Docker introduction private notes production image construction practice of building CentOS+SSH image

1. Docker image layered design

docker image has a very important concept: layering. docker image is "tiered storage", and each instruction in Dockerfile will generate a layer of image. For example, all custom images need to execute "FROM centos", so this layer only needs to be downloaded for the first time and will not be downloaded later.

Layers, from top to bottom:

  • application
  • Operating environment
  • operating system

2. Make a mirror image of your own company

Example 1:
Create a new image based on the official image of centos and install common basic functions, such as WGet sudo git tree net tools.

2.1 create a reasonable directory to store different dockerfiles

cd /data/dockerfile/
mkdir system runtime app mynginx

The first three directories correspond to the operating system, operating environment and application software respectively. The fourth directory is used to store dockerfile. This paper takes the creation of Nginx docker image as an example, so it is named mynginx.

cd system/
mkdir centos
cd centos/

2.2 editing Dockerfile

vim Dockerfile, as follows:

#Base Image specifies the Base Image
FROM centos

#Maintainer image maintainer information
MAINTAINER lu 13510182959@126.com

#What does RUN want the image to do
#RUN is followed by the command that runs when making the container image
#ADD is followed by two parameters, the host file and the file in the image. That is, copy a file from the host to the scene. "/ usr/share/nginx/html/index.html" given in this example is the default path for installing nginx in yum mode.
#Export is the external port of the container
#CMD is the command to be run by the container started with this image
RUN rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
#be based on
RUN yum install -y wget sudo git tree net-tools && yum clean all

be careful:
After installing the software in the image, be sure to execute yum clean all to delete the useless files left by the installation software and effectively save space.

2.3 execute Dockerfile

docker build -t system/centos:v1 .

be careful:
When you execute the docker build command, don't forget the last point, which means reading the Dockerfile from the current directory.

The process of creating an image is as follows:

[root@k8s-master /data/dockerfile/system/centos]# docker build -t system/centos:v1 .
Sending build context to Docker daemon   2.56kB
Step 1/4 : FROM centos
 ---> 5182e96772bf
Step 2/4 : MAINTAINER lu 13510182959@126.com
 ---> Using cache
 ---> 9af4bd99cdc6
Step 3/4 : RUN rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
 ---> Using cache
 ---> 91da60642226
Step 4/4 : RUN yum install -y wget sudo git tree net-tools && yum clean all
 ---> Using cache
 ---> d5ba564a6b85
Successfully built d5ba564a6b85
Successfully tagged system/centos:v1

Check the image. It has been made

Example 2:
Next, create the image system/centos:v2 (or system/centos:v1) based on the centos official website image, and install the ssh service in it (it is convenient for developers and maintainers who are used to virtual machines to use ssh connection container, which is not recommended).

2.4 edit the Dockerfile. Compared with the Dockerfile just now, there are more steps for SSH installation:

cd /data/dockerfile/system/
mkdir centos-ssh
cd centos-ssh

vim Dockerfile. The configuration of Dockerfile is as follows:

#Base Image specifies the Base Image
FROM centos

#Maintainer image maintainer information
MAINTAINER lu 13510182959@126.com

#What does RUN want the image to do
#RUN is followed by the command that runs when making the container image
#ADD is followed by two parameters, the host file and the file in the image. That is, copy a file from the host to the scene. "/ usr/share/nginx/html/index.html" given in this example is the default path for installing nginx in yum mode.
#Export is the external port of the container
#CMD is the command to be run by the container started with this image
RUN rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
RUN yum install -y wget sudo git tree net-tools openssh-clients openssh-server openssh-devel && yum clean all
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
RUN ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key

#Set root password
RUN echo "root:lusibo@123" | chpasswd

Execute Dockerfile

docker build -t system/centos:v2 .

After building the image, view the image

2.5 next, verify that the new image is used

Verification: whether the docker container started with the new image can run and use as expected.

Run a docker container using the image system/centos:v2:

docker run -d --name centos-ssh-demo -p 8022:22 system/centos:v2 /usr/sbin/sshd -D

Command interpretation:

  • --Name CentOS SSH demo. The name of the container started is CentOS SSH demo;
  • -p 8022:22, map the port 22 of the started container to the port 8022 of the host;
  • /usr/sbin/sshd -D to make the sshd service run in the background.

Run docker ps to confirm whether the new container is created successfully and runs normally:

Connect the container by SSH and operate in the host machine:

ssh -p 8022 root@192.168.100.151:8022

If the connection is successful, the image is created successfully.

Looking at the process of the container, you can see that the process ID of the sshd service is 1. If the service hangs, the container will go down.

Question:
Containers are used to run software (Applications), not SSH. Generally speaking, the software is deployed in the container, and the PID of the process in which the software runs is 1. Then when the container is started or closed, the software will be started or closed. However, if PID process 1 is occupied by SSH, or in some cases, two or more software have to be run in the same container, how to manage the operation of these software?
It is impossible to log into each container to operate, which is unrealistic. So at this time, we can use the software supervisor to manage the processes in the container. I'll talk about it later.

Keywords: ssh Container dockerfile build

Added by Journey44 on Thu, 10 Mar 2022 10:22:36 +0200