容器技術之Dockerfile(二)
前文我們聊到了什麼是dockerfile,它的主要作用以及dockerfile的一些基本指令的使用方法,回顧請參考https://www.cnblogs.com/qiuhom-1874/p/13019411.html;今天我們在來聊一聊dockerfile餘下指令的用法和作用;
1、RUN:該指令用於docker build 過程中執行的程式,可以是任何命令;語法格式RUN <command> 或RUN ["<executable>", "<param1>", "<param2>"];第一種格式中,<command>通常是一個shell命令,且以“/bin/sh -c”來執行它,這意味著此程序在容器中的PID不為1,不能接收Unix訊號,因此,當使用docker stop <container>命令停止容器時,此程序接收不到SIGTERM訊號; 第二種語法格式中的引數是一個JSON格式的陣列,其中<executable>為要執行的命令,後面的<paramN>為傳遞給命令的選項或引數;然而,此種格式指定的命令不會以“/bin/sh -c”來發起,因此常見的shell操作如變數替換以及萬用字元(?,*等)替換將不會進行;不過,如果要執行的命令依賴於此shell特性的話,可以將其替換為 RUN ["/bin/sh", "-c", "<executable>", "<param1>"]這樣的格式;注意:json陣列中,要使用雙引號;
示例:
[root@node1 test]# cat Dockerfile FROM centos:7 MAINTAINER "qiuhom <[email protected]>" LABEL version="1.0" LABEL description="this is test file \ that label-values can span multiple lines." ARG web_home COPY html ${web_home:-"/data/htdoc/"} VOLUME ${web_home:-"/data/htdoc/"} EXPOSE 80/tcp 443/tcp RUN mkdir -p /aaa/bbb/t{1..4} [root@node1 test]#
提示:以上Dockerfile中,用RUN指令運行了mkdir命令,這種執行命令的方式在就可以利用shell的特性,如上大括號展開功能;
驗證:build 該dockerfile後,執行該映象為容器,看看容器內部是否建立了/aaa/bbb/t1 t2 t3 t4?
[root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 1c35c4412082 16 hours ago 1.22MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker build . -t myimg:v1 Sending build context to Docker daemon 1.05MB Step 1/9 : FROM centos:7 ---> b5b4d78bc90c Step 2/9 : MAINTAINER "qiuhom <[email protected]>" ---> Running in 64c792ce6750 Removing intermediate container 64c792ce6750 ---> 604899ef29f9 Step 3/9 : LABEL version="1.0" ---> Running in 6a3f9b4a9058 Removing intermediate container 6a3f9b4a9058 ---> d9edea71fa22 Step 4/9 : LABEL description="this is test file \ that label-values can span multiple lines." ---> Running in b191ab5e19f9 Removing intermediate container b191ab5e19f9 ---> ee027bbdc04b Step 5/9 : ARG web_home ---> Running in a4c86febf616 Removing intermediate container a4c86febf616 ---> 5b25bb7421dd Step 6/9 : COPY html ${web_home:-"/data/htdoc/"} ---> 7c7a667149fa Step 7/9 : VOLUME ${web_home:-"/data/htdoc/"} ---> Running in f9ec02d8f736 Removing intermediate container f9ec02d8f736 ---> 86c7226f6b21 Step 8/9 : EXPOSE 80/tcp 443/tcp ---> Running in ad82d389ac25 Removing intermediate container ad82d389ac25 ---> 28dadea40aff Step 9/9 : RUN mkdir -p /aaa/bbb/t{1..4} ---> Running in 1013a212d3f2 Removing intermediate container 1013a212d3f2 ---> 7f109a34a4a5 Successfully built 7f109a34a4a5 Successfully tagged myimg:v1 [root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE myimg v1 7f109a34a4a5 4 seconds ago 203MB busybox latest 1c35c4412082 16 hours ago 1.22MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker run --name test --rm -it myimg:v1 /bin/bash [root@fc89ca934ed5 /]# ls / aaa bin dev home lib64 mnt proc run srv tmp var anaconda-post.log data etc lib media opt root sbin sys usr [root@fc89ca934ed5 /]# ls /aaa/ bbb [root@fc89ca934ed5 /]# ls /aaa/bbb/ t1 t2 t3 t4 [root@fc89ca934ed5 /]# exit exit [root@node1 test]#
提示:底層基礎映象的shell如果不支援大括號展開,那麼我們基於這種映象做出來的映象執行以上命令也就不支援shell的大括號展開功能;
示例:
[root@node1 test]# cat Dockerfile FROM centos:7 MAINTAINER "qiuhom <[email protected]>" LABEL version="1.0" LABEL description="this is test file \ that label-values can span multiple lines." ARG web_home COPY html ${web_home:-"/data/htdoc/"} VOLUME ${web_home:-"/data/htdoc/"} EXPOSE 80/tcp 443/tcp RUN mkdir -p /aaa/bbb/t{1..4} RUN ["mkdir","-p","/ccc/ddd/f{1..4}"] [root@node1 test]#
提示:以json陣列格式的方式去執行命令,它預設是不支援shell的任何特性,這意味著執行該命令時,不是基於shell子程序的方式在執行命令,通常是核心直接執行了;所以上面的命令它會把大括號處理成字元,而不會展開;
驗證:build成映象執行成容器,看看是否把大括號處理成字元了?
[root@node1 test]# docker build . -t myimg:v1.1 Sending build context to Docker daemon 1.05MB Step 1/10 : FROM centos:7 ---> b5b4d78bc90c Step 2/10 : MAINTAINER "qiuhom <[email protected]>" ---> Using cache ---> 604899ef29f9 Step 3/10 : LABEL version="1.0" ---> Using cache ---> d9edea71fa22 Step 4/10 : LABEL description="this is test file \ that label-values can span multiple lines." ---> Using cache ---> ee027bbdc04b Step 5/10 : ARG web_home ---> Using cache ---> 5b25bb7421dd Step 6/10 : COPY html ${web_home:-"/data/htdoc/"} ---> Using cache ---> 7c7a667149fa Step 7/10 : VOLUME ${web_home:-"/data/htdoc/"} ---> Using cache ---> 86c7226f6b21 Step 8/10 : EXPOSE 80/tcp 443/tcp ---> Using cache ---> 28dadea40aff Step 9/10 : RUN mkdir -p /aaa/bbb/t{1..4} ---> Using cache ---> 7f109a34a4a5 Step 10/10 : RUN ["mkdir","-p","/ccc/ddd/f{1..4}"] ---> Running in 9da1e6bab59f Removing intermediate container 9da1e6bab59f ---> ae463ec8cbd9 Successfully built ae463ec8cbd9 Successfully tagged myimg:v1.1 [root@node1 test]# docker run --name test --rm -it myimg:v1.1 /bin/bash [root@02ec6e404100 /]# ls / aaa bin data etc lib media opt root sbin sys usr anaconda-post.log ccc dev home lib64 mnt proc run srv tmp var [root@02ec6e404100 /]# ls /ccc/ddd/ f{1..4} [root@02ec6e404100 /]#
提示:可以看到在/ccc/ddd/目錄下並沒有把大括號展開,而是直接把它當成了字元處理了;如果我們想要用json陣列這種方式執行命令,又想讓使用shell特性,我們可以使用"/bin/sh -c"來明確聲明後面的命令用shell子程序的方式執行;如下所示
[root@node1 test]# cat Dockerfile FROM centos:7 MAINTAINER "qiuhom <[email protected]>" LABEL version="1.0" LABEL description="this is test file \ that label-values can span multiple lines." ARG web_home COPY html ${web_home:-"/data/htdoc/"} VOLUME ${web_home:-"/data/htdoc/"} EXPOSE 80/tcp 443/tcp RUN mkdir -p /aaa/bbb/t{1..4} RUN ["/bin/bash","-c","mkdir -p /ccc/ddd/f{1..4}"] [root@node1 test]#
提示:以上執行命令的方式就明確宣告使用shell子程序的方式執行命令;這裡需要注意一點的是,如果使用json陣列的方式執行命令,後面真正執行的命令要一個整體當作引數傳給"/bin/bash"
驗證:看看是否會把大括號展開?
[root@node1 test]# docker build . -t myimg:v1.2 Sending build context to Docker daemon 1.05MB Step 1/10 : FROM centos:7 ---> b5b4d78bc90c Step 2/10 : MAINTAINER "qiuhom <[email protected]>" ---> Using cache ---> 604899ef29f9 Step 3/10 : LABEL version="1.0" ---> Using cache ---> d9edea71fa22 Step 4/10 : LABEL description="this is test file \ that label-values can span multiple lines." ---> Using cache ---> ee027bbdc04b Step 5/10 : ARG web_home ---> Using cache ---> 5b25bb7421dd Step 6/10 : COPY html ${web_home:-"/data/htdoc/"} ---> Using cache ---> 7c7a667149fa Step 7/10 : VOLUME ${web_home:-"/data/htdoc/"} ---> Using cache ---> 86c7226f6b21 Step 8/10 : EXPOSE 80/tcp 443/tcp ---> Using cache ---> 28dadea40aff Step 9/10 : RUN mkdir -p /aaa/bbb/t{1..4} ---> Using cache ---> 7f109a34a4a5 Step 10/10 : RUN ["/bin/bash","-c","mkdir -p /ccc/ddd/f{1..4}"] ---> Running in a5785a139e1f Removing intermediate container a5785a139e1f ---> 30a5f5594104 Successfully built 30a5f5594104 Successfully tagged myimg:v1.2 [root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE myimg v1.2 30a5f5594104 5 seconds ago 203MB myimg v1.1 ae463ec8cbd9 9 minutes ago 203MB myimg v1 7f109a34a4a5 21 minutes ago 203MB busybox latest 1c35c4412082 16 hours ago 1.22MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker run --name test --rm -it myimg:v1.2 /bin/bash [root@549f875aa4de /]# ls / aaa bin data etc lib media opt root sbin sys usr anaconda-post.log ccc dev home lib64 mnt proc run srv tmp var [root@549f875aa4de /]# ls /ccc/ddd/ f1 f2 f3 f4 [root@549f875aa4de /]#
提示:可以看到用"/bin/bash -c" 是可以明確聲明後面的命令用shell子程序的方式執行,這樣一來就可以在後面的命令使用shell特性的語法;
2、CMD:該指令類似於RUN指令,CMD指令也可用於執行任何命令或應用程式,不過,二者的執行時間點不同; RUN指令運行於映像檔案構建過程中,而CMD指令運行於基於Dockerfile構建出的新映像檔案啟動一個容器時; CMD指令的首要目的在於為啟動的容器指定預設要執行的程式,且其執行結束後,容器也將終止;不過,CMD指定的命令其可以被docker run的命令列選項所覆蓋;在Dockerfile中可以存在多個CMD指令,但僅最後一個會生效;語法格式 CMD <command> 或 CMD [“<executable>”, “<param1>”, “<param2>”] 或 CMD ["<param1>","<param2>"];前兩種語法格式的意義同RUN,第三種則用於為ENTRYPOINT指令提供預設引數;
示例:
[root@node1 test]# cat Dockerfile FROM busybox:latest MAINTAINER "qiuhom <[email protected]>" LABEL version="1.0" LABEL description="this is test file \ that label-values can span multiple lines." ARG web_home COPY html ${web_home:-"/data/htdoc/"} VOLUME ${web_home:-"/data/htdoc/"} EXPOSE 80/tcp 443/tcp CMD httpd -f -h /data/htdoc/ [root@node1 test]#
提示:docker容器內部執行的程式必須執行為前臺;CMD是指定容器執行時要執行的命令;通常該命令或程式是以前臺方式執行;如果不是前臺執行,我們的容器就會存在一啟動就退出的情況;以上命令就表示前臺執行httpd程式 並指定httpd 的工作目錄為${web_home}變數所指定的目錄;
驗證:build後看看啟動為容器是否提供80訪問服務?
[root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE myimg v1.2 30a5f5594104 23 minutes ago 203MB myimg v1.1 ae463ec8cbd9 32 minutes ago 203MB myimg v1 7f109a34a4a5 44 minutes ago 203MB busybox latest 1c35c4412082 16 hours ago 1.22MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker build . -t myimg:v1.3 Sending build context to Docker daemon 1.05MB Step 1/9 : FROM busybox:latest ---> 1c35c4412082 Step 2/9 : MAINTAINER "qiuhom <[email protected]>" ---> Running in deb5e54eef87 Removing intermediate container deb5e54eef87 ---> baf170e0c586 Step 3/9 : LABEL version="1.0" ---> Running in 433669185e0d Removing intermediate container 433669185e0d ---> d96fb4ae3d58 Step 4/9 : LABEL description="this is test file \ that label-values can span multiple lines." ---> Running in b5da74e27c69 Removing intermediate container b5da74e27c69 ---> 62372d19daf3 Step 5/9 : ARG web_home ---> Running in 3f65a67bb15a Removing intermediate container 3f65a67bb15a ---> 1ce797c7cde0 Step 6/9 : COPY html ${web_home:-"/data/htdoc/"} ---> 15848dea21b9 Step 7/9 : VOLUME ${web_home:-"/data/htdoc/"} ---> Running in 868f4c10e00f Removing intermediate container 868f4c10e00f ---> f3ec40d1cb5e Step 8/9 : EXPOSE 80/tcp 443/tcp ---> Running in 7f72c2612e92 Removing intermediate container 7f72c2612e92 ---> 5ccfc6d604cc Step 9/9 : CMD httpd -f -h /data/htdoc/ ---> Running in 95a4fd578821 Removing intermediate container 95a4fd578821 ---> 2e296b4f4500 Successfully built 2e296b4f4500 Successfully tagged myimg:v1.3 [root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE myimg v1.3 2e296b4f4500 3 seconds ago 1.22MB myimg v1.2 30a5f5594104 23 minutes ago 203MB myimg v1.1 ae463ec8cbd9 33 minutes ago 203MB myimg v1 7f109a34a4a5 44 minutes ago 203MB busybox latest 1c35c4412082 16 hours ago 1.22MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker run --name b1 -d myimg:v1.3 c3514f782cffd8140aa7c612293029f4d0302e8d697887dfc2696eea44a31700 [root@node1 test]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c3514f782cff myimg:v1.3 "/bin/sh -c 'httpd -…" 4 seconds ago Up 3 seconds 80/tcp, 443/tcp b1 [root@node1 test]# curl http://172.17.0.2/test1.html this is test1 html [root@node1 test]#
提示:可以看到httpd是可以正常提供服務的;從上面的資訊我們也可以瞭解到執行容器後,它預設是把我們寫的命令當作shell子命令的方式在執行;
示例:以json陣列方式執行命令
[root@node1 test]# cat Dockerfile FROM busybox:latest MAINTAINER "qiuhom <[email protected]>" LABEL version="1.0" LABEL description="this is test file \ that label-values can span multiple lines." ARG web_home COPY html ${web_home:-"/data/htdoc/"} VOLUME ${web_home:-"/data/htdoc/"} EXPOSE 80/tcp 443/tcp CMD ["httpd","-f","-h","/data/htdoc/"] [root@node1 test]#
提示:用json陣列格式執行命令,需要把後面的每個選項當作引數傳給httpd;
驗證:執行容器看看容器是否退出,是否能夠正常提供httpd服務?
[root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE myimg v1.3 2e296b4f4500 24 minutes ago 1.22MB myimg v1.2 30a5f5594104 47 minutes ago 203MB myimg v1.1 ae463ec8cbd9 57 minutes ago 203MB myimg v1 7f109a34a4a5 About an hour ago 203MB busybox latest 1c35c4412082 17 hours ago 1.22MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker build . -t myimg:v1.4 Sending build context to Docker daemon 1.05MB Step 1/9 : FROM busybox:latest ---> 1c35c4412082 Step 2/9 : MAINTAINER "qiuhom <[email protected]>" ---> Using cache ---> baf170e0c586 Step 3/9 : LABEL version="1.0" ---> Using cache ---> d96fb4ae3d58 Step 4/9 : LABEL description="this is test file \ that label-values can span multiple lines." ---> Using cache ---> 62372d19daf3 Step 5/9 : ARG web_home ---> Using cache ---> 1ce797c7cde0 Step 6/9 : COPY html ${web_home:-"/data/htdoc/"} ---> Using cache ---> 15848dea21b9 Step 7/9 : VOLUME ${web_home:-"/data/htdoc/"} ---> Using cache ---> f3ec40d1cb5e Step 8/9 : EXPOSE 80/tcp 443/tcp ---> Using cache ---> 5ccfc6d604cc Step 9/9 : CMD ["httpd","-f","-h","/data/htdoc/"] ---> Running in 5bebdabfe2b7 Removing intermediate container 5bebdabfe2b7 ---> 58e3b4c40ae7 Successfully built 58e3b4c40ae7 Successfully tagged myimg:v1.4 [root@node1 test]# docker run --name b1 -d myimg:v1.4 a32a05033a6dcb735363906bfcd2b84cfb290ca1b60c17d3ac2f81cdeceee705 [root@node1 test]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a32a05033a6d myimg:v1.4 "httpd -f -h /data/h…" 6 seconds ago Up 5 seconds 80/tcp, 443/tcp b1 [root@node1 test]# curl http://172.17.0.2/test1.html this is test1 html [root@node1 test]#
提示:可以看到httpd服務可以正常提供訪問,說明我們用json陣列方式執行命令是正確的;總結一點,用CMD或RUN指令執行命令時,如果直接在CMD或RUN指令後面接命令,這種方式通常會被解釋為啟動一個shell子程序執行命令,RUN指令表現形式就是後面的命令可以使用shell特性的語法格式的命令,比如大括號展開等等;而CMD指令表現形式就是啟動為容器後,它預設會把我們指定執行的命令當作引數傳給“/bin/sh”來執行;CMD或RUN指令加中括號的形式就表示使用json陣列格式方式執行命令;這種方式執行命令在CMD中表現形式是我們執行的命令的選項都要當作引數傳給該命令;RUN指令表現形式是不能使用shell特性的命令;如果非要使用shell特性的命令格式,我們需要把我們的命令當作引數傳給“/bin/sh”,當然前提是我們的基礎映象shell支援shell特性的語法;
3、ENTRYPOINT:該指令類似CMD指令的功能,用於為容器指定預設執行程式,從而使得容器像是一個單獨的可執行程式;與CMD不同的是,由ENTRYPOINT啟動的程式不會被docker run命令列指定的引數所覆蓋,而且,這些命令列引數會被當作引數傳遞給ENTRYPOINT指定的程式(不過,docker run命令的--entrypoint選項的引數可覆蓋ENTRYPOINT指令指定的程式);語法格式 ENTRYPOINT <command>或 ENTRYPOINT ["<executable>", "<param1>", "<param2>"];docker run命令傳入的命令引數會覆蓋CMD指令的內容並且附加到ENTRYPOINT命令最後做為其引數使用;Dockerfile檔案中也可以存在多個ENTRYPOINT指令,但僅有最後一個會生效;
示例:
[root@node1 test]# cat Dockerfile FROM busybox:latest MAINTAINER "qiuhom <[email protected]>" LABEL version="1.0" LABEL description="this is test file \ that label-values can span multiple lines." ARG web_home COPY html ${web_home:-"/data/htdoc/"} VOLUME ${web_home:-"/data/htdoc/"} EXPOSE 80/tcp 443/tcp ENTRYPOINT httpd -f -h /data/htdoc/ [root@node1 test]#
提示:以上dockerfile中用ENTRYPOINT 來指定容器預設執行程式,它和CMD不同的是,CMD指定執行的命令,我們可以使用docker run 命令加要執行的的命令替代容器裡預設執行的命令,而ENTRYPOINT指定的命令我們是不可隨便替換的,如果要替換必須要使用--entrypoint選項來指定;
驗證:build成映象,我們啟動為容器直接執行/bin/sh 看看是否可行?
[root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE myimg v1.4 58e3b4c40ae7 23 minutes ago 1.22MB myimg v1.3 2e296b4f4500 47 minutes ago 1.22MB myimg v1.2 30a5f5594104 About an hour ago 203MB myimg v1.1 ae463ec8cbd9 About an hour ago 203MB myimg v1 7f109a34a4a5 2 hours ago 203MB busybox latest 1c35c4412082 17 hours ago 1.22MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker build . -t myimg:v1.5 Sending build context to Docker daemon 1.05MB Step 1/9 : FROM busybox:latest ---> 1c35c4412082 Step 2/9 : MAINTAINER "qiuhom <[email protected]>" ---> Using cache ---> baf170e0c586 Step 3/9 : LABEL version="1.0" ---> Using cache ---> d96fb4ae3d58 Step 4/9 : LABEL description="this is test file \ that label-values can span multiple lines." ---> Using cache ---> 62372d19daf3 Step 5/9 : ARG web_home ---> Using cache ---> 1ce797c7cde0 Step 6/9 : COPY html ${web_home:-"/data/htdoc/"} ---> Using cache ---> 15848dea21b9 Step 7/9 : VOLUME ${web_home:-"/data/htdoc/"} ---> Using cache ---> f3ec40d1cb5e Step 8/9 : EXPOSE 80/tcp 443/tcp ---> Using cache ---> 5ccfc6d604cc Step 9/9 : ENTRYPOINT httpd -f -h /data/htdoc/ ---> Running in de274d68686c Removing intermediate container de274d68686c ---> 5825c2ec655f Successfully built 5825c2ec655f Successfully tagged myimg:v1.5 [root@node1 test]# docker run --name b1 --rm -it myimg:v1.5 /bin/sh
提示:執行以上命令後,不會給我們一個shell終端,也不報錯;但是我們直接訪問httpd服務是可以正常訪問的;這意味我們用docker run 命令是不能替換我們用entrypoint指定指定的命令的;
測試:用--entrypoint 選項來看看是否能夠覆蓋ENTRYPOINT指定所指定的命令程式?
[root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE myimg v1.5 5825c2ec655f 12 minutes ago 1.22MB myimg v1.4 58e3b4c40ae7 35 minutes ago 1.22MB myimg v1.3 2e296b4f4500 About an hour ago 1.22MB myimg v1.2 30a5f5594104 About an hour ago 203MB myimg v1.1 ae463ec8cbd9 2 hours ago 203MB myimg v1 7f109a34a4a5 2 hours ago 203MB busybox latest 1c35c4412082 17 hours ago 1.22MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker run --name b1 --rm -it --entrypoint "/bin/sh" myimg:v1.5 / # ls bin data dev etc home proc root sys tmp usr var / # ps PID USER TIME COMMAND 1 root 0:00 /bin/sh 7 root 0:00 ps / #
提示:可以看到使用docker run 必須要加--entrypoint 選項才可以覆蓋ENTRYPOINT指令指定的命令;
示例:使用json陣列格式來指定命令
[root@node1 test]# cat Dockerfile FROM busybox:latest MAINTAINER "qiuhom <[email protected]>" LABEL version="1.0" LABEL description="this is test file \ that label-values can span multiple lines." ARG web_home COPY html ${web_home:-"/data/htdoc/"} VOLUME ${web_home:-"/data/htdoc/"} EXPOSE 80/tcp 443/tcp ENTRYPOINT ["httpd","-f","-h","/data/htdoc/"] [root@node1 test]#
提示:使用json陣列格式來指定命令時,都需要將後面的選項和引數當作該命令的引數傳進去;
測試:使用docker run 直接加命令 看看是否能夠覆蓋ENTRYPOINT指令指定的命令?
提示:可以看到我們直接使用命令是無法覆蓋ENTRYPOINT指令說指定的命令;
示例:
[root@node1 test]# cat Dockerfile FROM centos:7 MAINTAINER "qiuhom <[email protected]>" LABEL version="1.0" LABEL description="this is test file \ that label-values can span multiple lines." RUN yum install -y httpd EXPOSE 80/tcp ENTRYPOINT ["/usr/sbin/httpd","-DFOREGROUND"] [root@node1 test]#
測試:用docker run 命令覆蓋ENTRYPOINT指定的預設命令,看看是否可行?
[root@node1 test]# docker build . -t myimg:v1.7 Sending build context to Docker daemon 1.051MB Step 1/7 : FROM centos:7 ---> b5b4d78bc90c Step 2/7 : MAINTAINER "qiuhom <[email protected]>" ---> Using cache ---> 604899ef29f9 Step 3/7 : LABEL version="1.0" ---> Using cache ---> d9edea71fa22 Step 4/7 : LABEL description="this is test file \ that label-values can span multiple lines." ---> Using cache ---> ee027bbdc04b Step 5/7 : RUN yum install -y httpd ---> Running in 164240645e39 Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-93.el7.centos will be installed --> Processing Dependency: httpd-tools = 2.4.6-93.el7.centos for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.4.8-5.el7 will be installed ---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed ---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed ---> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be installed ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd x86_64 2.4.6-93.el7.centos base 2.7 M Installing for dependencies: apr x86_64 1.4.8-5.el7 base 103 k apr-util x86_64 1.5.2-6.el7 base 92 k centos-logos noarch 70.0.6-3.el7.centos base 21 M httpd-tools x86_64 2.4.6-93.el7.centos base 92 k mailcap noarch 2.1.41-2.el7 base 31 k Transaction Summary ================================================================================ Install 1 Package (+5 Dependent packages) Total download size: 24 M Installed size: 32 M Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/apr-util-1.5.2-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY Public key for apr-util-1.5.2-6.el7.x86_64.rpm is not installed -------------------------------------------------------------------------------- Total 7.8 MB/s | 24 MB 00:03 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-8.2003.0.el7.centos.x86_64 (@CentOS) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : apr-1.4.8-5.el7.x86_64 1/6 Installing : apr-util-1.5.2-6.el7.x86_64 2/6 Installing : httpd-tools-2.4.6-93.el7.centos.x86_64 3/6 Installing : centos-logos-70.0.6-3.el7.centos.noarch 4/6 Installing : mailcap-2.1.41-2.el7.noarch 5/6 Installing : httpd-2.4.6-93.el7.centos.x86_64 6/6 Verifying : mailcap-2.1.41-2.el7.noarch 1/6 Verifying : apr-util-1.5.2-6.el7.x86_64 2/6 Verifying : httpd-2.4.6-93.el7.centos.x86_64 3/6 Verifying : apr-1.4.8-5.el7.x86_64 4/6 Verifying : httpd-tools-2.4.6-93.el7.centos.x86_64 5/6 Verifying : centos-logos-70.0.6-3.el7.centos.noarch 6/6 Installed: httpd.x86_64 0:2.4.6-93.el7.centos Dependency Installed: apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7 centos-logos.noarch 0:70.0.6-3.el7.centos httpd-tools.x86_64 0:2.4.6-93.el7.centos mailcap.noarch 0:2.1.41-2.el7 Complete! Removing intermediate container 164240645e39 ---> 63db91f4fe6a Step 6/7 : EXPOSE 80/tcp ---> Running in 6585da71fc3b Removing intermediate container 6585da71fc3b ---> eb671cf67f52 Step 7/7 : ENTRYPOINT ["/usr/sbin/httpd","-DFOREGROUND"] ---> Running in f6e7297025af Removing intermediate container f6e7297025af ---> bac03b20761a Successfully built bac03b20761a Successfully tagged myimg:v1.7 [root@node1 test]# docker run --name m1 --rm -it myimg:v1.7 /bin/sh Usage: /usr/sbin/httpd [-D name] [-d directory] [-f file] [-C "directive"] [-c "directive"] [-k start|restart|graceful|graceful-stop|stop] [-v] [-V] [-h] [-l] [-L] [-t] [-T] [-S] [-X] Options: -D name : define a name for use in <IfDefine name> directives -d directory : specify an alternate initial ServerRoot -f file : specify an alternate ServerConfigFile -C "directive" : process directive before reading config files -c "directive" : process directive after reading config files -e level : show startup errors of level (see LogLevel) -E file : log startup errors to file -v : show version number -V : show compile settings -h : list available command line options (this page) -l : list compiled in modules -L : list available configuration directives -t -D DUMP_VHOSTS : show parsed vhost settings -t -D DUMP_RUN_CFG : show parsed run settings -S : a synonym for -t -D DUMP_VHOSTS -D DUMP_RUN_CFG -t -D DUMP_MODULES : show all loaded modules -M : a synonym for -t -D DUMP_MODULES -t : run syntax check for config files -T : start without DocumentRoot(s) check -X : debug mode (only one worker, do not detach) [root@node1 test]#
提示:可以看到我們用docker run指定命令去覆蓋ENTRYPOINT指令指定的命令,它給我們列印了httpd命令的用法,這說明我們後面傳遞的/bin/sh 當作引數傳遞給ENTRYPOINT說指定的命令;這裡還需要說一下,上面的示例用docker run 去覆蓋ENTRYPOINT指令指定的命令,沒有報錯的原因應該是busybox裡的httpd程式支援傳遞/bin/sh當作引數;
示例:CMD指令同ENTRYPOINT一起使用
[root@node1 test]# cat Dockerfile FROM centos:7 MAINTAINER "qiuhom <[email protected]>" LABEL version="1.0" LABEL description="this is test file \ that label-values can span multiple lines." RUN yum install -y httpd ADD entrypoint.sh /bin/ EXPOSE 80/tcp CMD ["/usr/sbin/httpd","-DFOREGROUND"] ENTRYPOINT ["/bin/entrypoint.sh"] [root@node1 test]#
提示:以上dockerfile使用了CMD和ENTRYPOINT指令來指定容器預設執行程式;此時CMD所指定的命令預設會以引數的形式傳給ENTRYPOINT指令所指定的命令;而上面ENTRYPOINT指定指定的是一個指令碼,也就說上面dockerfile最終執行的命令是/bin/entrypoint.sh /usr/sbin/httpd -DFOREGROUND;這裡的指令碼就相當於中間層,通過指令碼設定一些引數,然後把CMD指定的命令當作引數傳給指令碼,最終指令碼執行起來;
entrypoint指令碼
[root@node1 test]# ll total 1032 -rw-r--r-- 1 root root 307 Jun 3 11:28 Dockerfile -rwxr-xr-x 1 root root 300 Jun 3 11:22 entrypoint.sh drwxr-xr-x 2 root root 42 May 31 01:51 html -rw-r--r-- 1 root root 1043748 May 26 11:07 nginx-1.19.0.tar.gz -rw-r--r-- 1 root root 22 May 31 01:52 test.html [root@node1 test]# cat entrypoint.sh #!/bin/bash doc_root=${DOC_ROOT:-/var/www/html} cat > /etc/httpd/conf.d/myweb.conf <<EOF <virtualhost *:80> servername "localhost" documentroot "${doc_root}" <directory "${doc_root}"> options none allowoverride none require all granted </directory> </virtualhost> EOF exec "$@" [root@node1 test]#
提示:這個指令碼很簡單就是在/etc/httpd/conf.d/生成一個myweb.conf的配置檔案,然後最後引用指令碼的引數執行;exec "$@" 表示把指令碼的所有引數獨立執行成一個守護程序;預設不使用exec就表示以shell子程序的方式執行,exec就表示執行為單獨的守護程序,不再是shell子程序的方式;
測試:
[root@node1 test]# docker build . -t httpd:v1 Sending build context to Docker daemon 1.051MB Step 1/9 : FROM centos:7 ---> b5b4d78bc90c Step 2/9 : MAINTAINER "qiuhom <[email protected]>" ---> Using cache ---> 604899ef29f9 Step 3/9 : LABEL version="1.0" ---> Using cache ---> d9edea71fa22 Step 4/9 : LABEL description="this is test file \ that label-values can span multiple lines." ---> Using cache ---> ee027bbdc04b Step 5/9 : RUN yum install -y httpd ---> Using cache ---> 63db91f4fe6a Step 6/9 : ADD entrypoint.sh /bin/ ---> 49d1270c3aa3 Step 7/9 : EXPOSE 80/tcp ---> Running in 3dacf6acf23b Removing intermediate container 3dacf6acf23b ---> edced77af5b5 Step 8/9 : CMD ["/usr/sbin/httpd","-DFOREGROUND"] ---> Running in 23bb32def296 Removing intermediate container 23bb32def296 ---> 169a5e164ba5 Step 9/9 : ENTRYPOINT ["/bin/entrypoint.sh"] ---> Running in f3bf0c267c7b Removing intermediate container f3bf0c267c7b ---> 0801db092665 Successfully built 0801db092665 Successfully tagged httpd:v1 [root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE httpd v1 0801db092665 35 seconds ago 307MB myimg v1.7 bac03b20761a 12 minutes ago 307MB myimg v1.6 5370df4238eb 2 hours ago 1.22MB myimg v1.5 5825c2ec655f 2 hours ago 1.22MB myimg v1.4 58e3b4c40ae7 2 hours ago 1.22MB myimg v1.3 2e296b4f4500 3 hours ago 1.22MB myimg v1.2 30a5f5594104 3 hours ago 203MB myimg v1.1 ae463ec8cbd9 3 hours ago 203MB myimg v1 7f109a34a4a5 3 hours ago 203MB busybox latest 1c35c4412082 19 hours ago 1.22MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker run --name h1 -d httpd:v1 cee14b04912822c33e7deeee361e1ce0c20d7daf6c0666bff319bf3f1bc69bdc [root@node1 test]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cee14b049128 httpd:v1 "/bin/entrypoint.sh …" 9 seconds ago Up 9 seconds 80/tcp h1 [root@node1 test]#
提示:可以看到我們build成映象後,直接執行為容器,容器正常;我們進入容器內部看看它到底執行的說明命令
[root@node1 test]# docker exec -it h1 /bin/bash [root@cee14b049128 /]# ls /etc/httpd/conf.d/myweb.conf /etc/httpd/conf.d/myweb.conf [root@cee14b049128 /]# cat /etc/httpd/conf.d/myweb.conf <virtualhost *:80> servername "localhost" documentroot "/var/www/html" <directory "/var/www/html"> options none allowoverride none require all granted </directory> </virtualhost> [root@cee14b049128 /]# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 224080 5016 ? Ss 16:26 0:00 /usr/sbin/httpd -D apache 7 0.0 0.0 224212 2960 ? S 16:26 0:00 /usr/sbin/httpd -D apache 8 0.0 0.0 224212 2960 ? S 16:26 0:00 /usr/sbin/httpd -D apache 9 0.0 0.0 224212 2960 ? S 16:26 0:00 /usr/sbin/httpd -D apache 10 0.0 0.0 224212 2960 ? S 16:26 0:00 /usr/sbin/httpd -D apache 11 0.0 0.0 224212 2960 ? S 16:26 0:00 /usr/sbin/httpd -D root 12 0.0 0.0 11828 1932 pts/0 Ss 16:35 0:00 /bin/bash root 27 0.0 0.0 51756 1720 pts/0 R+ 16:36 0:00 ps aux [root@cee14b049128 /]# httpd -t -D DUMP_VHOSTS AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message VirtualHost configuration: *:80 localhost (/etc/httpd/conf.d/myweb.conf:1) [root@cee14b049128 /]#
提示:可以看到容器內部執行的就是/usr/sbin/httpd -DFOREGROUND這個命令;其實這個命令不是CMD直接執行的命令,而是通過指令碼獲取引數而來的;我們通過指令碼新增的配置檔案都在對應的位置,並且也都生效了;總結一點,通常CMD和ENTRYPOINT應用在通過entrypoint指令碼做中間層向容器內執行的程式提供配置檔案的場景,通常這些應用程式不是雲原生