文章目录
前言
一:使用Dockerfile构建镜像
1.1:Dockerfile常用命令解释
-
指令 含义 FROM 镜像 指定新镜像所基于的镜像,第一条指令必须为FROM指令, 每创建一个镜像就需要一条FROM指令 MAINTAINER 名字 说明新镜像的维护人信息 RUN 命令 在所基于的镜像执行命令,并提交到新的镜像中 CMD [ “要运行的程序”,“参数1”,“参数2”] 指令启动容器时要运行的命令或者脚本,Dockerfile只能 有一条CMD命令,如果指定多条则只能执行最后一条 EXPOSE 端口号 指定新镜像加载到Docker时要开启的端口 ENV 环境变量 变量值 设置一个环境变量的值,会被后面的RUN使用 ADD 源文件/目录 目标文件/目录 将源文件复制到目标文件,源文件要与Dockerfile位于 相同目录中,或者是一个URL COPY 源文件/目录 目标文件/目录 将本地主机上的文件/目录复制到目标地点,源文件/目录 要与Dockerfile在相同的目录中 VOLUME [“目录”] 在容器中创建一个挂载点 USER 用户名/UID 指定运行容器时的用户 WORKDIR 路径 为后续的RUN、CMD、ENTRYPOINT指定工作目录 ONBUILD 命令 指定所生成的镜像作为一个基础镜像时所要运行的命令 HEALTHCHECK 健康检查
1.2:构建SSHD镜像
-
我们下载一个centos:7的镜像,进去发现无法使用sshd服务,我们需要手工添加
-
1、创建目录,编写Dockerfile文件
[root@docker ~]# mkdir /sshd [root@docker ~]# cd /sshd [root@docker sshd]# vim Dockerfile FROM centos:7 '//指定基础镜像' MAINTAINER build image sshd <tang> '//描述信息' RUN yum -y update '//更新容器yum源' RUN yum -y install openssh* net-tools lsof telnet passwd '//部署环境工具' RUN echo "123123" | passwd --stdin root '//设置root登录密码' RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config '//禁用ssh中的pam验证' RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key '//创建非对称密钥,并指定文件路径' RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/ s/^/#/' /etc/pam.d/sshd '//禁用pam的ssh的pam会话模块' RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh '//创建ssh工作目录和权限设置' EXPOSE 22 '//开放22端口' CMD ["/usr/sbin/sshd","-D"] '//容器加载时启动sshd服务'
-
2、生成镜像,取名为sshd:test
[root@docker sshd]# docker build -t sshd:test . '//注意有个.' [root@docker sshd]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE sshd test 1a8f71824145 About a minute ago 585MB centos 7 5e35e350aded 5 months ago 203MB
-
3、启动容器,并指定端口号为1111
[root@docker sshd]# docker run -d -p 111:22 sshd:test b4cea5a9780b6089b4f13dfa835620e44640662b55ca08e6e23b1a0e086b7e96 [root@docker sshd]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b4cea5a9780b sshd:test "/usr/sbin/sshd -D" 4 seconds ago Up 3 seconds 0.0.0.0:111->22/tcp dreamy_mclaren
-
4、测试登陆
[root@docker sshd]# ssh 127.0.0.1 -p 111 The authenticity of host '[127.0.0.1]:111 ([127.0.0.1]:111)' can't be established. RSA key fingerprint is SHA256:X9oP1z6fJZ8EoK04awqCtdVhPW3xE7kFZNWUCvCHjUA. RSA key fingerprint is MD5:9e:f0:ee:ad:97:f3:c6:a2:78:72:0b:62:9d:97:a4:5a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[127.0.0.1]:111' (RSA) to the list of known hosts. [email protected]'s password: [root@b4cea5a9780b ~]# systemctl status sshd Failed to get D-Bus connection: Operation not permitted '//发现无法使用systemctl命令,我们需要继续构建systemctl镜像' [root@b4cea5a9780b ~]# exit logout Connection to 127.0.0.1 closed.
1.3:构建systemctl镜像
-
基于SSHD镜像继续构建
-
1、创建目录,编写Dockerfile文件
[root@docker sshd]# mkdir /systemctl [root@docker sshd]# cd /systemctl [root@docker systemctl]# vim Dockerfile FROM sshd:test MAINTAINER built image systemctl <tang> ENV container docker '//设置环境变量,container和docker' RUN yum install -y vim RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *;do [ $i == \ systemd-tmpfiles-setup.service ] || rm -f $i; done); \ '//执行先到指定目录,进行for循环遍历目录下所有文件并删除指定的文件。之后进行一系列的删除' rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /etc/systemd/system/*.wants/*; \ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*; \ rm -f /lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup" ] '//创建一个挂在卷' CMD ["/usr/sbin/init"] '//init指执行初始化'
-
2、生成镜像
[root@docker systemctl]# docker build -t systemctl:test . [root@docker systemctl]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE systemctl test da6a0a231455 6 seconds ago 717MB sshd test 143dd3b76ed8 16 minutes ago 585MB centos 7 5e35e350aded 5 months ago 203MB
-
3、创建容器
[root@docker systemctl]# docker run --privileged -it --name systemctl -v /sys/fs/cgroup:/sys/fs/cgroup:ro systemctl:test sbin/init '//–privateged 使container内的root拥有真正的root权限,不进行降权处理。否则,container内的用户只是外部的一个普通用户'
-
4、重新打开终端测试
[root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3c881fc5f2e2 systemctl:test "sbin/init" 9 minutes ago Up 9 minutes 22/tcp systemctl b4cea5a9780b sshd:test "/usr/sbin/sshd -D" 27 minutes ago Up 27 minutes 0.0.0.0:111->22/tcp dreamy_mclaren [root@docker ~]# docker exec -it systemctl /bin/bash [root@3c881fc5f2e2 /]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:sshd(8) man:sshd_config(5) [root@3c881fc5f2e2 /]# systemctl start sshd [root@3c881fc5f2e2 /]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled) Active: active (running) since Thu 2020-04-23 03:43:35 UTC; 1s ago ...省略内容
-
5、可以导出镜像
[root@docker ~]# docker save -o sshd+systemctl systemctl:test [root@docker ~]# ls anaconda-ks.cfg sshd+systemctl
1.4:构建nginx镜像
-
1、创建目录并编写Dockerfile文件
[root@docker ~]# mkdir /nginx [root@docker ~]# cd /nginx/ [root@docker nginx]# vim Dockerfile FROM systemctl:test MAINTAINER build image nginx <tang> RUN yum -y update RUN yum -y install gcc gcc-c++ pcre* make cmake zlib-devel openssh* net-tools lsof telnet passwd vim ADD nginx-1.12.2.tar.gz /usr/local/src RUN useradd -M -s /sbin/nologin nginx WORKDIR /usr/local/src/nginx-1.12.2 RUN (./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module) RUN make && make install ENV PATH /usr/local/nginx/sbin/:$PATH #RUN ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ EXPOSE 80 EXPOSE 443 RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf '//#指关闭守护进程启动' CMD ["/usr/local/nginx/sbin/nginx"] [root@docker nginx]# rz -E '//上传nginx源码包' rz waiting to receive. [root@docker nginx]# ls Dockerfile nginx-1.12.2.tar.gz
-
2、生成镜像
[root@docker nginx]# docker build -t nginx:test .
-
3、创建容器,指定端口
[root@docker nginx]# docker run -d -P nginx:test1 885cf9811be57e12690ce352fbd7c5011cefffece8b59a0d7317e12eb8955a70 [root@docker nginx]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e34b0521147c nginx:test1 "/usr/local/nginx/sb…" 2 minutes ago Up 2 minutes 0.0.0.0:32784->22/tcp, 0.0.0.0:32783->80/tcp, 0.0.0.0:32782->443/tcp zen_hellman [root@docker nginx]# ip addr '//自己IP地址为 192.168.233.133' 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:68:b8:a6 brd ff:ff:ff:ff:ff:ff inet 192.168.233.133/24 brd 192.168.233.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::35a9:b12:5e2b:c44d/64 scope link noprefixroute valid_lft forever preferred_lft forever ...省略内容
-
4、测试
1.5:构建Tomcat镜像
-
1、创建目录并编写Dockerfile文件,上传相关文件
[root@docker nginx]# mkdir /tomcat [root@docker nginx]# cd /tomcat/ [root@docker tomcat]# vim Dockerfile FROM systemctl:test MAINTAINER build image tomcat <tang> EXPOSE 8080 ADD jdk-8u201-linux-x64.rpm /usr/local/src WORKDIR /usr/local/src RUN rpm -ivh jdk-8u201-linux-x64.rpm ENV JAVA_HOME /usr/java/jdk1.8.0_201-amd64 ENV CLASSPATH $JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar ENV PATH $JAVA_HOME/bin:$PATH ADD apache-tomcat-9.0.16.tar.gz /usr/local/src RUN mv apache-tomcat-9.0.16/ /usr/local/tomcat9 ENV PATH /usr/local/tomcat9/bin/:$PATH ADD tomcat9.run.sh /usr/local/src RUN chmod 755 /usr/local/src/tomcat9.run.sh CMD ["/usr/local/src/tomcat9.run.sh"] #ENTRYPOINT ["/usr/local/tomcat9/bin/catalina.sh","run"] '//此处除了使用CMD,还可以使用ENTRYPOINT' '//CMD与ENTRYPOINT的区别' 1、ENRYPOINT指开启容器前镜像就已经执行了括号内的命令 2、CMD是开启容器时,要执行的指令,设置容器启动后默认执行的命令及其参数,但 CMD 能够被 docker run 后面跟的命令行参数替换 3、基于Dockerfile内有CMD或者ENTRYPOINT创建镜像时,docker run 后面就不要加指令(/bin/bash)了,会覆盖掉Dockerfile中的指令或者语法报错 [root@docker tomcat]# vim tomcat9.run.sh #!/bin/bash /usr/local/tomcat9/bin/catalina.sh run [root@docker tomcat]# rz -E rz waiting to receive. [root@docker tomcat]# rz -E rz waiting to receive. [root@docker tomcat]# ls apache-tomcat-9.0.16.tar.gz Dockerfile jdk-8u201-linux-x64.rpm tomcat9.run.sh
-
2、生成镜像
[root@docker tomcat]# docker build -t tomcat:test . [root@docker tomcat]# docker images |grep tomcat tomcat test b41a4b0328e7 9 seconds ago 1.32GB
-
3、创建容器
[root@docker tomcat]# docker run -d -P tomcat:test [root@docker tomcat]# docker ps -a |grep tomcat f4afd19d14d3 tomcat:test1 "/usr/local/src/tomc…" 25 seconds ago Up 23 seconds 0.0.0.0:32788->22/tcp, 0.0.0.0:32787->8080/tcp lucid_tesla
-
4、测试
1.6:构建MySQL镜像
-
1、创建目录并编写Dockerfile文件
[root@docker tomcat]# mkdir /mysql [root@docker tomcat]# cd /mysql/ [root@docker mysql]# vim Dockerfile FROM centos:7 MAINTAINER build image mysqld <tang> EXPOSE 3306 ADD mysql-boost-5.7.20.tar.gz /usr/local/src WORKDIR /usr/local/src/mysql-5.7.20 RUN useradd mysql -M -s /sbin/nologin RUN yum -y install gcc \ gcc-c++ \ make \ ncurses \ ncurses-devel \ bison \ cmake RUN cmake \ -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \ -DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \ -DSYSCONFDIR=/etc \ -DSYSTEMD_PID_DIR=/usr/local/mysql \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \ -DMYSQL_DATADIR=/usr/local/mysql/data \ -DWITH_BOOST=boost \ -DWITH_SYSTEMD=1 RUN make && make install RUN chown -R mysql:mysql /usr/local/mysql/ #RUN rm -rf /etc/my.cnf ADD my.cnf /etc/my.cnf '//也可以先删掉文件,再添加进去' RUN chown mysql:mysql /etc/my.cnf ENV PATH $PATH:/usr/local/mysql/bin:/usr/local/mysql/lib RUN /usr/local/mysql/bin/mysqld \ --initialize-insecure \ --user=mysql \ --basedir=/usr/local/mysql \ --datadir=/usr/local/mysql/data RUN cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /lib/systemd/system/ ADD run.sh /usr/local/src RUN chmod 755 /usr/local/src/run.sh RUN sh /usr/local/src/run.sh CMD ["init"]
-
2、编写配置文件与脚本,上传源码包
[root@docker mysql]# vim /etc/my.cnf [client] port = 3306 default-character-set=utf8 socket = /usr/local/mysql/mysql.sock [mysql] port = 3306 default-character-set=utf8 socket = /usr/local/mysql/mysql.sock [mysqld] user = mysql basedir = /usr/local/mysql datadir = /usr/local/mysql/data port = 3306 character_set_server=utf8 pid-file = /usr/local/mysql/mysqld.pid socket = /usr/local/mysql/mysql.sock server-id = 1 # sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES [root@docker mysql]# vim run.sh #!/bin/bash /usr/local/mysql/bin/mysqld systemctl enable mysqld [root@docker mysql]# rz -E rz waiting to receive. [root@docker mysql]# ls Dockerfile mysql-boost-5.7.20.tar.gz run.sh
-
3、生成镜像
[root@docker mysql]# docker build -t mysql:test .'//构建MySQL5.7,编译时间较久,需要耐心等待一下' '//docker system prune 清除docker缓存命令'
-
3、创建容器
[root@docker mysql]# docker run -d -P --privileged mysql:test [root@ct ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2bed4471244b mysql:test "init" 10 seconds ago Up 10 seconds 0.0.0.0:32775->22/tcp, 0.0.0.0:32774->3306/tcp mysqld [root@ct ~]# docker exec -it 2bed4471244b /bin/bash [root@2bed4471244b /]# mysql -uroot -p mysql> grant all privileges on *.* to 'root'@'%' identified by '123123'; mysql> grant all privileges on *.* to 'root'@'localhost' identified by '123123';
-
4、测试
[root@docker ~]# mysql -h 192.168.233.133 -uroot -p123123 -P 32776 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.20 Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]>