introduction
The remote warehouse can pull a tomcat image, and then docker run starts the container, and then docker exec -it container id /bin/bash enters the container and returns our program to webapps. Wait, this series of operations need to be operated manually step by step. Then I ask you: you don't have the deployment permission of qa and production environment. How do you operate these? This requires that all manual step-by-step operations be written to the Dockerfile file, and then the file is sent to the operation and maintenance personnel, who build it into an image and start it.
give an example
For example, if you want to deploy a war package with tomcat, the contents of your Dockerfile file will include the following:
Pull tomcat down from the remote warehouse
Enter the webapps directory of tomcat
Throw the war package on the host to the webapps directory of the container
Then the O & M takes the Dockerfile and build s it into an image. Start the container at run time. be accomplished
benefit
The benefits of the above example are not difficult to find
Dockerfile liberates many steps of manual operation
Dockerfile ensures the unity of the environment
It will never happen again: QA is normal, but online is not (provided that it is caused by environmental problems), because the Dockerfile is the same, ranging from the environment to the version. Another problem is the code problem, which saves a lot of "close contact" time with the operation and maintenance personnel.
What is Dockerfile
Dockerfile is called image description file in Chinese. It is a text document containing image directories for combination, which can also be called "script". He automatically generates the image by reading the instructions in the dockerfile and the installation steps.
Supplement: the file name must be Dockerfile
Dockerfile command
Build mirror command
The instructions in Dockerfile include FROM, MAINTAINER, RUN, CMD, EXPOSE, ENV, ADD, COPY, entering, VOLUME, USER, WORKDIR and ONBUILD. The wrong instructions will be ignored. Some important Docker instructions will be explained in detail below
FROM
The two forms are as follows: FROM <IMAGE> FROM <IMAGE>:<TAG> adopt FROM The specified image name must be an existing image. This image is called the basic image and must be located in the first non annotation instruction
MAINTAINER
MAINTAINER <NAME> Specify the author information of the image, including the owner and contact information of the image
RUN
Specifies the command to run when building a mirror. There are two modes: RUN <command> (shell pattern) RUN [ "executable", "param1", "param2" ] (exec pattern) stay shell In mode, yes/bin/sh -c COMMAND To run the command stay exec In mode, you can specify other shell To run the command RUN ["/bin/bash", "-c", "echo hello"] Multiple RUN Instructions can be combined into one: RUN yum install httpd && yum install ftp This will reduce the generation of middle tier images during construction
EXPOSE
Specify the port used by the container running the image, which can be multiple. EXPOSE <PORT> The purpose of using this instruction is to tell the application that the port that the application will use in the container needs to be used at run time-p Parameter specifies the mapping port. This is docker For security purposes, ports are not automatically opened. docker run -p 80 -d dockertest/dockerfile_build nginx -g "daemon off"
CMD
Used to provide the default command for the container to run, if docker run When a command to run is specified, then CMD The command will not be executed. CMD There are three modes: CMD <command> (shell pattern) CMD [ "executable", "param1", "param2" ] (exec pattern) CMD [ 'param1', 'param2'] (Usually with ENTRYPOINT Collocation assignment ENTRYPOINT Default parameters for)
ENTRYPOINT
And CMD similar, ENTRYPOINT Will not be docker run The command specified in is overwritten, if you want to overwrite ENTRYPOINT,You need to docker run Specified in--entrypoint option It has two modes: ENTRYPOINT <command> (shell pattern) ENTRYPOINT [ "executable", "param1", "param2" ] (exec pattern)
ADD and COPY
The function is to copy files or directories to Dockerfile In the built image ADD <src> <dest> ADD ["<src>" "<dest>"] (Applies if the file path contains spaces) COPY <src> <dest> ADD ["<src>" "<dest>"] (Applies if the file path contains spaces) ADD Contains similar tar If you only copy files, it is recommended to use the decompression function of COPY,Moreover, the source file paths of both are used Dockerfile Relative path, target path uses absolute path. COPY index.html /var/www/html
VOLUME
It is used to add volumes to containers, and can provide functions such as shared storage VOLUME ['/data'] WORKDIR Set the working directory inside the container so that ENTRYPOINT and CMD The specified commands will be executed in this directory in the container. WORKDIR /path/to/workdir
ENV
Used to set environment variables ENV <KEY> <VALUE> ENV <KEY>=<VALUE>
USER
Used to specify why the user runs the image USER nginx The mirror will nginx Run as, you can use uid,gid And other combinations ONBUILD Create a trigger for an image. This trigger is executed when an image is used as the base image of other images. When the sub image is built, the instruction in the trigger is inserted. ONBUILD COPY index.html /var/www/html
Construction process of Dockerfile
docker will run a container FROM the underlying image specified in the Dockerfile header FROM
Then execute an instruction to modify the container
Then, perform an operation similar to docker commit to create a new image layer
Run a new container based on the image you just created
Execute the next instruction of Dockerfile until all instructions are executed
Docker will delete the container created by the m-tier, but will not delete the m-tier image. Therefore, you can use docker run to run an m-tier container to view the image status after each step of construction, so you can debug.
dockerfile layering principle
1.docker image layering (based on AUFS):
The docker image is located on the bootfs
The next layer of each mirror becomes the parent mirror
The first layer image becomes base image
Container layer (readable and writable), at the top layer (writable)
Below the container layer are readonly