Shulou(Shulou.com)06/02 Report--

I. the method of creating Docker image

Docker image is not only the core technology of docker, but also the standard format for application publishing. A complete docker image can support the operation of a docker container. During the whole use of docker, after entering a stereotyped container, you can operate in the container. The most common operation is to install application services in the container. If you want to migrate the installed services, you need to create a new image of the environment and the built services.

There are three ways to create an image, namely, based on an existing image, based on a local template, and based on dockerfile.

1. Create based on an existing image

Based on the existing image creation mainly uses the docker commit command, its essence is to package the program running in a container and the running environment of the program to generate a new image.

Command format: docker commit [options] Container ID/ name Warehouse name: [label]

Common option

-m: description information

-a: author information

-p: stop the container during the build process

Start an image, make changes in the container, and then submit the modified container as a new image. You need to remember the ID number of the container.

[root@test /] # docker ps-a # View the current container CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESbdd5bb814008 docker.io/networkboot/dhcpd "/ entrypoint.sh / b..." 5 seconds ago Created Stupefied_ ptolemy [root @ test /] # docker exec-it bdd5bb814008 / bin/bash # enter the container Create a test file root@bdd5bb814008:/# lsbin boot core dev entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr varroot@bdd5bb814008:/# touch test.txtroot@bdd5bb814008:/# exitexit [root@test /] # docker commit-m "newdhcp"-a "test" bdd5bb814008 docker:mydhcp # create an existing container as an image sha256: d6197c6e3f650d3ef69d13324634759705821b0ed516e8fe631fded72acb9d54root @ test /] # docker images | grep docker # View just now The created image docker mydhcp d6197c6e3f65 24 seconds ago 125MBdocker.io/networkboot/dhcpd latest 6f98b6b9b486 19 months ago 125MB [root@test /] # docker create-it docker:mydhcp / bin/bash # is added as container ea434b08d511867be662704ee81d0b5876e922efa50f5f52843daa762185c16a [root@test /] # docker ps-aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESea434b08d511 docker:mydhcp "/ entrypoint.sh / b..." 25 seconds ago Created compassionate_shirleybdd5bb814008 docker.io/networkboot/dhcpd "/ entrypoint.sh / b..." 5 minutes ago Up 4 minutes Stupefied_ ptolemy [root @ test /] # docker start ea434b08d511 # launch the container ea434b08d511 [root@test /] # docker exec-it ea434b08d511 / bin/bash # to enter the container View the test file root@ea434b08d511:/# lsbin boot core dev entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys test.txt tmp usr var you just created

2. Create based on local template

An image can be generated by importing the operating system template file. The template can be downloaded from the OPENVZ open source project at http://openvz.org/Download/template/precreated.

[root@test /] # wget http://download.openvz.org/template/precreated/ubuntu-14.04-x86_64-minimal.tar.gz# download a mini version of Ubuntu template [root@test /] # cat ubuntu-14.04-x86_64-minimal.tar.gz | docker import-docker:newsha256:7457fecee0fb28ab06d935e7a9a5a040d9d6ec8931959b752f596cde76a5d647# imports the template into [root@test /] # docker images | grep new # View that it has been imported into docker New 7457fecee0fb About a minute ago 215 MB

3. Create based on Dockerfile

Dockerfile is a file composed of a set of instructions, in which each instruction corresponds to a command in Linux. The docker program will read the instructions in dockerfile to generate a specified image.

The dockerfile structure is roughly divided into four parts: basic image information, maintainer information, mirror operation instructions and container startup instructions. Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and supports comments starting with the "#" sign.

Introduction to the configuration items in dockerfile:

[root@localhost ~] # docker tag docker:new centos7:system # change the name and label of the centos7 mini image downloaded above To distinguish [root@localhost ~] # docker images | grep system # confirm that the basic image is ready (that is, a centos7 mini system) centos7 system c065d5c0571d About an hour ago 435 MB [root@localhost ~] # vim Dockerfile # Edit a Dockerfile file Note: the file name is preferably DockerfileFROM centos # the first line must indicate the underlying image on which the image is based (the image must exist) MAINTAINER The centos project # maintains the user information of the image # the following is the operation instruction for the image RUN yum-y update RUN yum-y install openssh-serverRUN sed-I 's/UsePAM yes/UsePAM no/g' / etc/ssh/sshd_configRUN ssh-keygen-t dsa-f / etc/ssh/ Ssh_host_dsa_keyRUN ssh-keygen-t rsa-f / etc/ssh/ssh_host_rsa_keyEXPOSE 22 # Open port 22 CMD ["/ usr/sbin/sshd" "- D"] # execute instructions when you start the container

When writing dockerfile, there are strict formats to follow: the first line must use the FROM instruction to indicate the name of the image on which it is based; then use the MAINTAINER instruction to maintain the user information of the image; then there are instructions related to the image operation, such as the RUN directive, which adds a new layer to the basic image each time it runs; finally, it uses the CMD instruction to specify the command operation to be run when starting the container.

Dockerfile has more than a dozen commands that can be used to build an image, and the common instructions are as follows:

Example: create an apache image using dockerfile and run it in a container

[root@test /] # mkdir apache # create a working directory [root@test /] # cd / apache/ [root@test apache] # vim Dockerfile # create and write a Dockerfile file FROM centos # based on the basic image centosMAINTAINER the centos # maintain the user information RUN of the image Yum-y update # Image Operation instruction installs Apache package RUN yum-y install httpd EXPOSE 80 # Open port 80 ADD index.html / var/www/html/index.html # copy website homepage file ADD run.sh / run.sh # will hold Copy the line script to the image RUN chmod 775 / run.sh RUN systemctl disable httpd # set the Apache service not to start CMD by itself ["/ run.sh"] # execute script [root@test apache] # vim run.sh # write and execute script content #! / bin/bashrm-rf / when you start the container Run/httpd/* # Clean httpd cache exec / usr/sbin/apachectl-D FOREGROUND # start the Apache service [root@test apache] # echo "www.test.com" > index.html # create a test page [root@test apache] # lsDockerfile index.html run.sh [root@test apache] # docker build-t httpd:centos. .. / / omit part of the content # Note: this command is followed by a "." Represents the current path, otherwise an error will be reported Remember never to forget [root@test apache] # docker run-d-p 12345 httpd:centos # run the container with the new image The-p option enables mapping from local port 12345 to port 80 of the container 0721b1641ce0651d618a393b85d34606180dd33d4795621db320865cda8f3a0a [root@test apache] # docker ps-a # View container CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES0721b1641ce0 httpd:centos "/ run.sh" 6 seconds ago Up 6 seconds 0.0.0.0 80/tcp sad_mcclintock 12345-> 80/tcp sad_mcclintock

Access the apache service in the container

Second, build a private library and its usage

With the increase in the number of images created, it is necessary to have a place to store the images, which is the warehouse. at present, there are two kinds of warehouses: public warehouses and private warehouses. Most of the company's production environments are stored in private warehouses. The simplest thing is to download the image on the public warehouse. If you upload the image to the public warehouse, you also need to register and log in. Upload about the public warehouse. You can refer to https://blog.51cto.com/14227204/2453408

How to build a private warehouse? Registry can be used to build local private repositories

[root@test ~] # docker search registry # query keyword "registry" INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATEDdocker.io docker.io/registry The Docker Registry 2.0 implementation for... 2679 [OK]. # omit part of the content [root@localhost ~] # docker pull docker.io/registry # download top images. # omit part of the content Status: Downloaded newer image for docker.io/registry:latest # Download successfully [root@localhost ~] # vim / etc/sysconfig/docker # modify docker configuration file to specify private repository URL Otherwise, an error # / etc/sysconfig/docker# Modify these options if you want to change the way the docker daemon runsOPTIONS='--selinux-enabled will be reported when uploading the image in the custom private repository. The insecure-registry=192.168.1.1:5000'# changes the above line, where the IP address is the IP address of the private repository server. Here is the local IP address. . # omit part # Save and exit [root@test ~] # systemctl restart docker # restart docker after modification

Use the downloaded registry image to launch a container. By default, the repository is stored in the / tmp/registry directory in the container. Use the-v option to mount the local directory to the / tmp/registry directory in the container, so that the image will be lost after the container is deleted. Start a private warehouse service locally with the listening port number 5000.

Note: I have a / data/registry directory locally (you can mount a highly available GFS file system, or you can use NFS. You can choose it by yourself, but it is recommended that for important data storage directories, you must ensure the dynamic expansion of capacity and the problem of data loss caused by disk corruption). You will mount it to the / tmp/registry directory in the private warehouse container to store the image files uploaded to the private warehouse.

[root@test ~] # df-hT / data/registry/ # check the file system type capacity used in my directory. Available% mount point node4:dis-stripe fuse.glusterfs 80g 130m 80g 1% / data/registry [root@test ~] # docker run-d-p 5000-v / data/registry/:/tmp/registry Docker.io/registry# starts private warehouse And map the port to port 5000 of the host, mount the local / data/registry directory to the / tmp/registry directory in the container. # docker.io/registry is the private repository image you just downloaded. A6bf726c612b826e203d6a5bc9eaba26c36195913d3ea546c2111ce290a5524d [root@test ~] # docker tag docker.io/registry 192.168.1.1:5000/registry # use the docker tag command to change the tag of the image docker.io/registry to be uploaded, where the IP and port are fixed, otherwise you cannot connect to the private warehouse # because when the container is running on it, the port number of the private warehouse is mapped to port 5000 of the host. # so directly access port 5000 of the host. It's like visiting a private warehouse. [root@test ~] # docker images | grep 5000 # find the image 192.168.1.1:5000/registry latest f32a97de94e1 6 months ago 25.8 MB [root@test ~] # docker push 192.168.1.1:5000/registry # to upload to the private repository The push refers to a repository [192.168.1.1:5000/registry] 73d61bf022fd you just ran : Pushed 5bbc5831d696: Pushed d5974ddb5a45: Pushed f641ef7a37ad: Pushed d9ff549177a9: Pushed latest: digest: sha256:b1165286043f2745f45ea637873d61939bff6d9a59f76539d6228abf79f87774 size: 136 upload another mirror image below To test it. [root@test ~] # docker images | grep mynamed # upload it. Docker mynamed e178f320e482 4 hours ago 323 MB [root@test ~] # docker tag docker:mynamed 192.168.1.1:5000/named:test # the old rule is that the warehouse name must be changed. Note: if the tag is not the default latest Then you also need to sign [root@test ~] # docker images after the warehouse name | grep 192.168.1.1:5000/named # confirm that the change was successful 192.168.1.1:5000/named test e178f320e482 4 hours ago 323 MB [root@test ~] # docker push 192.168.1.1:5000/named:test # upload to the private warehouse The push refers to a Repository [192.168.1.1:5000/named] c756b9ec7fb0: Pushed 7d8d01394159: Pushed 72b7cd87d69b: Pushed 3be48ef75683: Pushed 9b28c58ad64b: Pushed 75e70aa52609: Pushed dda151859818: Pushed fbd2732ad777: Pushed ba9de9d8475e: Pushed test: digest: sha256:44894a684eac72a518ae5fa66bcbe4e4a9429428ef7ac6f4761022f8ac45ac5f size: 2403

At this point, the testing is over, but how do you prove that the private repository is using the local / data/registry directory? And how to view the uploaded image? (images uploaded to a private repository cannot be viewed using normal ls commands.)

[root@test ~] # df-hT / data/registry/ # first check the local / data/registry/ mounted file system type capacity available available mount point node4:dis-stripe fuse.glusterfs 80g 130m 80g 1% / data/registry [root@test ~] # docker exec-it a6bf726c612b / bin/sh # into the container of the private warehouse, the container does not have / bin/bash So / bin/sh is used. / # df-hT / tmp/registry/ # check and find that the file system mounted in this directory is the same as that mounted on the host, which means there is no problem. Filesystem Type Size Used Available Use% Mounted onnode4:dis-stripe fuse.glusterfs 80.0G 129.4M 79.8G 0% / tmp/registry-# so how to view the images uploaded to the private repository? Please take a look at the following: [root@test ~] # curl-XGET http://192.168.1.1:5000/v2/_catalog # to view the uploaded images, you can see that the two images {"repositories": ["named", "registry"]} # just know that the image name is not enough. If you want to download, you also need the corresponding tag of the image, so how to check the tag of a certain image? [root@test ~] # curl-XGET http://192.168.1.1:5000/v2/named/tags/list# looks like this. The named in the URL path above is the image name. What you need to check is the tag {"name": "named", "tags": ["test"]} [root@test ~] # docker pull 192.168.1.1:5000/named:test # to download the image in the private warehouse. # you must specify the access address of the private warehouse before you download it, that is, what the name is when uploading, and what it is when downloading, even if there is no IP address in the name of the queried image. Trying to pull repository 192.168.1.1:5000/named... Sha256:44894a684eac72a518ae5fa66bcbe4e4a9429428ef7ac6f4761022f8ac45ac5f: Pulling from 192.168.1.1:5000/namedDigest: sha256:44894a684eac72a518ae5fa66bcbe4e4a9429428ef7ac6f4761022f8ac45ac5fStatus: Downloaded newer image for 192.168.1.1:5000/named:test

If you need to download an image of a private warehouse on another server, you need to execute the following command on that other server to specify the address of the private warehouse server:

[root@node1 ~] # echo'{"insecure-registries": ["xxx.xxx.xxx.xxx:5000"]}'> / etc/docker/daemon.json#, where xxx.xxx.xxx.xxx:5000 represents the IP address and port of access to the private repository, and you can decide [root@node1 ~] # systemctl restart docker # to restart the docker service according to your server situation.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.