The docker file creates a new container according to the instructions in the file, which is roughly the same as the role in ansible.
When building a docker file, there must be a working directory, and there should not be any files in this directory, except docker file. The name of the docker file file must be called docker file.
Each instruction in the docker file will regenerate a new image layer.
Docker file is composed of many instructions. Although its format is not case sensitive, it is customary to use uppercase.
Which mirror to use for the FROM instruction , in the new version, it may not be placed in the first item, but in the old version, it must be placed in the first item
Syntax: FROM <repository>[<tag>]
<repository>: Specify the name of the mirror
tag: Mirror label
Example:
FROM centos:7
The LABEL command is
used to label the image.
Syntax: LABEL <key>=< value> <key>=< value> …
each label is separated by a space
COPY is
used to copy files from the docker host to create a new image file.
Syntax: COPY <src>...<dest>
src: the source file or directory to be copied
dest: the target path, the file path system of the image being created, it is recommended to use absolute The path, otherwise, the copy designation uses WORKDIR as the starting path.
Note:
src must be a path in the build context, not a file in the parent directory.
If src is a directory, the internal files or sub-files will be copied to the cabinet, but the src directory itself will not be copied.
If multiple srcs are specified, or If a wildcard is used in src, dest must be a directory and must end with /.
If dest does not exist, it will be created automatically, including its parent directory.
Example:
[root@localhost docker]# cat work_dir/Dockerfile
FROM busybox
COPY index.html /tmp/
COPY test1 /data/test1/
COPY a* /tmp/
The ADD command
ADD is similar to the COPY command, but supports tar files and URL path files.
Syntax: ADD <src>… <dest> or ADD ["<src>",… "<dest>"]
if src is a url path. If dest does not end with /, the file specified by src will be directly downloaded and renamed to dest. If dest ends with /, the file will be downloaded to the dest directory.
If src is a tar file, it will be directly decompressed into a directory, but The downloads specified by URL will not be decompressed.
Example:
ADD nginx-1.19.0.tar.gz /tmp/
ADD http://nginx.org/download/nginx-1.18.0.tar.gz /tmp/
#ADD指令不支持https认证,如果想使用https下载,建议使用RUN指令
WORKDIR is
used to specify the working directory for all RUN, CMD, ENTRYPOINT, COPY and ADD in the Dockerfile.
Syntax: WORKDIR <dirpath>
There can be multiple WORKDIR instructions in the dockerfile, and a relative path can be used, but the relative path is relative to the previous WORKDIR For that.
Example:
WORKDIR /data/ydong
ADD nginx-1.19.0.tar.gz ./
WORKDIR html # 它的父目录是/data/ydong,容器进入后的工作目录再/data/ydong/html
ADD index.html ./
VOLUME is
used to create a mount point directory in the image to mount volumes on docker hosts or other containers.
Syntax: VOLUME <mountpoint> or VOLUME ["<mountpoint>"]
if there is a mount point directory path The file exists, then after mounting, docker will first copy the original file to the new mount point, and then hide the file under the original directory path.
Example:
VOLUME /ydong/test
#如果需要放在宿主机上挂载的话,运行时仍然需要-v选项指明宿主机上的目录路径
EXPOSE is
used to open the specified port to be monitored for the container to achieve communication with the outside.
Syntax: EXPOSE <port>[/<protocol>] [<port>[/<protocol>] …]
You can specify multiple ports, such as: EXPOSR 3306 /tcp 61/udp
This method requires the -P option in the command line. This method can only implement dynamic ports.
Example:
EXPOSE 80
ENV is
used to define the environment variables required by the image, and can be called in the dockerfile, and is used in the build phase.
Use the
syntax of $variable_name or ${variable_name} when calling variables : ENV <key> <value> or ENV <key>=<value>
When using the first method, the key corresponds to only one variable.
The second method can be set once Set multiple variables, each variable is a key=value key-value pair. If it contains a space, it can be escaped with a backslash () or marked by quotation marks; in addition, the backslash can also be used to continue Row
ENV docroot /ydong/data
ARG
passes parameters on the command line and then replaces the variables in the dockerfile. The usage is similar to env, it can only be used in the new version of docker.
Example:
ARG docroot=/ydong/data
RUN is
used to specify the program to run during the docker build process. It can be a command, but it must be a command
syntax supported by the image : RUN <command> or RUN ["<executable>", "<param1>", "<param2 >”] In the
first format, the command is usually a shell command and runs as /bin/bash -c, which means that the PID number of this process in the container is not 1, and it cannot accept UNIX signals. For example, if you want to stop For a container, this process cannot receive the SIGTERM signal.
The parameter in the second syntax format is an array of JSON format, where <executable> is the command to be run, and the following <paramN> is the option or Parameters; however, commands specified in this format will not be considered as options or parameters passed to the command; however, commands specified in this format will not be initiated with "/bin/sh -c", so common shell operations such as variables Replacement and wildcard (?,*, etc.)) replacement will not be performed; however, if the command to be run depends on this shell feature, you can replace it with a format similar to the following. For features, you can replace it with a format similar to the following.
RUN ["/bin/bash", "-c", "<executable>", "<param1>"]
Example:
RUN "/bin/bash" , "-c" , "touch a.txt"
CMD is
similar to RUN command, CMD command can also be used to run any command or application. The RUN command is executed when the image is built, and the CMD is executed after the image file is run into a container.
The primary purpose of the CMD instruction is to specify the program to be run by default for the started container, and the container will be terminated after its operation is over; however, the command specified by CMD can be overwritten by the command line option of docker run
and can exist in the Dockerfile Multiple CMD commands, but only the last one will take effect.
Syntax:
CMD <command>
CMD [“ <executable> ”, “<param1> ”, “<param2> ”]
CMD ["<param1>","<param2>" ] The
first two are the same as the RUN format, and the last format is to provide parameters for the ENTRYPOINT instruction
Example:
CMD echo 123 #此种方式是以shell的子进程来运行,echo为shell的子进程。
CMD ["httpd" ,"-DGROUND"] #此种方式是httpd为单独的进程来运行,如果要使用bash来解析的话, 可使用 CMD ["sh","-c" ,"httpd" ,"-DGROUND"]。 建议使用此种方式
使用第二种的方式是因为docker容器是以进程ID来判断存活的,PID为1的进程退出,则容器退出。 如果使用第一种方式的话,shell进程为PID1,服务的退出并不会影响容器的活动。
ENTRYPOINT is
similar to the function of the CMD command, which is used for the container to specify the default running program, so that the container is like a separate executable program. The function of the command is
different from CMD in that the program started by ENTRYPOINT will not be specified by the docker run command line. In addition, these command line parameters will be passed as parameters to the program specified by
ENTRYPOINT. The parameter of the --entrypoint option of the docker run command can override the program specified by the ENTRYPOINT command.
Syntax:
ENTRYPOINT <command>
ENTRYPOINT ["<executable> ", "<param1>", "<param2>"]
Example:
CMD ["123"]
ENTRYPONIT ["echo"]
#这种方式会导致CMD当做ENTRYPOINT的参数来使用
ENTRYPOINT is generally used in scripts, and CMD is passed as its parameter.
Example:
[root@ydong amp]# cat Dockerfile
FROM centos:7
ARG doc_root="/var/www/html"
WORKDIR ${doc_root}
VOLUME /data/web/html
RUN yum install -y httpd php php-mysql && \
yum install -y net-tools && \
yum clean all
ADD app.sh /bin/
ADD index.html /data/web/html
CMD ["httpd","-DFOREGROUND"]
ENTRYPOINT ["/bin/app.sh"] #此处ENTRYPOINT用来提供脚本,脚本内引用CMD传入的参数。
EXPOSE 80
HEALTHCHECK
docker container health monitoring
Syntax:
HEALTHCHECK [options] CMD command
HEALTHCHECK NONE (disables any health checks inherited from the base image)
OPTIONS parameter
-interval: the interval (seconds, minutes, hours) from the start of the container operation when the process becomes healthy for the first time Monitoring, and then health monitoring every interval. Default value: 30s
–start-period=DURATION: start time, the default is 0s, if this parameter is specified, it must be greater than 0s; –start-period provides an initialization time period for the container that needs to be started, during this time period, if you check If it fails, the number of failures will not be recorded. If the health check is successfully performed within the startup time, the container will be deemed to have been started, and if the check fails again within the startup time, the number of failures will be recorded.
timeout: Timeout duration, set how long the timeout is a failure state. Default value: 30s
retries: number of retries, after the specified number of retries, if it still fails, the container is considered unhealthy. Default value: 3
CMD can be followed by normal shell commands or
the exit status of exec array commands to show the container The status has the following values
0: success, the container is healthy and ready to use
1: unhealthy, the container is unhealthy, unable to work
2: reserved, reserved, do not use this code to exit
Example:
[root@localhost docker_workfile]# cat Dockerfile
FROM centos:7
LABEL maintainer="ydong.com"
RUN yum install -y epel-release.noarch && \
yum install -y nginx && \
yum install -y net-tools && \
yum install -y iproute && \
yum clean all
ADD index.html /data/web/html/
ADD app.conf /etc/nginx/conf.d/
ADD check.sh /tmp/
HEALTHCHECK --interval=3s --timeout=3s --retries=3 --start-period=2s CMD /bin/bash /tmp/check.sh #此处利用脚本来监测80端口是否启动,
[root@localhost docker_workfile]# cat check.sh
#!/bin/bash
ss -tnl | grep 80
if [ $? == 0 ]
then
exit 0
else
exit 1
fi
Run the container, the health:starting state appears for the first time
[root@localhost docker_workfile]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5de15ae4cde7 nginx:v0.7 "nginx -g 'daemon of…" 9 seconds ago Up 9 seconds (health: starting)
If there is no problem, it will become healthy
[root@localhost docker_workfile]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbb7e009a636 nginx:v0.7 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) web1
We now turn off the nginx process to see if the container will appear unhealthy
[root@dfcc19c2bdaa /]# nginx -s stop
[root@localhost docker_workfile]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dfcc19c2bdaa nginx:v0.8 "/bin/bash" About a minute ago Up About a minute (unhealthy) web1