATED CREATED BY SIZE COMMENT
2dfc79879562 8 days ago /bin/sh -c #(nop) CMD ["python3"] 0B
<missing> 8 days ago /bin/sh -c set -eux; wget -O get-pip.py "$… 10.2MB
<missing> 8 days ago /bin/sh -c #(nop) ENV PYTHON_GET_PIP_SHA256… 0B
<missing> 8 days ago /bin/sh -c #(nop) ENV PYTHON_GET_PIP_URL=ht… 0B
<missing> 8 days ago /bin/sh -c #(nop) ENV PYTHON_SETUPTOOLS_VER… 0B
<missing> 8 days ago /bin/sh -c #(nop) ENV PYTHON_PIP_VERSION=22… 0B
<missing> 8 days ago /bin/sh -c set -eux; for src in idle3 pydoc… 32B
<missing> 8 days ago /bin/sh -c set -eux; wget -O python.tar.xz… 43.3MB
<missing> 8 days ago /bin/sh -c #(nop) ENV PYTHON_VERSION=3.7.16 0B
<missing> 8 days ago /bin/sh -c #(nop) ENV GPG_KEY=0D96DF4D4110E… 0B
<missing> 8 days ago /bin/sh -c set -eux; apt-get update; apt-g… 18.5MB
<missing> 8 days ago /bin/sh -c #(nop) ENV LANG=C.UTF-8 0B
<missing> 8 days ago /bin/sh -c #(nop) ENV PATH=/usr/local/bin:/… 0B
<missing> 8 days ago /bin/sh -c set -ex; apt-get update; apt-ge… 529MB
<missing> 8 days ago /bin/sh -c apt-get update && apt-get install… 152MB
<missing> 8 days ago /bin/sh -c set -ex; if ! command -v gpg > /… 19MB
<missing> 8 days ago /bin/sh -c set -eux; apt-get update; apt-g… 10.7MB
<missing> 8 days ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 8 days ago /bin/sh -c #(nop) ADD file:513c5d5e501279c21… 124MB
看到apt-get就知道是Ubuntu操作系统,这里介绍Centos操作系统,所以自己构建一个。
拉取基础镜像centos,编写dockerfile也可以拉取alpine。
[root@i-9d1eq6no ~]# docker pull centos:7
[root@i-9d1eq6no ~]# docker images | grep centos
centos 7 eeb6ee3f44bd 17 months ago 204MB
基础镜像200+M,编写dockerfile
[root@i-9d1eq6no opt]# pwd
/opt
[root@i-9d1eq6no opt]# cat > Dockerfile << EOF
FROM centos:7
WORKDIR /usr/local/python3
RUN yum -y install gcc.x86_64 gcc-c++.x86_64zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel && yum -y install vim wget && wget https://www.python.org/ftp/python/3.9.0/Python-3.9.0.tgz && tar -xf Python-3.9.0.tgz && yum clean all
WORKDIR /usr/local/python3/Python-3.9.0
RUN yum -y install gcc automake autoconf libtool make && ./configure --prefix=/usr/local/python3 && make && make install &&make clean && ln -s /usr/local/python3/bin/python3 /usr/bin/python3 && ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3 && yum clean all
CMD ['/usr/bin/python3']
EOF
docker执行打包centos-py3
[root@i-9d1eq6no opt]# docker build -t centos-py3:v1 .
[+] Building 0.0s (9/9) FINISHED
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 722B 0.0s
=> [internal] load metadata for docker.io/library/centos:7 0.0s
=> [1/5] FROM docker.io/library/centos:7 0.0s
=> CACHED [2/5] WORKDIR /usr/local/python3 0.0s
=> CACHED [3/5] RUN yum -y install gcc.x86_64 gcc-c++.x86_64zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-d 0.0s
=> CACHED [4/5] WORKDIR /usr/local/python3/Python-3.9.0 0.0s
=> CACHED [5/5] RUN yum -y install gcc automake autoconf libtool make && ./configure --prefix=/usr/local/python3 && make && make install &&make clean && 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:08b1090028ebafeb765d72d517e591b53cbedf775943ba95ddeef58bfd279bc8 0.0s
=> => naming to docker.io/library/centos-py3:v1
编译大概需要10分钟,第一次没有执行yum clean all和make clean清理缓存操作,images为1.24G,实在太大了,后面加入上述俩步操作,进行优化为791M,比官方的要小100M左右。但还有一个问题,镜像内内存占用点大,有内存洁癖的可以run起来后,执行下面操作:
#sync ; echo 3 > /proc/sys/vm/drop_caches
先前尝试把这步加入dockerfile,赋予USER为root,但运行显示drop_caches文件为read-only file system,无法执行,只能run起来后操作。
[root@i-9d1eq6no ~]# docker images | grep centos-py3
centos-py3 v1 68ebf0186e5c 20 hours ago 791MB
[root@i-9d1eq6no ~]# docker run -itd --privileged --name centos-py 68ebf0186e5c python3
[root@i-9d1eq6no ~]# docker ps | grep centos
321adcebca2f 68ebf0186e5c "python3" 1 hours ago Up 12 hours centos-py
运行需要的点:
- 更改镜像read-only file system需要给container权限 --privileged Give extended
privileges to this container - 运行是需要加入images的CMD,不然会一直会去执行/bin/bash 我这里用的python3
阿里云ACR下载
资源已上传阿里云镜像仓库,可以直接下载。
# docker pull registry.cn-hangzhou.aliyuncs.com/liukuo/centos-py3:v1
备用下载地址:
# docker pull registry-internal.cn-hangzhou.aliyuncs.com/liukuo/centos-py3:v1
二、基于centos-py3 打包python 程序
基于centos-py3:v1,编写dockerfile
[root@i-9d1eq6no login]# pwd
/root/login
[root@i-9d1eq6no ~]# tree login/
login/
├── Dockerfile
├── html
│ └── login.html
├── logs
└── src
├── config.py
├── demo.py
├── main.py
└── requirements.txt
需要记住定义的目录框架,会在dockerfile文件引用,不对会出现 error:no such file or directory
[root@i-9d1eq6no login]# cat > Dockerfile << EOF
FROM centos-py3:v1
WORKDIR /opt/login
ADD . .
RUN pip3 install -r ./src/requirements.txt
EXPOSE 8000
CMD ["python3","./src/main.py"]
EOF
1、pip需用centos-py3 images中安装的pip3,python亦是。
2、EXPOSE 暴露的端口,需要跟main程序内port值一致,,host需要定义为正确的地址,也可以不做限制(0.0.0.0:port)防止访问出现502报错。
if __name__=="__main__":
uvicorn.run(app="main:app",host="0.0.0.0",port=9990,reload=True)
docker打包login镜像
[root@i-9d1eq6no login]# docker build -t login:v1 .
[+] Building 82.0s (9/9) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 177B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/centos-py3:v1 0.0s
=> [1/4] FROM docker.io/library/centos-py3:v1 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 273B 0.0s
=> [2/4] WORKDIR /opt/login 0.0s
=> [3/4] ADD . . 0.1s
=> [4/4] RUN pip3 install -r ./src/requirements.txt 81.6s
=> exporting to image 0.3s
=> => exporting layers 0.3s
=> => writing image sha256:79e45ab2730ddb8c6f3ce23c655cb258773ba7a17a780f97d1ee1936080e2690 0.0s
=> => naming to docker.io/library/login:v1 0.0s
[root@i-9d1eq6no login]# docker images | grep login
login v1 79e45ab2730d 45 seconds ago 825MB
docker运行程序
[root@i-9d1eq6no login]# docker run -itd -p 9999:8000 --name login 79e45ab2730d
[root@i-9d1eq6no login]# docker ps | grep login
4092aa912662 79e45ab2730d "python3 ./src/main.…" 1 hours ago Up 5 hours 0.0.0.0:9999->8000/tcp, :::9999->8000/tcp login
注意点:
expose的端口值,只在容器层做了放开,运行的时候默认是bridge网络模式,宿主机也需要指定一个段=端口去docker-proxy main的程序。我在程序内指定是9999端口。
[root@i-9d1eq6no login]# netstat -anptl | grep 9999
tcp 0 0 0.0.0.0:9999 0.0.0.0:* LISTEN 30928/docker-proxy
tcp6 0 0 :::9999 :::* LISTEN 30934/docker-proxy
验证环节
验证网络是否正常,返回code小于500即可认为网络正常,这里返回404因为后端无/路由和参数为空。
[root@i-9d1eq6no login]# curl 127.0.0.1:9999 -i
HTTP/1.1 404 Not Found
date: Thu, 09 Mar 2023 15:35:53 GMT
server: uvicorn
content-length: 22
content-type: application/json
{"detail":"Not Found"}[root@i-9d1eq6no login]#
三、根据前端做页面注册功能
注意修改事项
下述html+js文件仅限于调试,可以根据后端定义的传参key,域名和path进行修改。
"http://127.0.0.1:8000/login" 替换为你的域名和路由
dataType: 'jsonp', 慎用,会影响请求method
前端demo
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js"></script>
<title>登录</title>
<!-- Import style -->
<link rel="stylesheet" href="https://unpkg.com/element-plus/dist/index.css" />
</head>
<body>
<div class="el-row">
<div class="el-col el-col-12 el-col-offset-6 is-guttered" style="margin-top: 20%">
<div class="el-card is-always-shadow box-card">
<div class="el-card__header">
<div class="card-header">
<span>注册</span>
</div>
</div>
<div class="el-card__body">
<form id="form" class="el-form el-form--default el-form--label-right">
<div class="el-form-item asterisk-left">
<label class="el-form-item__label" style="width: 80px;" for="username">用户名: </label>
<div class="el-form-item__content">
<div class="el-input">
<div class="el-input__wrapper">
<input class="el-input__inner" autocomplete="off" name="username" type="text" />
</div>
</div>
</div>
</div>
<div class="el-form-item asterisk-left">
<label class="el-form-item__label" style="width: 80px;" for="email">邮箱: </label>
<div class="el-form-item__content">
<div class="el-input">
<div class="el-input__wrapper">
<input class="el-input__inner" autocomplete="off" name="email" type="text" />
</div>
</div>
</div>
</div>
<div class="el-form-item asterisk-left">
<label class="el-form-item__label" style="width: 80px;" for="password">密码: </label>
<div class="el-form-item__content">
<div class="el-input">
<div class="el-input__wrapper">
<input class="el-input__inner" autocomplete="off" name="password" type="password" />
</div>
</div>
</div>
</div>
<div class="el-form-item asterisk-left">
<label class="el-form-item__label" style="width: 80px;" for="retry_pwd">确认密码: </label>
<div class="el-form-item__content">
<div class="el-input">
<div class="el-input__wrapper">
<input class="el-input__inner" autocomplete="off" name="retry_pwd" type="password" />
</div>
</div>
</div>
</div>
<div class="el-form-item asterisk-left">
<label class="el-form-item__label" style="width: 80px;" for="login_user">登录名: </label>
<div class="el-form-item__content">
<div class="el-input">
<div class="el-input__wrapper">
<input class="el-input__inner" autocomplete="off" name="login_user" type="text" />
</div>
</div>
</div>
</div>
<div class="el-form-item asterisk-left">
<div class="el-form-item__content" style="margin-left: 80px;">
<button class="el-button el-button--primary" aria-disabled="false" type="button" onclick="login()">
<span class="">注册</span>
</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
<script>
function login(){
console.log($('#form').serialize())
$.ajax({
type: "POST", //方法
// dataType: "json",//预期服务器返回的数据类型
url: "http://127.0.0.1:8000/login",//url
data: $('#form').serialize(),
//dataType: 'jsonp',
success: function (result) {
console.log(result); //打印服务端返回的数据(调试用)
alert("注册成功")
},
error : function() {
alert("注册异常,请检查两次密码是否一致,或者该账号已被注册!") // 异常弹窗
}
})
}
</script>
</body>
</html>
通过nginx定义两个location,一个定义前端页面访问,有ssl要求可以301至https的location,另外根据后端路由path定义一个精准匹配的location,有ssl的亦是,严格要求前端url配置path、location匹配path和后端定义path保持一致。
最后祝大家成功,有问题可以评论,一起讨论~