1, Creation of docker image
1. How to create a mirror
There are three ways to create an image: Based on an existing image, based on a local template, and based on a Dockerfile.
2. Create from an existing mirror
(1) Start an image and modify it in the container
docker run -it --name jc1 centos:7 bash #Create a container first yum install -y net-tools #Install network tools and use ifconfig
(2) Package the program and running environment running in the container to generate a new image
Format: docker commit [option] container id/Container name warehouse name:label docker commit -m "new image for ifconfig" -a "jc" e48a70d96722 centos:ifconfig -m:Description information -a:Author information -p:Stopping the container during build docker images or docker inspect New image name #View image information
(3) Test new mirror
docker run -it --name jc2 centos:ifconfig bash #Create container with new image ifconfig #You can directly use the ifconfig command to view the network card information without first installing net tools using yum
3. Create based on local template
(1) Use the wget command to import the image package
Generate a new image by importing the operating system template file wget http://download.openvz.org/template/precreated/debian-7.0-x86-minimal.tar.gz
(2) Import mirror
cat debian-7.0-x86-minimal.tar.gz | docker import - debian:jc docker images
(3) Import the image into the container
docker run -it --name jc2 debian:jc bash ls
4. Create based on dockerfile
(1) Federated file system (UnionFS)
• union fs (Federated file system): Union file system (Union FS) is a layered, lightweight and high-performance file system. It supports the superposition of file system modifications from one submission to another. At the same time, different directories can be mounted under the same virtual file system. AUES, overlays and Devicemapper are all UnionFS
• the Union file system is the foundation of Docker mirroring. Images can be inherited through layering. Based on the basic image (without parent image), various specific application images can be made
• features: multiple file systems are loaded at the same time, but from the outside, only one file system can be seen. The United Church superimposes the file systems at all levels, so that the final file system will contain all the underlying files and directories
• when we download, we see the federated file system layer by layer
(2) Image loading principle (bootfs, rootfs)
• Docker's image is actually composed of a layer by layer file system, which is UnionES
• bootfs mainly includes bootloader and kernel. Bootloader is mainly used to boot and load kernel. Bootfs file system will be loaded when Linux starts
• the bottom layer of Docker image is bootfs, which is similar to our typical Linux/ Tnix system is the same, including boot loader and kernel. When the iboot is loaded u, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will unload bootfs
• rootfs, on top of bootfs. It contains standard directories and files such as / dev,/proc,/bin,/etc in a typical Linux system. Rootfs is a variety of operating system distributions, such as Ubuntu, centos and so on
• we can understand that there is nothing in the kernel at first. Operate a command to download debian. At this time, a basic image will be added to the kernel; If you install another emacs, a layer of image will be superimposed on the basic image; Then install another apache, and another layer of image will be superimposed on the images. Finally, they look like a file system, the rootfs of the container. In the Docker system, these rootfs are called Docker images. However, at this time, each layer of rootfs is read only, and we can't operate it at this time. When we create a container, that is, instantiate the Docker image, the system will allocate a layer of empty read-write rootfs over one or more layers of read-only rootfs
(3) Why is the centos in Docker 200M in size?
For a thin OS, rootfs can be very small. It only needs to contain the most basic commands, tools and program libraries. Because the underlying directly uses the kernel of the host, it only needs to provide rootfs. It can be seen that for different linux distributions, bootfs are basically the same, and rootfs will be different. Therefore, different distributions can share bootfs.
2, Dockerfile
1. Overview
• Docker image is a special file system. In addition to providing the program, library, resource, configuration and other files required by the container runtime, it also includes some configuration parameters prepared for runtime (such as core name volume, environment variables, user, etc.). The image does not contain any dynamic data, and its content will not be changed after construction
• image customization is actually customizing the configuration and files added by each layer. If we can write the commands of modification, installation, construction and operation of each layer into a script and use this script to build and customize the image, the problems of transparency and volume of image construction will be solved. This script is Dockerfile
• Dockerfile is a text file containing instructions. Each instruction builds a layer. Therefore, the content of each instruction is to describe how the layer should be built. With pockerfile, when we need to customize our own additional requirements, we just need to add or modify instructions on the Dockerfile and regenerate the image, eliminating the trouble of typing commands
• in addition to manually generating docker images, you can use nockerfile to automatically generate images. Dockerfile is a file composed of multiple instructions. Each instruction corresponds to a command in Linux. Docker program will read the instructions in dockerfile and generate the specified image
2. Dockerfile structure
The dockerfile structure is roughly divided into four parts: basic image information, maintainer information, image operation instructions and instructions executed when the container is started. Dockerfile supports one instruction every day, each instruction can carry multiple parameters, and comments starting with "#" are supported
3. Layering of Dockerfile image structure
**The image is not a single file, but has multiple layers** The container actually adds a read-write layer to the top of the image. Any file changes made in the running container will be written to this read-write layer.
If you delete a container, you delete its top read-write layer, and file changes are lost. Docker uses the storage driver to manage the container layer that mirrors the content of each layer and the read-write layer
(1) Each instruction in Dockerfile creates a new mirror layer
(2) The mirror layer will be cached and reused
(3) When the Dockerfile instruction is modified, the copied file changes, or the specified variables are different when building the image, the corresponding image layer cache will become invalid
(4) If the mirror cache of a certain layer fails, the subsequent mirror cache will fail
(5) The image layer is immutable. If you add a file in one layer and delete it in the next layer, the file will still be included in the image, but the file is not visible in the Docker container
4. Common instructions for Dockerfile operation
(1) FORM instruction
To open a new image, you must write.
(2) MAINTAINER name
Describe the maintainer information of the new image
(3) RUN instruction
Execute the command on the mirror on which you are based and commit to the new mirror
(4) CMD ["program to run", "parameter 1", "parameter 2"]
The former is in the form of exec and the latter is in the form of shell. The command or script executed by default when the container is started. Dockerfile can only be executed by one CMD command. If multiple commands are specified, only the last command can be executed. If a command is specified during docker run or there is an ENTRYPOINT in the image, CDM will be overwritten
(5) ENTRYPOINT ["program to run", "parameter 1", "parameter 2"]
Set the first command to run when the container starts and its parameters. You can override the command of the ENTRYPOINT instruction in the image by using the command docker run --entrypoint
(6) Export port number
Specifies the port to open when the new image is loaded into Docker
(7) ENV environment variable value
Setting the value of an environment variable will be used by the following RUN
(8) ADD source file / directory destination file / directory
Copy the original file to the image. The source file should be located in the same directory as the Dockerfile or a URL
matters needing attention:
1) If the source path is a file and the destination path ends with /, docker will treat the destination path as a directory and copy the source file to that directory. If the target path does not exist, the target path is automatically created.
2) If the source path is a file and the destination path does not end with /, docker will treat the destination path as a file. If the target path does not exist, a file will be created with the name of the target path, and the content is the same source file; If the target file is an existing file, it will be overwritten with the source file. Of course, it is only the content overwritten. The file name is still the target file name. If the target file is actually an existing directory, the source file will be copied to that directory. Note that in this case, it is best to end with / to avoid confusion.
3) If the source path is a directory and the target path does not exist, docker will automatically create - a directory with the target path and copy the files under the source path directory. If the target path is an existing directory, docker will copy the files in the source path directory to that directory.
4) If the source file is an archive file (tar. bzip2 compressed file), docker will automatically unzip it.
The URL download and decompression feature cannot be used together. Any compressed file copied through the URL will not be automatically decompressed.
(9) COPY source file / directory destination file / directory
Copy only local hosts_ Copy the file / directory on to the destination location, and the source file / directory should be in the same directory as the Dockerfile
(10) VOLUME [directory]
Create a mount point in the container
(11) USER user name / UID
Specifies the user who runs the container
(12) WORKDIR path
Specify the working directory for subsequent RUN, CMD and ENTRYPOINT
(13) ONBUILD command
Specifies the command to run when the generated image is used as a base image.
When an ONBUILD instruction is added to A Dockerfile, it will not have A substantial impact on the use of the Dockerfile to build an image (such as an A image).
However, when A new Dockerfile is written to build an image (such as A B image) based on the A image, the ONBUILD instruction in the Dockerfile file that constructs the A image takes effect. In the process of building the B image, the instruction specified by the 0NBUILD instruction will be executed first, and then other instructions will be executed.
(14)HEALTHCHECK
health examination
5. Format to follow when writing Dockerfile
(1) The first line must use the FROM directive to indicate the name of the image on which it is based
(2) Then, the MAINTAINER instruction is used to explain the user information maintaining the image
(3) Then there are instructions related to the mirror operation, such as the RUN instruction. Each time an instruction is RUN, a new layer is added to the underlying image
(4) Finally, use the CMD instruction to specify the command operation to run when starting the container
3, Dockerfile case
1. Building apache Container Services
(1) Create working directory
cd /opt mkdir apache cd apache
(2) Write Dockerfile
vim Dockerfile FROM centos:7 #Base image based on MAINTAINER this is apache image(gxd) #Install apache software according to the image operation instructions RUN yum -y install httpd #Run command EXPOSE 80 #Open port 80 ADD index.html /var/www/html/index.html #Copy website home page file CMD ["/usr/sbin/apachectl","-D","FOREGROUND"] #Execute in the foreground and keep the apache service (pid=1) open to keep the container running. Otherwise, if the command fails, the container will stop
(3) Add content to local web page file
echo 'this is dockerfile web1' > index.html #The ADD instruction in Dockerfile only writes index HTML represents the current working directory
(4) Generate image
docker build -t apache:jc . #There is "." at the end Represents the current directory docker images
(5) New mirror run container
docker run -d -p 43999:80 apache:jc
(6) Browser Test
2. Build SSH image
1.mkdir /opt/sshd cd /opt/sshd 2.vim Dockerfile FROM centos:7 #The first line must indicate the underlying image based on MAINTAINER this is ssh image <jc> #Author information #Mirror operation instructions RUN yum -y install openssh* net-tools lsof telnet passwd RUN echo '123456' | passwd --stdin root RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config #PAM certification is not used RUN sed -ri '/^session\s+required\s+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd #Cancel pam restriction RUN ssh-keygen -t rsa -A #Generate key authentication file RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh EXPOSE 22 CMD ["/usr/sbin/sshd" , "-D"] 3.Generate image docker build -t sshd:centos . 4.Start the container and modify it root password docker run -d -P sshd:centos docker ps -a ssh localhost -p 49153
3. Build systemctl image
1.mkdir /opt/systemctl cd /opt/systemctl 2.vim Dockerfile FROM sshd:centos MAINTAINER this is systemctl image <jc> ENV container docker #Except SYSTEMd tmpfiles setup Service to delete all other files RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /etc/systemd/system/*.wants/*; \ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*;\ rm -f /lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"] 3.Generate image docker build -t systemctl:centos . 4.Start the container, mount the host directory into the container, and initialize docker run --privileged -it -v -P /sys/fs/cgroup:/sys/fs/cgroup:ro systemctl:centos #--privileged: make the root in the container have real root permission. Otherwise, the root in the container is only an external ordinary user permission. docker ps -a 5.Enter container docker exec -it fed4ea999b47 bash systemctl status sshd Method 2: docker run -d -P --privileged sshd:centos /usr/sbin/init & Premise dockerfile Middle handle CMD Command comment out
