容器技術之Dockerfile(三)
前面咱們聊到了dockerfile的 FROM、COPY 、ADD、LABEL、MAINTAINER、ENV、ARG、WORKDIR、VOLUME、EXPOSE、RUN、CMD、ENTRYPOINT指令的使用和說明,回顧請參考https://www.cnblogs.com/qiuhom-1874/tag/Dockerfile/;今天咱們來聊聊剩下的dockerfile指令的使用和說明;html
一、USER:該指令用於指定運行image時的或運行dockerfile中任何RUN、CMD或ENTRYPOINT指令指定的程序時的用戶名或UID;默認狀況下,container的運行身份爲root用戶;語法格式 USER <UID>|<UserName>; 須要注意的是,<UID>能夠爲任意數字,但實踐中其必須爲/etc/passwd中某用戶的有效UID,不然,docker run命令將運行失敗;node
示例: linux
[root@node1 test]# cat Dockerfile FROM centos:7 LABEL maintainer="qiuhom <qiuhom@linux-1874.com>" LABEL version="1.0" LABEL description="this is test file \ that label-values can span multiple lines." RUN useradd nginx USER nginx CMD ["sleep","3000"] [root@node1 test]#
提示:以上dockerfile表示在鏡像運行成容器時,以nginx用戶運行 sleep 3000nginx
驗證:編譯成鏡像,啓動爲容器,而後進入到容器裏看看sleep 3000 是不是nginx用戶在運行?web
[root@node1 test]# docker build . -t test:v1 Sending build context to Docker daemon 1.051MB Step 1/7 : FROM centos:7 ---> b5b4d78bc90c Step 2/7 : LABEL maintainer="qiuhom <qiuhom@linux-1874.com>" ---> Running in 0f503dae4448 Removing intermediate container 0f503dae4448 ---> d31363b96f38 Step 3/7 : LABEL version="1.0" ---> Running in 8dad05999903 Removing intermediate container 8dad05999903 ---> 2281f36d7c3c Step 4/7 : LABEL description="this is test file \ that label-values can span multiple lines." ---> Running in d2be9ed44aee Removing intermediate container d2be9ed44aee ---> 8de872e222fb Step 5/7 : RUN useradd nginx ---> Running in 37bda6ba6b60 Removing intermediate container 37bda6ba6b60 ---> dc681f95f5ca Step 6/7 : USER nginx ---> Running in 97d2357826f9 Removing intermediate container 97d2357826f9 ---> ed277ac0c482 Step 7/7 : CMD ["sleep","3000"] ---> Running in 0ea578fa10bc Removing intermediate container 0ea578fa10bc ---> 461f6ceabc88 Successfully built 461f6ceabc88 Successfully tagged test:v1 [root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE test v1 461f6ceabc88 3 seconds ago 204MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker run --name t1 --rm -d test:v1 37e46346d6ca0ab05b67f5350d4c2a7b6b86b8d34c8d1622d78ef70b7d3dff86 [root@node1 test]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 37e46346d6ca test:v1 "sleep 3000" 3 seconds ago Up 2 seconds t1 [root@node1 test]# docker exec -it t1 /bin/bash [nginx@37e46346d6ca /]$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND nginx 1 0.1 0.0 4364 352 ? Ss 10:02 0:00 sleep 3000 nginx 6 0.4 0.0 11828 1808 pts/0 Ss 10:02 0:00 /bin/bash nginx 23 0.0 0.0 51756 1708 pts/0 R+ 10:02 0:00 ps aux [nginx@37e46346d6ca /]$ exit exit [root@node1 test]#
提示:能夠看到基於上面的dockerfile構建的鏡像運行爲容器,裏面默認跑到進程就是咱們在dockerfile中指定用戶運行的進程;使用USER指定用戶運行容器裏的進程,須要注意該用戶要對運行進程所需資源的全部權限;不然容器運行不起來;docker
二、HEALTHCHECK:該指令用於定義如何對容器作健康狀態檢測;運行爲容器後,容器裏的進程不掛掉,固然容器也就不會掛掉,可是存在一種狀況容器沒有掛掉,但容器裏的進程沒法正常提供服務了,這個時候咱們就須要經過必定的手段,第一時間知道容器裏的進程是否健康(是否可以正常提供服務);healthcheck指令就是用來定義若是去檢測容器內部進程是否健康;語法格式HEALTHCHECK [OPTIONS] CMD command;其中CMD是固定格式,然後端command是對容器裏的進程作健康狀態檢查的命令;而options是用來指定對容器作健康狀態檢查的週期時間;--interval=DURATION (default: 30s),該選項用於指定對容器作健康狀態檢查的頻率,默認是30s一次;--timeout=DURATION (default: 30s),該選項用於指定對容器內部的進程作健康狀態檢查的超時時長,默認是30秒;--start-period=DURATION (default: 0s)指定對容器中的進程作健康狀態檢查延遲時間,默認0表示不延遲;這裏補充一點,之因此要延遲多少秒作健康狀態檢查是由於,docker運行爲容器之後,會馬上把該容器的狀態標記爲running狀態,而對於有些初始化比較慢的容器,若是立刻對它作健康狀態檢查,多是不健康的狀態,這樣一來咱們對了解容器是否健康就不是很準確了;若是配合某些工具,極可能存在檢測到容器不健康就把該容器刪除,而後從新建立,以此重複;這樣就會致使咱們的容器啓動不起來; --retries=N (default: 3)表示指定對容器作健康狀態檢查的重試次數,默認是3次;也就是說檢查到容器不健康的前提或健康的前提,它都會檢查3次,若是3次檢查都是失敗狀態那麼就標記該容器不健康;而對於咱們指定的命令來說,命令的返回值就決定了容器是否健康,一般命令返回值爲0表示咱們執行的命令正常退出,也就意味着容器是健康狀態;命令返回值爲1表示容器不健康;返回值爲2咱們一般都是保留不使用;HEALTHCHECK NONE就表示不對容器作健康狀態檢查;shell
示例:json
[root@node1 test]# cat Dockerfile
FROM centos:7
LABEL maintainer="qiuhom <qiuhom@linux-1874.com>"
LABEL version="1.0"
LABEL description="this is test file \ that label-values can span multiple lines."
RUN yum install -y httpd
ADD ok.html /var/www/html/
CMD ["/usr/sbin/httpd","-DFOREGROUND"]
HEALTHCHECK --interval=5s --timeout=5s --start-period=5s --retries=2 \
CMD curl -f http://localhost/ok.html || exit 1
[root@node1 test]#
提示:以上HEALTHCHECK指令表示每5秒檢查一次,超時時長爲5秒,延遲5秒開始檢查,重試2次;若是curl -f http://localhost/ok.html這條命令正常返回0,那麼就表示容器健康,不然就返回1,表示容器不健康;後端
驗證:把以上dockerfile構建成鏡像啓動爲容器,咱們把ok.html刪除或移動到別的目錄,看看容器是否標記爲不健康?centos
[root@node1 test]# docker build . -t test:v1.1 Sending build context to Docker daemon 1.052MB Step 1/8 : FROM centos:7 ---> b5b4d78bc90c Step 2/8 : LABEL maintainer="qiuhom <qiuhom@linux-1874.com>" ---> Using cache ---> d31363b96f38 Step 3/8 : LABEL version="1.0" ---> Using cache ---> 2281f36d7c3c Step 4/8 : LABEL description="this is test file \ that label-values can span multiple lines." ---> Using cache ---> 8de872e222fb Step 5/8 : RUN yum install -y httpd ---> Running in 9964718a2c3e Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirrors.bfsu.edu.cn * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-93.el7.centos will be installed --> Processing Dependency: httpd-tools = 2.4.6-93.el7.centos for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.4.8-5.el7 will be installed ---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed ---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed ---> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be installed ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd x86_64 2.4.6-93.el7.centos base 2.7 M Installing for dependencies: apr x86_64 1.4.8-5.el7 base 103 k apr-util x86_64 1.5.2-6.el7 base 92 k centos-logos noarch 70.0.6-3.el7.centos base 21 M httpd-tools x86_64 2.4.6-93.el7.centos base 92 k mailcap noarch 2.1.41-2.el7 base 31 k Transaction Summary ================================================================================ Install 1 Package (+5 Dependent packages) Total download size: 24 M Installed size: 32 M Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/apr-1.4.8-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY Public key for apr-1.4.8-5.el7.x86_64.rpm is not installed -------------------------------------------------------------------------------- Total 2.0 MB/s | 24 MB 00:12 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-8.2003.0.el7.centos.x86_64 (@CentOS) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : apr-1.4.8-5.el7.x86_64 1/6 Installing : apr-util-1.5.2-6.el7.x86_64 2/6 Installing : httpd-tools-2.4.6-93.el7.centos.x86_64 3/6 Installing : centos-logos-70.0.6-3.el7.centos.noarch 4/6 Installing : mailcap-2.1.41-2.el7.noarch 5/6 Installing : httpd-2.4.6-93.el7.centos.x86_64 6/6 Verifying : mailcap-2.1.41-2.el7.noarch 1/6 Verifying : apr-util-1.5.2-6.el7.x86_64 2/6 Verifying : httpd-2.4.6-93.el7.centos.x86_64 3/6 Verifying : apr-1.4.8-5.el7.x86_64 4/6 Verifying : httpd-tools-2.4.6-93.el7.centos.x86_64 5/6 Verifying : centos-logos-70.0.6-3.el7.centos.noarch 6/6 Installed: httpd.x86_64 0:2.4.6-93.el7.centos Dependency Installed: apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7 centos-logos.noarch 0:70.0.6-3.el7.centos httpd-tools.x86_64 0:2.4.6-93.el7.centos mailcap.noarch 0:2.1.41-2.el7 Complete! Removing intermediate container 9964718a2c3e ---> a931e93eea06 Step 6/8 : ADD ok.html /var/www/html/ ---> 97e61f41911d Step 7/8 : CMD ["/usr/sbin/httpd","-DFOREGROUND"] ---> Running in e91ccdef90c2 Removing intermediate container e91ccdef90c2 ---> 7c8af9bb7eb3 Step 8/8 : HEALTHCHECK --interval=5s --timeout=5s --start-period=5s --retries=2 CMD curl -f http://localhost/ok.html || exit 1 ---> Running in 80682ab087d3 Removing intermediate container 80682ab087d3 ---> aa53cba15046 Successfully built aa53cba15046 Successfully tagged test:v1.1 [root@node1 test]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE test v1.1 aa53cba15046 8 seconds ago 312MB test v1 461f6ceabc88 57 minutes ago 204MB centos 7 b5b4d78bc90c 4 weeks ago 203MB [root@node1 test]# docker run --name t1 --rm -d test:v1.1 332590e683fcb29f60a28703548fce7aa83df715cbb840e1283472834867d6a1 [root@node1 test]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 332590e683fc test:v1.1 "/usr/sbin/httpd -DF…" 3 seconds ago Up 2 seconds (health: starting) t1 [root@node1 test]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 332590e683fc test:v1.1 "/usr/sbin/httpd -DF…" 7 seconds ago Up 6 seconds (healthy) t1 [root@node1 test]#
提示:能夠看到基於咱們寫的dockerfile構建的鏡像已經成功運行爲容器,而且標記爲healthy;接下來咱們進入容器把ok.html幹掉,而後在看看容器是否標記爲不健康狀態?
提示:從上面的信息能夠看到咱們把ok.html移除後,容器狀態就變成不健康狀態了;咱們再把ok.html還原到原有位置,看看容器是否會從不健康轉換爲健康呢?
提示:能夠看到把ok.html還原到/var/www/html/目錄後,容器從不健康狀態變爲了健康狀態;
三、SHELL:該指令用於指定默認shell,該指令開始到下一個SHELL中間的命令都是SHELL指定的shell 運行,因此SHELL指令在dockerfile中可出現屢次,後面的SHELL指令指定的shell會覆蓋前面全部SHELL指令指定的shell;默認在Linux上是["/bin/sh","-c"]在Windows上述["cmd","/s","/c"];SHELL指令必須是以json數組的格式定義;語法SHELL ["executable", "parameters"];
四、STOPSIGNAL:該指令用於定義中止容器的信號;默認中止容器是15號信號 SIGTERM;語法STOPSIGNAL signal
五、ONBUILD:該指令用於在Dockerfile中定義一個觸發器;Dockerfile用於build映像文件,此映像文件亦可做爲base image被另外一個Dockerfile用做FROM指令的參數,並以之構建新的映像文件;在後面的這個Dockerfile中的FROM指令在build過程當中被執行時,將會「觸發」建立其base image的Dockerfile文件中的ONBUILD指令定義的觸發器;用法格式ONBUILD <INSTRUCTION>;儘管任何指令均可註冊成爲觸發器指令,但ONBUILD不能自我嵌套,且不會觸發FROM和MAINTAINER指令;使用包含ONBUILD指令的Dockerfile構建的鏡像應該使用特殊的標籤,例如ruby:2.0-onbuild;在ONBUILD指令中使用ADD或COPY指令應該格外當心,由於新構建過程的上下文在缺乏指定的源文件時會失敗;
示例:
[root@node1 test]# cat Dockerfile FROM centos:7 LABEL maintainer="qiuhom <qiuhom@linux-1874.com>" ONBUILD RUN yum install -y httpd [root@node1 test]#
提示:以上dockerfile表示在本次構建鏡像中不運行yum install -y httpd這條命令,而是在後面的dockerfile中以本dockerfile製做的進行做爲基礎繼續時,yum install -y httpd這條命令就會被觸發執行;簡單講onbuild就是指定dockerfile指令延遲執行;這裏必定要記住一點onbuild指令後面必定是跟的是dockerfile指令;
驗證:將上面的dockerfile編譯鏡像,看看yum install -y httpd 是否執行了?
[root@node1 test]# docker build . -t test:v1.5 Sending build context to Docker daemon 1.052MB Step 1/3 : FROM centos:7 ---> b5b4d78bc90c Step 2/3 : LABEL maintainer="qiuhom <qiuhom@linux-1874.com>" ---> Using cache ---> d31363b96f38 Step 3/3 : ONBUILD RUN yum install -y httpd ---> Running in d3601fa1c3b7 Removing intermediate container d3601fa1c3b7 ---> 370e3a843c3c Successfully built 370e3a843c3c Successfully tagged test:v1.5 [root@node1 test]#
提示:能夠看到yum install -y httpd 這條命令並無執行;
驗證:將咱們上面製做好的鏡像做爲基礎鏡像,再來製做其餘鏡像,看看yum install -y httpd 被執行?
[root@node1 aaa]# pwd /root/test/aaa [root@node1 aaa]# ls Dockerfile [root@node1 aaa]# cat Dockerfile FROM test:v1.5 LABEL maintainer="qiuhom <admin@admin.com>" [root@node1 aaa]# docker build . -t myweb:v1 Sending build context to Docker daemon 2.048kB Step 1/2 : FROM test:v1.5 # Executing 1 build trigger ---> Running in cf93e9f03e89 Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirrors.huaweicloud.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-93.el7.centos will be installed --> Processing Dependency: httpd-tools = 2.4.6-93.el7.centos for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.4.8-5.el7 will be installed ---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed ---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed ---> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be installed ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd x86_64 2.4.6-93.el7.centos base 2.7 M Installing for dependencies: apr x86_64 1.4.8-5.el7 base 103 k apr-util x86_64 1.5.2-6.el7 base 92 k centos-logos noarch 70.0.6-3.el7.centos base 21 M httpd-tools x86_64 2.4.6-93.el7.centos base 92 k mailcap noarch 2.1.41-2.el7 base 31 k Transaction Summary ================================================================================ Install 1 Package (+5 Dependent packages) Total download size: 24 M Installed size: 32 M Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/apr-1.4.8-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY Public key for apr-1.4.8-5.el7.x86_64.rpm is not installed -------------------------------------------------------------------------------- Total 7.2 MB/s | 24 MB 00:03 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-8.2003.0.el7.centos.x86_64 (@CentOS) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : apr-1.4.8-5.el7.x86_64 1/6 Installing : apr-util-1.5.2-6.el7.x86_64 2/6 Installing : httpd-tools-2.4.6-93.el7.centos.x86_64 3/6 Installing : centos-logos-70.0.6-3.el7.centos.noarch 4/6 Installing : mailcap-2.1.41-2.el7.noarch 5/6 Installing : httpd-2.4.6-93.el7.centos.x86_64 6/6 Verifying : mailcap-2.1.41-2.el7.noarch 1/6 Verifying : apr-util-1.5.2-6.el7.x86_64 2/6 Verifying : httpd-2.4.6-93.el7.centos.x86_64 3/6 Verifying : apr-1.4.8-5.el7.x86_64 4/6 Verifying : httpd-tools-2.4.6-93.el7.centos.x86_64 5/6 Verifying : centos-logos-70.0.6-3.el7.centos.noarch 6/6 Installed: httpd.x86_64 0:2.4.6-93.el7.centos Dependency Installed: apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7 centos-logos.noarch 0:70.0.6-3.el7.centos httpd-tools.x86_64 0:2.4.6-93.el7.centos mailcap.noarch 0:2.1.41-2.el7 Complete! Removing intermediate container cf93e9f03e89 ---> a89914bda4b5 Step 2/2 : LABEL maintainer="qiuhom <admin@admin.com>" ---> Running in e175e0542b5e Removing intermediate container e175e0542b5e ---> 4f406abeaab7 Successfully built 4f406abeaab7 Successfully tagged myweb:v1 [root@node1 aaa]#
提示:能夠看到在咱們的dockerfile中並無寫 RUN yum install -y httpd ,但build時卻執行了 yum install -y httpd ;這是由於onbuild指令被觸發了;咱們能夠理解爲若是咱們製做的鏡像有onbuild指令指定的命令,那麼該鏡像被其餘dockerfile 做爲基礎鏡像時(或者被其餘docker FROM指令引用時)onbuild指定就會被激活,被執行;
相關文章
- 1. 容器技術之Dockerfile (一)
- 2. 容器技術之Dockerfile(二)
- 3. 虛擬化技術—docker容器—Dockerfile篇
- 4. Docker核心技術之Dockerfile
- 5. 容器技術之Docker-machine
- 6. 容器技術之LXC
- 7. docker DockerFile技術
- 8. 容器技術
- 9. 調試 Dockerfile - 天天5分鐘玩轉 Docker 容器技術(15)
- 10. Linux下操作Docker(三):容器和Dockerfile
- 更多相關文章...
- • XML 相關技術 - XML 教程
- • Hibernate的快照技術 - Hibernate教程
- • Docker容器實戰(一) - 封神Server端技術
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. CVPR 2020 論文大盤點-光流篇
- 2. Photoshop教程_ps中怎麼載入圖案?PS圖案如何導入?
- 3. org.pentaho.di.core.exception.KettleDatabaseException:Error occurred while trying to connect to the
- 4. SonarQube Scanner execution execution Error --- Failed to upload report - 500: An error has occurred
- 5. idea 導入源碼包
- 6. python學習 day2——基礎學習
- 7. 3D將是頁遊市場新賽道?
- 8. osg--交互
- 9. OSG-交互
- 10. Idea、spring boot 圖片(pgn顯示、jpg不顯示)解決方案
歡迎關注本站公眾號,獲取更多信息
