Shulou(Shulou.com)06/02 Report--

Build a mirror image based on Dockerfile

Dockfile is a script interpreted by a Docker program. Dockerfile consists of one instruction, each one.

The directive corresponds to a command under Linux. The Docker program translates these Dockerfile instructions into the real Linux life.

Ling. Dockerfile has its own writing format and supported commands, and the Docker program solves the dependencies between these commands.

Similar to Makefile. The Docker program will read the Dockerfile and generate a custom image according to the instructions. Compare to

The black box of image and the obvious script of Dockerfile are more easily accepted by users, which clearly shows

How did image come into being. With Dockerfile, when we need to customize our own additional requirements, we only need to use the

Add or modify instructions on Dockerfile to regenerate image, saving the trouble of typing commands.

Dockerfile consists of one line of command statements and supports comment lines that begin with #.

Dockerfile instructions ignore case. Uppercase is recommended. Each line supports only one instruction. Each instruction is recommended.

It can carry multiple parameters.

Dockerfile instructions can be divided into two types according to their functions: build instructions and set instructions.

The build instruction is used to build the image, and its specified operations are not performed on the container running image

The setting directive is used to set the properties of the image, and its specified operation will be performed in the container in which the image is running.

Generally speaking, Dockerfile is divided into four parts: basic image information, maintainer information, mirror operation instructions and container startup.

Execute instruction.

Here is an example:

# This dockerfile uses the ubuntu image

# VERSION 2-EDITION 1

# Author: docker_user

# Command format: Instruction [arguments / command]..

# Base image to use, this must be set as the first line

# the first line must indicate the underlying image on which it is based

FROM ubuntu

# Maintainer: docker_user (@ docker_user)

# maintain the user information of the image

MAINTAINER docker_user docker_user@email.com

# Commands to update the image

# Mirror Operation Command

RUN echo "deb http://archive.ubuntu.com/ubuntu/ raring main universe" > >

/ etc/apt/sources.list

RUN apt-get update & & apt-get install-y nginx

RUN echo "\ ndaemon off;" > > / etc/nginx/nginx.conf

# Open port 80

EXPOSE 80

# Commands when creating a new container

# commands executed when starting the container

CMD / usr/sbin/nginx

When writing dockerfile, there are strict formats to follow:

Where, at first, you must use the FROM instruction to indicate the name of the image on which it is based, and then use MAINTAINER to indicate

The order describes the maintainer information. Then there are mirror operation instructions, such as the RUN instruction, and the RUN instruction will follow the mirror.

Donovan's orders. Each time a RUN instruction is run, a new layer is added to the underlying image and submitted. Finally, there is the CMD instruction

To specify the operation command when the container is run.

Dockerfile instruction

The general format of the instruction is INSTRUCTION arguments, and the instruction includes FROM, MAINTAINER and RUN

Wait.

(1) FROM (specify basic image)

Build instructions, which must be specified and need to precede other Dockerfile instructions. Subsequent instructions depend on the instruction to specify

Image. The underlying image specified by the FROM directive can be either in the official remote warehouse or in the local warehouse.

The instruction is available in two formats:

FROM

Specifies that the underlying image is the last modified version of the image.

Or:

FROM:

Specifies that the underlying image is a tag version of the image.

(2) MAINTAINER (used to specify the information of the image creator)

The build instruction is used to write information about the maker of the image to the image. When we execute the image

When you use the docker inspect command, there are corresponding fields in the output to record this information.

Format:

MAINTAINER

(3) RUN (for installing software)

Build directive, RUN can run any command supported by the underlying image. If the basic image chooses ubuntu, then

The management part of the software can only use ubuntu commands.

The instruction is available in two formats:

RUN (the command is run in a shell-/ bin/sh-c)

RUN ["executable", "param1", "param2"...] (exec form)

The former will run the command, / bin/sh-c, in the shell terminal; the latter will be executed using exec.

Specifying the use of other terminals can be achieved in a second way, such as RUN ["/ bin/bash", "- c", "echo hello"]

.

Each RUN instruction executes the specified command based on the current mirror and is submitted as a new mirror. When the command is long, you can.

Use "\" to wrap the line.

(4) CMD (sets the action to be performed when container starts)

The instruction is available in three formats:

Set directive for the operation specified when container starts. This can be done by executing a custom script or by executing an implementation

Line system commands.

CMD ["executable", "param1", "param2"] is executed using exec, recommended

CMD command param1 param2 is executed in / bin/sh and provided to applications that need to interact

When Dockerfile specifies ENTRYPOINT, the following format is used:

Default parameters provided to ENTRYPOINT by CMD ["param1", "param2"]

ENTRYPOINT specifies the path to an executable script or program that will

Param1 and param2 are executed as parameters. So if the CMD instruction uses the above form, then in Dockerfile

There must be a matching ENTRYPOINT.

Specifies the command to be executed when the container is started, and there can be only one CMD command per Dockerfile. If multiple lives are specified

Your order, only the last one will be enforced. If the user starts the container and specifies the command to run, the CMD will be overwritten

The specified command.

5) ENTRYPOINT (sets the action to be performed when container starts)

The setting instruction, which specifies the command to be executed when the container starts, can be set multiple times, but only the last one is valid.

There are two formats:

ENTRYPOINT ["executable", "param1", "param2"]

ENTRYPOINT command param1 param2 (executed in shell).

Configure the commands that are executed after the container starts and cannot be overridden by the parameters provided by docker run.

There can be only one ENTRYPOINT per Dockerfile, and when more than one is specified, only the last one takes effect.

The use of this instruction is divided into two cases, one is used alone, and the other is used in conjunction with the CMD instruction.

When used alone, if you also use the CMD command and CMD is a complete executable command, then CMD

The instruction and ENTRYPOINT will override each other and only the last CMD or ENTRYPOINT is valid.

For example, CMD instructions will not be executed, only ENTRYPOINT instructions will be executed

CMD echo "Hello, World!"

ENTRYPOINT ls-l

Another usage is used in conjunction with the CMD instruction to specify the default parameters of ENTRYPOINT, where the CMD instruction is not a

A complete executable command, which is only part of the parameter; the ENTRYPOINT instruction can only specify the execution command in JSON mode

The parameter cannot be specified.

For example:

FROM ubuntu

CMD ["- l"]

ENTRYPOINT ["/ usr/bin/ls"]

(6) USER (user who sets container container, default is root user)

The format is:

USER daemon

Specify the user name or UID when the container is run, and subsequent RUN will also use the specified user.

When the service does not require administrator privileges, you can specify the running user through this command. And you can create what you need before.

User, example

Such as: RUN groupadd-r postgres&&useradd-r-g postgres postgres

For example: specify the running user of memcached

ENTRYPOINT ["memcached"]

USER daemon

Or EN

TRYPOINT ["memcached", "- u", "daemon"]

(7) EXPOSE (specify the port that the container needs to map to the host machine)

The format is:

EXPOSE [...]

Sets an instruction that maps a port in the container to a port in the host machine. When you need to access the container

Instead of using the IP address of the container, you can use the IP address of the host machine and the mapped port.

To complete the whole operation, you need two steps. First, use EXPOSE to set the container port to be mapped in Dockerfile.

Then specify the-p option plus the port set by EXPOSE when running the container, so that the port number set by EXPOSE will

Is randomly mapped to a port number in the host machine. You can also specify which port you want to map to the host machine, when

Make sure that the port number on the host machine is not used. The EXPOSE instruction can set multiple port numbers at a time, and the corresponding operation

When using the row container, you can use the-p option multiple times.

For example: map a port

EXPOSE port1

# corresponding commands used to run the container

Docker run-p port1 image

For example: mapping multiple ports

EXPOSE port1 port2 port3

# corresponding commands used to run the container

Docker run-p port1-p port2-p port3 image

# you can also specify a port number that needs to be mapped to the host machine

Docker run-p host_port1:port1-p host_port2:port2-p host_port3:port3 image

Port mapping is an important function of docker because the container's IP address is used every time we run the container.

Cannot be specified but is randomly generated within the address range of the bridged Nic. The IP address of the host machine is fixed, so we can

Map the port of the container to a port on the host machine, eliminating the need to view it every time you access a service in the container

The address of the container's IP. For a running container, you can use docker port plus the ports that need to be mapped in the container

And the ID of the container to see the port number mapped on the host machine.

(8) ENV (used to set environment variables)

The build directive, which specifies an environment variable, is used by subsequent RUN instructions and maintained while the container is running.

Format:

ENV

After setting it, all subsequent RUN commands can be used. After container starts, you can view it through docker inspect.

This environment variable can also be set or modified by setting or modifying it when docker run-- env key=value.

If you have installed the JAVA program and need to set up JAVA_HOME, you can write this in Dockerfile:

ENV JAVA_HOME / path/to/java/dirent

Another example is:

ENV PG_MAJOR 9.3

ENV PG_VERSION 9.3.4

RUN curl http://example.com/postgres-$PG_VERSION.tar.xz | tar-xJC

/ usr/src/postgress

ENV PATH / usr/local/postgres-$PG_MAJOR/bin:$PATH

(9) ADD (copy the source file to the destination file of container)

Build directive, all files and folders copied to container have permissions of 0755 and gid of 0

Source files should be located in the same directory as Dockerfile

1. If the source path is a file and the destination path ends with /, docker treats the destination path as a destination

Record, the source file will be copied to this directory. If the destination path does not exist, the destination path is automatically created.

2. If the source path is a file and the destination path ends with /, docker treats the destination path as a text

Pieces.

If the destination path does not exist, a file is created with the name of the destination path and the content is the same as the source file

If the target file is an existing file, it will be overwritten with the source file, of course, only the content, the file name or the target text

Name of the item.

If the destination file is actually an existing directory, the source file is copied to that directory. Note that in this case, the most

Good display ends with / to avoid confusion.

3. If the source path is a directory and the destination path does not exist, docker will automatically create a directory with the destination path

Copy the files in the source path directory. If the destination path is an existing directory, docker will take the source path

The files under the path directory are copied to that directory.

4. If the source file is an archive file (compressed file), docker will automatically decompress it.

Format:

ADD

This command copies the specified to the container.

It can be a relative path to the directory where Dockerfile is located, or it can be a URL; or a

Tar file (automatically unzipped to directory)

Is the absolute path in container

For example:

# test

FROM ubuntu

MAINTAINER hello

ADD test1.txt test1.txt

ADD test1.txt test1.txt.bak

ADD test1.txt / mydir/

ADD data1 data1

ADD data2 data2

ADD zip.tar / myzip

(10) COPY

Format is COPY

Copy the local host's (the relative path of the directory where the Dockerfile is located) to the container.

The source file / directory should be in the same directory as Dockerfile

The COPY instruction and the ADD instruction function and use in a similar way. It's just that the COPY command does not do automatic decompression.

(11) VOLUME (specify mount point)

Set the directive so that a directory in the container can store data persistently, which can be used by the container itself

It can also be shared with other containers. We know that the container uses AUFS, and this file system cannot persist the number.

According to, when the container is closed, all changes are lost. When the application in the container has the need to persist data, you can use the

This directive is used in Dockerfile.

Format:

VOLUME ["]

For example: FROM base

VOLUME ["/ tmp/data"]

Run the container that generates image through the Dockerfile, and the data in the / tmp/data directory after the container is closed, the

The data still exist. For example, another container also has the need to persist data and wants to use the / tmp/data shared by the above container

Directory, you can run the following command to start a container:

Docker run-t-I-rm-volumes-from container1 image2 bash

Container1 runs the name of image for the ID,image2 of the first container for the second container.

(12) WORKDIR (switch directories)

Setting instruction, which can be switched multiple times (equivalent to the cd command), takes effect on RUN,CMD,ENTRYPOINT. For follow-up

The RUN, CMD, ENTRYPOINT instructions configure the working directory.

Format:

WORKDIR / path/to/workdir

For example: execute vim a.txt under / p1/p2

WORKDIR / p1

WORKDIR p2

RUN vim a.txt

Multiple WORKDIR instructions can be used, and subsequent commands, if the argument is a relative path, will be based on the path specified by the previous command

Path.

For example

WORKDIR / a

WORKDIR b

WORKDIR c

RUN pwd

The final path is / a/b/c.

(13) ONBUILD (executed in child images)

ONBUILD

The command specified by ONBUILD is not executed when the mirror is built, but in its child mirror.

The format is:

ONBUILD [INSTRUCTION] .

Configure the operation instructions that are performed when the created mirror is used as the base mirror for other newly created mirrors.

For example, Dockerfile creates a mirror image-A with the following content.

[...]

ONBUILD ADD. / app/src

ONBUILD RUN / usr/local/bin/python-build-- dir / app/src

[...]

If you create a new mirror based on image-A, use FROM image-A to specify the base mirror in the new Dockerfile

For example, the contents of the ONBUILD instruction are executed automatically.

It is equivalent to adding two instructions at the end.

FROM image-A

# Automatically run the following

ADD. / app/src

RUN / usr/local/bin/python-build-- dir / app/src

Use the image of the ONBUILD directive. It is recommended to indicate it in the tag, such as ruby:1.9-onbuild.

After you have written the Dockerfile, you can use the docker build command to create the mirror.

The basic format is the docker build [option] path, which reads the Dockerfile under the specified path and sets the

All the content under the path is sent to the Docker server, and the server creates the image. Therefore, it is generally recommended to place

The directory of Dockerfile is empty.

To specify the label information for the image, you can use the-t option, for example

$sudo docker build-t myrepo / myapp/tmp/test1/

Docker application case: use dockerfile to create sshd image template and provide http access application

1) create a sshd_dockerfile working directory

Edit run.sh script

[root@docker01 sshd_dockerfile] # cat run.sh

#! / bin/sh

/ usr/sbin/httpd-D DFOREGROUND

/ usr/sbin/sshd-D

Generate the ssh key pair on the host and create the authorized_keys file

[root@docker01 sshd_dockerfile] # cat / root/.ssh/id_rsa.pub >

/ root/sshd_dockerfile/authorized_keys

[root@docker01 sshd_dockerfile] # ls

Authorized_keys Dockerfile run.sh

2. Write a Dockerfile file with the following contents:

[root@docker01 sshd_dockerfile] # cat / root/sshd_dockerfile/Dockerfile

FROM centos:latest

MAINTAINER from ly@aliyun.com

RUN yum install-y-Q httpd openssh-server sudo net-tools

RUN useradd admin

RUN echo "admin:admin" | chpasswd

RUN echo "admin ALL= (ALL) ALL" > > / etc/sudoers

RUN ssh-keygen-t dsa-f / etc/ssh/ssh_host_dsa_key

RUN ssh-keygen-t rsa-f / etc/ssh/ssh_host_rsa_key

RUN ssh-keygen-t ed25519-f / etc/ssh/ssh_host_ed25519_key

RUN ssh-keygen-t ecdsa-f / etc/ssh/ssh_host_ecdsa_key

RUN mkdir-p / var/run/sshd

RUN mkdir-p / home/admin/.ssh

RUN sed-ri 's/#ServerName www.example.com:80/ServerName www.cloud.com/g'

/ etc/httpd/conf/httpd.conf

ADD authorized_keys / home/admin/.ssh/authorized_keys

ADD run.sh / run.sh

RUN chmod 775 / run.sh

EXPOSE 22 80

CMD ["/ run.sh"]

The meaning of the above options is explained:

FROM centos:latest selects an existing os image as the basis

The author of the MAINTAINER image

RUN yum install-y-Q httpd openssh-server sudo installs httpd, openssh-server,

Sudo and net-tools software packages

Add the test user admin, password admin, and add this user to sudoers

RUN useradd admin

RUN echo "admin:admin" | chpasswd

RUN echo "admin ALL= (ALL) ALL" > > / etc/sudoers

The following two sentences are special. You must have them on centos6, otherwise the created container sshd cannot log in.

RUN ssh-keygen-t dsa-f / etc/ssh/ssh_host_dsa_key

RUN ssh-keygen-t rsa-f / etc/ssh/ssh_host_rsa_key

Note: you must have the following four sentences on centos7, otherwise the created container sshd cannot log in.

RUN ssh-keygen-t dsa-f / etc/ssh/ssh_host_dsa_key

RUN ssh-keygen-t rsa-f / etc/ssh/ssh_host_rsa_key

RUN ssh-keygen-t ed25519-f / etc/ssh/ssh_host_ed25519_key

RUN ssh-keygen-t ecdsa-f / etc/ssh/ssh_host_ecdsa_key

Upload public key information to the host directory of the remotely connected user under .ssh

ADD authorized_keys / home/admin/.ssh/authorized_keys

Start the sshd service and expose port 22

RUN mkdir / var/run/sshd

EXPOSE 22 80

CMD ["/ run.sh"] runs scripts, or you can write CMD in this way ["/ usr/sbin/sshd", "- D"]

3. Under the sshd_dockerfile directory, use the docker build command to create an image. Note: there is another one at the end.

".", which means to use the dockerfile in the current directory

[root@docker01 sshd_dockerfile] # docker build-no-cache-t "centos:httpv1".

Sending build context to Docker daemon 4.608kB

Step 1/18: FROM centos:latest

-- > 3fa822599e10

Step 2/18: MAINTAINER from ly@aliyun.com

-- > 0d8eeedbef89

Removing intermediate container 661854eafd44

Step 14/18: ADD authorized_keys / home/admin/.ssh/authorized_keys

.

4. You can view the generated image file:

Start the container and map the port

Log in using the admin user

Visit the container's website service:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.