Shulou(Shulou.com)06/01 Report--

This article is about how to use Dockerfile to build an image in docker. The editor thinks it is very practical, so I share it with you. I hope you can get something after reading this article.

1. Use commit command to build

The docker commit command is the most intuitive way to create a new mirror, which consists of three steps:

Run the container

Modify the container

Save the container as a new mirror.

Let's start by creating a new container, which uses a very common ubuntu image. The steps are as follows

1.1 run a container to be modified

Root@ubuntu:~# docker run-ti ubuntu / bin/bashroot@733a4b080491:/#

1.2 install the Apache package

Root@733a4b080491:/# apt-get update... .. root@733a4b080491:/# apt-get install-y apache2... ...

We started a container and installed Apache in it. We will run this container as a Web server, and we need to save it so that we don't have to run this step every time.

1.3 submit a custom container

Root@ubuntu:~# docker ps-aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES733a4b080491 ubuntu "/ bin/bash" 11 minutes ago Exited (0) 5 seconds ago suspicious_mestorfroot@ubuntu:~# docker commit 733a4b080491 wzlinux/ubuntu_with_apachesha256:902ac2c87147fefc5b70c741ce9550dcda426cea9f824f442d5cc2744bdc90aeroot@ubuntu:~# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEwzlinux/ubuntu_with_apache latest 902ac2c87147 33 seconds ago 261MBubuntu latest 20c44cd7596f 10 days ago 123MB

As you can see, we use docker commit to submit the modified container. From size, we can see that the image has become larger due to the installation of the software. Docker commit only submits the difference between the image of the created container and the current state of the container, which makes the update very lightweight.

The above demonstrates how to create a new image with docker commit. However, Docker does not recommend that users build images in this way. Because this is a way to create mirrors by hand, it is error-prone, inefficient and poorly repeatable. For example, to add apache to the debian base image, you have to repeat all the previous steps. More importantly: users don't know how the image is created and whether there are malicious programs in it. In other words, the image cannot be audited, and there are security risks.

However, in order to have a more comprehensive understanding of Docker, we still need to see how to use docker commit to build Docker images. Because even if you use Dockerfile (recommended method) to build an image, the underlying docker commit will build a new image layer by layer. Learning docker commit can help us gain a deeper understanding of the build process and the hierarchical structure of the mirror.

2. Use Dockerfile to build

Dockerfile uses basic instructions based on DSL (Domain Specific Language) syntax to build a Docker image, and we recommend using the Dockerfile method instead of docker commit, because the former is more repeatable, transparent, and idempotent.

Once we have Dockerfile, we can use the docker build command to build a new image based on the instructions in the Dockerfile.

2.1 our first Dockerfile

Create the above ubuntu_with_apache with Dockerfile, as shown below.

# Version 0.0.1FROM ubuntuRUN sed-I's update etc/apt/sources.listRUN apt-get archive.ubuntu.com @ cn.archive.ubuntu.com @ apt-get / apt-get-y install apache2EXPOSE 80

When the docker build command is executed, all instructions in Dockerfile are executed and committed, and a new image is returned after the command ends successfully.

Root@ubuntu:~/sample# docker build-t ubuntu_with_apache_dockerfile. ① Sending build context to Docker daemon 6.144kB ② Step 1Accord 5: FROM ubuntu ③-> 20c44cd7596fStep 2Accord 5: RUN sed-I's Universe archive.ubuntu.com RUN sed cn.archive.ubuntu.com c66ad94ad8a4Removing intermediate container bac6dc3b900fStep G'/ etc/apt/sources.list-- > Running in bac6dc3b900f-- > c66ad94ad8a4Removing intermediate container bac6dc3b900fStep 3Lash 5: RUN sed-I's Universe security.ubuntu.ubuntuxel cn.archive.ubuntu.com g'/ etc/apt/sources.list-> Running in 5158558b6403-- > 0a4c480147c5Removing intermediate container 5158558b6403Step 4 install apache2 5: RUN apt-get-y update & & apt-get-y install apache2 ④-> Running in f547ce7a1b39 ⑤. …… -> 118bde35120a ⑥ Removing intermediate container f547ce7a1b39 ⑦ Step 5 EXPOSE 5: EXPOSE 80-> Running in e546786de05b-> f55d7b07365bRemoving intermediate container e546786de05bSuccessfully built f55d7b07365b ⑧ Successfully tagged ubuntu_with_apache_dockerfile:latest

① runs the docker build command, and-t names the new image ubuntu-with-apache-dockerfile, at the end of the command. Indicates that build context is the current directory. Docker looks for the Dockerfile file from build context by default, or we can specify the location of the Dockerfile with the-f parameter.

② mirrors the real build process from this step. First, Docker sends all the files in build context to Docker daemon. Build context provides the required files or directories for the image build.

Commands such as ADD and COPY in Dockerfile can add files in build context to the image. In this case, build context is the current directory / sample, and all files and subdirectories in that directory are sent to Docker daemon.

Therefore, you have to be careful when using build context, do not put extra files into build context, especially do not use /, / usr as build context, otherwise the build process will be quite slow or even fail.

③ Step 1: execute FROM, mirroring ubuntu as base. Ubuntu image ID is 452a96d81c30.

④ Step 4: execute RUN and install apache. The specific steps are ⑤ ~ ⑬.

⑤ launches ID as a temporary container for e38bc83df8b1 and installs apache through apt-get in the container.

After the ⑥ is installed successfully, save the container as an image with fbc9af08328d as its ID. At the bottom of this step, commands like docker commit are used.

⑦ deletes the temporary container 02a4f3243dda.

The ⑧ image was built successfully.

View the image information through docker images.

Root@ubuntu:~/sample# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEubuntu_with_apache_dockerfile latest f55d7b07365b 27 minutes ago 261MBwzlinux/ubuntu_with_apache latest 902ac2c87147 About an hour ago 261MBubuntu latest 20c44cd7596f 10 days ago 123MB

2.2 View the image split structure

Ubuntu_with_apache_dockerfile is obtained by adding several new mirror layers to the top of the base image.

The above picture is copied from the original text, and the following picture is the data obtained by experiment on my computer. The ID of IMAGE is different, but everything else is the same.

Check the IMAGE history of my native Ubuntu as follows:

As you can see from the output, each command generates a mirror layer.

Docker history displays the construction history of the image, that is, the execution of Dockerfile.

It is true that ubuntu_with_apache_dockerfile has only a few more layers than ubuntu images. Each instruction in Dockerfile creates a layer, and docker history also shows us the hierarchical structure of the image, with each layer arranged from top to bottom.

2.3 caching characteristics of mirrors

Because each step of the build process submits the result as a mirror, Docker's build mirror process is very smart. It treats the previous mirror layer as a cache.

For example, we changed EXPOSE 80 to EXPOSE 8080.

Root@ubuntu:~/sample# docker build-t ubuntu_with_apache_8080. Sending build context to Docker daemon 6.144kBStep 1ax 5: FROM ubuntu-- > 20c44cd7596fStep 2 Using cache 5: RUN sed-I's Universe archive.ubuntu.com @ cn.archive.ubuntu.com @ cn.archive.ubuntu.com > c66ad94ad8a4Step 3Unip 5: RUN sed-I's Universe security.ubuntuxel cn.archive.ubuntuxel g' / etc/apt/sources.list-- > Using cache-- > 0a4c480147c5Step 4Compact 5: RUN apt-get-y Update & & apt-get-y install apache2-> Using cache-> 118bde35120aStep 5 EXPOSE 5: EXPOSE 8080-> Running in c89f8210c56a-> ac88967e578eRemoving intermediate container c89f8210c56aSuccessfully built ac88967e578eSuccessfully tagged ubuntu_with_apache_8080:latest

We can see that the previous instructions are all the same, so docker directly uses the previous cache to build only the instructions we changed, and the new mirror layer is as follows.

If we want to build the image without caching, we can add the-- no-cache parameter to the docker build command.

Each instruction in Dockerfile creates a mirror layer, and the upper layer depends on the lower layer. Whenever a layer changes, the cache of all layers above it will be invalidated. That is, if we change the order in which Dockerfile instructions are executed, or modify or add instructions, the cache will be invalidated. For example, we add the instruction MAINTAINER wzlinux "admin@wzlinux.com" in front of it. As follows:

# Version 0.0.1FROM ubuntuMAINTAINER wzlinux "admin@wzlinux.com" RUN sed-I's etc/apt/sources.listRUN apt-get archive.ubuntu. Com install apache2EXPOSE cn.archive.ubuntu.com. / etc/apt/sources.listRUN apt-get-y update & & apt-get-y install apache2EXPOSE 80

Then use docker to build and see the process.

Root@ubuntu:~/sample# docker build-t ubuntu_with_apache_author .Sending build context to Docker daemon 6.144kBStep 1ax 6: FROM ubuntu-- > 20c44cd7596fStep 2 MAINTAINER wzlinux 6: MAINTAINER wzlinux "admin@wzlinux.com"-- > Running in 637bb3457407-- > 829b24531d69Removing intermediate container 637bb3457407Step 3 84643fe8447aRemoving intermediate container 416ae8aefb61Step 6: RUN sed-I's admin@wzlinux.com. Ubuntu.com 84643fe8447aRemoving intermediate container 416ae8aefb61Step 4 Running in 58d8375fd5c3 6: RUN sed-I's apt-get security.ubuntu install apache2 cn.archive.ubuntuqqqpcn.archive.ubuntuqqqg' / etc/apt/sources.list-- > Running in 58d8375fd5c3-- > 1cb5776982d3Removing intermediate container 58d8375fd5c3Step 5 install apache2 6: RUN apt-get-y update & & ubuntu-> Running in 0514a7d04814. …… Processing triggers for sgml-base (1.26+nmu4ubuntu1)...-> 30eb21527feeRemoving intermediate container 0514a7d04814Step 6 30eb21527feeRemoving intermediate container 0514a7d04814Step 6: EXPOSE 80-> Running in 476ca5f98886-> 30672998f3d0Removing intermediate container 476ca5f98886Successfully built 30672998f3d0Successfully tagged ubuntu_with_apache_author:latest

Many new mirror layers have been generated from the output, and the cache has been invalidated.

2.4 Debug Dockerfile

Any script and program, including Dockerfile, can go wrong. It's not scary to have errors, but there must be a way to troubleshoot them, so let's test what happens when the instructions go wrong during the build, for example, we miswrote the second sed instruction and wrote the wrong sd.

# Version 0.0.1FROM ubuntuMAINTAINER wzlinux "admin@wzlinux.com" RUN sed-I's etc/apt/sources.listRUN apt-get archive.ubuntu. Com install apache2EXPOSE cn.archive.ubuntu.com. / etc/apt/sources.listRUN apt-get-y update & & apt-get-y install apache2EXPOSE 80

Execute the docker build, as follows.

Dockerfile failed to execute the fourth step RUN instruction. We can debug with the image 84643fe8447a created in step 3 by launching a container for the image through docker run-it.

Root@ubuntu:~/sample# docker run-ti 84643fe8447a / bin/bashroot@422ecce78664:/# sdbash: sd: command not found

In fact, we are certainly not too stupid to know that sd does not exist, I am here as an example, other more difficult troubleshooting methods we use this way.

2.5 Dockerfile instruction

FROM

Specifies the base image.

MAINTAINER

Sets the author of the mirror, which can be any string.

COPY

Copy the file from build context to the mirror.

COPY supports two forms:

COPY src destCOPY ["src", "dest"]

Note: src can only specify files or directories in build context.

ADD

Similar to COPY, files are copied from build context to the mirror. The difference is that if the src is an archive file (tar, zip, tgz, xz, etc.), the file will be automatically extracted to dest.

ENV

Set the environment variable, which can be used by the following instructions. For example:

ENV MY_VERSION 1.3RUN apt-get install-y mypackage=$MY_VERSION

EXPOSE

The process in the specified container listens on a port that Docker can expose.

VOLUME

Declare a file or directory as volume.

WORKDIR

Set the current working directory in the image for subsequent RUN, CMD, ENTRYPOINT, ADD, or COPY instructions.

RUN

Runs the specified command in the container.

CMD

Runs the specified command when the container starts.

There can be multiple CMD instructions in Dockerfile, but only the last one takes effect. CMD can be replaced by parameters after docker run.

ENTRYPOINT

Sets the command to run when the container starts.

There can be multiple ENTRYPOINT instructions in Dockerfile, but only the last one takes effect. Parameters after CMD or docker run are passed to ENTRYPOINT as parameters.

The above is how to use Dockerfile to build an image in docker. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.