一、Dockerfile的编写
- 编写DockFile实现安装httpd服务
- 导入镜像
[root@foundation19 images]# docker load -i rhel7.tar
- 编写Dockerfile
[root@foundation79 docker]# pwd
/tmp/docker
[root@foundation19 docker]# vim Dockerfile
FROM rhel7 # 源镜像是rhel7,最好将名为rhel7的镜像放在本地
COPY yum.repo /etc/yum.repo.d
RUN rpmdb --rebuilddb && yum install -y httpd
# 执行命令安装httpd并清除yum缓存
# rpmdb 命令用于初始化和重建rpm数据库
# --rebuilddb:从已安装的包头文件,反向重建RPM数据库
EXPOSE 80 # 定义端口为80
CMD ["/usr/share/httpd","-D","FOREGROUND"]
# 打开apach服务
# -D 是全局文件/etc/sysconfig/httpd中的打开参数
- 编写yum.repo(当前目录下)
[root@foundation79 docker]# vim yum.repo
[rhel7.3]
name=rhel7.3
baseurl=http://172.25.19.250/rhel7.3 ##这里是网络yum源
gpgcheck=0
- 封装镜像,并测试能否正常使用
[root@foundation19 docker]# docker build -t rhel7:v1 . (注意后面 有个点表示当前目录)
[root@foundation19 ~]# docker run -d --name vm1 rhel7:v1
[root@foundation19 ~]# docker inspect vm1 ##找到IP(172.17.0.2)
[root@foundation19 ~]# cd /tmp/docker/
[root@foundation19 docker]# ls
Dockerfile yum.repo
[root@foundation19 docker]# cat index.html
www.westos.org
[root@foundation19 docker]# docker container cp index.html vm1:/var/www/html
[root@foundation19 docker]# curl 172.17.0.2 ##可以正常访问使用
www.westos.org
- 添加数据卷挂载位置(VOLUME [“var/www/html”])
[root@foundation19 docker]# cat Dockerfile
FROM rhel7
COPY yum.repo /etc/yum.repos.d/yum.repo
RUN rpmdb --rebuilddb
RUN yum install -y httpd
EXPOSE 80
VOLUME ["var/www/html"]
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
#封装镜像
[root@foundation19 docker]# docker build -t rhel7:v2 .
- 此时可以看到 rhel7:v2比 rhel7:v1多了一层
[root@foundation19 docker]# docker history rhel7:v1
IMAGE CREATED CREATED BY SIZE COMMENT
a7655594dff3 About an hour ago /bin/sh -c #(nop) CMD ["/usr/sbin/httpd" "-… 0B
2fb76a304e03 About an hour ago /bin/sh -c #(nop) EXPOSE 80 0B
ec1a73b2e7d6 About an hour ago /bin/sh -c yum install -y httpd 52.8MB
031f7a8b74a0 About an hour ago /bin/sh -c rpmdb --rebuilddb 6.64MB
c32fc667b5f3 About an hour ago /bin/sh -c #(nop) COPY file:254d80ba480dfa06… 71B
0a3eb3fde7fd 4 years ago 140MB Imported from -
[root@foundation19 docker]# docker history rhel7:v2
IMAGE CREATED CREATED BY SIZE COMMENT
3d3de7d12c6c 38 seconds ago /bin/sh -c #(nop) CMD ["/usr/sbin/httpd" "-… 0B
ab058c45bd94 39 seconds ago /bin/sh -c #(nop) VOLUME [var/www/html] 0B
2fb76a304e03 About an hour ago /bin/sh -c #(nop) EXPOSE 80 0B
ec1a73b2e7d6 About an hour ago /bin/sh -c yum install -y httpd 52.8MB
031f7a8b74a0 About an hour ago /bin/sh -c rpmdb --rebuilddb 6.64MB
c32fc667b5f3 About an hour ago /bin/sh -c #(nop) COPY file:254d80ba480dfa06… 71B
0a3eb3fde7fd 4 years ago 140MB Imported from -
- 测试页面是否可以正常访问
[root@foundation19 docker]# mkdir webdata
[root@foundation19 docker]# mv index.html webdata/
[root@foundation19 docker]# ls
Dockerfile webdata yum.repo
[root@foundation19 docker]# docker rm -f vm1
vm1
[root@foundation19 docker]# docker run -d --name vm1 -v /tmp/docker/webdata:/var/www/html rhel7:v2
a8203a3b35eeeec170b7283fbbda136cffebc180a41c49891d3dd80c99f0e8ed
[root@foundation19 docker]# curl 172.17.0.2 ##可以访问代表正常
www.westos.org
- 直接在数据卷中编写发布文件
[root@foundation19 docker]# docker rm -f vm1
vm1
[root@foundation19 docker]# docker run -d --name vm1 rhel7:v2
- 查看vm1的数据卷位置
[root@foundation19 docker]# docker inspect vm1
- 进入数据卷位置并编写发布文件并测试
[root@foundation19 docker]# cd /var/lib/docker/volumes/f03725ca02f048a96dc78ed02f3c9b1c29b198458d99a0765e7d51d56d22def9/_data
[root@foundation19 _data]# cp /tmp/docker/webdata/index.html .
[root@foundation19 _data]# ls
index.html
[root@foundation19 _data]# curl 172.17.0.2
www.westos.org
[root@foundation19 _data]# echo hello,world >> index.html
[root@foundation19 _data]# cat index.html
www.westos.org
hello,world
[root@foundation19 _data]# curl 172.17.0.2
www.westos.org
hello,world
- 只读挂载
[root@foundation19 docker]# docker rm -f vm1
vm1
[root@foundation19 ~]# docker run -d --name vm1 -v /tmp/docker/webdata:/data:ro rhel7:v2
[root@foundation19 ~]# docker inspect vm1 ##找到source对应的数据卷位置
/var/lib/docker/volumes/267d70d0fec9229a426c4e14f83b614ae4bc5acdbc2723862e0af006a78a2ec9/_data
##删除之前的数据卷
[root@foundation19 ~]# docker volume rm f03725ca02f048a96dc78ed02f3c9b1c29b198458d99a0765e7d51d56d22def9
[root@foundation19 ~]# docker exec -it vm1 bash
bash-4.2# cd data/
bash-4.2# ls
index.html
bash-4.2# rm -fr index.html
rm: cannot remove 'index.html': Read-only file system ##删除文件被拒,显示只读Read-only
bash-4.2# cat index.html ##可以正常读取
www.westos.org
二、Dockerfile的优化
- 以搭建nginx镜像为例演示如何加速Dockerfile
#需要有nginx的安装包
[root@foundation19 docker]# ls
Dockerfile nginx-1.15.8.tar.gz test webdata yum.repo
#编写Dockerfile
[root@foundation19 docker]# cat Dockerfile
FROM rhel7
COPY yum.repo /etc/yum.repos.d/yum.repo
RUN rpmdb --rebuilddb && yum install -y gcc pcre-devel zlib-devel make
ADD nginx-1.15.8.tar.gz /mnt ##ADD比COPY更强大,如果文件是可识别的压缩文件,会帮忙解压
WORKDIR /mnt/nginx-1.15.8
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc ##关闭debug日志
RUN ./configure --prefix=/usr/local/nginx
RUN make
RUN make install
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
#封装镜像
[root@foundation19 docker]# docker build -t rhel7:v3 .
#创建容器
[root@foundation19 docker]# docker rm -f vm1
vm1
[root@foundation19 docker]# docker run -d --name nginx rhel7:v3
#测试nginx是否可以正常访问
[root@foundation19 docker]# docker inspect nginx
/var/lib/docker/volumes/2e9222ac2ddb8c79ea4391a9c4e6105dad6065cfcf2aa0f25c29273b9036769c/_data
[root@foundation19 docker]# cd /var/lib/docker/volumes/2e9222ac2ddb8c79ea4391a9c4e6105dad6065cfcf2aa0f25c29273b9036769c/_data
[root@foundation19 _data]# ls
50x.html index.html
[root@foundation19 _data]# echo "hello,world" > index.html
[root@foundation19 _data]# cat index.html
hello,world
[root@foundation19 _data]# curl 172.17.0.2 #可以正常访问
hello,world
- 优化前,镜像大小为276MB
- 第一次优化
##将不想看到的输出都导入到垃圾箱
[root@foundation19 docker]# cat Dockerfile
FROM rhel7
COPY yum.repo /etc/yum.repos.d/yum.repo
RUN rpmdb --rebuilddb && yum install -y gcc pcre-devel zlib-devel make &> /dev/null && yum clean all
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/local/nginx &> /dev/null
RUN make &> /dev/null
RUN make install &> /dev/null
RUN rm -fr /mnt/nginx-1.15.8
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
#重新封装一个镜像
[root@foundation19 docker]# docker build -t rhel7:v4 .
Successfully built fba2f9ad94cd
Successfully tagged rhel7:v4
- 可以看到镜像大小变小了
- 第二次优化
#将RUN都放在一行,减少层数
[root@foundation19 docker]# cat Dockerfile
FROM rhel7
COPY yum.repo /etc/yum.repos.d/yum.repo
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN rpmdb --rebuilddb && yum install -y gcc pcre-devel zlib-devel make &> /dev/null && yum clean all && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && rm -fr /mnt/nginx-1.15.8
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
[root@foundation19 docker]# docker build -t rhel7:v5 .
- 查看大小,有缩小2MB(效果不明显)
- 第三次优化
[root@foundation19 docker]# cat Dockerfile
FROM rhel7 as build
COPY yum.repo /etc/yum.repos.d/yum.repo
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN rpmdb --rebuilddb && yum install -y gcc pcre-devel zlib-devel make &> /dev/null && yum clean all && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && rm -fr /mnt/nginx-1.15.8
FROM rhel7
COPY --from=build /usr/local/nginx /usr/local/nginx
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
[root@foundation19 docker]# docker build -t rhel7:v6 .
- 现在封装出来的nginx只占1MB(141-140)
- 终极优化(从底层优化)
[root@foundation19 images]# docker load -i distroless.tar
[root@foundation19 images]# docker load -i nginx.tar
[root@foundation19 test]# vim Dockerfile
[root@foundation19 test]# cat Dockerfile
FROM nginx as base
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARG Asia/Shanghai
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base
COPY --from=base /opt /
EXPOSE 80
ENTRYPOINT ["nginx", "-g", "daemon off;"]
[root@foundation19 test]# docker build -t rhel7:v7 .
- 现在整个镜像只有 23.2MB
- 测试一下这么小的镜像能否正常使用
[root@foundation19 test]# docker run -d --name nginx rhel7:v7
输入http://172.17.0.2/ ,访问成功!
三、 Dockerfile文件中CMD和ENTRYPOINT的区别
- ENTRYPOINT 容器启动后执行的命令,让容器执行表现的像一个可执行程序一样,与CMD 的 区 别 是 不 可 以 被 docker run 覆 盖 , 会 把 docker run 后 面 的 参 数 当 作 传 递 给ENTRYPOINT 指令的参数。Dockerfile 中只能指定一个 ENTRYPOINT,如果指定了很多,只 有 最 后 一 个 有 效 。 docker run 命 令 的 -entrypoint 参 数 可 以 把 指 定 的 参 数 继 续 传 递 给ENTRYPOINT
- 测试1
[root@foundation19 images]# docker load -i busybox.tar
[root@foundation19 ~]# cd /tmp/docker/
[root@foundation19 docker]# mkdir test
[root@foundation19 docker]# cd test/
[root@foundation19 test]# pwd
/tmp/docker/test
[root@foundation19 test]# vim Dockerfile
FROM busybox
ENV name world
CMD echo "hello,$name"
[root@foundation19 test]# docker build -t busybox:v1 .
[root@foundation19 test]# docker run --rm busybox:v1
hello,world
- 测试2
[root@foundation19 test]# cat Dockerfile
FROM busybox
ENV name world
CMD ["/bin/echo","hello,$name"]
[root@foundation19 test]# docker build -t busybox:v2 .
[root@foundation19 test]# docker run --rm busybox:v2
hello,$name
- 测试3
[root@foundation19 test]# cat Dockerfile
FROM busybox
ENV name world
CMD ["/bin/sh","-c","echo hello, $name"]
[root@foundation19 test]# docker build -t busybox:v3 .
[root@foundation19 test]# docker run --rm busybox:v3
hello, world
- 测试4
[root@foundation19 test]# cat Dockerfile
FROM busybox
ENTRYPOINT ["/bin/echo", "hello"]
CMD ["world"]
[root@foundation19 test]# docker build -t busybox:v4 .
[root@foundation19 test]# docker run --rm busybox:v4
hello world
[root@foundation19 test]# docker run --rm busybox:v4 westos
hello westos
扫一扫
1432
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
