Creation of Docker image

docker create -it centos:7 /bin/bash

docker ps -a
CONTAINER ID IMAGE COMMAND CREATED S TATUS PORTS NAMES
000550eb36da centos: 7 " /bin/bash" 3 seconds ago Created gracious_bassi

1.2 then submit the modified container as a new image. You need to use the ID number of the container to create a new image

docker commit -m "new" -a "centos" 000550eb36da centos:test
 Common options:
-m Description information;
-a Author information;
-p Stop the container during the build process.

docker images

2, Create based on local template

The image can be generated by importing the operating system template file, and the template can be imported from OPENVZ Open source project download, the download address is
http: //openvz. org/ Download/ template/precreated

wget  http://download . openvz. org/ template/precreated/debian-7.0-x86- minimal. tar.gz

2.1 import as image

cat debian-7.0-x86-minimal.tar.gz | docker import - debian: test

3, Create based on Dockerfile

Federated file system (UnionFS)

Union fs (Federated file system): Union file system (Union FS) is a layered, lightweight and high-performance file system. It supports the superposition of file system modifications from one submission to another. At the same time, different daily records can be mounted under the same virtual file system. AUFS, OverlayFS and Devicemapper are all UnionFS.
The Union file system is the foundation of Docker image. Images can be inherited through layering. Based on the basic image (without parent image), various specific application images can be made.
Features: multiple file systems can be loaded at the same time, but from the outside, only one file system can be seen. Joint loading will overlay all layers of file systems, so that the final file system will contain all the underlying files and directories.
When we download, we see layers of Federated file system.

Mirror loading principle

The Docker image is actually composed of a layer by layer file system, which is called UnionFS.
bootfs mainly includes bootloader and kernel. Bootloader is mainly used to boot and load kernel. bootfs file system will be loaded when Linux starts.
The Linux / boot kernel is the same as the Linux / boot kernel. After the boot is loaded, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also unload bootfs
rootfs, on top of bootfs. It contains standard directories and files such as / dev, / proc, / bin, / etc in a typical Linux system. rootfs is a variety of operating system distributions, such as Ubuntu, Centos and so on.

We can understand that there is nothing in the kernel at the beginning. Operate a command to download debian. At this time, a basic image will be added to the kernel; Installing another emacs will overlay a layer of image on the basic image, and then installing another apache will overlay another layer of image on the images. Finally, they look like a file system, the rootfs of the container. In the Docker system, these rootfs are called Docker images. However, each layer of rootfs at this time. They are all read only. We can't operate them at this time. When we create a container, that is, instantiate the Docker image, the system will allocate a layer of empty read-write rootfs over one or more layers of read-only rootfs.

Why is the centos in Docker 200M in size?
For a streamlined OS, rootfs can be very small. It only needs to contain the most basic commands, tools and program libraries. Because the underlying directly uses the kernel of the host, it only needs to provide rootfs. It can be seen that for different linux distributions, bootfs are basically the same, and rootfs will be different. Therefore, different distributions can share bootfs.

Dockerfile

Docker image is a special file system. In addition to providing the program, library, resource, configuration and other files required by the container during operation, it also includes some configuration parameters prepared for operation (such as anonymous volume, environment variable, user, etc.). The image does not contain any dynamic data, and its content will not be changed after construction.
The customization of image is actually to customize the configuration and files added in each - layer. If we can write the commands of modification, installation, construction and operation of each layer into a script and use this script to build and customize the image, the problems of transparency and volume of image construction will be solved. This script is Dockerfile
Dockerfile is a text file containing instructions. Each instruction builds a layer. Therefore, the content of each instruction is to describe how the layer should be built. With dockerfile, when we need to customize our additional requirements, we just need to click dockerfile Add or modify instructions on the and regenerate the image, which saves the trouble of typing commands.
In addition to manually generating docker images, dockerfile can be used to automatically generate images. Dockerfile is a file composed of multiple instructions, in which each instruction corresponds to a command in Linux. Docker program will read the instructions in dockerfile and generate the specified mirror.

Driver overlay 2

The Dockerfile structure is roughly divided into four parts: basic image information, maintainer information, image operation instructions and instructions executed when the container is started.
Dockerfile supports one instruction per line, and each instruction can carry multiple parameters. Comments starting with "#" are supported.

Layering of Docker image structure

The image is not a single file, but has multiple layers. The container actually adds a read-write layer to the top of the image. Any file changes made in the running container will be written to this read-write layer. If you delete a container, you delete its top read-write layer, and file changes are lost. Docker uses the storage driver to manage the container layer that mirrors the content of each layer and the read-write layer.

Each instruction in Dockerfile will create a new image layer;
The image layer will be cached and reused;
When the Dockerfile instruction is modified, the copied file changes, or the specified variables are different when building the image, the corresponding image layer cache will become invalid;
If the image cache of a layer fails, the image cache of subsequent layers will fail;
The image layer is immutable. If you add a file in one layer and delete it in the next layer, the file will still be included in the image, but the file is not visible in the Docker container.

4, Common instructions for Dockerfile operation

FORM

FORM image
 Specifies the image on which the new image is based. The first instruction must be FROM Instruction, one is required for each image created FROM instructions

MAINTAINER

MAINTAINER name
 Describe the maintainer information of the new image

RUN command

Execute the command on the image based on and commit to the new image

ENTRYPOINT

ENTRYPOINT ["Program to run, parameter 1, parameter 2]
You can use the command docker run --entrypoint To overwrite the in the mirror ENTRYPOINT Contents of the instruction.

CMD

CMD ["Program to run "," parameter 1 ", "Parameter 2 "]
Above is exec Form, she11 form: CMD Command parameter 1 Parameter 2
 Commands or scripts executed by default when starting the container, Dockerfile There can only be one CMD Command. If multiple commands are specified, only the last command is executed.
If in dockerrun The command is specified or there is in the image ENTRYPOINT，that cmd Will be covered.
CMD Can be ENTRYPOINT The command provides default parameters

EXPOSE

EXPOSE Port number
 Specifies where the new image is loaded Docker Port to open when

ENV

ENV Environment variable value
 Setting the value of an environment variable will be RUN use

ADD

Host image
ADD source file/Directory target file/catalogue
 Copy the source file to the image. The source file should be consistent with the image Dockerfile In the same directory, or a URL

There are the following precautions:

If the source path is a file and the destination path ends with /, docker will treat the destination path as a directory and copy the source file to that directory. If the target path does not exist, the target path is automatically created.
If the source path is a file and the destination path does not end with /, docker will treat the destination path as a file. If the target path does not exist, a file will be created with the name of the target path, and the content is the same source file; If the target file is an existing file, it will be overwritten with the source file. Of course, it is only the content overwritten. The file name is still the target file name. If the target file is actually an existing directory, the source file will be copied to that directory. Note that in this case, it is best to end with / to avoid confusion.
If the source path is a directory and the target path does not exist, docker will automatically create a directory with the target path and copy the files under the source path directory. If the target path is an existing directory, docker will copy the files in the source path directory to that directory.
If the source file is an archive file (tar. bzip2 compressed file), docker will automatically unzip it.
URL download and decompression features cannot be used together. Any compressed file copied through the URL will not be automatically decompressed.

COPY

COPY source file/Directory target file/catalogue
 Copy only files on the local host/Copy directory to destination, source file/The directory should be consistent with Dockerfile In the same directory

VOLUME

VOLUME [""Directory"]
Create a mount point in the container

USER

USER user name/UID
 Specifies the user who runs the container

WORKDIR

Automatically switch default path
WORKDIR route
 For subsequent RUN,CMD,ENTRYPOINT assign work directory

ONBUILD

Specifies the command to run when the generated image is used as a base image.

When in a Dockerfile Add in the document ONBUILD Instruction that uses the Dockerfile Build mirror (For example A image) No material impact.

But when writing a new Dockerfile To file based A Image Jianyi-Mirror image ( For example B image)Structure at this time A mirrored  Dockerfile In the file ONBUILD The directive takes effect when building B In the process of mirroring, it will be executed first ONBUILD The instruction specified by the instruction, and then other instructions will be executed.

HEALTHCHECK

health examination

When writing Dockerfile, there are strict formats to follow:

The first line must use the FROM instruction to indicate the image name on which it is based;
Then, the MAINTAINER instruction is used to explain the user information maintaining the image;
Then there are instructions related to the mirror operation, such as the RUN instruction. Each instruction will add a new layer to the basic image.
Finally, use the CMD instruction to specify the command operation to run when starting the container.

5, Write Dockerfile

Dockerfile case

#Create working directory
mkdir /opt/ apache
cd /opt/ apache

vim Dockerfile
#Base image based on
FROM centos: 7
#Maintain the user information of the image
MAINTAINER this is apache image <w1>
#Install apache software according to the image operation instructions
RUN yum -y update
RUN yum -y install httpd ，
#Open port 80
EXPOSE 80
#Copy the home page file of the website
ADD index.html /var/www/html / index. html
//Method 1:
#Copy the execution script to the image
ADD run.sh / run. sh
RUN chmod 755 /run. sh
#Execute script when starting container
CMD [ "/ run. sh"]
//Method 2:
ENTRYPOINT [ " /usr/ sbin/apachectl" ]
CMD ["-D"， "FOREGROUND"]

Prepare to execute script

//Prepare to execute script
vim run. sh
#! /bin/bash .
rm -rf /run/httpd/*
#Clean up httpd cache
/usr/ sbin/ apachectl -D FOREGROUND
#Designated as foreground run
#Because the Docker container will remain running only when its process 1 (PID 1) is running. If process 1 exits, the Docker container also exits.

//Prepare web page
echo "this is test web" > index . html

//Generate image
docker build -t httpd:centos .
#Be careful not to forget the "." at the end

//New mirror run container
docker run -d -p 1216:80 httpd: centos

//test
http://192.168.80.10:1216/

######If there is a network error prompt########
[Warning] IPv4 forwarding is disabled. Networking will not work.

resolvent:
vim /etc/ sysctl . conf
net. ipv4.ip_ forward=1 

sysctl -P
systemctl restart network
systemctl restart docker

6, Build local private warehouse

Build local private warehouse
#First download the registry image
docker pull registry
#At daemon Add the private image warehouse address to the JSON file
vim /etc/docker/daemon. json
{
"insecure-registries": ["192. 168.80.10: 5000"],
#Add, pay attention to ending with commas
"registry-mirrors": ["https: //6i jb8ubo. mirror .al iyuncs. com"]
}

systemctl restart docker . service

#Run registry container
docker run -itd -V /data/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:latest
..................................................................................
-itd: Open a pseudo terminal in the container for interactive operation and run in the background
-v: Put the host/data/ registry Bind directory to container/var/lib/ registry catalogue(This directory is registry The directory in which the image file is stored in the container)，To achieve data
 Persistence;
-p:Mapping port;Access the 5000 port of the host registry Container services
--restart=always:This is the restart strategy, which always restarts the container when it exits
-name registry: Create a container named registry
registry:latest:This is just now pull Down the mirror
............................................................................
Docker The restart strategy of the container is as follows:
no:The default policy is not to restart the container when it exits
on- failure: When the container exits abnormally(Exit status is not 0)，Will restart the container
on-failure:3 :Restart the container when the container exits abnormally, up to 3 times
always:Always restart the container when it exits
unless-stopped:Always restart the container when it exits, but do not consider Docker Container that has been stopped when the daemon starts

#Label images
docker tag centos:7 192.168. 80.10: 5000/ centos:v1
#. upload to private warehouse
docker push 192. 168.80.10: 5000/ centos:v1
#List all images of the private warehouse
curl http://192.168.80.10:5000/v2/ catalog
#What are the tag s of centos images out of private warehouses
curl http: //192.168.80.10:5000/v2/centos/tags/list
#First delete the original centos image, and then test the private warehouse download
docker rmi -f 8652b9 f0cb4c
docker pull 192. 168.80.10: 5000/centos:v1