7. Dockerfile

7.1 Docker 构建过程

构建步骤：

1. 编写 dockerfile 文件
2. docker build 构建镜像
3. docker run 运行镜像
4. docker push 发布镜像

基础知识：

• 每个保留关键字（指令）都必须是大写字母
• 指令从上到下顺序执行
• #表示注释
• 每个指令都会创建一个镜像层

7.2 Docker 指令

官方文档

• FROM :基础镜像, 从这里开始构建
• MAINTAINER: 镜像是谁写的，姓名+邮箱
• RUN: 镜像构建的时候需要运行的命令
• ADD: 添加内容，如果加 tomcat 之类的
• WORKDIR: 工作目录
• VOLUME: 挂载目录
• EXPOSE: 暴露端口
• CMD： 指定容器启动时，要运行的命令, 只有最后一个会生效，可被替代
• ENTRYPOINT: 指定容器启动时，要运行的命令，可以追加命令
• ONBUILD: 当构建一个被继承 Dockerfile 这个时候就会运行 ONBUILD 的指令
• COPY: 雷士 ADD ，将我们文件拷贝到镜像中
• ENV: 构建的时候设置环境变量

7.3 构建一个 centos

从 docker hub 点进官方的 dockerfile 看看

dockerfile
FROM scratch
ADD centos-8-x86_64.tar.xz /

LABEL \
	org.label-schema.schema-version="1.0"   \
	org.label-schema.name="CentOS Base Image" \
    org.label-schema.vendor="CentOS" \
    org.label-schema.license="GPLv2"  \
    org.label-schema.build-date="20210915"
    
CMD ["/bin/bash"]

构建自己的centos

编写dockerfile

shell
[root@hecs-152658 dockerfile]# pwd
/root/test/dockerfile
[root@hecs-152658 dockerfile]# vim dockerfile01

dockerfile
# dockerfile
FROM centos
MAINTAINER YUI<22222@qq.com>

ENV MYPATH /usr/local
WORKDIR $MYPATH

RUN /bin/sh -c yum -y install vim
RUN /bin/sh -c yum -y install net-tools

EXPOSE 80

CMD echo $MYPATH
CMD echo '----end----'
CMD /bin/bash

构建镜像

shell
[root@hecs-152658 dockerfile]# docker build -f ./dockerfile01 -t centos-1 .
[+] Building 1.1s (8/8) FINISHED                                 docker:default
 => [internal] load build definition from dockerfile01                     0.0s
 => => transferring dockerfile: 262B                                       0.0s
 => [internal] load .dockerignore                                          0.0s
 => => transferring context: 2B                                            0.0s
 => [internal] load metadata for docker.io/library/centos:latest           0.0s
 => [1/4] FROM docker.io/library/centos                                    0.0s
 => CACHED [2/4] WORKDIR /usr/local                                        0.0s
 => [3/4] RUN /bin/sh -c yum -y install vim                                0.4s
 => [4/4] RUN /bin/sh -c yum -y install net-tools                          0.5s
 => exporting to image                                                     0.1s
 => => exporting layers                                                    0.1s                             
 => => writing image sha256:7d3ce4a60ac0d3b6e00f7684decd9cbd5311a2a9ead8e  0.0s
 => => naming to docker.io/library/centos-1                                0.0s

启动镜像

shell
# 启动容器看看
[root@hecs-152658 dockerfile]# docker run -it centos-1
# 这里目录自然到 WORKDIR 配置上
[root@2bdc9799a5e5 local]# pwd
/usr/local
[root@2bdc9799a5e5 local]# [root@hecs-152658 dockerfile]# docker ps
CONTAINER ID   IMAGE                                                COMMAND                  CREATED          STATUS          PORTS                    NAMES
2bdc9799a5e5   centos-1                                             "/bin/sh -c /bin/bash"   24 seconds ago   Up 23 seconds   80/tcp                   sleepy_khorana

#查看构建过程
[root@hecs-152658 dockerfile]# docker history centos-1
IMAGE          CREATED         CREATED BY                                      SIZE      COMMENT
7d3ce4a60ac0   7 minutes ago   CMD ["/bin/sh" "-c" "/bin/bash"]                0B        buildkit.dockerfile.v0
<missing>      7 minutes ago   CMD ["/bin/sh" "-c" "echo '----end----'"]       0B        buildkit.dockerfile.v0
<missing>      7 minutes ago   CMD ["/bin/sh" "-c" "echo $MYPATH"]             0B        buildkit.dockerfile.v0
<missing>      7 minutes ago   EXPOSE map[80/tcp:{}]                           0B        buildkit.dockerfile.v0
<missing>      7 minutes ago   RUN /bin/sh -c /bin/sh -c yum -y install net…   435kB     buildkit.dockerfile.v0
<missing>      7 minutes ago   RUN /bin/sh -c /bin/sh -c yum -y install vim…   435kB     buildkit.dockerfile.v0
<missing>      8 minutes ago   WORKDIR /usr/local                              0B        buildkit.dockerfile.v0
<missing>      8 minutes ago   ENV MYPATH=/usr/local                           0B        buildkit.dockerfile.v0
<missing>      8 minutes ago   MAINTAINER YUI<22222@qq.com>                    0B        buildkit.dockerfile.v0
<missing>      22 months ago   /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B
<missing>      22 months ago   /bin/sh -c #(nop)  LABEL org.label-schema.sc…   0B
<missing>      22 months ago   /bin/sh -c #(nop) ADD file:805cb5e15fb6e0bb0…   231MB

7.4 ENTRYPOINT 与 CMD

shell
# CMD
[root@hecs-152658 dockerfile]# vim dockerfileCmd
[root@hecs-152658 dockerfile]# cat dockerfileCmd
FROM centos
CMD ["ls", "-a"]
# ENTRYPOINT
[root@hecs-152658 dockerfile]# cp dockerfileCmd dockerfileEntrypoint
[root@hecs-152658 dockerfile]# vim dockerfileEntrypoint
[root@hecs-152658 dockerfile]# cat dockerfileEntrypoint
FROM centos
ENTRYPOINT ["ls", "-a"]
# build
[root@hecs-152658 dockerfile]# docker build -f dockerfileCmd -t centos-cmd .
[+] Building 0.1s (5/5) FINISHED                                 docker:default
 => [internal] load .dockerignore                                          0.0s
 => => transferring context: 2B                                            0.0s
 => [internal] load build definition from dockerfileCmd                    0.0s
 => => transferring dockerfile: 70B                                        0.0s
 => [internal] load metadata for docker.io/library/centos:latest           0.0s
 => CACHED [1/1] FROM docker.io/library/centos                             0.0s
 => exporting to image                                                     0.0s
 => => exporting layers                                                    0.0s
 => => writing image sha256:7d202bdf002be182b794b7f2b4c90c4fe3560c3ac4f8c  0.0s
 => => naming to docker.io/library/centos-cmd                              0.0s
[root@hecs-152658 dockerfile]# docker build -f dockerfileEntrypoint -t centos-entrypoint .
[+] Building 0.1s (5/5) FINISHED                                 docker:default
 => [internal] load build definition from dockerfileEntrypoint             0.0s
 => => transferring dockerfile: 84B                                        0.0s
 => [internal] load .dockerignore                                          0.0s
 => => transferring context: 2B                                            0.0s
 => [internal] load metadata for docker.io/library/centos:latest           0.0s
 => CACHED [1/1] FROM docker.io/library/centos                             0.0s
 => exporting to image                                                     0.0s
 => => exporting layers                                                    0.0s
 => => writing image sha256:b325f5b972337e763ad3b2c0f1a720eb2d5b11a39b3d8  0.0s
 => => naming to docker.io/library/centos-entrypoint

# test
# 运行容器看下输出是一致的
[root@hecs-152658 dockerfile]# docker run centos-cmd
.
..
.dockerenv
bin
dev
...
[root@hecs-152658 dockerfile]# docker run centos-entrypoint
.
..
.dockerenv
bin
dev
...

# 添加参数看看
# 添加 -l 显示文件明细
# 发现 cmd 命令添加的命令，会覆盖掉原来的指令，由于 -l 不是命令，所以报错了，改成 ls -l 后，确实没有 -a的效果了
# 而 entrypoint 可以通过添加 -l 追加参数
# CMD 添加 -l 报错
[root@hecs-152658 dockerfile]# docker run centos-cmd -l
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "-l": executable file not found in $PATH: unknown.
ERRO[0000] error waiting for container:
# CMD 添加 ls -l 不现实隐藏文件了
[root@hecs-152658 dockerfile]# docker run centos-cmd ls -l
total 48
lrwxrwxrwx   1 root root    7 Nov  3  2020 bin -> usr/bin
drwxr-xr-x   5 root root  340 Jul 30 07:12 dev
drwxr-xr-x   1 root root 4096 Jul 30 07:12 etc
...
# CMD 添加 ls -al
[root@hecs-152658 dockerfile]# docker run centos-cmd ls -al
total 56
drwxr-xr-x   1 root root 4096 Jul 30 07:14 .
drwxr-xr-x   1 root root 4096 Jul 30 07:14 ..
-rwxr-xr-x   1 root root    0 Jul 30 07:14 .dockerenv
lrwxrwxrwx   1 root root    7 Nov  3  2020 bin -> usr/bin
...
# entrypoint 添加 -l 参数，结果与 ls -al 结果一致
[root@hecs-152658 dockerfile]# docker run centos-entrypoint -l
total 56
drwxr-xr-x   1 root root 4096 Jul 30 07:13 .
drwxr-xr-x   1 root root 4096 Jul 30 07:13 ..
-rwxr-xr-x   1 root root    0 Jul 30 07:13 .dockerenv
lrwxrwxrwx   1 root root    7 Nov  3  2020 bin -> usr/bin
...

7.5 tomcat 镜像构建

下载 tomcat 压缩包

shell
# 下载压缩包，这里太慢了我就直接从本地上传了
[root@hecs-152658 file]# pwd
/root/test/file
[root@hecs-152658 file]# wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.11/bin/apache-tomcat-10.1.11.tar.gz
--2021-07-30 15:21:20--  https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.11/bin/apache-tomcat-10.1.11.tar.gz
Resolving dlcdn.apache.org (dlcdn.apache.org)... 151.101.2.132, 2a04:4e42::644
Connecting to dlcdn.apache.org (dlcdn.apache.org)|151.101.2.132|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12146928 (12M) [application/x-gzip]
Saving to: ‘apache-tomcat-10.1.11.tar.gz’

.11.tar.gz           10%[=>                  ]   1.19M  22.6KB/s    eta 8m 34s ^C
[root@hecs-152658 file]# rm -rf *
[root@hecs-152658 file]# mv /root/apache-tomcat-10.1.11.tar.gz .
# 同时上传的还有 jdk， 最终目录如下
[root@hecs-152658 tomcat]# pwd
/root/test/tomcat
[root@hecs-152658 tomcat]# ls
apache-tomcat-10.1.11.tar.gz     jdk-8u321-linux-x64.tar.gz jdk-17.0.8_linux-x64_bin.tar.gz
Dockerfile                       README.md
  

编写dockerfile

dockerfile
FROM centos
MAINTAINER Yui<786725551@qq.com>
ENV MYPATH /usr/local
WORKDIR $MYPATH
COPY README.md .
# ADD 命令会自动解压
ADD jdk-17.0.8_linux-x64_bin.tar.gz .
ADD apache-tomcat-10.1.11.tar.gz .

#RUN yum -y install vim

ENV JAVA_HOME $MYPATH/jdk-17.0.8
ENV CLASS_PATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME $MYPATH/apache-tomcat-10.1.11
ENV CATALINA_BASH $MYPATH/apache-tomcat-10.1.11
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin

EXPOSE 8080

CMD startup.sh && tail -F $CATALINA_HOME/logs/catalina.out

构建

shell
# 这里 没有 -f dockerfile文件名，默认查找指定目录（命令最后一个参数 .） 下的 Dockerfile 文件
[root@hecs-152658 tomcat]# docker build -t my-tomcat01 .
[+] Building 7.5s (10/10) FINISHED                               docker:default
 => [internal] load build definition from Dockerfile                       0.0s
 => => transferring dockerfile: 601B                                       0.0s
 => [internal] load .dockerignore                                          0.0s
 => => transferring context: 2B                                            0.0s
 => [internal] load metadata for docker.io/library/centos:latest           0.0s
 => [1/5] FROM docker.io/library/centos                                    0.0s
 => [internal] load build context                                          1.3s
 => => transferring context: 182.42MB                                      1.3s
 => CACHED [2/5] WORKDIR /usr/local                                        0.0s
 => CACHED [3/5] COPY README.md .                                          0.0s
 => [4/5] ADD jdk-17.0.8_linux-x64_bin.tar.gz .                            3.9s
 => [5/5] ADD apache-tomcat-10.1.11.tar.gz .                               0.3s
 => exporting to image                                                     1.9s
 => => exporting layers                                                    1.9s
 => => writing image sha256:04d907c1c66be9364a40855eb777d5082691d40292ef1  0.0s
 => => naming to docker.io/library/my-tomcat01   

启动与查看

shell
# -p 8080:8080 内部端口绑定到宿主机端口
# --name tomcat01 命名容器
# -v /root/test/tomcat/logs:/usr/local/apache-tomcat-10.1.11/logs tomcat日志目录指定挂载到本机目录
# -v /root/test/tomcat/webapps:/usr/local/apache-tomcat-10.1.11/webapps tomcat web目录指定挂载到本机目录
[root@hecs-152658 tomcat]# docker run -d -p 8080:8080 --name tomcat01 -v /root/test/tomcat/logs:/usr/local/apache-tomcat-10.1.11/logs -v /root/test/tomcat/webapps:/usr/local/apache-tomcat-10.1.11/webapps my-tomcat01
7f16995683b6f0e6ba2196c9e6f646b3cfbd9c20cfb4bac6396d2e86f8cf4e9e
[root@hecs-152658 tomcat]# ls
apache-tomcat-10.1.11.tar.gz     jdk-8u321-linux-x64.tar.gz  webapps
Dockerfile                       logs
jdk-17.0.8_linux-x64_bin.tar.gz  README.md
[root@hecs-152658 tomcat]# tail -10f logs/catalina.out
30-Jul-2021 08:01:32.816 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/apache-tomcat-10.1.11
30-Jul-2021 08:01:32.816 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/apache-tomcat-10.1.11
30-Jul-2021 08:01:32.818 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/apache-tomcat-10.1.11/temp
30-Jul-2021 08:01:32.819 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib]
30-Jul-2021 08:01:33.151 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
30-Jul-2021 08:01:33.184 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [589] milliseconds
30-Jul-2021 08:01:33.226 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
30-Jul-2021 08:01:33.226 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/10.1.11]
30-Jul-2021 08:01:33.241 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
30-Jul-2021 08:01:33.271 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [86] milliseconds

7.6 镜像发布

7.6.1 DockerHub

1. 在 https://hub.docker.com/ 注册自己的账号
2. 在服务器上登录
3. push 镜像

docker login -u 用户名 -p 密码

登录

shell
[root@hecs-152658 tomcat]# docker login -u 自己的用户名 -p 密码
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

push

shell
# 直接 push 失败，因为这样就直接推送到 library 目录下，这是没有权限的
[root@hecs-152658 tomcat]# docker push my-tomcat01:latest
The push refers to repository [docker.io/library/my-tomcat01]
4b6d7ca1b8fd: Preparing
2ae88d7d3429: Preparing
7feb3ba1ae0d: Preparing
5f70bf18a086: Preparing
74ddd0ec08fa: Preparing
denied: requested access to the resource is denied
# 先对镜像改名，添加上自己的库名，在push
[root@hecs-152658 tomcat]# docker tag my-tomcat01:latest yuihtt/my-tomcat01:1.0 

[root@hecs-152658 tomcat]# docker push yuihtt/my-tomcat01:1.0 
...

直接 push 失败，因为这样就直接推送到 library 目录下，这是没有权限的，需要规范命名 用户名/镜像名

7.6.2 阿里云镜像

• 创建命名空间

• 创建仓库

• 根据操作指南处理

shell
[root@hecs-152658 tomcat]# docker login --username=xxxx registry.cn-hangzhou.aliyuncs.com
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@hecs-152658 tomcat]# docker tag my-tomcat01 registry.cn-hangzhou.aliyuncs.com/yui_dev/dev:1.0
[root@hecs-152658 tomcat]# docker push registry.cn-hangzhou.aliyuncs.com/yui_dev/dev:1.0
The push refers to repository [registry.cn-hangzhou.aliyuncs.com/yui_dev/dev]
4b6d7ca1b8fd: Pushed
2ae88d7d3429: Pushing  5.518MB/318MB
7feb3ba1ae0d: Pushed
5f70bf18a086: Pushed
74ddd0ec08fa: Pushing  9.872MB/231.3MB

7.6.3 华为云

• 创建组织

• 登录

• 修改和推送

根据 step3 操作

shell
[root@hecs-152658 tomcat]# docker tag my-tomcat01:latest swr.cn-south-1.myhuaweicloud.com/yui_htt/my-tomcat01:1.0
[root@hecs-152658 tomcat]# docker push swr.cn-south-1.myhuaweicloud.com/yui_htt/my-tomcat01:1.0
The push refers to repository [swr.cn-south-1.myhuaweicloud.com/yui_htt/my-tomcat01]
4b6d7ca1b8fd: Pushed
2ae88d7d3429: Pushed
7feb3ba1ae0d: Pushed
5f70bf18a086: Pushed
74ddd0ec08fa: Pushed
1.0: digest: sha256:958d6614d75422c5a413219370981d10e2fa45c062d8f994dd10ea1f65869c5d size: 1367
[root@hecs-152658 tomcat]#

*. 总结