六、DockerFile
DockerFile
大家想想,Nginx,tomcat,mysql 這些映象都是哪裡來的?官方能寫,我們不能寫嗎?
我們要研究自己如何做一個映象,而且我們寫的微服務專案以及springboot打包上雲部署,Docker就是 最方便的。
微服務打包成映象,任何裝了Docker的地方,都可以下載使用,極其的方便。
流程:開發應用=>DockerFile=>打包為映象=>上傳到倉庫(私有倉庫,公有倉庫)=> 下載映象 => 啟動執行。
還可以方便移植!
什麼是DockerFile
dockerfile是用來構建Docker映象的構建檔案,是由一系列命令和引數構成的指令碼。
構建步驟:
1、編寫DockerFile檔案
2、docker build 構建映象
3、docker run
dockerfile檔案我們剛才已經編寫過了一次,這裡我們繼續使用 centos 來看!
地址:https://hub.docker.com/_/centos
DockerFile構建過程
基礎知識:
1、每條保留字指令都必須為大寫字母且後面要跟隨至少一個引數
2、指令按照從上到下,順序執行
3、# 表示註釋
4、每條指令都會建立一個新的映象層,並對映象進行提交
流程:
1、docker從基礎映象執行一個容器 2、執行一條指令並對容器做出修改
3、執行類似 docker commit 的操作提交一個新的映象層
4、Docker再基於剛提交的映象執行一個新容器
5、執行dockerfile中的下一條指令直到所有指令都執行完成!
說明:
從應用軟體的角度來看,DockerFile,docker映象與docker容器分別代表軟體的三個不同階段。
-
DockerFile 是軟體的原材料 (程式碼)
-
Docker 映象則是軟體的交付品 (.apk)
-
Docker 容器則是軟體的執行狀態 (客戶下載安裝執行)
DockerFile 面向開發,Docker映象成為交付標準,Docker容器則涉及部署與運維,三者缺一不可!
DockerFile:需要定義一個DockerFile,DockerFile定義了程序需要的一切東西。DockerFile涉及的內容 包括執行程式碼或者是檔案、環境變數、依賴包、執行時環境、動態連結庫、作業系統的發行版、服務進 程和核心程序(當引用進行需要和系統服務和核心程序打交道,這時需要考慮如何設計 namespace的許可權控制)等等。
Docker映象:在DockerFile 定義了一個檔案之後,Docker build 時會產生一個Docker映象,當執行Docker 映象時,會真正開始提供服務;
Docker容器:容器是直接提供服務的。
DockerFile指令
關鍵字:
FROM #基礎映象,當前新映象是基於哪個映象的
MAINTAINER #映象維護者的姓名混合郵箱地址
RUN #容器構建時需要執行的命令
EXPOSE #當前容器對外保留出的埠
WORKDIR #指定在建立容器後,終端預設登入的進來工作目錄,一個落腳點
ENV #用來在構建映象過程中設定環境變數
ADD #將宿主機目錄下的檔案拷貝進映象且ADD命令會自動處理URL和解壓tar壓縮包
COPY #類似ADD,拷貝檔案和目錄到映象中!
VOLUME #容器資料卷,用於資料儲存和持久化工作
CMD #指定一個容器啟動時要執行的命令,dockerFile中可以有多個CMD指令,但只有最後一個生效!
ENTRYPOINT #指定一個容器啟動時要執行的命令!和CMD一樣
ONBUILD #當構建一個被繼承的DockerFile時執行命令,父映象在被子映象繼承後,父映象的ONBUILD被觸發
實戰測試
Docker Hub 中99% 的映象都是通過在base映象(Scratch)中安裝和配置需要的軟體構建出來的
自定義一個 centos
1、編寫DockerFile
檢視下官方預設的CentOS的情況:
目的:使我們自己的映象具備如下:登陸後的預設路徑、vim編輯器、檢視網路配置ifconfig支援
準備編寫DockerFlie檔案
[root@kuangshen home]# mkdir dockerfile-test
[root@kuangshen home]# ls
ceshi dockerfile-test docker-test-volume f1
[root@kuangshen home]#
[root@kuangshen home]# vim mydockerfile-centos # 編輯檔案
[root@kuangshen home]# cat mydockerfile-centos
FROM centos
MAINTAINER kuangshen<[email protected]>
ENV MYPATH /usr/local
WORKDIR $MYPATH
RUN yum -y install vim
RUN yum -y install net-tools
EXPOSE 80
CMD echo $MYPATH
CMD echo "----------end "
CMD /bin/bash
2、構建
docker build -f dockerfile 地址 -t 新映象名字:TAG .
會看到 docker build 命令最後有一個 . . 表示當前目錄
[root@kuangshen home]# docker build -f mydockerfile-centos -t mycentos:0.1 .
Sending build context to Docker daemon 6.144kB
Step 1/10 : FROM centos
---> 470671670cac
Step 2/10 : MAINTAINER kuangshen<[email protected]>
---> Running in ac052943c151
Removing intermediate container ac052943c151
---> 9d37c7174860
Step 3/10 : ENV MYPATH /usr/local
---> Running in a9d43e0b41bb
Removing intermediate container a9d43e0b41bb
---> 7a89b945c3a6
Step 4/10 : WORKDIR $MYPATH
---> Running in b41f085b06bc
Removing intermediate container b41f085b06bc
---> 022384682f07
Step 5/10 : RUN yum -y install vim
---> Running in 8a8d351ee43b
CentOS-8 - AppStream 2.7 MB/s | 7.0 MB 00:02
CentOS-8 - Base 1.1 MB/s | 2.2 MB 00:02
CentOS-8 - Extras 6.3 kB/s | 5.9 kB 00:00
Dependencies resolved.
===========================================================================
=====
Package Arch Version Repository
Size
===========================================================================
=====
Installing:
vim-enhanced x86_64 2:8.0.1763-13.el8 AppStream
1.4 M
Installing dependencies:
gpm-libs x86_64 1.20.7-15.el8 AppStream
39 k
vim-common x86_64 2:8.0.1763-13.el8 AppStream
6.3 M
vim-filesystem noarch 2:8.0.1763-13.el8 AppStream
48 k
which x86_64 2.21-10.el8 BaseOS
49 k
Transaction Summary
===========================================================================
=====
Install 5 Packages
Total download size: 7.8 M
Installed size: 31 M
Downloading Packages:
(1/5): gpm-libs-1.20.7-15.el8.x86_64.rpm 815 kB/s | 39 kB 00:00
(2/5): vim-filesystem-8.0.1763-13.el8.noarch.rp 2.1 MB/s | 48 kB 00:00
(3/5): which-2.21-10.el8.x86_64.rpm 161 kB/s | 49 kB 00:00
(4/5): vim-enhanced-8.0.1763-13.el8.x86_64.rpm 3.1 MB/s | 1.4 MB 00:00
(5/5): vim-common-8.0.1763-13.el8.x86_64.rpm 1.4 MB/s | 6.3 MB 00:04
Total 1.4 MB/s | 7.8 MB 00:05
warning: /var/cache/dnf/AppStream-02e86d1c976ab532/packages/gpm-libs-
1.20.7-15.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d:
NOKEY
CentOS-8 - AppStream 786 kB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <[email protected]>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing :
1/1
Installing : which-2.21-10.el8.x86_64
1/5
Installing : vim-filesystem-2:8.0.1763-13.el8.noarch
2/5
Installing : vim-common-2:8.0.1763-13.el8.x86_64
3/5
Installing : gpm-libs-1.20.7-15.el8.x86_64
4/5
Running scriptlet: gpm-libs-1.20.7-15.el8.x86_64
4/5
Installing : vim-enhanced-2:8.0.1763-13.el8.x86_64
5/5
Running scriptlet: vim-enhanced-2:8.0.1763-13.el8.x86_64
5/5
Running scriptlet: vim-common-2:8.0.1763-13.el8.x86_64
5/5
Verifying : gpm-libs-1.20.7-15.el8.x86_64
1/5
Verifying : vim-common-2:8.0.1763-13.el8.x86_64
2/5
Verifying : vim-enhanced-2:8.0.1763-13.el8.x86_64
3/5
Verifying : vim-filesystem-2:8.0.1763-13.el8.noarch
4/5
Verifying : which-2.21-10.el8.x86_64
5/5
Installed:
vim-enhanced-2:8.0.1763-13.el8.x86_64 gpm-libs-1.20.7-15.el8.x86_64
vim-common-2:8.0.1763-13.el8.x86_64 vim-filesystem-2:8.0.1763-
13.el8.noarch
which-2.21-10.el8.x86_64
Complete!
Removing intermediate container 8a8d351ee43b
---> 6f6449a55974
Step 6/10 : RUN yum -y install net-tools
---> Running in 4f2c187b0bed
Last metadata expiration check: 0:00:12 ago on Tue May 12 03:07:25 2020.
Dependencies resolved.
===========================================================================
=====
Package Architecture Version Repository
Size
===========================================================================
=====
Installing:
net-tools x86_64 2.0-0.51.20160912git.el8 BaseOS
323 k
Transaction Summary
===========================================================================
=====
Install 1 Package
Total download size: 323 k
Installed size: 1.0 M
Downloading Packages:
net-tools-2.0-0.51.20160912git.el8.x86_64.rpm 1.3 MB/s | 323 kB 00:00
Total 397 kB/s | 323 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing :
1/1
Installing : net-tools-2.0-0.51.20160912git.el8.x86_64
1/1
Running scriptlet: net-tools-2.0-0.51.20160912git.el8.x86_64
1/1
Verifying : net-tools-2.0-0.51.20160912git.el8.x86_64
1/1
Installed:
net-tools-2.0-0.51.20160912git.el8.x86_64
Complete!
Removing intermediate container 4f2c187b0bed
---> 3055316b02b9
Step 7/10 : EXPOSE 80
---> Running in 37148d44f075
Removing intermediate container 37148d44f075
---> dd8bc8a4e724
Step 8/10 : CMD echo $MYPATH
---> Running in 683039d5befd
Removing intermediate container 683039d5befd
---> cd3c78f8143e
Step 9/10 : CMD echo "----------end "
---> Running in d80e54fbc8ae
Removing intermediate container d80e54fbc8ae
---> c5b5391196c7
Step 10/10 : CMD /bin/bash
---> Running in 5564a62d36da
Removing intermediate container 5564a62d36da
---> 18888023317c
Successfully built 18888023317c Successfully tagged mycentos:0.1
3、執行
docker run -it 新映象名字:TAG
可以看到,我們自己的新映象已經支援 vim/ifconfig的命令,擴充套件OK!
4、列出映象地的變更歷史
docker history 映象名
CMD 和 ENTRYPOINT 的區別
我們之前說過,兩個命令都是指定一個容器啟動時要執行的命令
CMD:Dockerfile 中可以有多個CMD 指令,但只有最後一個生效,CMD 會被 docker run 之後的引數替換!
ENTRYPOINT: docker run 之後的引數會被當做引數傳遞給 ENTRYPOINT,之後形成新的命令組合!
測試:
CMD命令
# 1、構建dockerfile
[root@kuangshen home]# vim dockerfile-cmd-test
[root@kuangshen home]# cat dockerfile-cmd-test
FROM centos
CMD [ "ls", "-a" ]
# 2、build 映象
[root@kuangshen home]# docker build -f dockerfile-cmd-test -t cmdtest .
Sending build context to Docker daemon 22.02kB
Step 1/2 : FROM centos
---> 470671670cac
Step 2/2 : CMD [ "ls", "-a" ]
---> Running in a3072987de38
Removing intermediate container a3072987de38
---> 554bc6952657
Successfully built 554bc6952657
Successfully tagged cmdtest:latest
# 3、執行
[root@kuangshen home]# docker run 554bc6952657
.dockerenv
bin
dev
etc
home
lib
lib64
......
# 4、如果我們希望用 -l 列表展示資訊,我們就需要加上 -l引數
[root@kuangshen home]# docker run cmdtest -l
docker: Error response from daemon: OCI runtime create failed:
container_linux.go:349: starting container process caused "exec: \"-l\":
executable file not found in $PATH": unknown.
# 問題:我們可以看到可執行檔案找不到的報錯,executable file not found。
# 之前我們說過,跟在映象名後面的是 command,執行時會替換 CMD 的預設值。
# 因此這裡的 -l 替換了原來的 CMD,而不是新增在原來的 ls -a 後面。而 -l 根本不是命令,所
以自然找不到。
# 那麼如果我們希望加入 -l 這引數,我們就必須重新完整的輸入這個命令:
docker run cmdtest ls -al
ENTRYPOINT命令
# 1、構建dockerfile
[root@kuangshen home]# vim dockerfile-entrypoint-test
[root@kuangshen home]# cat dockerfile-entrypoint-test
FROM centos
ENTRYPOINT [ "ls", "-a" ]
# 2、build 映象
[root@kuangshen home]# docker build -f dockerfile-entrypoint-test -t
entrypointtest .
Sending build context to Docker daemon 23.04kB
Step 1/2 : FROM centos
---> 470671670cac
Step 2/2 : ENTRYPOINT [ "ls", "-a" ]
---> Running in bac4ae055630
Removing intermediate container bac4ae055630
---> ae07199f9144
Successfully built ae07199f9144
Successfully tagged entrypointtest:latest
# 3、執行
[root@kuangshen home]# docker run ae07199f9144
.dockerenv
bin
dev
etc
home
lib
lib64
......
# 4、測試-l引數,發現可以直接使用,這裡就是一種追加,我們可以明顯的知道 CMD 和
ENTRYPOINT 的區別了
[root@kuangshen home]# docker run entrypointtest -l
total 56
drwxr-xr-x 1 root root 4096 May 12 04:21 .
drwxr-xr-x 1 root root 4096 May 12 04:21 ..
-rwxr-xr-x 1 root root 0 May 12 04:21 .dockerenv
lrwxrwxrwx 1 root root 7 May 11 2019 bin -> usr/bin
drwxr-xr-x 5 root root 340 May 12 04:21 dev
drwxr-xr-x 1 root root 4096 May 12 04:21 etc
drwxr-xr-x 2 root root 4096 May 11 2019 home
.....
自定義映象 tomcat
1、mkdir -p kuangshen/build/tomcat
2、在上述目錄下 touch read.txt
3、將 JDK 和 tomcat 安裝的壓縮包拷貝進上一步目錄
4、在 /kuangshen/build/tomcat 目錄下新建一個Dockerfile檔案
# vim Dockerfile
FROM centos
MAINTAINER kuangshen<[email protected]>
#把宿主機當前上下文的read.txt拷貝到容器/usr/local/路徑下
COPY read.txt /usr/local/cincontainer.txt
#把java與tomcat新增到容器中
ADD jdk-8u11-linux-x64.tar.gz /usr/local/
ADD apache-tomcat-9.0.22.tar.gz /usr/local/
#安裝vim編輯器
RUN yum -y install vim
#設定工作訪問時候的WORKDIR路徑,登入落腳點
ENV MYPATH /usr/local
WORKDIR $MYPATH
#配置java與tomcat環境變數
ENV JAVA_HOME /usr/local/jdk1.8.0_11
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.22
ENV CATALINA_BASE /usr/local/apache-tomcat-9.0.22
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
#容器執行時監聽的埠
EXPOSE 8080
#啟動時執行tomcat
# ENTRYPOINT ["/usr/local/apache-tomcat-9.0.22/bin/startup.sh" ]
# CMD ["/usr/local/apache-tomcat-9.0.22/bin/catalina.sh","run"]
CMD /usr/local/apache-tomcat-9.0.22/bin/startup.sh && tail -F
/usr/local/apache-tomcat-9.0.22/bin/logs/catalina.out
當前檔案狀態
5、構建映象
[root@kuangshen tomcat]# docker build -t diytomcat .
.....
Successfully built ffdf6529937d
Successfully tagged diytomcat:latest # 構建完成
# 檢視確定構建完畢!
[root@kuangshen tomcat]# docker images
REPOSITORY TAG IMAGE ID CREATED
SIZE
diytomcat latest ffdf6529937d 20 seconds ago
636MB
6、執行啟動 run
docker run -d -p 9090:8080 --name mydiytomcat -v
/home/kuangshen/build/tomcat/test:/usr/local/apache-tomcat- 9.0.22/webapps/test -v
/home/kuangshen/build/tomcat/tomcat9logs/:/usr/local/apache-tomcat-
9.0.22/logs --privileged=true diytomcat
備註:Docker掛載主機目錄Docker訪問出現cannot open directory .: Permission denied
解決辦法:在掛載目錄後多加一個--privileged=true引數即可
7、驗證測試訪問! curl localhost:9090
8、結合前面學習的容器卷將測試的web服務test釋出
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"
<display-name>test</display-name>
</web-app>
a.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>hello,kuangshen</title>
</head>
<body>
welcome
<%=" my docker tomcat,kuangshen666 "%>
<br>
<br>
<% System.out.println("-------my docker tomcat ");%>
</body>
</html>
9、測試
# 檢視日誌
[root@kuangshen tomcat]# cd tomcat9logs/
[root@kuangshen tomcat9logs]# ll
total 24
-rw-r----- 1 root root 6993 May 12 12:50 catalina.2020-05-12.log
-rw-r----- 1 root root 7024 May 12 12:53 catalina.out
-rw-r----- 1 root root 0 May 12 12:47 host-manager.2020-05-12.log
-rw-r----- 1 root root 408 May 12 12:47 localhost.2020-05-12.log
-rw-r----- 1 root root 150 May 12 12:53 localhost_access_log.2020-05-12.txt
-rw-r----- 1 root root 0 May 12 12:47 manager.2020-05-12.log
[root@kuangshen tomcat9logs]# cat catalina.out
....
-------my docker tomcat------- # 搞 定
釋出映象
DockerHub
註冊dockerhub https://hub.docker.com/signup,需要有一個賬號
# 1、檢視登入命令
[root@kuangshen tomcat]# docker login --help
Usage: docker login [OPTIONS] [SERVER]
# 2、登入
[root@kuangshen tomcat]# docker login -u kuangshen
Password:
WARNING! Your password will be stored unencrypted in
/root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-
store
Login Succeeded
# 3、將映象釋出出去
[root@kuangshen tomcat]# docker push kuangshen/diytomcat:1.0
The push refers to repository [docker.io/library/diytomcat]
0f02399c6fdf: Preparing
e79ea0c3a34e: Preparing
09281fa8fe38: Preparing
b56a902b0aef: Preparing
0683de282177: Preparing
# 拒絕:請求的資源訪問被拒絕
denied: requested access to the resource is denied
# 問題:本地映象名無帳號資訊,解決加 tag即可
docker tag 251ca4419332 kuangshen/diytomcat:1.0
# 再 次 push, ok
[root@kuangshen tomcat]# docker push kuangshen/diytomcat:1.0
The push refers to repository [docker.io/kuangshen/diytomcat]
0f02399c6fdf: Pushing [========>
9.729MB/59.76MB
e79ea0c3a34e: Pushing [==========>
3.188MB/15.41MB
09281fa8fe38: Pushing [>
3.823MB/324MB
b56a902b0aef: Pushed
0683de282177: Pushing [=>
5.997MB/237.1MB
阿里雲映象服務
1、登入阿里雲
2、找到容器映象服務
3、建立名稱空間
4、建立映象倉庫
5、點選進入這個映象倉庫,可以看到所有的資訊
6、測試推送釋出
# 1、登入阿里雲
[root@kuangshen tomcat]# docker login --username=18225148644 registry.cn-
beijing.aliyuncs.com
Password:
WARNING! Your password will be stored unencrypted in
/root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-
store
Login Succeeded
# 2、設定 tag
docker tag [ImageId] registry.cn-beijing.aliyuncs.com/bilibili-
kuangshen/kuangshen-test:[映象版本號]
[root@kuangshen tomcat]# docker tag 251ca4419332 registry.cn-
beijing.aliyuncs.com/bilibili-kuangshen/kuangshen-test:v1.0
# 3、推送命令
docker push registry.cn-beijing.aliyuncs.com/bilibili-kuangshen/kuangshen-
test:[映象版本號]
[root@kuangshen tomcat]# docker push registry.cn-
beijing.aliyuncs.com/bilibili-kuangshen/kuangshen-test:v1.0
7、在阿里雲映象倉庫檢視效果!