Docker Series 8:Docker file Directive Details

Keywords: Linux Docker yum Nginx CentOS

1. Instructions for docker file s

1. Instruction 1:FROM Instruction

  • FROM must be the first comment directive

  • Used to specify the base image, which can be any image

  • When using the FROM command, docker daemon automatically looks for the specified image on its own machine first, and if it does not, it looks for the image on docker hub or other services.

Syntax Format of FROM

  • Format 1:FROM <repository>[:tag]

  • Format 2:FROM <repository>@<digest>

Be careful:

  • The first type of mirroring refers to new mirroring based on the name of the underlying mirror, but there may be a loophole in doing so

  • The second format mirrors based on a mirror hash code, which avoids this problem

Example: mirroring based on the latest version of busybox

FROM busybox:latest

2. Directive 2: MAINTANIER Directive

  • Waste, replaced with LABEL

  • Name used to describe the producer

  • Optional Options

Example:

MAINTAINER  "zxhk <zxhk0816@qq.com>"

3. Directive 3: LABEL Directive

  • This is the instructions in the new docker

  • This command is used to specify various metadata by kye value format. Author information is only one of them.

Grammar Format

LABEL <KEY>=<VALUE> <KEY>=<VALUE> <KEY>=<VALUE>..

4. Directive 4: COPY Directive

  • Copy files from the working directory of the host machine to the file system of the target image

Grammar Format

  • Copy a file: COPY <src> <dest>.

  • Copy multiple files: COPY [<src1> <src2> <src3>... <dest>]

Be careful:

  • Source file path, generally relative

  • Target file path, generally absolute

  • Support for wildcards

Guidelines for File Replication

  • Guideline 1: src must be a directory or file in the working directory, not a parent directory

  • Guideline 2: If dest does not exist, it will be automatically created

  • Guideline 3: If the src is a directory, all the contents under the src will be copied over recursively when copying, but the src itself will not be copied over

  • Guideline 4: If multiple SRCs are specified or wildcards are used in the src, the dest must be a directory and end with/

Example: Copy index.html from the current working directory to / data/web/html in the file system of the target container

COPY index /data/web/html

[With these four commands you can make a mirror]

A case; demonstrates the process of creating a docker file

Requirements:

  • Create an index.html in a container

  • Prepare the configuration file for yum in the container

Implementation process

Step 1: Create a working directory

[root@host1 ~]# mkdir /img1
[root@host1 ~]# cd /img1/

Step 2: Create an html file

[root@host1 img1]# echo "test page">>index.html
[root@host1 img1]# ls
index.html

Step 3: Prepare the configuration file for yum

[root@host1 img1]# cp -a /etc/yum.repos.d/ ./
[root@host1 img1]# ls
index.html  yum.repos.d

Step 4: Write a docker file

  • Specify author, MAINTAINER or LABEL

  • Put index.html under/data/

  • Place all files under yum.repos.d under / etc/yum.repos.d

[root@host1 img1]# vim Dockerfile
#my first docker file
FROM busybox:latest
MAINTAINER "zxhk <237745635@qq.com>"
COPY index.html /data/
COPY yum.repos.d /etc/yum.repos.d/

  • The source directory only needs to specify the name of the directory, and the files in the directory will be copied to it

  • A directory with the same name as the source directory will not be generated at the destination location, must be specified manually, and must end with/

Step 5: Make a mirror

[root@host1 img1]# docker build -t miniser:v1-1 ./
Sending build context to Docker daemon  20.99kB
Step 1/4 : FROM busybox:latest
 ---> b534869c81f0
Step 2/4 : MAINTAINER "zxhk <237745635@qq.com>"
 ---> Running in 9f9f8d0793fa
Removing intermediate container 9f9f8d0793fa
 ---> c928cd55b12c
Step 3/4 : COPY index.html /data/
 ---> 5fe09215a0e2
Step 4/4 : COPY yum.repos.d /etc/yum.repos.d/
 ---> 679710cab9bf
Successfully built 679710cab9bf
Successfully tagged miniser:v1-1

  • -t: is the label used to specify the image

[root@host1 img1]# docker image ls | grep mini
miniser                                         v1-1                679710cab9bf        2 minutes ago       1.23MB

Step 6: Start a container based on a mirror

[root@host1 img1]# docker run --name t123 \
> --rm miniser:v1-1 ls /etc/yum.repos.d
CentOS-Base.repo
CentOS-CR.repo
CentOS-Debuginfo.repo
CentOS-Media.repo
CentOS-Sources.repo
CentOS-Vault.repo
CentOS-fasttrack.repo
docker.repo

  • This container executes an ls command and stops when ls finishes executing

  • The result of executing this container is a list of output repo file names

5. Directive 5: ADD Directive

  • Similar to COPY, the difference is that ADD supports the use of URL paths, that is, if your mirroring host can connect to the Internet, you can download a file from the network locally and import it into your file.

  • Another function of ADD is that if the source file is a local file and this file is a tar compressed archive, ADD can automatically unzip and expand the file into your working directory. It is important to note that if the source file is a network file, it cannot be unzipped automatically.

Grammar Format:

ADD <src> <dest>
ADD ["<src>" "<src>" ... "<dest>"]

Demo: Download nginx and place it in the mirror under / var/usr/src

Step 1: Find the nginx download address

Step 2: Edit the docker file

#my first docker file
FROM busybox:latest
MAINTAINER "zxhk <237745635@qq.com>"
COPY index.html /data/
COPY yum.repos.d /etc/yum.repos.d/
ADD http://nginx.org/download/nginx-1.17.6.tar.gz /var/usr/src/

Step 3: Build a mirror

[root@host1 img1]# docker build -t miniser:v1-2 ./
[root@host1 img1]# docker image ls | grep mini
miniser                                         v1-2                eaceb1156a52        2 minutes ago       2.27MB
miniser                                         v1-1                679710cab9bf        23 minutes ago      1.23MB

Note: You can also download the installation package of nginx locally and then import it into the mirror

The contents of the Dockerfile are as follows

ADD nginx-1.17.2.tar.gz /usr/local/src/

  • Now unzip nginx into the / usr/local/src directory

6. Directive 6: WORKDIR Directive

  • To set the working directory, for example, in the previous example, with nginx placed under /usr/loca/src, we can set this directory as the working directory, as follows

#my first docker file
FROM busybox:latest
MAINTAINER "zxhk <237745635@qq.com>"
COPY index.html /data/
COPY yum.repos.d /etc/yum.repos.d/

WORKDIR /var/usr/src/
ADD http://nginx.org/download/nginx-1.17.6.tar.gz ./

7. Directive 7: VOLUME Directive

  • Used to create a mount point directory in the mirror to mount volumes on the host or other containers

  • Volumes created based on dockerfile cannot be specified in the directory of the host machine where the volume is located and need to be generated automatically

Grammar Format

  • VOLUME <mountpoint>

  • If the volume specified by docker had files before it, they would appear in the container after mounting the volume

Case: Modify Dockerfile to use/data/mysql as volume

Step 1: Modify the Dockerfile file

#my first docker file
FROM busybox:latest
MAINTAINER "zxhk <237745635@qq.com>"
COPY index.html /data/
COPY yum.repos.d /etc/yum.repos.d/

WORKDIR /var/usr/src/
ADD http://nginx.org/download/nginx-1.17.6.tar.gz ./

VOLUME /data/mysql/

Step 2: Build a mirror

[root@host1 img1]# docker build -t miniser:v1-3 ./

Step 3: Start the container to see how it is mounted

[root@host1 img1]# docker run --rm -it --name t100 miniser:v1-3
/var/usr/src # 
/var/usr/src # mount | grep mysql
/dev/mapper/centos-root on /data/mysql type xfs (rw,seclabel,relatime,attr2,inode64,noquota)
/var/usr/src #

  • docker inspect can also be executed for viewing

8. Directive 8:EXPOSE Directive

  • Open listening ports for containers to communicate with external hosts

Grammar Format:

  • EXPOSE <port>[/<protocol>] <port>[/<protocol>] <port>[/<protocol>] ...

  • Protocol is the specified protocol, either tcp or udp, default tcp

Example: Leak multiple ports

  • Example: EXPOSE 11211/udp 11211/tcp

Be careful:

  • EXPOSE instructions written in files simply mean that ports can be leaked, but are not really exposed

  • When port leaks are required, use option-P when creating a mirror, which automatically reads the EXPOSE settings to leak the necessary ports

Case study: Mirroring, leaking port 80

Step 1: Make a dockerfile

#my first docker file
FROM busybox:latest
MAINTAINER "zxhk <237745635@qq.com>"
COPY index.html /data/
COPY yum.repos.d /etc/yum.repos.d/

WORKDIR /var/usr/src/
ADD nginx-1.17.6.tar.gz ./

VOLUME /data/mysql/

EXPOSE 80/tcp 53/udp

Step 2 Make a mirror file

[root@host1 img1]# docker build -t miniser:v1-4 ./

Step 2: Start the container and run apache at startup

[root@host1 img1]# docker run --name t100 -it --rm miniser:v1-4 httpd -f -h /data

Check the address

[root@host1 img1]# docker inspect t100 -f '{{.NetworkSettings.IPAddress}}'
172.17.0.3

Direct Access Container Address

[root@host1 img1]# curl 172.17.0.3
test page

You can see if the port is leaking at this time

[root@host1 img1]# docker port t100
[root@host1 img1]#

  • No ports leaked

Next, restart running a container with the -p option

[root@host1 img1]# docker run --name t101 -p 80 -it --rm miniser:v1-4 httpd -f -h /data

Check the port of the leak again

[root@host1 ~]# docker port t101
80/tcp -> 0.0.0.0:32768

  • In fact, you can also use the -p option to leak ports that are not in the mirror for which you want to specify a leak

9. Directive 9:ENV Directive

  • Environment variables needed to define the mirror

  • ENV-defined environment variables can be invoked by subsequent instructions, such as COPY ADD

  • ENV can nest ENV

  • Format of call variable $var or ${var}

  • Define the format of the variable: ENV <key> <value>or ENV <key>=<value>

Supplement:

  • To define multiple variables, you can use \

  • If there are spaces in the variable name, they need to be quoted

Case: Modify Dockerfile environment variable

#my first docker file
FROM busybox:latest
MAINTAINER "zxhk <237745635@qq.com>"

ENV SOFT_NGX=nginx-1.17.6.tar.gz \
    DOC_ROOT=/data/ \
    WORK_DIR=/var/usr/src/ \
    REPO_DIR=/etc/yum.repos.d/ \
    MYSQL_DIR=/data/mysql/

COPY index.html ${DOC_ROOT:-/var/www/html/}

COPY yum.repos.d $REPO_DIR

WORKDIR $WORK_DIR
ADD $SOFT_NGX ./

VOLUME $MYSQL_DIR

EXPOSE 80/tcp 53/udp

Making Mirrors

[root@host1 img1]# docker build -t miniser:v1-5 ./
[root@host1 img1]# docker run --name t103 --rm miniser:v1-5 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=a93864cdbbce
SOFT_NGX=nginx-1.17.6.tar.gz
DOC_ROOT=/data/
WORK_DIR=/var/usr/src/
REPO_DIR=/etc/yum.repos.d/
MYSQL_DIR=/data/mysql/
HOME=/root

It is important to understand that variables are passed twice from building the mirror to starting the container, as follows

  • Variables can also be passed when building containers from mirrors, which can be obtained directly from the Dockerfile

  • You can also manually pass in variables when creating containers

Case study: Passing variables when starting a container

[root@host1 img1]# docker run --name t103 --rm \
> --env DOC_ROOT=/data/html/ \
> miniser:v1-5 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=d76460e0f8cd
DOC_ROOT=/data/html/
SOFT_NGX=nginx-1.17.6.tar.gz
WORK_DIR=/var/usr/src/
REPO_DIR=/etc/yum.repos.d/
MYSQL_DIR=/data/mysql/
HOME=/root


Posted by steviewdr on Mon, 23 Dec 2019 10:12:34 -0800

Hot Keywords

©2024 Programmer Group