Docker生产实践(六)
镜像构建思路
思路:分层设计
最底层:系统层,构建自己适用的不同操作系统镜像;
中间层:根据运行环境,如php、java、python等,构建业务基础运行环境层镜像;
最上层:根据具体的业务模块,构建应用服务层镜像。
目录构建树结构
案例1:centos 7系统镜像构建
cd /root mkdir -p /root/docker/system/centos cd /root/docker/system/centos wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo # 下载阿里RHEL 7 epel源 cp /etc/yum.repos.d/epel.repo epel.repo
创建镜像文件
vim Dockerfile # This Dockerfile # Base image FROM centos # Who MAINTAINER shhnwangjian xxx@163.com # EPEL ADD epel.repo /etc/yum.repos.d/ # Base pkg RUN yum install -y wget supervisor git tree net-tools sudo psmisc mysql-devel && yum clean all
构建镜像
docker build -t shhnwangjian/centos:base .
案例2:基于案例1的centos系统镜像,构建python运行环境镜像
mkdir -p /root/docker/runtime/python cd /root/docker/runtime/python
创建镜像文件
vim Dockerfile # Base image FROM shhnwangjian/centos:base # Who MAINTAINER shhnwangjian xxx@163.com # Python env RUN yum install -y python-devel python-pip supervisor # Upgrade pip RUN pip install --upgrade pip
构建镜像
docker build -t shhnwangjian/python .
案例3:构建带SSH功能的centos 7系统镜像
mkdir -p /root/docker/system/centos-ssh cd /root/docker/system/centos-ssh wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo # 下载阿里RHEL 7 epel源 cp /etc/yum.repos.d/epel.repo epel.repo
创建镜像文件
# Docker for CentOS # Base image FROM centos # Who MAINTAINER shhnwangjian xxx@163.com # EPEL ADD epel.repo /etc/yum.repos.d/ # Base pkg RUN yum install -y openssh-clients openssl-devel openssh-server wget supervisor git tree net-tools sudo psmisc mysql-devel && yum clean all # For SSHD RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key RUN echo "root:123456" | chpasswd
构建镜像
docker build -t shhnwangjian/centos-ssh .
案例4:基于案例3的centos-ssh系统镜像,构建python-ssh运行环境镜像
mkdir -p /root/docker/runtime/python-ssh cd /root/docker/runtime/python-ssh
创建镜像文件
# Base image FROM shhnwangjian/centos-ssh # Who MAINTAINER shhnwangjian xxx@163.com # Python env RUN yum install -y python-devel python-pip supervisor # Upgrade pip RUN pip install --upgrade pip
构建镜像
docker build -t shhnwangjian/python-ssh .
案例5:基于案例4的python-ssh镜像,构建app应用服务镜像
mkdir -p /root/docker/app/web-app cd /root/docker/app/web-app
应用程序文件app.py
from flask import Flask app = Flask(__name__) @app.route('/') def hello(): return "Hello World!" if __name__ == "__main__": app.run(host="0.0.0.0", debug=True)
python依赖包文件requirements.txt
Flask
supervisor配置文件app-supervisor.ini
[program:web-api] command=/usr/bin/python2.7 /opt/app.py process_name=%(program_name)s autostart=true user=www stdout_logfile=/tmp/app.log stderr_logfile=/tmp/app.error [program:sshd] command=/usr/sbin/sshd -D process_name=%(program_name)s autostart=true
在宿主机上安装supervisor,将默认生成的supervisord.conf放入docker构建环境目录下
; Sample supervisor config file. [unix_http_server] file=/var/run/supervisor/supervisor.sock ; (the path to the socket file) ;chmod=0700 ; sockef file mode (default 0700) ;chown=nobody:nogroup ; socket file uid:gid owner ;username=user ; (default is no username (open server)) ;password=123 ; (default is no password (open server)) ;[inet_http_server] ; inet (TCP) server disabled by default ;port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface) ;username=user ; (default is no username (open server)) ;password=123 ; (default is no password (open server)) [supervisord] logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log) logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) logfile_backups=10 ; (num of main logfile rotation backups;default 10) loglevel=info ; (log level;default info; others: debug,warn,trace) pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) nodaemon=true ; (start in foreground if true;default false) minfds=1024 ; (min. avail startup file descriptors;default 1024) minprocs=200 ; (min. avail process descriptors;default 200) ;umask=022 ; (process file creation umask;default 022) ;user=chrism ; (default is current user, required if root) ;identifier=supervisor ; (supervisord identifier, default is 'supervisor') ;directory=/tmp ; (default is not to cd during start) ;nocleanup=true ; (don't clean up tempfiles at start;default false) ;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP) ;environment=KEY=value ; (key value pairs to add to environment) ;strip_ansi=false ; (strip ansi escape codes in logs; def. false) ; the below section must remain in the config file for RPC ; (supervisorctl/web interface) to work, additional interfaces may be ; added by defining them in separate rpcinterface: sections [rpcinterface:supervisor] supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface [supervisorctl] serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL for a unix socket ;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket ;username=chris ; should be same as http_username if set ;password=123 ; should be same as http_password if set ;prompt=mysupervisor ; cmd line prompt (default "supervisor") ;history_file=~/.sc_history ; use readline history if available ; The below sample program section shows all possible program subsection values, ; create one or more 'real' program: sections to be able to control them under ; supervisor. ;[program:theprogramname] ;command=/bin/cat ; the program (relative uses PATH, can take args) ;process_name=%(program_name)s ; process_name expr (default %(program_name)s) ;numprocs=1 ; number of processes copies to start (def 1) ;directory=/tmp ; directory to cwd to before exec (def no cwd) ;umask=022 ; umask for process (default None) ;priority=999 ; the relative start priority (default 999) ;autostart=true ; start at supervisord start (default: true) ;autorestart=true ; retstart at unexpected quit (default: true) ;startsecs=10 ; number of secs prog must stay running (def. 1) ;startretries=3 ; max # of serial start failures (default 3) ;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) ;stopsignal=QUIT ; signal used to kill process (default TERM) ;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) ;user=chrism ; setuid to this UNIX account to run the program ;redirect_stderr=true ; redirect proc stderr to stdout (default false) ;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO ;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) ;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) ;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) ;stdout_events_enabled=false ; emit events on stdout writes (default false) ;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO ;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) ;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) ;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) ;stderr_events_enabled=false ; emit events on stderr writes (default false) ;environment=A=1,B=2 ; process environment additions (def no adds) ;serverurl=AUTO ; override serverurl computation (childutils) ; The below sample eventlistener section shows all possible ; eventlistener subsection values, create one or more 'real' ; eventlistener: sections to be able to handle event notifications ; sent by supervisor. ;[eventlistener:theeventlistenername] ;command=/bin/eventlistener ; the program (relative uses PATH, can take args) ;process_name=%(program_name)s ; process_name expr (default %(program_name)s) ;numprocs=1 ; number of processes copies to start (def 1) ;events=EVENT ; event notif. types to subscribe to (req'd) ;buffer_size=10 ; event buffer queue size (default 10) ;directory=/tmp ; directory to cwd to before exec (def no cwd) ;umask=022 ; umask for process (default None) ;priority=-1 ; the relative start priority (default -1) ;autostart=true ; start at supervisord start (default: true) ;autorestart=unexpected ; restart at unexpected quit (default: unexpected) ;startsecs=10 ; number of secs prog must stay running (def. 1) ;startretries=3 ; max # of serial start failures (default 3) ;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) ;stopsignal=QUIT ; signal used to kill process (default TERM) ;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) ;user=chrism ; setuid to this UNIX account to run the program ;redirect_stderr=true ; redirect proc stderr to stdout (default false) ;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO ;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) ;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) ;stdout_events_enabled=false ; emit events on stdout writes (default false) ;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO ;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) ;stderr_logfile_backups ; # of stderr logfile backups (default 10) ;stderr_events_enabled=false ; emit events on stderr writes (default false) ;environment=A=1,B=2 ; process environment additions ;serverurl=AUTO ; override serverurl computation (childutils) ; The below sample group section shows all possible group values, ; create one or more 'real' group: sections to create "heterogeneous" ; process groups. ;[group:thegroupname] ;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions ;priority=999 ; the relative start priority (default 999) ; The [include] section can just contain the "files" setting. This ; setting can list multiple files (separated by whitespace or ; newlines). It can also contain wildcards. The filenames are ; interpreted as relative to this file. Included files *cannot* ; include files themselves. [include] files = supervisord.d/*.ini
备注:nodaemon=true ,前台启动
创建镜像文件
# Base image FROM shhnwangjian/python-ssh # Who MAINTAINER shhnwangjian xxx@163.com # ADD user www RUN useradd -s /sbin/nologin -M www # ADD file ADD app.py /opt/app.py ADD requirements.txt /opt/ ADD supervisord.conf /etc/supervisord.conf ADD app-supervisor.ini /etc/supervisord.d/ # Pip install RUN /usr/bin/pip2.7 install -r /opt/requirements.txt # Port EXPOSE 22 5000 # CMD CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
构建镜像
docker build -t shhnwangjian/web-api .
启动容器
docker run --name web-api -d -p 88:5000 -p 8022:22 shhnwangjian/web-api