往期回顾:
云端技术驾驭DAY01——云计算底层技术奥秘、云服务器磁盘技术、虚拟化管理、公有云概述
云端技术驾驭DAY02——华为云管理、云主机管理、跳板机配置、制作私有镜像模板
云端技术驾驭DAY03——云主机网站部署、web集群部署、Elasticsearch安装
云端技术驾驭DAY04——Logstash安装部署及插件模块
云端技术驾驭DAY06——容器技术概述、镜像与容器管理、定制简单镜像、容器内安装部署服务
docker build -t 镜像名称:标签 Dockerfile所在目录
指令 | 解释 |
---|---|
FROM | 指定基础镜像(唯一) |
RUN | 在容器内执行命令,可以写多条 |
ADD | 把文件拷贝的容器内,如果文件是 tar.xx 格式,会自动解压 |
COPY | 把文件拷贝的容器内,不会自动解压 |
ENV | 设置启动容器的环境变量 |
WORKDIR | 设置启动容器的默认工作目录(唯一) |
CMD | 容器默认的启动参数(唯一) |
ENTRYPOINT | 容器默认的启动命令(唯一) |
USER | 启动容器使用的用户(唯一) |
EXPOSE | 使用镜像创建的容器默认监听使用的端口号/协议 |
[root@docker-0001 ~]# mkdir myimg
[root@docker-0001 ~]# vim myimg/Dockerfile
FROM mylinux:latest // 指定基础镜像
CMD ["/bin/ls","-l"] // 默认启动命令
[root@docker-0001 ~]# docker build -t img1:latest myimg // 创建镜像
${ENTRYPONIT} ${@-${CMD}}
[root@docker-0001 ~]# vim myimg/Dockerfile
FROM mylinux:latest
ENTRYPOINT ["echo"]
CMD ["/bin/ls","-l"]
[root@docker-0001 ~]# docker build -t img2:latest myimg // 创建镜像
[root@docker-0001 ~]# docker run -it --rm img2:latest // CMD 做为参数传递,在容器内执行了 echo '/bin/ls -l'
/bin/ls -l
[root@docker-0001 ~]# docker run -it --rm img2:latest abc // CMD 被替换,在容器内执行了 echo abc
abc
[root@docker-0001 ~]# tar -cf myimg/a.tar -C /etc/ hosts issue // 制作测试tar包
[root@docker-0001 ~]# vim myimg/Dockerfile
FROM mylinux:latest
COPY a.tar /var/tmp/
ADD a.tar /tmp/ // 分别放进不同的文件夹测试效果
CMD ["/bin/bash"]
[root@docker-0001 ~]# docker build -t img3:latest myimg
[root@docker-0001 ~]# docker run -it --rm img3:latest
[root@b4dfc2a9ff3b /]# ls /var/tmp
a.tar // 使用COPY添加进来的还是tar包
[root@b4dfc2a9ff3b /]# ls /tmp
hosts issue ks-script-jr03uzns ks-script-pu9ezlau // 使用ADD添加进来的自动被解压了
[root@docker-0001 ~]# vim myimg/Dockerfile
FROM mylinux:latest
RUN id && touch /tmp/file1
USER nobody
RUN id && touch /tmp/file2
CMD ["/bin/bash"]
[root@docker-0001 ~]# docker build -t img4:latest myimg
... ...
Step 2/5 : RUN id && touch /tmp/file1
---> Running in d4f659ebc687
uid=0(root) gid=0(root) groups=0(root)
... ...
Step 4/5 : RUN id && touch /tmp/file2
---> Running in 4f594a2489b7
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
... ...
[root@docker-0001 ~]# vim myimg/Dockerfile
FROM mylinux:latest
ENV mymsg="Hello World"
WORKDIR /tmp
CMD ["/bin/bash"]
[root@docker-0001 ~]# docker build -t img5:latest myimg
[root@docker-0001 ~]# docker run -it --rm img5:latest
[root@03e751b373ea tmp]# echo $mymsg
Hello World
[root@docker-0001 ~]# mkdir httpd
[root@docker ~]# echo 'Welcome to The Apache.' > httpd/index.html // 准备静态页面
[root@docker ~]# cp -a info.php httpd/ // 准备php页面
root@docker ~]# tar -czf httpd/myweb.tar.gz -C httpd index.html info.php 打包
2.获取配置文件
[root@docker-0001 ~]# docker run -itd --name myweb mylinux:latest
[root@docker-0001 ~]# docker cp myweb:/etc/httpd/conf.modules.d/00-mpm.conf httpd/
[root@docker-0001 ~]# vim httpd/00-mpm.conf
11 LoadModule mpm_prefork_module ... // 取消注释
23 #LoadModule mpm_event_module ... // 注释该行
[root@docker-0001 ~]# vim httpd/Dockerfile
FROM mylinux:latest // 基于DAY06自定义镜像
RUN dnf -y install httpd php && dnf clean all // 安装相关软件
ADD myweb.tar.gz /var/www/html // 将测试页面放进html目录
COPY 00-mpm.conf /etc/httpd/conf.modules.d/00-mpm.conf // 拷贝修改后的配置文件
ENV LANG=C // 设置语言
WORKDIR /var/www/html // 设置工作目录
EXPOSE 80/tcp // 设置监听端口
CMD ["/usr/sbin/httpd","-DFOREGROUND"] // 必须设置前台运行
[root@docker-0001 ~]# docker build -t httpd:latest httpd
[root@docker-0001 ~]# docker run -itd --name web1 httpd:latest // 运行容器
[root@docker-0001 ~]# docker inspect web1 | grep -i IPAddress // 查询IP
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[root@docker-0001 ~]# curl 172.17.0.2 // 验证静态页面
Welcome to The Apache.
[root@docker-0001 ~]# curl 172.17.0.2/info.php // 验证动态页面
... ...
[root@ecs-proxy ~]# rsync -av public/nginx-1.22.1.tar.gz 192.168.1.31:
[root@docker-0001 ~]# dnf install -y openssl-devel pcre-devel gcc make
[root@docker-0001 nginx-1.22.1]# ./configure --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module
[root@docker-0001 nginx-1.22.1]# make && make install
[root@docker-0001 nginx-1.22.1]# echo "Nginx is running" > /usr/local/nginx/html/index.html
[root@docker-0001 ~]# mkdir nginx
[root@docker-0001 ~]# tar -czf nginx/nginx.tar.gz -C /usr/local nginx
[root@docker ~]# vim nginx/Dockerfile
FROM mylinux:latest
RUN dnf install -y pcre openssl && dnf clean all
ADD nginx.tar.gz /usr/local
ENV PATH=${PATH}:/usr/local/nginx/sbin
WORKDIR /usr/local/nginx/html
EXPOSE 80/tcp
CMD ["nginx","-g","daemon off;"] // 查找手册寻找nginx如何前台运行
[root@docker-0001 ~]# docker build -t nginx:latest nginx
[root@docker-0001 ~]# docker run -itd --name web2 nginx:latest
[root@docker-0001 ~]# docker inspect web2 | grep -i IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.3",
"IPAddress": "172.17.0.3",
[root@docker-0001 ~]# curl http://172.17.0.3/
Nginx is running
[root@docker nginx]# vim nginx/Dockerfile
FROM mylinux:latest as builder
ADD nginx-1.22.1.tar.gz /
WORKDIR /nginx-1.22.1
RUN dnf install -y openssl-devel pcre-devel gcc make
RUN ./configure --prefix=/usr/local/nginx --with-pcre --with-http_ssl_module
RUN make && make install
RUN echo 'Nginx is running !' >/usr/local/nginx/html/index.html
FROM mylinux:latest
RUN dnf install -y pcre openssl && dnf clean all
COPY --from=builder /usr/local/nginx /usr/local/nginx
ENV PATH=${PATH}:/usr/local/nginx/sbin
WORKDIR /usr/local/nginx/html
EXPOSE 80/tcp
CMD ["nginx", "-g", "daemon off;"]
[root@docker-0001 ~]# docker build -t nginx:v1 nginx
[root@docker-0001 ~]# docker rmi fb63848d67bc // 删除中间builder镜像
[root@docker-0001 ~]# docker run -it --name myphp mylinux:latest
[root@3bf3e496205b /]# dnf -y install php-fpm
[root@3bf3e496205b /]# vim /etc/php-fpm.d/www.conf
38 listen = 127.0.0.1:9000
[root@3bf3e496205b /]# mkdir /run/php-fpm
[root@3bf3e496205b /]# chown -R nobody:nobody /var/log/php-fpm/ /run/php-fpm/
[root@3bf3e496205b /]# dnf -y install sudo
[root@3bf3e496205b /]# sudo -u nobody /bin/bash // 使用sudo切换用户
bash-4.4$ /usr/sbin/php-fpm --nodaemonize
[root@docker-0001 ~]# docker cp myphp:/etc/php-fpm.d/www.conf ./php/
[root@docker-0001 ~]# vim php/Dockerfile
FROM mylinux:latest
RUN dnf -y install php-fpm && dnf clean all && \
mkdir -p /run/php-fpm && \
chown -R nobody.nobody /run/php-fpm /var/log/php-fpm
COPY www.conf /etc/php-fpm.d/www.conf
USER nobody
EXPOSE 9000/tcp
CMD ["/usr/sbin/php-fpm","--nodaemonize"]
[root@docker-0001 ~]# docker build -t php-fpm:latest php
... ...
Successfully tagged php-fpm:latest
[root@docker-0001 ~]# docker run -itd php-fpm:latest
[root@docker-0001 ~]# docker exec -it bfe309864ad7 /bin/bash
bash-4.4$ id
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
bash-4.4$ ps -ef // 通过进程验证服务
UID PID PPID C STIME TTY TIME CMD
nobody 1 0 0 07:43 pts/0 00:00:00 php-fpm: master process (/etc/php-fpm.conf)
nobody 7 1 0 07:43 pts/0 00:00:00 php-fpm: pool www
nobody 8 1 0 07:43 pts/0 00:00:00 php-fpm: pool www
nobody 9 1 0 07:43 pts/0 00:00:00 php-fpm: pool www
nobody 10 1 0 07:43 pts/0 00:00:00 php-fpm: pool www
nobody 11 1 0 07:43 pts/0 00:00:00 php-fpm: pool www
nobody 12 0 0 07:44 pts/1 00:00:00 /bin/bash
nobody 18 12 0 07:44 pts/1 00:00:00 ps -ef
主机名 | IP地址 | 配置 |
---|---|---|
registry | 192.168.1.35 | 2vCPUs 4GiB内存 |
[root@registry ~]# dnf -y install docker-distribution
[root@registry ~]# systemctl enable docker-distribution.service --now
/etc/docker-distribution/registry/config.yml
/var/lib/registry
5000
/etc/docker/daemon.json
[root@docker-0001 ~]# echo "192.168.1.35 registry" >> /etc/hosts
[root@docker-0001 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["http://registry:5000"], // 镜像仓库地址
"insecure-registries":["registry:5000"] // 私有仓库地址
}
[root@docker-0001 ~]# systemctl restart docker
docker tag
通过标签设置上传地址和路径docker push
上传镜像[root@docker-0001 ~]# docker tag nginx:v1 registry:5000/img/web:nginx
[root@docker-0001 ~]# docker push registry:5000/img/web:nginx
[root@docker-0001 ~]# docker tag httpd:latest registry:5000/library/httpd:latest
[root@docker-0001 ~]# docker push registry:5000/library/httpd:latest
curl http://仓库IP:端口/v2/_catalog
curl http://仓库IP:端口/v2/镜像路径/tags/list
python3 -m json.tool
[root@docker-0001 ~]# curl http://registry:5000/v2/_catalog // 查看仓库中所有镜像的名称
[root@docker-0001 ~]# curl http://registry:5000/v2/img/web/tags/list // 查看某一镜像的所有标签
[root@docker-0001 ~]# curl -s http://registry:5000/v2/img/web/tags/list | python3 -m json.tool // 易读格式查看标签
{
"name": "img/web",
"tags": [
"httpd",
"nginx"
]
}
仓库IP:5000/路径/镜像名称:标签
library
[root@docker-0002 ~]# docker run -itd --rm registry:5000/img/web:nginx // 使用仓库中的镜像运行容器
[root@docker-0002 ~]# docker run -itd --rm httpd:latest // library 是默认路径,可以省略路径地址