1、Dockerfile經常使用指令
| 指令 | 含義 |
|---|---|
| FROM 鏡像 | 指定新鏡像所基於的鏡像,第一條指令必須爲FROM指令,每建立一個鏡像就須要一 條FROM指令。 |
| MAINTAINER 名字 | 說明新鏡像的維護人信息 |
| RUN命令 | 在所基於的鏡像上執行命令,並提交到新的鏡像中 |
| CMD[ 「要運行的程序」,」參數1,"參數2 "] | 指令啓動容器時要運行的命令或者腳本,Dockerfile只能有一條CMD命令,若是指定多條則只能最後一條被執行 |
| EXPOSE 端口號 | 指定新鏡像加載到Docker時要開啓的端口 |
| ENV 環境變量 變量值 | 設置一個環境變量的值,會被後面的RUN使用 |
| ADD源文件/目錄目標文件/目錄 | 將源文件複製到目標文件,源文件要與Dockerfile位於相同目錄中,或者是一個URL |
| COPY 源文件/目錄 目標文件/目錄 | 將本地主機上的文件/目錄複製到目標地點,源文件/目錄要與Dockerfile在相同的目錄中 |
| VOLUME [ 「目錄" ] | 在容器中建立一個掛載點 |
| USER 用戶名/UID | 指定運行容器時的用戶 |
| WORKDIR 路徑 | 爲後續的RUN、CMD、ENTRYPOINT指定工做目錄 |
| ONBUILD 命令 | 指定所生成的鏡像做爲一個基礎鏡像時所要運行的命令 |
| HEALTHCHECK | 健康檢查 |
2、sshd服務搭建
先準備好sshd服務文件夾所須要的各類文件java
[root@localhost ~]# mkdir sshd ####建立文件夾 [root@localhost ~]# cd sshd [root@localhost sshd]# vim Dockerfile ###在此寫入命令 FROM centos:7 MAINTAINER The centos project <cloud-centos> RUN yum -y update RUN yum -y install openssh* net-tools lsof telnet passwd RUN echo '123456' | passwd --stdin root RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh EXPOSE 22 CMD ["/usr/sbin/sshd","-D"]
生成鏡像和容器
-P表示映射端口隨機,通常第一個隨機端口映射都是32768
mysql
[root@localhost sshd]# docker build -t sshd:new . [root@localhost sshd]# docker run -d -P sshd:new 2da672497af63a432f06b2ad9c6321b5d016d917f807c64bc3b786659325ace2 [root@localhost sshd]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2da672497af6 sshd:new "/usr/sbin/sshd -D" 36 seconds ago Up 35 seconds 0.0.0.0:32768->22/tcp nervous_thompson
在宿主機上ssh鏈接測試linux
[root@localhost sshd]# ssh localhost -p 32768 The authenticity of host '[localhost]:32768 ([::1]:32768)' can't be established. RSA key fingerprint is SHA256:20mGqPVwslDf0X5SSg/TPIzvlJBOI5uIQNIZmO17IE0. RSA key fingerprint is MD5:16:90:d5:a0:92:e2:74:ec:36:9a:31:83:da:85:3e:59. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:32768' (RSA) to the list of known hosts. root@localhost's password: Permission denied, please try again. root@localhost's password: [root@2da672497af6 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) RX packets 55 bytes 6776 (6.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 33 bytes 5351 (5.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3、systemctl服務搭建
systemctl文件夾準備nginx
[root@localhost ~]# mkdir systemctl [root@localhost ~]# cd systemctl/ [root@localhost systemctl]# vim Dockerfile FROM sshd:new ENV container docker RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *;do [ $i == \ systemd-tmpfiles-setup.service ] || rm -f $i;done); \ rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /etc/systemd/system/*.wants/*; \ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*; \ rm -f /lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"]
生成鏡像,不降權生成容器c++
[root@localhost systemctl]# docker build -t systemd:new . //privileged container內的root擁有真正的root權限。不然,container內的root只是外部的一個普通用戶權限。 [root@localhost systemctl]#docker run --privileged -it -v /sys/fs/cgroup:/sys/fs/cgroup:ro systemd:new /sbin/init & //docker run中有「/sbin/init」會覆蓋CMD中的這個指令,因此這個不寫也行 [root@localhost system]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED a7a6eec323db systemd:new "/usr/sbin/init" 6 minutes ago 1f5770fd8d4a e3a9ae84ac4d "/bin/sh -c '(cd /l…" 16 minutes ago 2da672497af6 sshd:new "/usr/sbin/sshd -D" About an hour ag be0fdd9831fe httpd:centos "/run.sh" 15 hours ago 19ed00c77db9 centos:7 "/bin/bash" 16 hours ago fd562f234cca nginx:latest "/docker-entrypoint.…" 16 hours ago
進入容器測試sql
[root@localhost system]# docker exec -it a7a6eec323db bash [root@a7a6eec323db /]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:sshd(8) man:sshd_config(5) [root@a7a6eec323db /]# systemctl start sshd [root@a7a6eec323db /]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled) Active: active (running) since Tue 2020-11-10 07:50:48 UTC; 7s ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 90 (sshd) CGroup: /docker/a7a6eec323dbbee5786a7d927b85dc5651fd93dfec65e2cc474ad74a265ee0a2/system.slice/sshd.service └─90 /usr/sbin/sshd -D Nov 10 07:50:48 a7a6eec323db systemd[1]: Starting OpenSSH server daemon... Nov 10 07:50:48 a7a6eec323db sshd[90]: WARNING: 'UsePAM no' is not supporte...s. Nov 10 07:50:48 a7a6eec323db sshd[90]: Server listening on 0.0.0.0 port 22. Nov 10 07:50:48 a7a6eec323db sshd[90]: Server listening on :: port 22. Nov 10 07:50:48 a7a6eec323db systemd[1]: Started OpenSSH server daemon. Hint: Some lines were ellipsized, use -l to show in full.
4、nginx服務搭建
準備nginx文件夾內容docker
[root@localhost ~]# mkdir nginx [root@localhost ~]# cd nginx/ [root@localhost nginx]# vim Dockerfile FROM centos:7 MAINTAINER this is nigix image <yang> RUN yum -y update RUN yum -y install gcc gcc-c++ make pcre-devel zlib-devel RUN useradd -M -s /sbin/nologin nginx ADD nginx-1.15.9.tar.gz /usr/local/src ###ADD 在把宿主機上的壓縮包複製到容器當中的同時,進行了解壓縮 WORKDIR /usr/local/src WORKDIR nginx-1.15.9 RUN ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_stub_status_module && make && make install ENV PATH /usr/local/nginx/sbin:$PATH EXPOSE 80 EXPOSE 443 RUN echo "daemon off;">>/usr/local/nginx/conf/nginx.conf ADD run.sh /run.sh RUN chmod 755 /run.sh CMD ["/run.sh"] [root@localhost nginx]# vim run.sh #!/bin/bash /usr/local/nginx/sbin/nginx
生成鏡像,產生容器,端口隨機,這裏產生的是32770數據庫
docker build -t nginx:new . docker run -d -P nginx:new [root@localhost nginx]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2984555bb816 nginx:new "/run.sh" 10 seconds ago Up 9 seconds 0.0.0.0:32770->80/tcp, 0.0.0.0:32769->443/tcp zen_leavitt
測試
apache
5、tomat服務搭建
準備tomcat文件夾vim
#######################tomcat########################## [root@localhost ~]# mkdir tomcat [root@localhost ~]# cd tomcat/ [root@localhost nginx]# vim Dockerfile FROM centos:7 MAINTAINER this is a tomcat image <yang> ADD jdk-8u144-linux-x64.tar.gz /usr/local/ WORKDIR /usr/local/ RUN mv jdk1.8.0_144 /usr/local/java ENV JAVA_BIN /usr/local/java/bin ENV JAVA_HOME /usr/local/java ENV JRE_HOME /usr/local/java/jre ENV CLASSPATH $JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar ENV PATH $JAVA_HOME/bin:$PATH ADD apache-tomcat-8.5.23.tar.gz /usr/local/ RUN mv /usr/local/apache-tomcat-8.5.23 /usr/local/tomcat EXPOSE 8080 ENTRYPOINT ["/usr/local/tomcat/bin/catalina.sh","run"]
生成鏡像,產生容器指定端口1216
[root@localhost tomcat]#docker build -t tomcat:centos . [root@localhost tomcat]# docker run -d --name tomcat -p 1216:8080 tomcat:centos 05d268df642182457a64b4596644b0aff240232dd3a107c9aa711c9e7c877a4e [root@localhost tomcat]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 05d268df6421 tomcat:centos "/usr/local/tomcat/b…" 12 seconds ago Up 11 seconds 0.0.0.0:1216->8080/tcp tomcat 2984555bb816 nginx:new "/run.sh" 4 hours ago Up 4 hours 0.0.0.0:32770->80/tcp, 0.0.0.0:32769->443/tcp zen_leavitt a7a6eec323db systemd:new "/usr/sbin/init" 5 hours ago Up 4 hours 22/tcp practical_shannon 2da672497af6 sshd:new "/usr/sbin/sshd -D" 6 hours ago Up 6 hours 0.0.0.0:32768->22/tcp nervous_tho
測試
6、mysql服務搭建
建立MySQL文件夾,準備Dockerfile文件
mkdir mysql cd mysql vim Dockerfile FROM centos:7 MAINTAINER this is a mysql image <yang> EXPOSE 3306 RUN yum -y update RUN yum -y install \ gcc \ gcc-c++ \ make \ ncurses \ ncurses-devel \ bison \ cmake RUN useradd -s /sbin/nologin mysql ADD mysql-boost-5.7.20.tar.gz /opt WORKDIR /opt/mysql-5.7.20/ RUN cmake \ -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \ -DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \ -DSYSCONFDIR=/etc \ -DSYSTEMD_PID_DIR=/usr/local/mysql \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \ -DMYSQL_DATADIR=/usr/local/mysql/data \ -DWITH_BOOST=boost \ -DWITH_SYSTEMD=1 RUN make -j3 && make install RUN chown -R mysql:mysql /usr/local/mysql/ RUN rm -rf /etc/my.cnf ADD my.cnf /etc RUN chown mysql:mysql /etc/my.cnf ENV PATH /usr/local/mysql/bin:/usr/local/mysql/lib:$PATH WORKDIR /usr/local/mysql/ RUN bin/mysqld \ --initialize-insecure \ --user=mysql \ --basedir=/usr/local/mysql \ --datadir=/usr/local/mysql/data RUN cp usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/ ADD run.sh /opt/run.sh RUN chmod 755 /run.sh RUN sh /run.sh CMD ["init"]
準備my.cnf文件
vim my.cnf [client] port = 3306 default-character-set=utf8 socket = /usr/local/mysql/mysql.sock [mysql] port = 3306 default-character-set=utf8 socket = /usr/local/mysql/mysql.sock [mysqld] user = mysql basedir = /usr/local/mysql datadir = /usr/local/mysql/data port = 3306 character_set_server=utf8 pid-file = /usr/local/mysql/mysqld.pid socket = /usr/local/mysql/mysql.sock server-id = 1 sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
準備run.sh文件
vim run.sh #!/bin/bash systemctl enable mysqld
創建鏡像,生成容器,隨機端口32775
[root@localhost mysql]#docker build -t mysql:test . Successfully tagged mysql:new2 [root@localhost mysql]# docker run -d -P --privileged mysql:new2 94bd8ed7f0ff6131406c0f2b3f68b32dc03a927f95ef0c22e216ee4a3131f013 [root@localhost mysql]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 94bd8ed7f0ff mysql:new2 "init" 5 seconds ago Up 5 seconds 0.0.0.0:32775->3306/tcp dazzling_robinson
進入容器,進入數據庫,初次進入直接回車,不須要密碼
[root@localhost mysql]# docker exec -it 94bd8ed7f0ff /bin/bash [root@94bd8ed7f0ff mysql]# mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.20 Source distribution Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. 給本地和遠程鏈接受權 mysql>grant all privileges on *.* to 'root'@'%' identified by 'abc123'; mysql>grant all privileges on *.* to 'root'@'localhost' identified by 'abc123'; mysql>flush privileges;
測試
另外一臺虛擬機 [root@localhost ~]# yum -y install mariadb [root@localhost ~]# mysql -h 20.0.0.22 -P 32775 -uroot -p Enter password: 這裏是剛剛受權設置的密碼 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 5 Server version: 5.7.20 Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]> MySQL [(none)]> create database info; ###在這裏建立數據庫 Query OK, 1 row affected (0.00 sec) 在容器裏看,有info mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | info | | mysql | | performance_schema | | sys | +--------------------+ 5 rows in set (0.00 sec)