Shulou(Shulou.com)06/02 Report--

Blog outline:

I. the method of creating docker image

1. Create based on an existing image

2. Create based on local template

3. Create based on dockerfile

4. Building a private repository and its usage. 1. How to create a docker image

Docker image is not only the core technology of docker, but also the standard format for application publishing. A complete docker image can support the operation of a docker container. During the whole use of docker, after entering a stereotyped container, you can operate in the container. The most common operation is to install application services in the container. If you want to migrate the installed services, you need to create a new image of the environment and the built services.

There are three ways to create an image, namely, based on an existing image, based on a local template, and based on dockerfile. Next, these methods will be written down in turn.

1. Create based on an existing image

The creation of an existing image is mainly based on the use of the docker commit command, which in essence is to package the program running in a container and the running environment of the program to generate a new image.

The format of the command is as follows:

Docker commit [options] Container ID/ name Warehouse name: [label]

Common options are as follows:

-m: description information;-a: author information;-p: stop the container during the generation process

Create a new image based on an existing image, for example:

(1) start an image, make changes in the container, and then submit the modified container as a new image. Remember the ID number of the container, as follows:

[root@localhost ~] # docker ps-a # View the currently running container CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESc037e7a5734b docker.io/sameersbn/bind "/ sbin/entrypoint...." 19 seconds ago Up 7 seconds 53/tcp, 10000/tcp 53/udp hopeful_ clack [root @ localhost ~] # docker exec-it c037e7a5734b / bin/bash # enter the container root@c037e7a5734b:/# echo 11111111111 > / etc/a.txt # write a random file root@c037e7a5734b:/# exit # exit the container exit [root@localhost ~] # docker commit-m "newnamed"-a "ljz" c037e7a5734b docker:mynamed# use docker commit Command to create a new image sha256: e178f320e4821642bed66d0e61e8a85eedd84b8a3a84db3d38e7d92d844eae[ root @ localhost ~] # docker images | grep mynamed # View the newly created image docker mynamed e178f320e482 11 seconds ago 323 MB [root@localhost ~] # docker create-it docker:mynamed / bin/bash # create a container dc37cf2d6ef754200aea067d7a15c83713f2488dac0913013373809633266f07 [root@localhost ~] # docker ps-a based on the newly created image # get the container ID number you just created The red mark below is CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES'dc37cf2d6ef7' docker:mynamed / sbin/entrypoint..... 11 seconds ago Created pensive_williamsc037e7a5734b docker.io/sameersbn/bind / sbin/entrypoint.... 6 minutes ago Up 5 minutes 53/tcp, 10000/tcp, 53/udp hopeful_ clack [root @ localhost ~] # docker start dc37cf2d6ef7 # launch the newly created container dc37cf2d6ef7 [root@localhost ~] # docker exec-it dc37cf2d6ef7 / bin/bash # check whether the file written in the previous container exists root@dc37cf2d6ef7:/# cat / etc/a.txt 1111111111. You can see that the newly created container contains the files created in the previous container. Indicates that the image was changed successfully. 2. Created based on the local template

The image can be generated by importing the operating system template file, and the template can be downloaded from the OPENVZ open source project, or https://wiki.openvz.org/Download/template/precreated, give priority to the link to the OPENVZ open source project.

Create an example based on a local template:

1. Download the mini system template of centos 7, and import it as a local image using the docker import command:

[root@localhost ~] # wget https://download.openvz.org/template/precreated/centos-7-x86_64-minimal.tar.gz # download centos7's template package. # omit part of the content [root@localhost ~] # ls | grep centos* # confirm that centos7's template package centos-7-x86_64-minimal.tar.gz [root@localhost ~] # cat centos-7-x86_64-minimal.tar.gz has been downloaded | docker import-docker:new # use the docker import command to import as a local image sha256:c065d5c0571df48eba3b95b1302494b596cf9f67c24eacc82ff75a9e9c2b7622 [root@localhost ~] # docker images | grep new # check Look at the imported image docker new c065d5c0571d 56 minutes ago 435 MB# so far You can use this image to create a container and deploy the required functionality for use. 3. Create based on dockerfile

Dockerfile is a file composed of a set of instructions, in which each instruction corresponds to a command in Linux. The docker program will read the instructions in dockerfile to generate a specified image.

The dockerfile structure is roughly divided into four parts: basic image information, maintainer information, mirror operation instructions and container startup instructions. Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and supports comments starting with the "#" sign.

Introduction to the configuration items in dockerfile:

[root@localhost ~] # docker tag docker:new centos7:system # change the name and label of the centos7 mini image downloaded above To distinguish [root@localhost ~] # docker images | grep system # confirm that the basic image is ready (that is, a centos7 mini system) centos7 system c065d5c0571d About an hour ago 435 MB [root@localhost ~] # vim Dockerfile # Edit a Dockerfile file Note: the file name is preferably DockerfileFROM centos # the first line must indicate the underlying image on which the image is based (the image must exist) MAINTAINER The centos project # maintains the user information of the image # the following is the operation instruction for the image RUN yum-y update RUN yum-y install openssh-serverRUN sed-I 's/UsePAM yes/UsePAM no/g' / etc/ssh/sshd_configRUN ssh-keygen-t dsa-f / etc/ssh/ Ssh_host_dsa_keyRUN ssh-keygen-t rsa-f / etc/ssh/ssh_host_rsa_keyEXPOSE 22 # Open port 22 CMD ["/ usr/sbin/sshd" "- D"] # execute instructions when you start the container

When writing dockerfile, there are strict formats to follow: the first line must use the FROM instruction to indicate the name of the image on which it is based; then use the MAINTAINER instruction to maintain the user information of the image; then there are instructions related to the image operation, such as the RUN directive, which adds a new layer to the basic image each time it runs; finally, it uses the CMD instruction to specify the command operation to be run when starting the container.

Dockerfile has more than a dozen commands that can be used to build an image, and the common instructions are as follows:

An example of using dockerfile-- create an apache image using dockerfile and run it in a container

(1) create an image and load it into the container to run:

[root@localhost ~] # mkdir apache # set up a working directory [root@localhost ~] # cd apache/ # switch to a new directory [root@localhost apache] # vim Dockerfile # write dockerfile files FROM centos # based on the basic image centosMAINTAINER the centos project # maintain the user information of the image RUN yum-y update # make Update RUN yum-y install httpd # Image Operation instructions with yum install apache package EXPOSE 80 # Open port 80 ADD index.html / var/www/html/index.html # copy the local home file index.html to the image ADD run.sh / run.sh # copy the local running script run.sh to the image RUN chmod 775 / Run.sh # Grant script execution permission RUN systemctl disable httpd # set the apache service not to start CMD ["/ run.sh"] # execute the script when starting the container # after entering the above information Save and exit [root@localhost apache] # docker images | grep centos # make sure there is a basic image of centos locally Because the image centos7 system c065d5c0571d About an hour ago 435 MB [root@localhost apache] # vim run.sh # is specified in the dockerfile file to write and execute script content #! / bin/bashrm-rf / run/httpd/* # Clean httpd's cache exec / usr/sbin/apachectl-D FOREGROUND # start the apache service [ Root@localhost apache] # echo "dockerfile test" > index.html # write a home file [root@localhost apache] # ls # ensure that the files in the current directory have the following three Dockerfile index.html run.sh# when the above preparation is complete You can use the docker build command to create a mirror, as follows: [root@localhost apache] # docker build-t httpd:centos. # notice that there is a "." at the end of the above command, which indicates the current path. If you do not add it, an error will be reported. # where the "- t" option is used to specify the image label information Sending build context to Docker daemon 4.096 kBStep 1 kBStep 10: FROM centosTrying to pull repository docker.io/library/centos. Latest: Pulling from docker.io/library/centos. # omit part of the content, you need to wait a few minutes here, when the system is executing the instructions in the dockerfile file. # if there is a red message in the display message, as long as the configuration file is correct, it is generally normal (information about yum). Removing intermediate container 81a3d6c9d3dbStep 10 take 10: CMD / run.sh-- > Running in 5cdc467fd874-- > 5d56b826432dRemoving intermediate container 5cdc467fd874Successfully built 5d56b826432d#. When prompted above, the new image has been created successfully. # throughout the creation process, you can see that each time you run the instruction in dockerfile, it adds a new layer to the initial image. [root@localhost apache] # docker run-d-p 81:80 httpd:centos # loads the newly generated image into the container to run. # where the "- p" option implements the mapping from local port 81 to port 80 in the container. 192cd783028dcb3013ebb40b65ba8450e695e424e700a13cb8a44bb84af3e71a [root@localhost apache] # docker ps-a # queries whether the container is running CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES192cd783028d httpd:centos "/ run.sh" About a minute ago Up About a minute 0.0.0. 0 81-> 80/tcp gallant_khorana # omit part of the content

At this point, you can see that the newly generated image has been loaded and run in the container. The IP address of the local machine (host, not docker container) is 192.168.1.1. When client accesses port 81 of 192.168.1.1, it is equivalent to accessing port 80 of the newly run container, as shown below:

4. Build a private warehouse and use it.

(2) upload the image to the repository:

With the increase in the number of images created, it is necessary to have a place to store the images, which is the warehouse. at present, there are two kinds of warehouses: public warehouses and private warehouses. Most of the company's production environments are stored in private warehouses. The simplest thing is to download the image on the public warehouse. If you upload the image to the public warehouse, you also need to register and log in. Upload about the public warehouse. You can refer to the concept of the blog post Docker and the upload image section in the installation configuration.

So how to build a private warehouse? You can use registry to build local private repositories. As follows:

[root@localhost ~] # docker search registry # query keyword "registry" INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATEDdocker.io docker.io/registry The Docker Registry 2.0 implementation for... 2679 [OK]. # omit part of the content [root@localhost ~] # docker pull docker.io/registry # download top images. # omit part of the content Status: Downloaded newer image for docker.io/registry:latest # Download successfully [root@localhost ~] # vim / etc/sysconfig/docker # modify docker configuration file to specify private repository URL Otherwise, an error # / etc/sysconfig/docker# Modify these options if you want to change the way the docker daemon runsOPTIONS='--selinux-enabled will be reported when uploading the image in the custom private repository. The insecure-registry=192.168.1.1:5000'# changes the above line, where the IP address is the IP address of the private repository server. Here is the local IP address. . # omit part of the content # Save and exit [root@localhost ~] # systemctl restart docker # restart the docker service after modification

Use the downloaded registry image to launch a container. By default, the repository is stored in the / tmp/registry directory in the container. Use the-v option to mount the local directory to the / tmp/registry directory in the container, so that the image will be lost after the container is deleted. Start a private warehouse service locally with the listening port number 5000.

Note: I have a / data/registry directory locally (you can mount a highly available GFS file system, or you can use NFS. You can choose it by yourself, but it is recommended that for important data storage directories, you must ensure the dynamic expansion of capacity and the problem of data loss caused by disk corruption). You will mount it to the / tmp/registry directory in the private warehouse container to store the image files uploaded to the private warehouse.

[root@localhost ~] # df-hT / data/registry/ # check the file system type capacity used in my directory. Available% mount point node4:dis-stripe fuse.glusterfs 80g 130m 80g 1% / data/registry [root@localhost ~] # docker run-d-p 5000-v / data/registry/:/tmp/registry Docker.io/registry# starts private warehouse And map the port to port 5000 of the host, mount the local / data/registry directory to the / tmp/registry directory in the container. # docker.io/registry is the private repository image you just downloaded. A6bf726c612b826e203d6a5bc9eaba26c36195913d3ea546c2111ce290a5524d [root@localhost ~] # docker tag docker.io/registry 192.168.1.1:5000/registry # use the docker tag command to change the tag of the image docker.io/registry to be uploaded, where the IP and port are fixed, otherwise you cannot connect to the private warehouse # because when the container is running on it, the port number of the private warehouse is mapped to port 5000 of the host. # so directly access port 5000 of the host. It's like visiting a private warehouse. [root@localhost ~] # docker images | grep 5000 # find the image 192.168.1.1:5000/registry latest f32a97de94e1 6 months ago 25.8 MB [root@localhost ~] # docker push 192.168.1.1:5000/registry # to upload to the private repository The push refers to a repository [192.168.1.1:5000/registry] 73d61bf022fd you just ran : Pushed 5bbc5831d696: Pushed d5974ddb5a45: Pushed f641ef7a37ad: Pushed d9ff549177a9: Pushed latest: digest: sha256:b1165286043f2745f45ea637873d61939bff6d9a59f76539d6228abf79f87774 size: 136 upload another mirror image below To test it. [root@localhost ~] # docker images | grep mynamed # upload it. Docker mynamed e178f320e482 4 hours ago 323 MB [root@localhost ~] # docker tag docker:mynamed 192.168.1.1:5000/named:test # the old rule is that the warehouse name must be changed. Note: if the tag is not the default latest Then you also need to sign [root@localhost ~] # docker images after the warehouse name | grep 192.168.1.1:5000/named # confirm that the change was successful 192.168.1.1:5000/named test e178f320e482 4 hours ago 323 MB [root@localhost ~] # docker push 192.168.1.1:5000/named:test # upload to the private warehouse The push refers to a Repository [192.168.1.1:5000/named] c756b9ec7fb0: Pushed 7d8d01394159: Pushed 72b7cd87d69b: Pushed 3be48ef75683: Pushed 9b28c58ad64b: Pushed 75e70aa52609: Pushed dda151859818: Pushed fbd2732ad777: Pushed ba9de9d8475e: Pushed test: digest: sha256:44894a684eac72a518ae5fa66bcbe4e4a9429428ef7ac6f4761022f8ac45ac5f size: 2403

At this point, the testing is over, but how do you prove that the private repository is using the local / data/registry directory? And how to view the uploaded image? (images uploaded to a private repository cannot be viewed using normal ls commands.)

[root@localhost ~] # df-hT / data/registry/ # first check the local / data/registry/ mounted file system type capacity available available mount point node4:dis-stripe fuse.glusterfs 80g 130m 80g 1% / data/registry [root@localhost ~] # docker exec-it a6bf726c612b / bin/sh # into the container of the private warehouse, the container does not have / bin/bash So / bin/sh is used. / # df-hT / tmp/registry/ # check and find that the file system mounted in this directory is the same as that mounted on the host, which means there is no problem. Filesystem Type Size Used Available Use% Mounted onnode4:dis-stripe fuse.glusterfs 80.0G 129.4M 79.8G 0% / tmp/registry-I am the split line-# so how to view the images uploaded to the private repository? Please take a look at the following: [root@localhost ~] # curl-XGET http://192.168.1.1:5000/v2/_catalog # to view the uploaded images, you can see that the two images {"repositories": ["named", "registry"]} # just know that the image name is not enough. If you want to download, you also need the corresponding tag of the image, so how to check the tag of a certain image? [root@localhost ~] # curl-XGET http://192.168.1.1:5000/v2/named/tags/list# looks like this. The named in the URL path above is the image name. What you need to check is the tag {"name": "named", "tags": ["test"]} [root@localhost ~] # docker pull 192.168.1.1:5000/named:test # to download the image in the private warehouse. # you must specify the access address of the private warehouse before you download it, that is, what the name is when uploading, and what it is when downloading, even if there is no IP address in the name of the queried image. Trying to pull repository 192.168.1.1:5000/named... Sha256:44894a684eac72a518ae5fa66bcbe4e4a9429428ef7ac6f4761022f8ac45ac5f: Pulling from 192.168.1.1:5000/namedDigest: sha256:44894a684eac72a518ae5fa66bcbe4e4a9429428ef7ac6f4761022f8ac45ac5fStatus: Downloaded newer image for 192.168.1.1:5000/named:test

Attach:

If you need to download an image of a private warehouse on another server, you need to execute the following command on that other server to specify the address of the private warehouse server:

[root@node1 ~] # echo'{"insecure-registries": ["xxx.xxx.xxx.xxx:5000"]}'> / etc/docker/daemon.json#, where xxx.xxx.xxx.xxx:5000 represents the IP address and port of access to the private repository, and you can decide [root@node1 ~] # systemctl restart docker # to restart the docker service according to your server situation.

The above method is my Baidu, personal test is effective, but also try this method (I have not tried):

[root@node1 ~] # vim / etc/sysconfig/docker# modify docker configuration file specify private repository URL# / etc/sysconfig/docker# Modify these options if you want to change the way the docker daemon runsOPTIONS='--selinux-enabled-- insecure-registry=192.168.1.1:5000' # modify this line [root@node1 ~] # systemctl restart docker# restart docker service

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.