Catalog
1. Create based on existing mirrors
2. Create based on local templates
(1) Federated File System (UnionFS)
(3) Why is centos in Docker only 200M in size?
2. Layering of Docker mirror structure
1. Common instructions for Dockerfile operations
(14) HEALTHCHECK Health Examination
2. The difference between ENTRYPOINT and CMD?
3. The difference between add and copy?
3. Build Systemctl mirror (based on SSH mirror)
1. Docker image creation
There are three ways to create a mirror, one based on an existing image, one based on a local template, and one based on a Dockerfile.
1. Create based on existing mirrors
(1) Start a mirror first and make changes in the container
docker create -it centos 7 /bin/bash
(2) Then submit the modified container as a new image, which needs to be created using the ID number of the container
docker commit -m "new" -a "centos" 751c644399e9 centos:test #Common options: -m Description Information: -a Author Information; -p Stop the container from running during the build process
2. Create based on local templates
Mirrors can be generated by importing operating system template files, which can be downloaded from OPENVZ open source projects at
http://openvz.org/Download/template/precreated
Here I download the software directly to the root directory
cat debian-7.0-x86-minimal.tar.gz | docker import - debian:test
3. Create based on Dockerfile
(1) Federated File System (UnionFS)
Union File System (UnionFS) is a hierarchical, lightweight, and high-performance file system that supports the submission of changes to the file system as a layer-by-layer overlay while mounting different directories to the same virtual file system. AUFS, OberlayFS, and Devicemapper are all UnionFS.
The Union file system is the basis of Docker mirroring. Mirrors can be inherited by layers, and based on the underlying mirror (without a parent), various specific application mirrors can be made.
Features: Load multiple file systems at once, but from the outside, you can only see one file system. Joint loading will overlay all the layers of the file system so that the final file system will contain all the underlying files and directories. The layer we see when we download is the Joint File System
(2) Mirror loading principle
Docker's mirror actually consists of a layer-by-layer file system, which is UnionFS
* Bootfs mainly contains boot loader and kernel, boot loader mainly boots the kernel, Linux will load bootfs file system when it is just started
* At the bottom of the Docker image is bootfs, which is the same layer as our typical Linux/Unix system and contains boot loaders and kernels. When boot loading is complete, the entire kernel is in memory, and memory usage is transferred from bootfs to the kernel, which unloads bootfs.
rootfs, on top of bootfs. Contains standard directories and files such as / dev, /proc, /bin, /etc on typical Linux systems. rootfs are various operating system distributions such as Ubuntu, Centos, and so on.
You can understand that there was nothing in the kernel at first, and if you download debian with a command, a basic mirror will be added to the kernel.Installing another emacs will overlay the underlying image.Then install another apache,Then they overlay the images. Finally they look like a file system, a container's rootfs. In the Docker system, these roots are added.FS are called Docker's mirrors. However, at this point, each layer of rootfs is read-only, and we cannot operate on it at this time. When we create a container, that is, instantiate the Docker image, the system assigns an empty layer of read-write rootfs on top of one or more layer of read-only rootfs.
(3) Why is centos in Docker only 200M in size?
Rootfs are very small for a compact OS and only need to contain the most basic commands, tools, and libraries, because the underlying layer uses the host's kernel directly and only needs to provide rootfs itself. This shows that bootfs are basically consistent for different linux distributions.Rootfs differ, so different distributions can share bootfs.
(4)Dockerfile
The Docker image is a special file system that contains configuration parameters (such as anonymous volumes, environment variables, users, etc.) for the runtime as well as programs, libraries, resources, configuration files needed for the container to run. The image does not contain any dynamic data and its contents will not change after it is built.
* Customization of mirrors is essentially customizing the configurations and files that each layer adds. If we can write commands for each layer to modify, install, build, and manipulate into a script that builds and customizes mirrors, then the transparency and volume problems of mirroring will be solved. This script is Dockerfile
* Dockerfile is a text file that contains instructions, each of which builds a layer, so the content of each instruction is to describe how that layer should be built. With Dockerfile,When we need to customize our own extra requirements, we can simply add or modify instructions on Dockerfile.
* In addition to manually generating the Docker image, you can use Dockerfile to automatically generate the image. A Dockerfile is a file of instructions, each of which corresponds to a command on Linux, and the Docker program reads the instructions in the Dockerfile to generate the specified image
The Dockerfile structure is roughly divided into four parts: basic mirroring information, maintainer information, mirroring instructions, and execution instructions at container startup. Dockerfile supports one instruction per line, multiple parameters per instruction, and the use of comments starting with the'#'sign.
2. Layering of Docker mirror structure
Mirroring is not a single file, but consists of multiple layers. The container actually adds a layer of read and write to the top of the image. Any file changes made in the running container are written to this layer. If the container is deleted, the top layer of read and write is deleted and file changes are lost. Docker manages each layer of the image using Storage Driven.Container Layer Containing Readable and Writable Layers
(1) Each instruction in the Dockerfile creates a new mirror layer;
(2) The mirror layer will be cached and reused:
(3) When the instructions of the Dockerfile are modified, the copied file changes, or the variables specified when the image is built are different, the corresponding mirror layer cache will fail:
(4) If a layer's mirror cache fails, the mirror cache after it will fail;
(5) The mirror layer is immutable. If you add a file in one layer and delete it in the next layer, it will still be included in the mirror, except that the file is not visible in the Docker container
1. Common instructions for Dockerfile operations
(1) FROM
Format: FROM image.
Specify the mirror on which the new image is based. The first instruction must be the FROM instruction, which is required for each image created.
(2) MAINTAINER
Format: MAINTAINER Name
Describe the maintainer information for the new mirror.
(3) RUN
Format: RUN command
Execute commands on the mirror on which they are based and submit them to a new mirror.
(4) ENTRYPOINT
Format: ENTRYPOINT ["Program to run","Parameter 1","Parameter 2"]
Sets the first command to run when the container starts and its parameters.
You can use commands
docker run --entrypoint
To override the contents of the ENTRYPOINT instruction in the mirror.
(5) CMD
Format: exec form: CMD ["Program to run","Parameter 1","Parameter 2"] shell form: CMD Command parameter 1 Parameter 2
Dockerfile can only have one CMD command for commands or scripts that are executed by default when starting the container. If multiple commands are specified, only the last command is executed.
If a command is specified in the dockerrun or if there is an ENTRYPOINT in the mirror, the cmd will be overwritten.
CMD can provide default parameters for ENTRYPOINT instructions
(6) EXPOSE
Format: EXPOSE Port number
Specify the port to open when the new image is loaded into the Docker
(7) ENV
Format: ENV Environment variable value
Setting a value for an environment variable will be used by subsequent RUN s
(8) ADD
Format: ADD source file/Directory Target File/Catalog
Copy the source file to the mirror, either in the same directory as the Dockerfile or in a URL
There are the following considerations:
1. If the source path is a file and the destination path ends/ends, the docker will treat the destination path as a directory and copy the source file to that directory
If the destination path does not exist, it will be automatically created
2. If the source path is a file and the destination path ends/ends, the docker treats the destination path as a file
If the destination path does not exist, a file with the same content will be created under the name of the destination path
If the target file is an existing file, it will be overwritten with the source file, of course, just the content overwrite, the file name or the target file name
If the target file is actually an existing directory, the source file will be copied to that directory. Note that in this case, it is best to end with/to avoid confusion
3. If the source path is a directory and the destination path does not exist, docker will automatically create a monthly record with the destination path to copy the files recorded monthly from the source path in
If the destination path is an existing directory, the docker will copy the files from the source path directory to that directory
4. If the source file is an archive (compressed file), the docker will automatically decompress it
The URL "download and decompression features cannot be used together. Any compressed file copied through the URL will not be decompressed automatically
(9) COPY
Format: COPY source file/Directory Target File/Catalog
Copy only files/directories on the local host. Copy to the destination location, source files/directories in the same directory as Dockerfile
(10) VOLUME
Format: VOLUME ["Catalog"]
Create a mount point in the container
(11) USER
Format: USER User name/UID
Specify the user when running the container
(12) WORKDIR
Format: WORKDIR Route
Specify working directories for subsequent RUN, CMD, ENTRYPOINT
(13) ONBUILD
format: ONBUILD command
Specify commands to run when the generated image is used as a base image
When an ONBUILD directive is added to a Dockerfile, it has no material effect on the use of the Dockerfile to build mirrors (such as A mirrors)
However, when you write a new Dockerfile to build one or more mirrors based on an A mirror (such as a B mirror), the ONBUILD instructions in the Dockerfile file for constructing an A mirror take effect. During the process of building a B mirror, the instructions specified by the ONBUILD instructions are executed first, then the other instructions are executed.
(14) HEALTHCHECK Health Examination
When writing a Dockerfile, there are strict formats to follow:.
The first line must use the FROM directive to indicate the name of the mirror on which it is based
Follow up with the MAINTAINER directive to describe the user information that maintains the image
The mirror operation related instructions, such as the RUN instructions, follow. Each run of the instructions adds a new layer to the underlying mirror
Finally, use CMD instructions to specify command actions to run when starting the container
2. The difference between ENTRYPOINT and CMD?
Any parameters passed in using the docker run command are appended to the entrypoint command, and the parameters passed in using this command override the values set in the Dockerfile using the CMD command.
The main purpose of a CMD instruction is to set the default execution command of the container. Commands set by CMD are executed after entrypoint.
ENTRYPOINT, which indicates the command that the mirror needs to execute at initialization and cannot be overridden by overrides
CMD, which indicates default parameters for mirror operation and can be overridden by overrides
ENTRYPOINT/CMD can only exist once in a file, and only the last one is valid (multiple, only the last one is valid, others are invalid!)
3. The difference between add and copy?
add and copy both have the ability to copy local files or directories to a mirror;
However, copy can only copy local files or directories, while add can copy files or directories by pulling them online through the url and adds can automatically unzip when copying local tar packages.
3. Dockerfile Case
1. Build Apache mirror
Create working directory
mkdir /opt/apache cd /opt/apache
Edit Dockerfile file
vim Dockerfile FROM centos:7 #Base Mirror Based MAINTAINER this is apache image <xcc> #Maintain mirrored user information RUN yum -y update #Mirror Operations Instructions Install apache Software RUN yum -y install httpd EXPOSE 80 #Open port 80 ADD index.html /var/www/html/index.html #Copy the first page file of the site ======Method One=======: ADD run.sh /run.sh #Copy the execution script into the mirror. RUN chmod 755 /run.sh CMD ["/run.sh"] #Execute script when starting container ======Method 2=======: ENTRYPOINT [ "/usr/sbin/apachectl" ] CMD ["-D","FOREGROUND"]
Prepare to execute script
Prepare site pages
Generate Mirror
docker build -t httpd:centos .
New Mirror Run Container
test
Visithttp://192.168.111.171:1216
If there is a network error prompt
[Warning] IPv4 forwarding is disabled.Networking will not work.
Solution:
vim /etc/sysctl.conf net.ipv4.ip_forward=1 sysctl -P systemctl restart network systemctl restart docker
2. Build SSH mirror
Create working directory
mkdir /opt/sshd cd /opt/sshd
Edit Dockerfile file
vim Dockerfile #The first line must specify the underlying mirror on which to base FROM centos:7 #Author Information MAINTAINER this is ssh image <wl> #Operational instructions for mirroring RUN yum -y update RUN yum -y install openssh* net-tools lsof telnet passwd RUN echo 'abc1234' | passwd --stdin root RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config #Do not use PAM authentication RUN sed -ri '/^session\s+required\s+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd #Remove pam restriction RUN ssh-keygen -t rsa -A #Generate key authentication file RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh EXPOSE 22 CMD ["/usr/sbin/sshd" , "-D"]
Generate Mirror
docker build -t sshd:centos .
Start Container
docker run -d -P sshd:centos
Test it
3. Build Systemctl mirror (based on SSH mirror)
Create working directory
mkdir /opt/systemctl cd /opt/systemctl
Edit Dockerfile file
vim Dockerfile FROM sshd:centos MAINTAINER this is systemctl image <wl> ENV container docker #Delete all files except systemd-tmpfiles-setup.service RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /etc/systemd/system/*.wants/*; \ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*;\ rm -f /lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup" ] #CMD ["/usr/sbin/init"]
Generate Mirror
docker build -t systemd:centos .
Start the container, mount the host directory into the container, and initialize
docker run --privileged -it -v /sys/fs/cgroup:/sys/fs/cgroup:ro systemd:centos /sbin/init &
Check to see if launch was successful
Verification:
Enter Container docker exec -it aa266466bd8b bash systemctl status sshd systemctl start sshd Method 2: docker run -d -P --privileged sshd:centos /usr/sbin/init &
Enter Container
4. Building a Nginx mirror
Create working directory and prepare software installation package
mkdir /opt/nginx cd /opt/nginx/ cp /opt/nginx-1.12.0.tar.gz /opt/nginx
Create Dockerfile file
#Base Mirror FROM centos:7 #User Information MAINTAINER this is nginx image <wl> #Add Environment Package RUN yum -y update RUN yum -y install pcre-devel zlib-devel gcc gcc-c++ make RUN useradd -M -s /sbin/nologin nginx #Upload and unzip nginx package ADD nginx-1.12.0.tar.gz /usr/local/src/ #assign work directory WORKDIR /usr/local/src/nginx-1.12.0 RUN ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_stub_status_module && make && make install ENV PATH /usr/local/nginx/sbin:$PATH #Specify http and https ports EXPOSE 80 EXPOSE 443 RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf #Close nginx to run in the background #Add run.sh from host to container ADD run.sh /run.sh RUN chmod 755 /run.sh CMD ["/run.sh"]
Edit Startup Script
vim run.sh #!/bin/bash /usr/local/nginx/sbin/nginx
Create a new image
docker build -t nginx:centos . docker run -d -P nginx:centos
Verification
Browser Access
http://192.168.111.171:49155
5. Build a Tomcat image
Create working directory and prepare software installation package
mkdir /opt/tomcat cd /opt/tomcat cp /opt/jdk-8u91-linux-x64.tar.gz /opt/tomcat cp /opt/apache-tomcat-8.5.16.tar.gz /opt/tomcat
Edit Dockerfile file
FROM centos:7
MAINTAINER this is tomcat image <wl>
ADD jdk-8u91-linux-x64.tar.gz /usr/local/
WORKDIR /usr/local/
RUN mv jdk1.8.0_91 /usr/local/java
ENV JAVA_HOME /usr/local/java
ENV JRE_HOME ${JAVA_HOME}/jre
ENV CLASSPATH .:${JAVA_HOME}/lib:${JRE_HOME}/lib
ENV PATH $JAVA_HOME/bin:$PATH
ADD apache-tomcat-8.5.16.tar.gz /usr/local/
WORKDIR /usr/local/
RUN mv apache-tomcat-8.5.16 /usr/local/tomcat
EXPOSE 8080
#CMD ["/usr/local/tomcat/bin/catalina.sh","run"]
ENTRYPOINT ["/usr/local/tomcat/bin/catalina.sh","run"]Create a new image
docker build -t tomcat:centos .
Start Container
docker run -d --name tomcat01 -p 1216:8080 tomcat:centos
Verify Tomcat
Web Input: http://192.168.111.171:1216
6. Build Mysql mirror
Upload MySQL by subpackage to/opt directory
Create working directory
mkdir /opt/mysqld cd /opt/mysqld
Edit Dockerfile file
FROM centos:7 MAINTAINER this is mysql image <wl> RUN yum -y install gcc gcc-c++ ncurses ncurses-devel bison cmake make RUN useradd -M -s /sbin/nologin mysql ADD mysql-boost-5.7.20.tar.gz /usr/local/src/ WORKDIR /usr/local/src/mysql-5.7.20/ RUN cmake \ -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \ -DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \ -DSYSCONFDIR=/etc \ -DSYSTEMD_PID_DIR=/usr/local/mysql \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \ -DMYSQL_DATADIR=/usr/local/mysql/data \ -DWITH_BOOST=boost \ -DWITH_SYSTEMD=1 && make && make install RUN chown -R mysql:mysql /usr/local/mysql/ RUN rm -rf /etc/my.cnf ADD my.cnf /etc/ RUN chown mysql:mysql /etc/my.cnf ENV PATH=/usr/local/mysql/bin:/usr/local/mysql/lib:$PATH WORKDIR /usr/local/mysql/ RUN bin/mysqld \ --initialize-insecure \ --user=mysql \ --basedir=/usr/local/mysql \ --datadir=/usr/local/mysql/data RUN cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/ EXPOSE 3306 ADD run.sh /usr/local/src RUN chmod 755 /usr/local/src/run.sh RUN sh /usr/local/src/run.sh #CMD ["/usr/sbin/init"]
Edit the configuration file for mysql
vim my.cnf [client] port = 3306 default-character-set=utf8 socket = /usr/local/mysql/mysql.sock [mysql] port = 3306 default-character-set=utf8 socket = /usr/local/mysql/mysql.sock [mysqld] user = mysql basedir = /usr/local/mysql datadir = /usr/local/mysql/data port = 3306 character_set_server=utf8 pid-file = /usr/local/mysql/mysqld.pid socket = /usr/local/mysql/mysql.sock server-id = 1 sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
Edit MySQL startup script
#!/bin/bash /usr/local/mysql/bin/mysqld systemctl enable mysqld
Create a new image
docker build -t mysql:centos .
Start the container and initialize it
docker run --name=mysql_server -d -P --privileged mysql:centos /usr/sbin/init &
Enter the container and authorize remote connection to mysql
docker exec -it f9a4d8f6c65f /bin/bash mysql -u root -p grant all privileges on *.* to 'root'@'%' identified by 'abc123'; grant all privileges on *.* to 'root'@'localhost' identified by 'abc123'; flush privileges;
Connect mysql container on client side
