Overview of Dockerfile and building image

Keywords: Linux Operation & Maintenance Docker


docker three elements

Mirroring: templates for containers
Container: a runtime state of an application environment
Warehouse: used to store images

How to create a mirror

Create based on an existing image
Create based on local template
Create based on Dockerfile

What are the components of a mirror

1. Basic image --------- centos
2. Dependent environment ---- gcc make jdk gd, etc
3. Application service package
4. Application service related profiles
5. Startup mode / script / command to run when container is opened

docker image hierarchy

Based on AUFS, it is a stackable file system.
The docker image is located above the bootfs, and the next layer of each layer image becomes the parent image
Each layer of image is called bash image (operating system environment image)
The container layer is readable and writable. At the top layer (writable), all below the container layer are readonly

Specific technology

1. bootfs(boot file system) is integrated in kernel space
It mainly includes bootloader and kernel
bootloader is mainly used to boot and load the kernel. When linux starts, bootfs file system will be loaded. Bootfs is at the bottom of docker image.

This layer is the same as our typical Linux/Unix system, including boot loader and kernel. After the boot is loaded, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also unload bootfs

In the linux operating system (different versions of linux distribution), when loading bootfs, linux will set rootfs to read-only. After the system self-test, read-only will be changed to read-write, so that we can operate in the operating system

2. rootfs (root file system) is integrated in kernel space
On top of bootfs (bash images, such as centos and Ubuntu)
It contains standard directories and files such as / dev /proc, /bin /etc in a typical linux system
rootfs is a variety of operating system distributions, such as ubuntu,centos, etc

3. Summary: why is the centos image of docker only a little more than 200M
bootfs + rootfs: it is used to load and boot kernel programs + mount some key directory files such as linux operating system (centos ubantu)
For a compact OS, rootfs can be very small. It only needs to include the most basic commands, tools and program libraries. Because the underlying layer directly uses the Host kernel, it only needs to provide rootfs. Therefore, for different linux distributions, bootfs are basically the same, and rootfs will be different. Therefore, different distributions can share bootfs

4. AUFS and overlay / overlay 2 (docker later)
AUFS is a federated file system. It uses multiple directories on the same Linuxhost to stack them one by one to present a unified file system. AUFS uses this feature to realize the layering of pocker images
docker uses overlay / overlay 2 storage drivers to support hierarchical structure. Overlay FS combines two directories on a single Linux host into one directory. These directories are called layers, and the unified process is called joint mount

overlay structure:

overlayfs stay linux There are only two layers on the host. One directory is on the lower layer to save the image(docker),Another directory is on the upper level to store container information
1,rootfs          base image 
2,lower           Lower level information(Mirror layer,container)
3,upper           Upper level directory(Container information, writable)
4,worker          Working directory of the run( copy-on-write Copy on write prepares the container environment)
5,mergod          "View layer(Container view)

Note: when modifying, if the upper layer does not, the files of the lower layer will be copied to the upper layer for modification and the results will be saved
docker image hierarchy

1.base image :base image 
2.image:It solidifies a standard operating environment and the function of the image itself-Encapsulate a group of functional files and provide them in a unified way and file format(read-only)
3.container:Container layer(Reading and writing)
4.docker-server end
5.Present to docker-client(view)

A concise overview of mirror tiering:

This is from top to bottom
container                 Container layer
image (s)                 Image layer (applied image layer - upper image layer))
image (s)                 Mirror layer(Environment dependent mirror layer - lower mirror layer)
base image                Base mirror layer( linux Release operating system rootfs)
kernel                    Kernel layer( aufs + bootfs )
Because each linux The distribution version shares one set bootfs Boot and load the file system (provided by the host kernel))
meanwhile vm The operating system of the virtual machine needs to be completely simulated
 So the container's operating system is better than vm The operating system of the virtual machine is more lightweight (the difference is that the container shares the host kernel))

Joint mount

[root@localhost demo]# mkdir work
[root@localhost demo]# mkdir mergod

[root@localhost demo]# mount -t overlay overlay -o lowerdir=lower,upperdir=upper,workdir=work mergod

dockerfile operation instruction

Difference between ADD and copy

Both can be copied
However, ADD also has the function of decompression. add nginx-1.12.tar.gz /root/nginx
The compressed package will be decompressed into the container at the same time of copying, which is nginx-1.12/
The objects copied by add can be URLs and cross node data (URLs)

Difference between CMD and entrypoint

Are commands to be loaded when the container starts
① cmd is the command loaded by default when the container environment starts
② entrypoint is the first command program / script init loaded when the container environment starts

If ENTRYPOINT Used shell pattern, CMD The command is ignored.
entrypoint ["sh","-c", "echo $HOME"]
cmd [ "restart" ] #CND will be ignored
 If ENTRYPOINT Used exec pattern, CMD The specified content is appended as ENTRYPOINT Specifies the parameters of the command.
entrypoint ["/etc/init.d/nginx"]
cmd [ "restart"]  #CMD as the parameter of entrypoint
 If ENTRYPOINT Used exec pattern, CMD It should also be used exec pattern.

For example:
Same dockerfile Multiple in cmd If so, which one will take effect?
A: the last one takes effect
 If dockerfile Multiple in cmd At the same time, docker build -t nginx:new
/bin/bash Which takes effect?
answer:docker build Effective date of designation
 If dockerfile in cmd and entrypoint Which is effective at the same time
 A: depending on the situation, if all types are loaded by default:
cmd :Command loaded by default/Execution procedure
entrypoint:First loaded environment
exec If the mode is started, then entrypoint Will be overwritten, or cmd As entrypoint Incoming parameters
shell If the mode is started,Directly entrypoint take effect

exec Mode and shell pattern:
exec:The first task process to start when the container is loaded
shell:The first used when the container is loaded bash

Write dockerfile,nginx image

Dockerfile is a file composed of a set of instructions. The dockerfile structure consists of four parts:
① Basic image information (specify the image and version of the operating system image)
② Maintainer information
③ Mirror operation instruction
④ Execute instructions when the container is started (scripts / command parameters executed when the container is started, etc.)
Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and comments starting with "#" are supported

[root@localhost ~]# mkdir nginx
[root@localhost ~]# cd nginx
[root@localhost nginx]# vim dockerfile

#Base image centos should be lowercase
FROM centos:7
#Add environment package
RUN yum -y update
RUN yum install -y pcre-devel zlib-devel gcc gcc-c++ make
RUN useradd -M -s /sbin/nologin nginx
ADD nignx-1.12.2.tar.gz /usr/local/src
#Specify the working directory, which is equivalent to cd
WORKDIR /usr/local/src
WORKDIR nginx-1.12.2
RUN ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module && make && make install
#Setting environment variable values
ENV PATH /usr/local/nginx/sbin:$PATH
#Specify the httpd port
RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf
CMD nginx

[root@localhost nginx]# ls
dockerfile  nginx-1.12.2.tar.gz  ##Incoming compressed package

Build an image based on the dockerfile file

[root@localhost nginx]# docker build -f dockerfile -t nginx:new .
docker build :be based on dockerfile Build mirror
-f :appoint dockerfile File (if it is not written by default, it refers to the current directory)
-t : (tag)Labeling - nginx:new
. :It refers to the context in which the image is built, which is easy to understand:Refers to the files in the current directory environment

Created successfully

Visit web page

Summary: building nginx images
① Create a corresponding directory (mkdir nginx)
② Write a Dockerfile file (the simplest way is to put the nginx deployment script into it, execute each command with RON, use ENV as the environment variable, move to the corresponding directory, use workdir, and finally use CMD for startup settings)
③ Upload nginx-1.12.2.tar.gz package and other files in nginx directory
④ docker build creation
⑤ docker run container
⑥ Check

Building a tomcat image

[root@localhost ~]# mkdir tomcat
[root@localhost ~]# cd tomcat
[root@localhost tomcat]# vim dockerfile
FROM centos:7
MAINTAINER build image tomcat 

ADD jdk-8u91-linux-x64.tar.gz /usr/local/src
WORKDIR /usr/local/src
ENV JAVA_HOME /usr/local/src/jdk1.8.0_91
ENV CLASSPATH $JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar

ADD apache-tomcat-9.0.16.tar.gz /usr/local/src
RUN mv apache-tomcat-9.0.16/ /usr/local/tomcat &> /dev/null
ENV PATH /usr/local/tomcat/bin/:$PATH
ADD tomcat.run.sh /usr/local/src
RUN chmod 755 /usr/local/src/tomcat.run.sh &> /dev/null
CMD ["/usr/local/src/tomcat.run.sh"]
[root@localhost tomcat]# cat tomcat.run.sh
/usr/local/tomcat/bin/catalina.sh run

Build image based on dockerfile

docker build  -t tomcat:new .

Start container


Tomcat image optimization

[root@localhost tomcat]# cat dockerfile

FROM frolvlad/alpine-oraclejdk8  
ADD apache-tomcat-9.0.16.tar.gz /usr/local/
WORKDIR /usr/local/
RUN mv /usr/local/apache-tomcat-9.0.16 /usr/local/tomcat &>/dev/null
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& sed -i "s#securerandom.source=file:/dev/random#securerandom.source=file:/dev/urandom#g" $JAVA_HOME/jre/lib/security/java.security
ENTRYPOINT ["/usr/local/tomcat/bin/catalina.sh","run"]

docker build  -t tomcat:new . ##Forgot to change the label

400 megabytes less than before optimization

Open the container and expose the port randomly

[root@localhost tomcat]# docker run -d -P tomcat:new

Posted by razta on Fri, 10 Sep 2021 13:37:02 -0700