catalogue
1, Create from an existing image
1.1 first start an image and make modifications in the container
2, Create based on local template
Federated file system (UnionFS)
Layering of Docker image structure
4, Common instructions for Dockerfile operation
6, Build local private warehouse
There are three ways to create an image: Based on an existing image, based on a local template, and based on Dockerfile.
1, Create from an existing image
1.1 first start an image and make modifications in the container
docker create -it centos:7 /bin/bash docker ps -a CONTAINER ID IMAGE COMMAND CREATED S TATUS PORTS NAMES 000550eb36da centos: 7 " /bin/bash" 3 seconds ago Created gracious_bassi
1.2 then submit the modified container as a new image. You need to use the ID number of the container to create a new image
docker commit -m "new" -a "centos" 000550eb36da centos:test Common options: -m Description information; -a Author information; -p Stop the container during the build process. docker images
2, Create based on local template
The image can be generated by importing the operating system template file, and the template can be imported from OPENVZ Open source project download, the download address is http: //openvz. org/ Download/ template/precreated wget http://download . openvz. org/ template/precreated/debian-7.0-x86- minimal. tar.gz
2.1 import as image
cat debian-7.0-x86-minimal.tar.gz | docker import - debian: test
3, Create based on Dockerfile
Federated file system (UnionFS)
- Union fs (Federated file system): Union file system (Union FS) is a layered, lightweight and high-performance file system. It supports the superposition of file system modifications from one submission to another. At the same time, different daily records can be mounted under the same virtual file system. AUFS, OverlayFS and Devicemapper are all UnionFS.
- The Union file system is the foundation of Docker image. Images can be inherited through layering. Based on the basic image (without parent image), various specific application images can be made.
- Features: multiple file systems can be loaded at the same time, but from the outside, only one file system can be seen. Joint loading will overlay all layers of file systems, so that the final file system will contain all the underlying files and directories.
- When we download, we see layers of Federated file system.
Mirror loading principle
- The Docker image is actually composed of a layer by layer file system, which is called UnionFS.
- bootfs mainly includes bootloader and kernel. Bootloader is mainly used to boot and load kernel. bootfs file system will be loaded when Linux starts.
- The Linux / boot kernel is the same as the Linux / boot kernel. After the boot is loaded, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also unload bootfs
- rootfs, on top of bootfs. It contains standard directories and files such as / dev, / proc, / bin, / etc in a typical Linux system. rootfs is a variety of operating system distributions, such as Ubuntu, Centos and so on.
We can understand that there is nothing in the kernel at the beginning. Operate a command to download debian. At this time, a basic image will be added to the kernel; Installing another emacs will overlay a layer of image on the basic image, and then installing another apache will overlay another layer of image on the images. Finally, they look like a file system, the rootfs of the container. In the Docker system, these rootfs are called Docker images. However, each layer of rootfs at this time. They are all read only. We can't operate them at this time. When we create a container, that is, instantiate the Docker image, the system will allocate a layer of empty read-write rootfs over one or more layers of read-only rootfs.
Why is the centos in Docker 200M in size?
For a streamlined OS, rootfs can be very small. It only needs to contain the most basic commands, tools and program libraries. Because the underlying directly uses the kernel of the host, it only needs to provide rootfs. It can be seen that for different linux distributions, bootfs are basically the same, and rootfs will be different. Therefore, different distributions can share bootfs.
Dockerfile
- Docker image is a special file system. In addition to providing the program, library, resource, configuration and other files required by the container during operation, it also includes some configuration parameters prepared for operation (such as anonymous volume, environment variable, user, etc.). The image does not contain any dynamic data, and its content will not be changed after construction.
- The customization of image is actually to customize the configuration and files added in each - layer. If we can write the commands of modification, installation, construction and operation of each layer into a script and use this script to build and customize the image, the problems of transparency and volume of image construction will be solved. This script is Dockerfile
- Dockerfile is a text file containing instructions. Each instruction builds a layer. Therefore, the content of each instruction is to describe how the layer should be built. With dockerfile, when we need to customize our additional requirements, we just need to click dockerfile Add or modify instructions on the and regenerate the image, which saves the trouble of typing commands.
- In addition to manually generating docker images, dockerfile can be used to automatically generate images. Dockerfile is a file composed of multiple instructions, in which each instruction corresponds to a command in Linux. Docker program will read the instructions in dockerfile and generate the specified mirror.
Driver overlay 2
- The Dockerfile structure is roughly divided into four parts: basic image information, maintainer information, image operation instructions and instructions executed when the container is started.
- Dockerfile supports one instruction per line, and each instruction can carry multiple parameters. Comments starting with "#" are supported.
Layering of Docker image structure
The image is not a single file, but has multiple layers. The container actually adds a read-write layer to the top of the image. Any file changes made in the running container will be written to this read-write layer. If you delete a container, you delete its top read-write layer, and file changes are lost. Docker uses the storage driver to manage the container layer that mirrors the content of each layer and the read-write layer.
- Each instruction in Dockerfile will create a new image layer;
- The image layer will be cached and reused;
- When the Dockerfile instruction is modified, the copied file changes, or the specified variables are different when building the image, the corresponding image layer cache will become invalid;
- If the image cache of a layer fails, the image cache of subsequent layers will fail;
- The image layer is immutable. If you add a file in one layer and delete it in the next layer, the file will still be included in the image, but the file is not visible in the Docker container.
4, Common instructions for Dockerfile operation
FORM
FORM image Specifies the image on which the new image is based. The first instruction must be FROM Instruction, one is required for each image created FROM instructions
MAINTAINER
MAINTAINER name Describe the maintainer information of the new image
RUN command
Execute the command on the image based on and commit to the new image
ENTRYPOINT
ENTRYPOINT ["Program to run, parameter 1, parameter 2] You can use the command docker run --entrypoint To overwrite the in the mirror ENTRYPOINT Contents of the instruction.
CMD
CMD ["Program to run "," parameter 1 ", "Parameter 2 "] Above is exec Form, she11 form: CMD Command parameter 1 Parameter 2 Commands or scripts executed by default when starting the container, Dockerfile There can only be one CMD Command. If multiple commands are specified, only the last command is executed. If in dockerrun The command is specified or there is in the image ENTRYPOINT,that cmd Will be covered. CMD Can be ENTRYPOINT The command provides default parameters
EXPOSE
EXPOSE Port number Specifies where the new image is loaded Docker Port to open when
ENV
ENV Environment variable value Setting the value of an environment variable will be RUN use
ADD
Host image ADD source file/Directory target file/catalogue Copy the source file to the image. The source file should be consistent with the image Dockerfile In the same directory, or a URL
There are the following precautions:
- If the source path is a file and the destination path ends with /, docker will treat the destination path as a directory and copy the source file to that directory. If the target path does not exist, the target path is automatically created.
- If the source path is a file and the destination path does not end with /, docker will treat the destination path as a file. If the target path does not exist, a file will be created with the name of the target path, and the content is the same source file; If the target file is an existing file, it will be overwritten with the source file. Of course, it is only the content overwritten. The file name is still the target file name. If the target file is actually an existing directory, the source file will be copied to that directory. Note that in this case, it is best to end with / to avoid confusion.
- If the source path is a directory and the target path does not exist, docker will automatically create a directory with the target path and copy the files under the source path directory. If the target path is an existing directory, docker will copy the files in the source path directory to that directory.
- If the source file is an archive file (tar. bzip2 compressed file), docker will automatically unzip it.
- URL download and decompression features cannot be used together. Any compressed file copied through the URL will not be automatically decompressed.
COPY
COPY source file/Directory target file/catalogue Copy only files on the local host/Copy directory to destination, source file/The directory should be consistent with Dockerfile In the same directory
VOLUME
VOLUME [""Directory"] Create a mount point in the container
USER
USER user name/UID Specifies the user who runs the container
WORKDIR
Automatically switch default path WORKDIR route For subsequent RUN,CMD,ENTRYPOINT assign work directory
ONBUILD
Specifies the command to run when the generated image is used as a base image. When in a Dockerfile Add in the document ONBUILD Instruction that uses the Dockerfile Build mirror (For example A image) No material impact. But when writing a new Dockerfile To file based A Image Jianyi-Mirror image ( For example B image)Structure at this time A mirrored Dockerfile In the file ONBUILD The directive takes effect when building B In the process of mirroring, it will be executed first ONBUILD The instruction specified by the instruction, and then other instructions will be executed.
HEALTHCHECK
health examination
When writing Dockerfile, there are strict formats to follow:
- The first line must use the FROM instruction to indicate the image name on which it is based;
- Then, the MAINTAINER instruction is used to explain the user information maintaining the image;
- Then there are instructions related to the mirror operation, such as the RUN instruction. Each instruction will add a new layer to the basic image.
- Finally, use the CMD instruction to specify the command operation to run when starting the container.
5, Write Dockerfile
Dockerfile case
#Create working directory mkdir /opt/ apache cd /opt/ apache vim Dockerfile #Base image based on FROM centos: 7 #Maintain the user information of the image MAINTAINER this is apache image <w1> #Install apache software according to the image operation instructions RUN yum -y update RUN yum -y install httpd , #Open port 80 EXPOSE 80 #Copy the home page file of the website ADD index.html /var/www/html / index. html //Method 1: #Copy the execution script to the image ADD run.sh / run. sh RUN chmod 755 /run. sh #Execute script when starting container CMD [ "/ run. sh"] //Method 2: ENTRYPOINT [ " /usr/ sbin/apachectl" ] CMD ["-D", "FOREGROUND"]
Prepare to execute script
//Prepare to execute script vim run. sh #! /bin/bash . rm -rf /run/httpd/* #Clean up httpd cache /usr/ sbin/ apachectl -D FOREGROUND #Designated as foreground run #Because the Docker container will remain running only when its process 1 (PID 1) is running. If process 1 exits, the Docker container also exits. //Prepare web page echo "this is test web" > index . html //Generate image docker build -t httpd:centos . #Be careful not to forget the "." at the end //New mirror run container docker run -d -p 1216:80 httpd: centos //test http://192.168.80.10:1216/
######If there is a network error prompt######## [Warning] IPv4 forwarding is disabled. Networking will not work. resolvent: vim /etc/ sysctl . conf net. ipv4.ip_ forward=1 sysctl -P systemctl restart network systemctl restart docker
6, Build local private warehouse
Build local private warehouse #First download the registry image docker pull registry #At daemon Add the private image warehouse address to the JSON file vim /etc/docker/daemon. json { "insecure-registries": ["192. 168.80.10: 5000"], #Add, pay attention to ending with commas "registry-mirrors": ["https: //6i jb8ubo. mirror .al iyuncs. com"] } systemctl restart docker . service #Run registry container docker run -itd -V /data/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:latest .................................................................................. -itd: Open a pseudo terminal in the container for interactive operation and run in the background -v: Put the host/data/ registry Bind directory to container/var/lib/ registry catalogue(This directory is registry The directory in which the image file is stored in the container),To achieve data Persistence; -p:Mapping port;Access the 5000 port of the host registry Container services --restart=always:This is the restart strategy, which always restarts the container when it exits -name registry: Create a container named registry registry:latest:This is just now pull Down the mirror ............................................................................ Docker The restart strategy of the container is as follows: no:The default policy is not to restart the container when it exits on- failure: When the container exits abnormally(Exit status is not 0),Will restart the container on-failure:3 :Restart the container when the container exits abnormally, up to 3 times always:Always restart the container when it exits unless-stopped:Always restart the container when it exits, but do not consider Docker Container that has been stopped when the daemon starts #Label images docker tag centos:7 192.168. 80.10: 5000/ centos:v1 #. upload to private warehouse docker push 192. 168.80.10: 5000/ centos:v1 #List all images of the private warehouse curl http://192.168.80.10:5000/v2/ catalog #What are the tag s of centos images out of private warehouses curl http: //192.168.80.10:5000/v2/centos/tags/list #First delete the original centos image, and then test the private warehouse download docker rmi -f 8652b9 f0cb4c docker pull 192. 168.80.10: 5000/centos:v1