Shulou(Shulou.com)06/03 Report--

How to use dockerfile files and registry private repositories? I believe that many novice rookies have not yet learned this skill. Through the summary of this article, I hope you can learn to use dockerfile files and registry private repositories.

Dockerfile Common commands (Security)

1. "FROM: build an image based on that image

For example: FROM centos:7

2 "MAINTAINER: image maintainer name or email address

For example: MAINTAINER adam

3 "RUN: the shell command that runs when building the image

For example:

RUN ["yum", "install", "httpd"]

RUN yum-y install httpd

4 > CMD: shell command executed when the container is run

For example:

CMD ["/ bin/bash"] or shell

5 > EXPOSE declares the service port of the container

For example: EXPOSE 80443

6 "ENV: sets the container environment variable

For example

ENV MYSQL_ROOT_PASSWORD 123.com

7 "ADD: copy the image of a file or directory. If it is a URL or compressed package, it will be downloaded or decompressed automatically.

ADD...

ADD ["source file"... "destination directory"]

8 "COPY: copy files or directories into an image container, similar to ADD, but without automatic download or decompression.

9 "ENTRYPOINT: the shell command executed when the container is run

For example

ENTRYPOINT ["/ bin/bash", "- c", "command"]

ENTRYPOINT / bin/bash-c 'command'

10 > VOLUME: specify the container mount point to the directory or other container automatically generated by the host

For example: (data persistence)

VOLUME ["/ var/lib/mysql"]

Docker run-it-- name xxx / var/lib/mysql-- volume specifies the container directory and places it in a directory of the host.

11 > USER: RUN. CMD and ENTYRYPOINT execute commands to specify the running user

12 > WORKDIR: set the working directory for RUN,CMD,ENTRYPOINT,COPY and ADD, which means to switch directories

For example:

WORKDIR: / var/lib/mysql

13 > HEALTHCHECK: health check

14 > some parameters specified when ARG is built

For example:

FROM centos:7

ARG user

USER $user

Note:

1.RUN runs in building and can write multiple messages.

2.CMD and ENTRYPOINT can only write one entry when running CONTAINER (container). If more than one entry is written, the last one will take effect.

3.CMD can be overwritten by COMMAND when run, ENTRYPOINT will not be overwritten by COMMAND, but you can specify-- ENTRYPOINT override.

4. If you need to import a file into the image in dockerfile, the file must be in the same directory or subdirectory as dockerfile.

Test experiment:

Using dockerfile file to make an image based on centos:7 image deployment and installation of nginx service

Note that the Nginx package needs to be in the same directory as the dockfile file, or the dockerfile file is not allowed to run it.

Vim Dockerfile

Configuration:

FROM centos:7

RUN yum-y install gcc pcre-devel openssl-devel zlib-devel

RUN yum-y install make

COPY nginx-1.14.0.tar.gz /

RUN tar-zxf nginx-1.14.0.tar.gz-C / usr/src

RUN useradd-M-s / sbin/nologin nginx

WORKDIR / usr/src/nginx-1.14.0

RUN. / configure-prefix=/usr/local/nginx-user=nginx-group=nginx

RUN make & & make install

RUN ln-s / usr/local/nginx/sbin/* / usr/local/sbin/

RUN nginx-t

RUN nginx

EXPOSE 80

Another image created by changing COPY to ADD: FROM centos:7RUN yum-y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-develADD nginx-1.14.0.tar.gz / usr/src/RUN useradd-M-s / sbin/nologin nginxWORKDIR / usr/src/nginx-1.14.0RUN. / configure-- prefix=/usr/local/nginx-- user=nginx-- group=nginxRUN make & & make installRUN ln-s / usr/local/nginx/sbin/* / usr/local/sbin/RUN nginx- tRUN nginxEXPOSE 80

If the MAKE is not available during compilation and installation, you need to add it to the Dockerfile file.

Yum a make.

Execute the command for the Dockerfile file:

Docker build-t test1.

View Mirror

Docker images

3) run the created image into a container to enable the nginx service to be enabled automatically when the container is running. Verify that the service is functioning properly.

Create a container

Docker run-itd-- name test1 test1:latest

Enter the container

Docker exec-it test1 / bin/bash

If you want to ensure that the container is running, you need to add nginx-g "daemon off;" after the nignx service is enabled.

Docker run-itd-name test1-2 test1:latest nginx-g "daemon off;"

View container information

Docker inspect test1-2

Curl 172.17.0.2

Run a private warehouse, upload the self-made image to the private warehouse, and open another virtual machine to join the private warehouse. Download the private warehouse image on docker02 and run a container to verify that the service is running properly.

Registry

Run the registry private warehouse service with a docker container

Docker pull registry:2 (download image)

Run the private warehouse service

Docker run-itd-name registry-restart=always

-p 5000Rom 5000-v / registry:/var/lib/registry registry:2

-p: Port mapping, host port: the port where the container is exposed.

-v: the mount directory, the host directory, and the directory in the container. (automatically create directory and mount)

Image renaming; docker tag test1:latest (image name) 192.168.1.1:5000/test (changed name)

Upload to private warehouse

Docker push 192.168.1.1:5000/test:latest

Need https, so change it (remember the directory path)

Vim / usr/lib/systemd/system/docker.service (change)

Secure is secure, insecure is not secure

[root@docker test1] # systemctl daemon-reload

[root@docker test1] # systemctl restart docker

Docker push 192.168.1.1:5000/test:latest (upload to private warehouse)

Cd / registry/ private warehouse location

Download the private repository image on the second docker2 and run a container to verify that the service is running properly.

Vim / usr/lib/systemd/system/docker.service (change)

Systemctl daemon-reload

Systemctl restart docker

Download the image

Docker pull 192.168.1.1:5000/test:latest downloads the image from the private repository

Docker images

Making Container lbs1

Docker run-itd-name lbs1 192.168.1.1:5000/test:latest nginx-g "daemon off;"

View Container lbs1

Docker inspect lbs1

Visit nginx

Curl 172.17.0.2

The above is the use of dockerfile files and registry private warehouse, after reading it, is there anything to gain? If you want to know more about it, you are welcome to follow the industry information!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.