In " Dockerfile Best Practices (a) ," we have learned to use Dockerfile commonly used commands and gives a demo, this one Jiangzai complement and consolidate common knowledge Dockerfile in.
Dockerfile context (context)
When performing docker image build, CLI will first inform the building will send Docker daemon size of the generated context, for example.
# cat > Dockerfile <<EOF FROM centos:7 EOF # docker image build -t demo .
Sending build context to Docker daemon 2.048kB
We've already talked about building mirrored by Docker daemon (Docker daemon) is completed, then the "docker build -t demo." The execution is actually gone two steps:
All files (recursively) First, Docker CLI context, includes the daemon sent to Docker Docker daemon.
Then, Docker Demon Dcoker CLI receive content transmitted by reading Dockerfile constructed stratify command inside mirror.
Note: If using "/" as the root context, it may cause the host reboots (AWS verification will cause in the host automatically restart), because it will host "/" in the root directory of all the files to Docker daemon.
COPY command
COPY instruction has two kinds of writing format
COPY [--chown = user: group] Local destination directory source container
COPY [--chown = user: group] [ "local source file", "directory target container"]
By default, all copies of the container file owner (UID) and is a group (GID) is 0 (root users), unless the optional parameter --chown specifying the user name or group name UID / GID. --chown username and groupname string is allowed, or a UID and GID.
--chown feature is only supported Dockerfiles used to build the Linux container, the container is not valid on Windows. This is because the concept of Linux and Windows users and groups is different and can not be converted to each other, thus using the / etc / passwd and / etc / group to convert the user and group name UID or GID This feature also applies only to a Linux operating system containers.
Local source file COPY command supports the use of fuzzy matching and regular match.
COPY instruction path is the context in the source file (context) as a starting point, rather than an absolute path of the file on the host. Therefore recommended to use in the construction of the mirror. "" As the context, and prior Dockerfile desired copy files to the specified context path.
Note: Use COPY instruction copies the source file is more than one file (a file is not), then the target must directory "/" at the end, such as "/ Test /", can not be written "/ Test."
Demo 1
# mkdir demo2
# Cd demo2
# Mkdir you {a..z}
# touch arr{a..z}.txt
# cat >Dockerfile <<EOF
FROM centos:latest
MAINTAINER [email protected]
#RUN yum -y install coreutils procps-ng bash
RUN useradd -d /home/test -m test -s /bin/bash
RUN mkdir /test
WORKDIR /test
COPY dir * / test /
COPY arr*.txt /home/test/
COPY --chown=test:test arr*.txt /test/
EOF
# docker image build -t demo:v0.1 .
# docker run -idt --name demo01 demo:v0.1 /bin/bash
# docker exec -it demo01 ls -l /test/
RUN command
RUN writing format instruction is of two
RUN command the contact #RUN subsequent instruction command is run in the shell, on Linux like executed / bin / sh -c command (e.g. the terminal executes: / bin / sh -c ls) , in the Windows like is performed cmd / S / C command (e.g. pressing win + r key to perform the "run" window: cmd / S / C mstsc)
The RUN [ "command", "parameter 1", "parameter 2"] # exec operated in a manner
Any RUN command instructions executed occurs in a new layer above the current mirror (i.e. an intermediate container intermediate container), the results will be submitted to the new image (as docker commit) after the command, and deleting the intermediate container, so we will often see something like logs in the implementation of RUN command.
Step 9/19 : RUN chmod 755 /root/start.sh
---> Running in a2e6b9ce0940
Removing intermediate container a2e6b9ce0940
---> 6b03e9b0ce70
The new image will be submitted to the next instruction Dockerfile. Stratified operation instructions and submit the core concepts in line with Docker in Docker, the author overhead is very small, we can create a mirror container from any point of history, just as the same source code management.
CMD command
There are three kinds of writing instruction CMD formats
CMD command # run in shell mode
CMD [ "executable", "parameter 1" and "parameter 2"] #exec mode, the recommended operating mode
The CMD [ "parameter 1", "parameter 2"] # default parameters for providing instructions to ENTRYPOINT
In Dockerfile only a CMD command. If there is more than, only the last instruction to take effect.
Note: CMD instruction is overwritten parameters of docker run. E.g:
RUN -idt --name demo01 Demo Docker: v0.1 / bin / bash # "/ bin / bash" will cover the CMD command
ENTRYPOINT instruction
ENTRYPOINT writing format instruction is of two
EntryPoint [ "command", "parameter 1", "parameter 2"] # perform the same effect docker exec
ENTRYPOINT command parameter 1 parameter 2 # shell commands with the implementation of the results
ENTRYPOINT instruction parameters will not be covered by the docker run, but after ENTRYPOINT additional instruction. And the CMD command arguments are passed to ENTRYPOINT.
CMD command with the same, Dockerfile also only a ENTRYPOINT instruction, and if more than the last one takes effect.
CMD and purpose of existence ENTRYPOINT instruction is necessary to run the application when the container starts.
2 demo
Verify CMD command
# mkdir demo2 # Cd demo2 # cat >Dockerfile <<EOF FROM ubuntu RUN apt-get -y update && apt-get install -y iputils-ping CMD ["ping", "114.114.114.114"] EOF
Construction of Mirror
# docker image build -t demo02:v0.1 .
According to the above-described image creating demo02 container, and does not specify a similar "/ bin / bash" command
# docker run -idt --name demo02 demo02:v0.1
View container demo02日志输出
# docker logs demo02
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
64 bytes from 114.114.114.114: icmp_seq=1 ttl=61 time=36.7 ms
64 bytes from 114.114.114.114: icmp_seq=2 ttl=61 time=36.5 ms
Log in to the container, and execute commands top view, shown in Figure 1.1.
# docker exec -it demo02 /bin/bash
Figure 1.1
If we specify the operating parameters "/ bin / bash" when you create the container demo02_2, such as
# docker run -idt --name demo02_2 demo02:v0.1 /bin/bash
View container demo02_2 running state
# docker ps -a |grep demo02_2
9b76b8af295d demo02:v0.1 "/bin/bash" 7 seconds ago Up 7 seconds demo02_2
Log on to the container, the top command to view the process container, can be seen after the command CMD is run docker "/ bin / bash" parameter covers, shown in Figure 1.2.
# docker exec -it demo02_2 /bin/bash
![clip_image001[5]](https://s1.51cto.com/images/blog/201912/26/9ae1e607bd227456607d5aaeb802668a.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image001[5]")
Figure 1.2
Demo 3
Verify ENTRYPOINT instruction
# Mkdir demo3 # Cd demo3 # cat >Dockerfile <<EOF FROM ubuntu RUN apt-get -y update && apt-get install -y iputils-ping ENTRYPOINT ["ping", "114.114.114.114"] EOF # docker image build -t demo03:v0.1 .
Note that you do not specify a similar "/ bin / bash" when you create a container
# docker run -idt --name demo03 demo03:v0.1
View container logs
# docker logs demo03
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
64 bytes from 114.114.114.114: icmp_seq=1 ttl=61 time=36.6 ms
64 bytes from 114.114.114.114: icmp_seq=2 ttl=78 time=36.5 ms
Log in to the container, and execute commands top view, shown in Figure 1.3.
# docker exec -it demo03 /bin/bash
![clip_image001[7]](https://s1.51cto.com/images/blog/201912/26/7dbccec1987dbcf4bab93f14953fcc63.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image001[7]")
Figure 1.3
Specify the operating parameters "127.0.0.1" When you create a container demo05
# docker run -idt --name demo05 demo03:v0.1 127.0.0.1
Enter the container and perform demo05 top view, confirm the docker run 127.0.0.1 parameters passed to the command ENTRYPOINT, shown in Figure 1.4.
![clip_image001[9]](https://s1.51cto.com/images/blog/201912/26/5de641505249cbae9532a774b99a52c3.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image001[9]")
Figure 1.4
4 demo
ENTRYPOINT instructions and commands CMD combination
We may adjust the parameters written to the CMD command. Specify parameters in the docker run, the parameters of such CMD command will be overwritten and not covered in the ENTRYPOINT.
# cat >Dockerfile <<EOF FROM ubuntu RUN apt-get -y update && apt-get install -y iputils-ping ENTRYPOINT ["ping", "114.114.114.114"] CMD ["-a"] EOF # docker image build -t demo03:v0.2 .
Specified operating parameters when creating a container demo03_2 "-c 3"
# docker run -idt --name demo03_2 demo03:v0.2 -c 3
See vessel running log was confirmed to be the end ping -c three times, i.e., the parameter to be covered command CMD CMD [ "-c 3"]
# docker logs demo03_2
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
64 bytes from 114.114.114.114: icmp_seq=1 ttl=64 time=36.7 ms
64 bytes from 114.114.114.114: icmp_seq=2 ttl=59 time=36.5 ms
64 bytes from 114.114.114.114: icmp_seq=3 ttl=62 time=36.4 ms
--- 114.114.114.114 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 36.495/36.613/36.789/0.254 ms
Dockerfile use the pipe or standard way to build input image
Example:
echo -e 'FROM busybox\nRUN echo "hello world"' | docker build -
or
docker build -<<EOF FROM busybox RUN echo "hello world" EOF
The two examples are equivalent
docker build [OPTIONS] - The symbol "-" is a connector, for acquiring the position of the path, and instructs Docker building context read from stdin.
The following example we try to use the COPY command or ADD
# mkdir example1 # cd example1 # touch somefile.txt docker build -t myimage:v0.1 -<<EOF FROM busybox COPY somefile.txt . RUN cat /somefile.txt EOF
Prompts the following error, because the above does not specify a context from local to build
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM busybox
---> b534869c81f0
Step 2/3 : COPY somefile.txt .
COPY failed: stat /var/lib/docker/tmp/docker-builder461920604/somefile.txt: no such file or directory
But using the following syntax can use the file on the local file system, and used to construct mirrors with stdin Dockerfile. Dockerfile Syntax -f (or --file) option you want to use, and use a hyphen (-) indicates the file name from stdin Docker read Dockerfile
docker build [OPTIONS] -f- PATH
The following example we try to use the COPY command or ADD
# mkdir example2 # cd example2 # touch somefile.txt # docker build -t myimage:v0.2 -f- . <<EOF FROM busybox COPY somefile.txt . RUN cat /somefile.txt EOF
Acess codes from a remote repository , then reads from the standard input Dockerfile Construction mirror
docker build [OPTIONS] -f- PATH
If the git repository is not included in Dockerfile constructed from a mirror, or use a custom Dockerfile build mirrored, this syntax is very useful.
# docker build -t myimage:latest -f- https://github.com/docker-library/hello-world.git <<EOF FROM busybox COPY hello.c . EOF
Note: The above example is a good prerequisite for the successful implementation of the client has been installed git
to sum up
This section provides more examples, but are very simple example, spoke Practice makes perfect, the need to engage in active practice. Another Docker official recommendations, to reduce complexity, dependence, as well as image size and build time, to avoid installing additional or unnecessary packet.