Docker 005 building Mirror
We can create, modify and update their image. Construction docker image in two ways:
- use
docker commit - Use
docker buildthe command file and Dockerfile: recommended
Create a docker hub account
In the process of building a mirror, a very important step is to share and publish the mirror, you can build your own image or pushed to docker hub own private Registry, to create a docker hub here as an example: Open https: //hub.docker. com / signup to create your own account.
# 下面的命令会登录 docker hub,并将认证信息保存起来,以供后用
$ docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: resn001
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
# 退出登录
$ docker logout
Removing login credentials for https://index.docker.io/v1/
Create a mirror using the docker commit command
Here to create a new container-based ubuntu mirror before, and then install nginx,
$ docker run --name ubuntu_c01 -it ubuntu /bin/bash\
#以下命令在容器中执行
$ apt-get update
$ apt-get install nginx
$ exit
We hope that this container as a web server to run, you need to save the current state of the container, thus avoiding each time you create a new container and install nginx up. After the container after the completion of, we need to modify
# 创建镜像我们需要用到 docker commit 命令,其格式如下:
# docker commit [选项] <容器ID或容器名> [<仓库名>[:<标签>]]
# 提交镜像到本地
$ docker commit ubuntu_c01 resn001/ubuntu_c01
sha256:ed048991810e6e3684e8ef106c4be9e8631a8c960b4cf29c406a6d11fb5f6c79
# docker commit 可使用的参数
# -a, --author string 指定作者信息
# -c, --change list 将Dockerfile指令应用于创建的映像
# -m, --message string 提交的描述信息
# -p, --pause 提交期间暂停容器,默认开启
# 查看镜像
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
resn001/ubuntu_c01 latest ed048991810e 11 minutes ago 152MB
# 查看创建的镜像的详细信息
$ docker inspect resn001/ubuntu_c01
# 使用新容器运行一个容器
$ docker run -it resn001/ubuntu_c01 /bin/bash
Use a mirror to build Dockerfile
Dockerfile recommended to build a mirror. Dockefile using a basic command syntax based DSL constructed mirror. Further comprising mirror constructed using Dockerfile repeatability, transparency and idempotent.
After written dockerfile, you can build a new image using the docker build command.
# 示例
$ mkdir static_web
$ cd static_web
$ touch Dockerfile
$ vim Dockerfile
# Version 0.0.1
#
FROM ubuntu:18.04
MAINTAINER resn "[email protected]"
RUN apt-get update && apt-get install -y nginx
# 下面的指令选择一个,只新建 html 文件的指令, 执行后文的命令时可能会有错误
# RUN echo "daemon off;" >> /etc/nginx/nginx.conf && echo 'Hello world,I am a container' >/usr/share/nginx/html/index.html
RUN echo 'Hello world,I\'m a container' >/usr/share/nginx/html/index.html
EXPOSE 80
Dockerfile consists of a series of instructions and parameters, each instruction must be uppercase, and to keep back a parameter.
Instruction are performed in the order from top to bottom, so the command arrangements to be reasonable.
Each command will create a new image layer and the mirroring process to submit, Docker Dockerfile execution of instructions in process is as follows:
- Docker run from a container base image
- Execute an instruction on the container to make changes
- Like operations docker commit submit a new image layer
- Docker run a new container-based mirroring just submitted
- Dokcerfile in the next instruction, knowing all the instructions were completed
As can be seen from the above, if the user for some reason is not normally Dockerfile end (e.g. a strip fails), the user can still get a usable mirror, this advantage is, the Mirror operation can be based on a failure of interactions container functionality for troubleshooting the cause of the end of the container is not normal.
Each of the first instruction must be the FROM Dockerfile, for designating an existing mirror, a subsequent instruction will operate based on the image, the image is called the base image (base image).
Then specify MAINTAINER instructions for the instruction tells docker who is the author of the mirror, and the author of the email.
After the RUN command is two, operation instruction RUN command in the current mirror, in the above example, the first update instruction RUN APT repository, and installed Nginx; second instruction creates / usr / share / nginx / html / index.html file.
Note Each RUN command will create a new image layer, if the instruction is successfully created, it will submit this image, then continue to the next instruction.
By default, the command will use the RUN command wrapper in the shell
/bin/sh -cto perform, when running on platforms that do not support or do not want to use the shell of the shell is running, you can use the RUN command exec formatRUN ["apt-get", "install", "-y", "nginx"]Using the RUN command exec format requires the use of an array to specify a command to run and the command parameter
Then execute EXPOSE instruction, change instruction tells Docker application within the specified container port will use the container (this is port 80), based on security considerations, Docker does not automatically open the port, but requires the user to use the docker runcommand when you specify which ports need to open. EXPOSE can specify multiple instructions to multiple ports is disclosed to the outside.
Use Dockerfile build mirroring process
Docker build command execution, all instructions in Dockerfile will be executed and committed, and as a new image in Europe to return after the end of the command is successful, the process of building a mirror:
# 构建过程
# 注意命令最后的 点 ,用于指定当前目录
$ docker build -t="t_repo/static_web" .
Sending build context to Docker daemon 2.048kB
Step 1/5 : FROM ubuntu:18.04
---> ccc6e87d482b
Step 2/5 : MAINTAINER resn "[email protected]"
---> Running in 37b371f311d4
Removing intermediate container 37b371f311d4
---> 334111fe32cb
Step 3/5 : RUN apt-get update && apt-get install -y nginx
---> Running in b89fe0db4491
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
......
Fetched 17.6 MB in 45s (396 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
fontconfig-config fonts-dejavu-core geoip-database iproute2 libatm1 libbsd0
......
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Removing intermediate container b89fe0db4491
---> 52c2e58d9708
Step 4/5 : RUN echo 'Hello world,I am a container' >/usr/share/nginx/html/index.html
---> Using cache
---> bf55e11f0c27
Step 5/5 : EXPOSE 80
---> Using cache
---> d54272ef62f2
Successfully built d54272ef62f2
Successfully tagged t_repo/static_web:latest
When used to construct the mirrors docker build command to specify the name of the warehouse and the -t parameter to mirroring, in the above example, the name of the warehouse t_repo, mirror name static_web. In this command, a tag may also be mirror images:
# 指定标签方法: “镜像名:标签名”, 不指定标签名时,标签名默认为 latest
# 注意命令最后的 点 ,用于指定当前目录
$ docker build -t="t_repo/static_web:v1" .
You can also specify Dockerfile files git repository
# 通过 git 仓库指定 Dockfile 文件
$ docker build -t="t_repo/static_web:v1" git@github:t_repo/static_web
After Dcoker1.5.0 can specify the file specified by the -f parameter dockerfile,
# 这里的路径汇总的 file 可不比命名为 Dockerfile,但必须要位于构建上下文中 $ docker build -t="t_repo/static_web:v1" -f path/to/file
Ignore the specified file when building
If the specified file in the root directory of the build .dockerignore context, the file content will be filtered by matching rows, similar .gitignore file. This file is used to set which files are being constructed as part of the context, it can prevent them from being uploaded to the docker daemon to match the rules of the document using the Go language filepath
In the process of building the image, Dockerfile Each instruction will be executed sequentially, and as the final result of the build process returns new image ID. Construction of each step corresponding to the machine operating instructions are geography, and before the final output image ID, Docker will submit the results of each portion of the construct.
When building failure
The above process to build an example, a simple description here, the third step is assumed that instruction "RUN apt-get update && apt-get install -y ngin" (nginx less a X), then build, will be here error, this time, we only need to use a mirror on a step ID: 334111fe32cb, create a new container, the third step instructions can execute instructions once troubleshoot, after exclusion of error, correct the third step in a new vessel that is We can build again.
# 使用第二步中生产的镜像来排错
$ docker run -it 334111fe32cb /bin/bash
Dockerfile and build the cache
Docker image building process is very smart, every step in order to build the results will be submitted to the mirror, the next building, directly from that step problem started directly, it saves a lot of time. Mirror structure is equivalent to the foregoing construction steps cached.
Every time you build, Docker will command all changes starting to happen from the first.
If you want to build, ignore caching feature, you can use the --no-cache parameters:
$ docker build --no-cache -t -t="t_repo/static_web:v1"
Construction of the benefits of caching --Dockerfile template
Look at the following Dockerfile content
FROM ubuntu:18.04
MAINTAINER resn "[email protected]"
ENV REFERSHED_AT 2020-02-02
RUN apt-get -qq update
Here instruction is specified by ENV variable REFERSHED_AT value of 2020-02-02, based on the template, if you want to refresh a building, only need to modify the ENV directive to date,
View Mirror
Use the command to view the existing docker images of the mirror:
# 查看指定镜像
$ docker images t_repo/static_web
# 查看镜像构建历史
# 可查指定镜像的每一层,以及每一层的指令
$ docker history t_repo/static_web
IMAGE CREATED CREATED BY SIZE COMMENT
5e48955e883e 2 days ago /bin/sh -c #(nop) EXPOSE 80 0B
03055ca4743a 2 days ago /bin/sh -c echo 'Hello world,I am a containe… 29B
52c2e58d9708 2 days ago /bin/sh -c apt-get update && apt-get install… 88.3MB
334111fe32cb 2 days ago /bin/sh -c #(nop) MAINTAINER resn "[email protected]… 0B
ccc6e87d482b 7 weeks ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 7 weeks ago /bin/sh -c mkdir -p /run/systemd && echo 'do… 7B
<missing> 7 weeks ago /bin/sh -c set -xe && echo '#!/bin/sh' > /… 745B
<missing> 7 weeks ago /bin/sh -c [ -z "$(apt-get indextargets)" ] 987kB
<missing> 7 weeks ago /bin/sh -c #(nop) ADD file:08e718ed0796013f5… 63.2MB
Start the new image container
Can be used to start a new image container Verify that the mirror normal Construction:
# 看的书中使用的下面的命令,但我这里一直报错,我就改了一下
# docker run -d -p 80 --name static_web t_repo/static_web nginx -g "daemon off"
# 改成了 dockerfile 中指令改为
# RUN echo "daemon off;" >> /etc/nginx/nginx.conf && echo 'Hello world,I am a container' >/usr/share/nginx/html/index.html
# 之后重新构建镜像
# docker build -t="web01" .
# 最后使用下面的命令执行成功
$ docker run -d -p 80 --name cweb02 web01:latest nginx
3c6361a2c550ce660aa6ea5e9767bd3100266b99811f1f735a3349b26a8b267b
There are two errors encountered:
The first one is the mirror after the completion of construction of the European nginx does not start, try not start troubleshooting container when logging on to the container, the following error message
$ docker run -it 24e4642806e8 /bin/bash Unable to find image '24e4642806e8:latest' locally docker: Error response from daemon: pull access denied for 24e4642806e8, repository does not exist or may require 'docker login': denied: requested access to the resource is denied. See 'docker run --help'.After the online search said mirror can be tagged, put docker run command mirrored tagged
# 该命令有错误 $ docker run -d -p 80 --name cweb02 web01:latest nginx -g "daemon off"But the execution was still view the container exit status,
After use docker logs a7f0d120458d, an error message is displayed: nginx: [emerg] unexpected end of parameter, expecting ";" in command line
Use docker run -it web01: latest / bin / bash profile after logging container found no errors, and you can start nginx normal in the container, it was suspected that the command issues docker.
Finally, after modifying the command is executed successfully
docker run -d -p 80 --name cweb02 web01:latest nginx
Definition:
--name: Specifies the name of the vessel
-d: detached manner has been running in the background for nginx daemon needs this type of long running processes
-p: Tell docker need to announce the port, docker can assign ports on the host in two ways,
- The first on the host randomly selects a port located between 32768 and 61000, to map port 80 to the container
- The second is to specify a specific port to map to the container port 80 on the host
# 查看容器端口分配情况
$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3c6361a2c550 web01:latest "nginx" 22 minutes ago Up 22 minutes 0.0.0.0:32769->80/tcp cweb02
docker port 3c6361a2c550
80/tcp -> 0.0.0.0:32769
docker port 3c6361a2c550 80
0.0.0.0:32769
The container 80 can be seen port mapping to port 32679 of the host.
By -p port mapping parameter may also be a container to a port of the host:
$ docker run -d -p 80:80 --name cweb03 web01:latest nginx
056d07bfd4c7b46d8d55236875ab5ad19239b12fc65fec61f5dd995f57028291
$ docker port 056d07bfd4c7
80/tcp -> 0.0.0.0:80
$ docker port 056d07bfd4c7 80
0.0.0.0:80
There is a problem to note:
A plurality of containers when the port is mapped when a port to host computer, only a successful container ports will be mapped to a segment of the host gulls.
# 将容器的80端口映射到宿主机的8080
$ docker run -d -p 8080:80 --name cweb04 web01:latest nginx
Also be mapped to a port on the network interfaces designated port (IP address) of:
# 绑定到指定 IP 的指定端口上
$ docker run -d -p 127.0.0.1:8080:80 --name cweb05 web01:latest nginx
# 绑定到指定 IP 的随机端口上
$ docker run -d -p 127.0.0.1::80 --name cweb06 web01:latest nginx
24377ba29740dee11637c68861fd893686c66acd0e86090805c18bb8c40a122d
$ docker port 24377ba29740
80/tcp -> 127.0.0.1:32768
$
Announced a more simple way ports:
$ docker run -d -P --name cweb07 web01:latest nginx
a0c2041a3a5930d8b713e59f47b4029b9368c121aecbd1abe3887f2c70f0fa71
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a0c2041a3a59 web01:latest "nginx" 2 seconds ago Up 2 seconds 0.0.0.0:32770->80/tcp cweb07
By -P parameter, the direct port Dockerfile disclosed announced EXPOSE command, the port of the vessel will be bound to a random port of the host.