欢迎来到战五渣的博客

人生三重境界:昨夜西风凋碧树,独上高楼,望尽天涯路。 衣带渐宽终不悔,为伊消得人憔悴。 众里寻他千百度,蓦然回首,那人却在灯火阑珊处。

DOCKER学习_012:Dockerfile配置指令详解

1 Dockerfile结构

基础镜像信息

镜像操作指令

容器启动时执行指令

2 FROM

指定基础镜像,用于继承其他镜像使用的

FROM ubuntu:14.06
FROM centos
FROM nginx:latest

3 LABEL

镜像创建者的基本信息

4 ENV

定义Docker容器内的环境变量,使用ENV声明变量

  • ENV # 只能设置一个变量
  • ENV = … # 允许一次设置多个变量
ENV <key> <value>
指定一个环境变量,会被后续RUN指令使用,并在容器运行时保持
示例:
ENV TZ "Asia/Shanghai"

例如,在Dockerfile容器声明一个变量

FROM centos:7
LABEL  darren darren@gmail.com

ENV TZ "Asia/Shanghai"

RUN yum -y install openssh-server \
  && useradd natash \
  && echo "redhat"|passwd --stdin natash \
  && echo "redhat"|passwd --stdin root   \
  && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''\
  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "$TZ"

ADD ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
ADD ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
ADD ssh_host_rsa_key     /tmp/ssh_host_rsa_key

#CMD  ["/usr/sbin/sshd", "-D"]

5 ADD

将复制指定的 到容器中

ADD <src> <dest>
复制指定的<src>到容器中的<dest>
<src>可以是dockerfile所在目录的一个相对路径,也可以是一个url,或者tar文件(会自动解压缩)
示例:
ADD aliyun-mirror.repo /etc/yum.repos.d/CentOS-Base.repo

源不能是绝对路径,必须是相对于Dockerfile的相对路径,例如如下操作

[root@docker-server3 openssh]# mkdir  keys

[root@docker-server3 openssh]# mv ssh_host_* keys/

[root@docker-server3 openssh]# vi Dockerfile

FROM centos:7
LABEL  darren darren@gmail.com

ENV TZ "Asia/Shanghai"

RUN yum -y install openssh-server \
  && useradd natash \
  && echo "redhat"|passwd --stdin natash \
  && echo "redhat"|passwd --stdin root   \
  && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''\
  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "$TZ"

ADD keys/ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
ADD keys/ssh_host_rsa_key     /tmp/ssh_host_rsa_key

#CMD  ["/usr/sbin/sshd", "-D"]

6 COPY

将复制本地主机的 (为 Dockerfile 所在目录的相对路径)到容器中的

COPY <src> <dest>
与ADD类似
目录路径不存在时,会自动创建
示例:
COPY aliyun-mirror.repo /etc/yum.repos.d/CentOS-Base.repo

ADD和COPY的区别

在上面的那个ADD情况下,ADD和COPY没有任何区别

ADD与COPY是完全不同的命令。COPY是这两个中最简单的,它只是从主机复制一份文件或者目录到镜像里。ADD同样可以这么做,但是它还有更神奇的功能,像解压TAR文件或从远程URLs获取文件。为了降低Dockerfile的复杂度以及防止意外的操作,最好用COPY来复制文件。Best Practices for Writing Dockerfiles建议尽量使用COPY,并使用RUN与COPY的组合来代替ADD,这是因为虽然COPY只支持本地文件拷贝到container,但它的处理比ADD更加透明,建议只在复制tar文件时使用ADD,如ADD trusty-core-amd64.tar.gz /。

例如使用这种方式进行拷贝

[root@docker-server3 openssh]# tar zcf keys.tar.gz  keys

[root@docker-server3 openssh]# vi  Dockerfile 

FROM centos:7
LABEL  darren darren@gmail.com

ENV TZ "Asia/Shanghai"

RUN yum -y install openssh-server \
  && useradd natash \
  && echo "redhat"|passwd --stdin natash \
  && echo "redhat"|passwd --stdin root   \
  && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''\
  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "$TZ"

#ADD keys/ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
#ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
#COPY keys/ssh_host_rsa_key     /tmp/ssh_host_rsa_key

COPY keys.tar.gz   /keys.tar.gz
RUN  tar -zxf  /keys.tar.gz  &&  cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/

CMD  ["/usr/sbin/sshd", "-D"]

[root@docker-server3 openssh]# docker build -t openssh:v1.5  .

Sending build context to Docker daemon  10.24kB
Step 1/7 : FROM centos:7
 ---> 5e35e350aded
Step 2/7 : LABEL  darren darren@gmail.com
 ---> Using cache
 ---> eb19f72c1afd
Step 3/7 : ENV TZ "Asia/Shanghai"
 ---> Running in d8f0df141bae
Removing intermediate container d8f0df141bae
 ---> ef9b5d7d9bb0
Step 4/7 : RUN yum -y install openssh-server   && useradd natash   && echo "redhat"|passwd --stdin natash   && echo "redhat"|passwd --stdin root     && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''   && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''   && echo "$TZ"
 ---> Running in 2aef49fc1769
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: mirror.pregi.net
 * extras: hk.mirrors.thegigabit.com
 * updates: hk.mirrors.thegigabit.com

http://centos.uhost.hk/7.7.1908/os/x86_64/repodata/04efe80d41ea3d94d36294f7107709d1c8f70db11e152d6ef562da344748581a-primary.sqlite.bz2: [Errno 12] Timeout on http://centos.uhost.hk/7.7.1908/os/x86_64/repodata/04efe80d41ea3d94d36294f7107709d1c8f70db11e152d6ef562da344748581a-primary.sqlite.bz2: (28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds')
Trying other mirror.
Resolving Dependencies
--> Running transaction check
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be installed
--> Processing Dependency: openssh = 7.4p1-21.el7 for package: openssh-server-7.4p1-21.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-7.4p1-21.el7.x86_64
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64
---> Package openssh.x86_64 0:7.4p1-21.el7 will be installed
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                  Arch          Version               Repository   Size
================================================================================
Installing:
 openssh-server           x86_64        7.4p1-21.el7          base        459 k
Installing for dependencies:
 fipscheck                x86_64        1.4.1-6.el7           base         21 k
 fipscheck-lib            x86_64        1.4.1-6.el7           base         11 k
 openssh                  x86_64        7.4p1-21.el7          base        510 k
 tcp_wrappers-libs        x86_64        7.6-77.el7            base         66 k

Transaction Summary
================================================================================
Install  1 Package (+4 Dependent packages)

Total download size: 1.0 M
Installed size: 3.0 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-1.4.1-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for fipscheck-1.4.1-6.el7.x86_64.rpm is not installed
--------------------------------------------------------------------------------
Total                                              391 kB/s | 1.0 MB  00:02     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-7.1908.0.el7.centos.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : fipscheck-1.4.1-6.el7.x86_64                                 1/5 
  Installing : fipscheck-lib-1.4.1-6.el7.x86_64                             2/5 
  Installing : openssh-7.4p1-21.el7.x86_64                                  3/5 
  Installing : tcp_wrappers-libs-7.6-77.el7.x86_64                          4/5 
  Installing : openssh-server-7.4p1-21.el7.x86_64                           5/5 
  Verifying  : fipscheck-lib-1.4.1-6.el7.x86_64                             1/5 
  Verifying  : tcp_wrappers-libs-7.6-77.el7.x86_64                          2/5 
  Verifying  : fipscheck-1.4.1-6.el7.x86_64                                 3/5 
  Verifying  : openssh-7.4p1-21.el7.x86_64                                  4/5 
  Verifying  : openssh-server-7.4p1-21.el7.x86_64                           5/5 

Installed:
  openssh-server.x86_64 0:7.4p1-21.el7                                          

Dependency Installed:
  fipscheck.x86_64 0:1.4.1-6.el7      fipscheck-lib.x86_64 0:1.4.1-6.el7        
  openssh.x86_64 0:7.4p1-21.el7       tcp_wrappers-libs.x86_64 0:7.6-77.el7     

Complete!
Changing password for user natash.
passwd: all authentication tokens updated successfully.
Changing password for user root.
passwd: all authentication tokens updated successfully.
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_ed25519_key.
Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub.
The key fingerprint is:
SHA256:e5C8TNeWaFze+kluznGRnyGTuUPVGRMtSM7J1w7VBA0 root@2aef49fc1769
The key's randomart image is:
+---[DSA 1024]----+
|           ...EO*|
|           +...oO|
|            * o+o|
|       . o = ++o.|
|        S = =*.+.|
|       o * ...+ =|
|        + . .oo.o|
|         .   =o+ |
|             o*  |
+----[SHA256]-----+
Asia/Shanghai                                          #这里就是打印的ENV声明的变量
Removing intermediate container 2aef49fc1769
 ---> e11453e3dd3b
Step 5/7 : COPY keys.tar.gz   /keys.tar.gz             #COPY的操作
 ---> bddfb2743c4d
Step 6/7 : RUN  tar -zxf  /keys.tar.gz  &&  cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/
 ---> Running in eddbbc44e2a6
Removing intermediate container eddbbc44e2a6
 ---> 79e6df645d78
Step 7/7 : CMD  ["/usr/sbin/sshd", "-D"]
 ---> Running in 217fbee101d4
Removing intermediate container 217fbee101d4
 ---> 90743d882696
Successfully built 90743d882696
Successfully tagged openssh:v1.5

[root@docker-server3 openssh]# docker run -d openssh:v1.5

41e2d69f3503d0cd459d1f7cd56ae9f51aaf7749bef7f79f089e551bc4de4ecb

[root@docker-server3 openssh]# docker ps -a

CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS                      PORTS               NAMES
41e2d69f3503        openssh:v1.5        "/usr/sbin/sshd -D"   9 seconds ago       Up 8 seconds                                    objective_sinoussi
db351e66fc63        openssh:v1.4        "/usr/sbin/sshd -D"   34 minutes ago      Up 34 minutes                                   nifty_curran
f6a4ebe048cd        openssh:v1.4        "/bin/bash"           35 minutes ago      Exited (0) 35 minutes ago                       adoring_archimedes
fd2c629a2b3c        openssh:v1.3        "/usr/sbin/sshd -D"   42 hours ago        Up 42 hours

上面这种是COPY,使用ADD操作

FROM centos:7
LABEL  darren darren@gmail.com

ENV TZ "Asia/Shanghai"

RUN yum -y install openssh-server \
  && useradd natash \
  && echo "redhat"|passwd --stdin natash \
  && echo "redhat"|passwd --stdin root   \
  && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''\
  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "$TZ"

#ADD keys/ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
#ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
#COPY keys/ssh_host_rsa_key     /tmp/ssh_host_rsa_key

#COPY keys.tar.gz   /keys.tar.gz
#RUN  tar -zxf  /keys.tar.gz  &&  cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/
ADD keys.tar.gz   /
RUN cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/            #少一个解压操作

CMD  ["/usr/sbin/sshd", "-D"]

ADD会把压缩文件自动解压,而且会删除压缩包

7 WORKDIR

进入容器的默认路径,相当于cd,后续的RUN、CMD、ENTRYPOINT也会使用指定路径。

WORKDIR </path/to/workdir>
为后续的RUN、CMD\ENTRYPOINT指令配置工作目录
可以使用多个WORKDIR,后续命令如果参数是相对路径,则会基于之前命令指定的路径
示例:
WORKDIR /a
WORKDIR b
WORKDIR c

例如在面的操作中,我们会把文件copy到/tmp下,我们可以这么设置

FROM centos:7
LABEL  darren darren@gmail.com

ENV TZ "Asia/Shanghai"

RUN yum -y install openssh-server \
  && useradd natash \
  && echo "redhat"|passwd --stdin natash \
  && echo "redhat"|passwd --stdin root   \
  && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''\
  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "$TZ"

#ADD keys/ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
#ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
#COPY keys/ssh_host_rsa_key     /tmp/ssh_host_rsa_key

#COPY keys.tar.gz   /keys.tar.gz
#RUN  tar -zxf  /keys.tar.gz  &&  cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/
ADD keys.tar.gz   /
WORKDIR   /tmp
RUN cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  ./

CMD  ["/usr/sbin/sshd", "-D"]

8 USER

指定运行容器时的用户名或UID,后续的RUN、CMD、ENTRYPOINT也会使用指定用户

当服务不需要管理员权限时,可以通过该命令指定运行用户,如果不指定就默认是root用户

USER <username>
示例:
USRE www

例指定用户为natash,那么在这个指定用户后的所有操作都将是natash

FROM centos:7
LABEL  darren darren@gmail.com

ENV TZ "Asia/Shanghai"

RUN yum -y install openssh-server \
  && useradd natash \
  && echo "redhat"|passwd --stdin natash \
  && echo "redhat"|passwd --stdin root   \
  && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''\
  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "$TZ"

#ADD keys/ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
#ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
#COPY keys/ssh_host_rsa_key     /tmp/ssh_host_rsa_key

#COPY keys.tar.gz   /keys.tar.gz
#RUN  tar -zxf  /keys.tar.gz  &&  cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/
ADD keys.tar.gz   /
WORKDIR   /tmp
USER   natash
RUN cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  ./

CMD  ["/usr/sbin/sshd", "-D"]

同时USER和WORKDIR可以出现多次,就是切换用户和目录的过程

9 RUN

RUN用来执行命令行命令的,只是在构建镜像build的时候执行

RUN <command> 或者 RUN ["executable","param1","param2"]
前者将在shell命令终端中执行,即/bin/sh -c ;后者使用exec执行
每条RUN指令将在当前镜像基础上执行指定命令,并提交为新的镜像
当命令较长时,可使用/换行
示例:
RUN ["/bin/bash","-c","echo hello"]
RUN apt install -y openssh-server

RUN在执行的时候,会多镜像层,所以尽可能在完成功能的前提下,少执行RUN,ADD,COPY等操作

比如我们对上个Dockerfile做一个优化

FROM centos:7
LABEL  darren darren@gmail.com

ENV TZ "Asia/Shanghai"

ADD keys.tar.gz   /
RUN yum -y install openssh-server \
  && useradd natash \
  && echo "redhat"|passwd --stdin natash \
  && echo "redhat"|passwd --stdin root   \
  && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''\
  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "$TZ"\
  && cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/
#ADD keys/ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
#ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
#COPY keys/ssh_host_rsa_key     /tmp/ssh_host_rsa_key

#COPY keys.tar.gz   /keys.tar.gz
#RUN  tar -zxf  /keys.tar.gz  &&  cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/
#RUN cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  ./

CMD  ["/usr/sbin/sshd", "-D"]

这样就少一个RUN指令,少一个镜像层,镜像层越多,性能越差

10 VOLUME

创建一个挂载点,类似于容器启动时使用的-v选项,只不过这里不能指定挂载到宿主机的位置

默认为/var/lib/docker/${文件系统名称}目录下

一般用来存放数据库和需要保持的数据

VOLUME <path>
示例:
VOLUME ["data"]

11 EXPOSE

告诉docker容器需要暴露的端口,对外声明端口使用的

在启动容器时需要通过-P,docker主机会自动分配一个端口转发到指定的端口

使用-p,则可以具体指定哪个本地端口映射过来

EXPOSE <port> [<port>...]
示例:
EXPOSE 22 80

例如,运行一个nginx容器

[root@docker-server3 openssh]# docker run -d nginx

[root@docker-server3 openssh]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                   PORTS               NAMES
e0847916fa35        nginx               "nginx -g 'daemon of…"   14 seconds ago      Up 13 seconds            80/tcp              pedantic_blackburn    #80端口
41e2d69f3503        openssh:v1.5        "/usr/sbin/sshd -D"      7 hours ago         Up 7 hours                                   objective_sinoussi
db351e66fc63        openssh:v1.4        "/usr/sbin/sshd -D"      7 hours ago         Up 7 hours                                   nifty_curran
f6a4ebe048cd        openssh:v1.4        "/bin/bash"              7 hours ago         Exited (0) 7 hours ago                       adoring_archimedes
fd2c629a2b3c        openssh:v1.3        "/usr/sbin/sshd -D"      2 days ago          Up 2 days 

意味着nginx会监听在80端口上

EXPOSE会声明监听在那个端口上,没有声明,他的端口也是打开的

FROM centos:7
LABEL  darren darren@gmail.com

ENV TZ "Asia/Shanghai"

ADD keys.tar.gz   /
RUN yum -y install openssh-server \
  && useradd natash \
  && echo "redhat"|passwd --stdin natash \
  && echo "redhat"|passwd --stdin root   \
  && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''\
  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "$TZ"\
  && cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/
#ADD keys/ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
#ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
#COPY keys/ssh_host_rsa_key     /tmp/ssh_host_rsa_key

#COPY keys.tar.gz   /keys.tar.gz
#RUN  tar -zxf  /keys.tar.gz  &&  cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/
#RUN cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  ./

EXPOSE  22  80 
CMD  ["/usr/sbin/sshd", "-D"]

这个端口,只是声明

[root@docker-server3 openssh]# docker build -t openssh:v1.6 .

[root@docker-server3 openssh]# docker run -d openssh:v1.6

[root@docker-server3 openssh]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                   PORTS               NAMES
131649a5d893        openssh:v1.6        "/usr/sbin/sshd -D"      5 seconds ago       Up 4 seconds             22/tcp, 80/tcp      zealous_poincare
e0847916fa35        nginx               "nginx -g 'daemon of…"   8 minutes ago       Up 8 minutes             80/tcp              pedantic_blackburn
41e2d69f3503        openssh:v1.5        "/usr/sbin/sshd -D"      7 hours ago         Up 7 hours                                   objective_sinoussi
db351e66fc63        openssh:v1.4        "/usr/sbin/sshd -D"      7 hours ago         Up 7 hours                                   nifty_curran
f6a4ebe048cd        openssh:v1.4        "/bin/bash"              7 hours ago         Exited (0) 7 hours ago                       adoring_archimedes
fd2c629a2b3c        openssh:v1.3        "/usr/sbin/sshd -D"      2 days ago          Up 2 days

可以看到声明的两个端口22和80

查看docker的日志,docker logs  +dockerid

12 HEALTHCHECK

用于检测容器指定的进程是否存活

避免进程僵死导致容器未异常退出引起的故障

HEALTHCHECK [args] CMD <指令>

示例:
FROM nginx
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib
/apt/lists/*
HEALTHCHECK --interval=5s --retries=3 --timeout=3s \
CMD curl -fs http://localhost/ || exit 1

13 CMD

指定启动容器时执行的命令,默认执行的任务

每个Dockerfile只能有一条CMD命令,如果指定了多条,只有最后一条会被执行

如果用户启动容器时指定了运行的命令,则会覆盖掉CMD指定的命令

语法:
CMD ["executable","param1","param2"] #使用exec执行,推荐的方式
CMD command param1 param2 #在/bin/sh中执行,提供给需要交互的应用
CMD ["param1","param2"] #提供给ENTRYPOINT的默认参数
示例:
CMD ["supervisord","-c","/etc/supervisord.conf"]

如果不加,就没有默认指令,但是启动容器的时候也会指定一个指令

例如注释掉上个镜像的CMD指令,启动一个容器

[root@docker-server3 openssh]# vi Dockerfile

FROM centos:7
LABEL  darren darren@gmail.com

RUN yum -y install openssh-server \
  && useradd natash \
  && echo "redhat"|passwd --stdin natash \
  && echo "redhat"|passwd --stdin root   \
  && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''\
  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''

ADD ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
ADD ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
ADD ssh_host_rsa_key     /tmp/ssh_host_rsa_key

#CMD  ["/usr/sbin/sshd", "-D"]

[root@docker-server3 openssh]# docker build -t openssh:v1.4 .

Sending build context to Docker daemon  7.168kB
Step 1/6 : FROM centos:7
 ---> 5e35e350aded
Step 2/6 : LABEL  darren darren@gmail.com
 ---> Using cache
 ---> eb19f72c1afd
Step 3/6 : RUN yum -y install openssh-server   && useradd natash   && echo "redhat"|passwd --stdin natash   && echo "redhat"|passwd --stdin root     && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''   && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N ''
 ---> Using cache
 ---> 2be613021085
Step 4/6 : ADD ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
 ---> Using cache
 ---> c64f7dcda4c1
Step 5/6 : ADD ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
 ---> Using cache
 ---> 86e57a7a4313
Step 6/6 : ADD ssh_host_rsa_key     /tmp/ssh_host_rsa_key
 ---> Using cache
 ---> 2412a6e26b9c
Successfully built 2412a6e26b9c
Successfully tagged openssh:v1.4

[root@docker-server3 openssh]# docker run -d openssh:v1.4

f6a4ebe048cd04d4b7407f3f452d22d8ecfdee3b87f36a3c84524eacf467bf4d

[root@docker-server3 openssh]# docker ps -a

CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS                     PORTS               NAMES
f6a4ebe048cd        openssh:v1.4        "/bin/bash"           4 seconds ago       Exited (0) 3 seconds ago                       adoring_archimedes    #默认执行/bin/bash,并退出
fd2c629a2b3c        openssh:v1.3        "/usr/sbin/sshd -D"   41 hours ago        Up 41 hours  

/bin/bash指令来源于基础镜像centos:7

在命令行指定一个默认指令,启动容器效果一样

[root@docker-server3 openssh]# docker run -d openssh:v1.4 /usr/sbin/sshd -D

db351e66fc63fc4aa5f84c48a14d7ee4ced18c3a079deeae6332dfb4c8b1933

[root@docker-server3 openssh]# docker ps -a

CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS                      PORTS               NAMES
db351e66fc63        openssh:v1.4        "/usr/sbin/sshd -D"   4 seconds ago       Up 3 seconds                                    nifty_curran
f6a4ebe048cd        openssh:v1.4        "/bin/bash"           31 seconds ago      Exited (0) 29 seconds ago                       adoring_archimedes
fd2c629a2b3c        openssh:v1.3        "/usr/sbin/sshd -D"   41 hours ago        Up 41 hours  

使用另一种方式写CMD

FROM centos:7
LABEL  darren darren@gmail.com

ENV TZ "Asia/Shanghai"

ADD keys.tar.gz   /
RUN yum -y install openssh-server \
  && useradd natash \
  && echo "redhat"|passwd --stdin natash \
  && echo "redhat"|passwd --stdin root   \
  && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''\
  && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' \
  && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' \
  && echo "$TZ"\
  && cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/
#ADD keys/ssh_host_ecdsa_key   /tmp/ssh_host_ecdsa_key
#ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
#COPY keys/ssh_host_rsa_key     /tmp/ssh_host_rsa_key

#COPY keys.tar.gz   /keys.tar.gz
#RUN  tar -zxf  /keys.tar.gz  &&  cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  /tmp/
#RUN cp /keys/ssh_host_ecdsa_key  /keys/ssh_host_ed25519_key  /keys/ssh_host_rsa_key  ./

EXPOSE  22  80
#CMD  ["/usr/sbin/sshd", "-D"]
CMD  /usr/sbin/sshd -D

[root@docker-server3 openssh]# docker build -t openssh:v1.7 .

[root@docker-server3 openssh]# docker run -d openssh:v1.7

[root@docker-server3 openssh]# docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                   PORTS               NAMES
915f9a1854c6        openssh:v1.7        "/bin/sh -c '/usr/sb…"   6 seconds ago       Up 5 seconds             22/tcp, 80/tcp      practical_margulis
131649a5d893        openssh:v1.6        "/usr/sbin/sshd -D"      7 minutes ago       Up 7 minutes             22/tcp, 80/tcp      zealous_poincare
e0847916fa35        nginx               "nginx -g 'daemon of…"   15 minutes ago      Up 15 minutes            80/tcp              pedantic_blackburn
41e2d69f3503        openssh:v1.5        "/usr/sbin/sshd -D"      7 hours ago         Up 7 hours                                   objective_sinoussi
db351e66fc63        openssh:v1.4        "/usr/sbin/sshd -D"      8 hours ago         Up 8 hours                                   nifty_curran
f6a4ebe048cd        openssh:v1.4        "/bin/bash"              8 hours ago         Exited (0) 8 hours ago                       adoring_archimedes
fd2c629a2b3c        openssh:v1.3        "/usr/sbin/sshd -D"      2 days ago          Up 2 days

也会运行,但是会自动运行一个/bin/sh -c  来执行我们的默认指令

第三种,只用CMD传递参数,但是必须配和ENTRYPOINT使用

14 ENTRYPOINT

配置容器启动后执行的命令

不会被docker run 提供的参数覆盖

每个Dockerfile只能有一个ENTRYPOINT,如果指定了多个,只有最后一个被执行

语法:
ENTRYPOINT ["executable","param1","param2"]
ENTRYPOINT command param1 param2

示例:
ENTRYPOINT ["/build.sh"]

15 ONBUILD

配置当所创建的镜像作为其它新创建镜像的基础镜像时,所执行的操作指令

语法:
ONBUILD [INSTRUTION]

示例:
创建镜像A:
ONBUILD ADD . /app/src
ONBUILD RUN /usr/local/bin/pypthon-build --dir /app/src
如果基于镜像A创建新的镜像时,新的Dockerfile使用FROM A指定基础镜像时,会自动执行ONBUILD指令内容,等价于在后面添加了两条指令:
FROM A
ADD . /app/src
RUN /usr/local/bin/python-build --dir /app/src
使用ONBUILD指令的镜像,推荐在标签中注明,如:ruby:1.9-onbuild

16 编写Dockerfile的原则,最佳实践

尽可能让变更少的镜像层优先构建

二次构建时,利用镜像的缓存特性提升构建效率

尽可能少的使用生成镜像层的指令关键字

每使用一次指令关键字,就会创建一个新的只读层

尽可能清理不必要的文件

使构建后的镜像尽可能的小


博主声明:本文的内容来源主要来自誉天教育晏威老师,由本人实验完成操作验证,需要的博友请联系誉天教育(http://www.yutianedu.com/),获得官方同意或者晏老师(https://www.cnblogs.com/breezey/)本人同意即可转载,谢谢!

posted @ 2020-01-03 23:03  梦中泪  阅读(663)  评论(0编辑  收藏  举报