Shulou(Shulou.com)06/02 Report--

Dockerfile common instructions

1.FROM: the image on which the construction image is based

Syntax: FROM [:] for example: FROM centos:7 explains: to set the image to be made based on which image, the FROM instruction must be the first instruction of the entire Dockerfile. If the specified image does not exist, it will be automatically downloaded from the Docker Hub by default.

2.MAINTAINER: name or email address of the image maintainer

Syntax: MAINTAINER for example: MAINTAINER adam explanation: the MAINTAINER instruction allows you to set author information for the image to be made.

3.RUN: the shell command that runs when building the image

Syntax: ① RUN # will call / bin/sh-c ② RUN ["executable", "param1", "param2"] # will call exec execution to avoid passing parameters in shell mode sometimes And some basic images may not contain / bin/sh for example: RUN ["yum", "install", "httpd"] RUN yum-y install httpd explains: the RUN instruction executes any command in a new container, then commits the executed changes to the current image, and the submitted image will be used for the next operation defined in Dockerfile. The commands defined in RUN are executed and committed sequentially, which is the advantage of Docker's cheap commit and the ability to create containers based on any history point of the mirror, just like version control tools.

4.CMD: the shell command executed when the container is run

Syntax: ① CMD ["executable", "param1", "param2"] # will call exec for execution, preferably ② CMD ["param1", "param2"] # when using the ENTRYPOINT instruction Passing the default parameter ③ CMD for this instruction [|] # will call / bin/sh-c for example: CMD ["/ bin/bash"] explains: the command specified in the CMD instruction will be executed when the image is running, and only one CMD instruction can exist in the Dockerfile. If more than one CMD instruction is used, only the last CMD instruction is valid. When the ENTRYPOINT instruction appears, the content defined in the CMD is used as the default parameter of the ENTRYPOINT instruction, that is, you can use the CMD instruction to pass parameters to the ENTRYPOINT. Note: both RUN and CMD execute commands. The difference between them is that the commands defined in RUN will be executed when the docker build command is executed to create the image, while the commands defined in CMD will be executed when the docker run command is executed to run the image. In addition, when the first syntax is used, that is, when exec is called, the command must be an absolute path.

5.EXPOSE: declare the service port of the container

Syntax: EXPOSE [...] For example, EXPOSE 80443 explains: the EXPOSE instruction is used to tell Docker which ports the container will listen on at run time, and Docker uses this information when connecting different containers (using the-link parameter).

6.ENV: setting container environment variables

Syntax: ENV for example: ENV MYSQL_ROOT_PASSWORD 123.com explanation: the ENV instruction is used to set environment variables, and the environment variables set in Dockerfile will also affect the RUN directive. When running the generated image, these environment variables are still in effect. If you need to change these environment variables at run time, you can add the-env = parameter to modify them when you run docker run. Note: it is best not to define names that may conflict with the system's predefined environment variables, or they may produce unexpected results.

7.ADD: copy a file or directory to the image. If it is a URL or compressed package, it will be downloaded or decompressed automatically.

Syntax: ADD explanation: the ADD instruction is used to copy a file or directory from the specified path to the specified path of the container, which is the path of a file or directory, or it can be a url, the path is relative to the location of the Dockerfile file, and is an absolute path of the target container, for example, defined in the file / home/yooke/Docker/Dockerfile. Then the ADD / data.txt / db/ directive will attempt to copy the file from / home/yooke/Docker/data.txt to the / db/data.txt of the container to be generated, and the subordinate group and owner of the file or directory are users and groups with uid and gid 0, respectively. If the file is obtained through url, the permission is 600. For example: ADD. ADD ["source file"... "destination directory"] Note: if ① executes docker build-

< somefile即通过标准输入来创建时，ADD指令只支持url方式，另外如果url需要认证，则可以通过RUN wget …或RUN curl …来完成，ADD指令不支持认证。 ②路径必须与Dockerfile在同级目录或子目录中，例如不能使用ADD ../somepath，因为在执行docker build时首先做的就是把Dockerfile所在目录包含子目录发送给docker的守护进程。 ③如果是一个url且不是以"/"结尾，则会下载文件并重命名为。 ④如果是一个url且以"/"结尾，则会下载文件到/，url必须是一个正常的路径形式，"http://example.com"像这样的url是不能正常工作的。 ⑤如果是一个本地的压缩包且是以"/"结尾的目录，则会调用"tar -x"命令解压缩，如果有同名文件则覆盖，但是一个url时不会执行解压缩。 8.COPY：拷贝文件或目录到镜像容器内，跟ADD类似，但不具备自动下载或解压功能 语法：COPY 解释：用法与ADD相同，不过不支持使用url，所以在使用docker build - < somefile时该指令不能使用。ENTRYPOINT语法：①ENTRYPOINT ["executable", "param1", "param2"] #将会调用exec执行，首选方式②ENTRYPOINT command param1 param2 #将会调用/bin/sh -c执行解释：ENTRYPOINT指令中指定的命令会在镜像运行时执行，在Dockerfile中只能存在一个，如果使用了多个ENTRYPOINT指令，则只有最后一个指令有效。ENTRYPOINT指令中指定的命令(exec执行的方式)可以通过docker run来传递参数，例如docker run -l启动的容器将会把-l参数传递给ENTRYPOINT指令定义的命令并会覆盖CMD指令中定义的默认参数(如果有的话)，但不会覆盖该指令定义的参数，例如ENTRYPOINT ["ls","-a"]，CMD ["/etc"],当通过docker run 启动容器时该容器会运行ls -a /etc命令，当使用docker run -l启动时该容器会运行ls -a -l命令，-l参数会覆盖CMD指令中定义的/etc参数。注意：①当使用ENTRYPOINT指令时生成的镜像运行时只会执行该指令指定的命令。②当出现ENTRYPOINT指令时CMD指令只可能(当ENTRYPOINT指令使用exec方式执行时)被当做ENTRYPOINT指令的参数使用，其他情况则会被忽略。 9.VOLUME: 指定容器挂载点到宿主机自动生成的目录或其他容器 语法：VOLUME ["samepath"]例如：VOLUME ["/var/lib/mysql"]解释：VOLUME指令用来设置一个挂载点，可以用来让其他容器挂载以实现数据共享或对容器数据的备份、恢复或迁移，具体用法请参考其他文章。 10.USER:为RUN、CMD、和ENTRYPOINT执行命令指定运行用户 语法：USER [username|uid]解释：USER指令用于设置用户或uid来运行生成的镜像和执行RUN指令。 11.WORKDIR: 为RUN、CMD、ENTRYPOINT、 COPY和ADD设置工作目录，意思为切换目录 语法：WORKDIR /path/to/workdir解释：WORKDIR指令用于设置Dockerfile中的RUN、CMD和ENTRYPOINT指令执行命令的工作目录(默认为/目录)，该指令在Dockerfile文件中可以出现多次，如果使用相对路径则为相对于WORKDIR上一次的值，例如WORKDIR /data，WORKDIR logs，RUN pwd最终输出的当前目录是/data/logs。 12.ONBUILD 语法：ONBUILD [INSTRUCTION] 解释：ONBUILD指令用来设置一些触发的指令，用于在当该镜像被作为基础镜像来创建其他镜像时(也就是Dockerfile中的FROM为当前镜像时)执行一些操作，ONBUILD中定义的指令会在用于生成其他镜像的Dockerfile文件的FROM指令之后被执行，上述介绍的任何一个指令都可以用于ONBUILD指令，可以用来执行一些因为环境而变化的操作，使镜像更加通用。 注意：①ONBUILD中定义的指令在当前镜像的build中不会被执行。 ②可以通过查看docker inspeat 命令执行结果的OnBuild键来查看某个镜像ONBUILD指令定义的内容。 ③ONBUILD中定义的指令会当做引用该镜像的Dockerfile文件的FROM指令的一部分来执行，执行顺序会按ONBUILD定义的先后顺序执行，如果ONBUILD中定义的任何一个指令运行失败，则会使FROM指令中断并导致整个build失败，当所有的ONBUILD中定义的指令成功完成后，会按正常顺序继续执行build。 ④ONBUILD中定义的指令不会继承到当前引用的镜像中，也就是当引用ONBUILD的镜像创建完成后将会清除所有引用的ONBUILD指令。 ⑤ONBUILD指令不允许嵌套，例如ONBUILD ONBUILD ADD . /data是不允许的。 ⑥ONBUILD指令不会执行其定义的FROM或MAINTAINER指令。 13.HEALTHCHECK:健康检查 14.ARG: 构建时指定的一些参数 例如:FROM centos:7ARG userUSER $user 设置环境变量除了ENV 外对容器还可能用以下两种方式 ： docker exec -i CONTAINER_ID /bin/bash -c "exportDOCKER_HOST=tcp://localhost:port"+echo 'export DOCKER_HOST=tcp://localhost:port' >

> ~ / .bashrc

Note:

1. RUN runs when building and can write multiple messages.

2. CMD and ENTRYPOINT can only write one entry when running container. If more than one entry is written, the last one will take effect.

3. CMD can be overridden by COMMAND during run, and ENTRYPOINT will not be overwritten by COMMAND, but you can specify-- entrypoint override.

4. If you need to import a file into the image in Dockerfile, the file must be in the same directory or subdirectory as dockerfile.

Small experiment

1) create an image using dockerifle, and deploy and install the nginx service based on the centos:7 image.

[root@localhost ~] # mkdir web [root@localhost ~] # rz

[root@localhost ~] # cp nginx-1.14.0.tar.gz web/ [root@localhost ~] # cd web/// create a test directory [root@localhost web] # vim DockerfileFROM centos:7RUN yum-y install make gcc pcre pcre-devel zlib zlib-devel openssl openssl-develCOPY nginx-1.14.0.tar.gz / RUN tar-zxf nginx-1.14.0.tar.gz-C / usr/srcRUN useradd-M-s / sbin/nologin nginxWORKDIR / usr/src/nginx-1 .14.0 run. / configure-- prefix=/usr/local/nginx-- user=nginx-- group=nginxRUN make & & make installRUN ln-s / usr/local/nginx/sbin/* / usr/local/sbin/RUN nginx-tRUN nginxEXPOSE 80

/ / if you want to ensure that the container is running, the nginx service can be opened directly instead of manually. We can add: nginx-g "daemon off;" at the end of the command.

[root@localhost web] # docker build-t test-web. / / create an image [root@localhost web] # docker images// to view the image

[root@localhost web] # docker run-itd-- name testweb test-web:latest [root@localhost web] # docker exec-it testweb/ bin/bash// enter container testweb [root@a3a21e68cb99 nginx-1.14.0] # nginx// Open nginx [root@a3a21e68cb99 nginx-1.14.0] # exit [root@localhost web] # docker inspect testweb// to view container testweb details (see IP now)

[root@localhost web] # curl 172.17.0.2 Virgo 80 / visit nginx

2) run the created image to a container to enable the nginx service to be enabled automatically when the container is running. Verify that the service is functioning properly.

[root@localhost web] # docker run-itd-- name testweb_2 test-web:latest nginx-g "daemon off;" / / Open nginx [root@localhost web] # docker inspect testweb_2// when opening the container to view the details of the container testweb_2 (now see IP)

[root@localhost web] # curl 172.17.0.3 virtual 80 / visit nginx

3) run a private warehouse, upload the self-made image to the private warehouse, and open another virtual machine to join the private warehouse. Download the private warehouse image on docker02 and run a container to verify that the service is running normally.

[root@localhost web] # docker pull registry:2// download an image first

Run the registry private warehouse with a docker container

[root@localhost web] # docker run-itd-- name registry-- restart=always-p 5000 name registry 5000-v / registry:/var/lib/registry registry:2// run the registery private warehouse service (which returns a process number)-p: Port mapping. Host port: the port exposed by the container. -v: Mount the directory. Host directory: the directory in the container. [root@localhost web] # docker ps// check the container

[root@localhost web] # docker tag test-web1 192.168.1.11:5000/test// image rename [root@localhost web] # docker images

[root@localhost web] # vim / usr/lib/systemd/system/docker.service// modify docker configuration file ExecStart=/usr/bin/dockerd-- insecure-registry 192.168.1.11 docker 5000 # 13 line [root@localhost web] # systemctl daemon-reload [root@localhost web] # systemctl restart docker// restart docker [root@localhost web] # docker ps// View Container

[root@localhost web] # docker push 192.168.1.11:5000/test:latest// upload private warehouse

[root@localhost web] # ls/registry/docker/registry/v2/repositories// check the private warehouse

Open the second docker to test it.

39 vim / usr/lib/systemd/system/docker.service / / modify docker configuration file ExecStart=/usr/bin/dockerd-- insecure-registry 192.168.1.11 insecure-registry 5000 # 13 line 40 systemctl daemon-reload 41 systemctl restart docker44 docker pull 192.168.1.11:5000/test:latest// download image 53 docker run-itd-- name xgp1 192.168.1.11:5000/test:latest nginx-g "daemon off from private repository "/ / Open the container with nginx 54 docker inspect xgp1 / / View the details of the container testweb_2 (see IP now)

56 curl 172.17.0.2 / / visit nginx

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.