1、Dockerfile经常使用指令
| 指令 | 含义 |
|---|---|
| FROM 镜像 | 指定新镜像所基于的镜像,第一条指令必须为FROM指令,每建立一个镜像就须要一 条FROM指令。 |
| MAINTAINER 名字 | 说明新镜像的维护人信息 |
| RUN命令 | 在所基于的镜像上执行命令,并提交到新的镜像中 |
| CMD[ “要运行的程序”,”参数1,"参数2 "] | 指令启动容器时要运行的命令或者脚本,Dockerfile只能有一条CMD命令,若是指定多条则只能最后一条被执行 |
| EXPOSE 端口号 | 指定新镜像加载到Docker时要开启的端口 |
| ENV 环境变量 变量值 | 设置一个环境变量的值,会被后面的RUN使用 |
| ADD源文件/目录目标文件/目录 | 将源文件复制到目标文件,源文件要与Dockerfile位于相同目录中,或者是一个URL |
| COPY 源文件/目录 目标文件/目录 | 将本地主机上的文件/目录复制到目标地点,源文件/目录要与Dockerfile在相同的目录中 |
| VOLUME [ “目录" ] | 在容器中建立一个挂载点 |
| USER 用户名/UID | 指定运行容器时的用户 |
| WORKDIR 路径 | 为后续的RUN、CMD、ENTRYPOINT指定工做目录 |
| ONBUILD 命令 | 指定所生成的镜像做为一个基础镜像时所要运行的命令 |
| HEALTHCHECK | 健康检查 |
2、sshd服务搭建
先准备好sshd服务文件夹所须要的各类文件java
[root@localhost ~]# mkdir sshd ####建立文件夹 [root@localhost ~]# cd sshd [root@localhost sshd]# vim Dockerfile ###在此写入命令 FROM centos:7 MAINTAINER The centos project <cloud-centos> RUN yum -y update RUN yum -y install openssh* net-tools lsof telnet passwd RUN echo '123456' | passwd --stdin root RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh EXPOSE 22 CMD ["/usr/sbin/sshd","-D"]
生成镜像和容器
-P表示映射端口随机,通常第一个随机端口映射都是32768
mysql
[root@localhost sshd]# docker build -t sshd:new . [root@localhost sshd]# docker run -d -P sshd:new 2da672497af63a432f06b2ad9c6321b5d016d917f807c64bc3b786659325ace2 [root@localhost sshd]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2da672497af6 sshd:new "/usr/sbin/sshd -D" 36 seconds ago Up 35 seconds 0.0.0.0:32768->22/tcp nervous_thompson
在宿主机上ssh链接测试linux
[root@localhost sshd]# ssh localhost -p 32768 The authenticity of host '[localhost]:32768 ([::1]:32768)' can't be established. RSA key fingerprint is SHA256:20mGqPVwslDf0X5SSg/TPIzvlJBOI5uIQNIZmO17IE0. RSA key fingerprint is MD5:16:90:d5:a0:92:e2:74:ec:36:9a:31:83:da:85:3e:59. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:32768' (RSA) to the list of known hosts. root@localhost's password: Permission denied, please try again. root@localhost's password: [root@2da672497af6 ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet) RX packets 55 bytes 6776 (6.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 33 bytes 5351 (5.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3、systemctl服务搭建
systemctl文件夹准备nginx
[root@localhost ~]# mkdir systemctl [root@localhost ~]# cd systemctl/ [root@localhost systemctl]# vim Dockerfile FROM sshd:new ENV container docker RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *;do [ $i == \ systemd-tmpfiles-setup.service ] || rm -f $i;done); \ rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /etc/systemd/system/*.wants/*; \ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*; \ rm -f /lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"]
生成镜像,不降权生成容器c++
[root@localhost systemctl]# docker build -t systemd:new . //privileged container内的root拥有真正的root权限。不然,container内的root只是外部的一个普通用户权限。 [root@localhost systemctl]#docker run --privileged -it -v /sys/fs/cgroup:/sys/fs/cgroup:ro systemd:new /sbin/init & //docker run中有“/sbin/init”会覆盖CMD中的这个指令,因此这个不写也行 [root@localhost system]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED a7a6eec323db systemd:new "/usr/sbin/init" 6 minutes ago 1f5770fd8d4a e3a9ae84ac4d "/bin/sh -c '(cd /l…" 16 minutes ago 2da672497af6 sshd:new "/usr/sbin/sshd -D" About an hour ag be0fdd9831fe httpd:centos "/run.sh" 15 hours ago 19ed00c77db9 centos:7 "/bin/bash" 16 hours ago fd562f234cca nginx:latest "/docker-entrypoint.…" 16 hours ago
进入容器测试sql
[root@localhost system]# docker exec -it a7a6eec323db bash [root@a7a6eec323db /]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:sshd(8) man:sshd_config(5) [root@a7a6eec323db /]# systemctl start sshd [root@a7a6eec323db /]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled) Active: active (running) since Tue 2020-11-10 07:50:48 UTC; 7s ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 90 (sshd) CGroup: /docker/a7a6eec323dbbee5786a7d927b85dc5651fd93dfec65e2cc474ad74a265ee0a2/system.slice/sshd.service └─90 /usr/sbin/sshd -D Nov 10 07:50:48 a7a6eec323db systemd[1]: Starting OpenSSH server daemon... Nov 10 07:50:48 a7a6eec323db sshd[90]: WARNING: 'UsePAM no' is not supporte...s. Nov 10 07:50:48 a7a6eec323db sshd[90]: Server listening on 0.0.0.0 port 22. Nov 10 07:50:48 a7a6eec323db sshd[90]: Server listening on :: port 22. Nov 10 07:50:48 a7a6eec323db systemd[1]: Started OpenSSH server daemon. Hint: Some lines were ellipsized, use -l to show in full.
4、nginx服务搭建
准备nginx文件夹内容docker
[root@localhost ~]# mkdir nginx [root@localhost ~]# cd nginx/ [root@localhost nginx]# vim Dockerfile FROM centos:7 MAINTAINER this is nigix image <yang> RUN yum -y update RUN yum -y install gcc gcc-c++ make pcre-devel zlib-devel RUN useradd -M -s /sbin/nologin nginx ADD nginx-1.15.9.tar.gz /usr/local/src ###ADD 在把宿主机上的压缩包复制到容器当中的同时,进行了解压缩 WORKDIR /usr/local/src WORKDIR nginx-1.15.9 RUN ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_stub_status_module && make && make install ENV PATH /usr/local/nginx/sbin:$PATH EXPOSE 80 EXPOSE 443 RUN echo "daemon off;">>/usr/local/nginx/conf/nginx.conf ADD run.sh /run.sh RUN chmod 755 /run.sh CMD ["/run.sh"] [root@localhost nginx]# vim run.sh #!/bin/bash /usr/local/nginx/sbin/nginx
生成镜像,产生容器,端口随机,这里产生的是32770数据库
docker build -t nginx:new . docker run -d -P nginx:new [root@localhost nginx]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2984555bb816 nginx:new "/run.sh" 10 seconds ago Up 9 seconds 0.0.0.0:32770->80/tcp, 0.0.0.0:32769->443/tcp zen_leavitt
测试
apache
5、tomat服务搭建
准备tomcat文件夹vim
#######################tomcat########################## [root@localhost ~]# mkdir tomcat [root@localhost ~]# cd tomcat/ [root@localhost nginx]# vim Dockerfile FROM centos:7 MAINTAINER this is a tomcat image <yang> ADD jdk-8u144-linux-x64.tar.gz /usr/local/ WORKDIR /usr/local/ RUN mv jdk1.8.0_144 /usr/local/java ENV JAVA_BIN /usr/local/java/bin ENV JAVA_HOME /usr/local/java ENV JRE_HOME /usr/local/java/jre ENV CLASSPATH $JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar ENV PATH $JAVA_HOME/bin:$PATH ADD apache-tomcat-8.5.23.tar.gz /usr/local/ RUN mv /usr/local/apache-tomcat-8.5.23 /usr/local/tomcat EXPOSE 8080 ENTRYPOINT ["/usr/local/tomcat/bin/catalina.sh","run"]
生成镜像,产生容器指定端口1216
[root@localhost tomcat]#docker build -t tomcat:centos . [root@localhost tomcat]# docker run -d --name tomcat -p 1216:8080 tomcat:centos 05d268df642182457a64b4596644b0aff240232dd3a107c9aa711c9e7c877a4e [root@localhost tomcat]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 05d268df6421 tomcat:centos "/usr/local/tomcat/b…" 12 seconds ago Up 11 seconds 0.0.0.0:1216->8080/tcp tomcat 2984555bb816 nginx:new "/run.sh" 4 hours ago Up 4 hours 0.0.0.0:32770->80/tcp, 0.0.0.0:32769->443/tcp zen_leavitt a7a6eec323db systemd:new "/usr/sbin/init" 5 hours ago Up 4 hours 22/tcp practical_shannon 2da672497af6 sshd:new "/usr/sbin/sshd -D" 6 hours ago Up 6 hours 0.0.0.0:32768->22/tcp nervous_tho
测试
6、mysql服务搭建
建立MySQL文件夹,准备Dockerfile文件
mkdir mysql cd mysql vim Dockerfile FROM centos:7 MAINTAINER this is a mysql image <yang> EXPOSE 3306 RUN yum -y update RUN yum -y install \ gcc \ gcc-c++ \ make \ ncurses \ ncurses-devel \ bison \ cmake RUN useradd -s /sbin/nologin mysql ADD mysql-boost-5.7.20.tar.gz /opt WORKDIR /opt/mysql-5.7.20/ RUN cmake \ -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \ -DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \ -DSYSCONFDIR=/etc \ -DSYSTEMD_PID_DIR=/usr/local/mysql \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \ -DMYSQL_DATADIR=/usr/local/mysql/data \ -DWITH_BOOST=boost \ -DWITH_SYSTEMD=1 RUN make -j3 && make install RUN chown -R mysql:mysql /usr/local/mysql/ RUN rm -rf /etc/my.cnf ADD my.cnf /etc RUN chown mysql:mysql /etc/my.cnf ENV PATH /usr/local/mysql/bin:/usr/local/mysql/lib:$PATH WORKDIR /usr/local/mysql/ RUN bin/mysqld \ --initialize-insecure \ --user=mysql \ --basedir=/usr/local/mysql \ --datadir=/usr/local/mysql/data RUN cp usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/ ADD run.sh /opt/run.sh RUN chmod 755 /run.sh RUN sh /run.sh CMD ["init"]
准备my.cnf文件
vim my.cnf [client] port = 3306 default-character-set=utf8 socket = /usr/local/mysql/mysql.sock [mysql] port = 3306 default-character-set=utf8 socket = /usr/local/mysql/mysql.sock [mysqld] user = mysql basedir = /usr/local/mysql datadir = /usr/local/mysql/data port = 3306 character_set_server=utf8 pid-file = /usr/local/mysql/mysqld.pid socket = /usr/local/mysql/mysql.sock server-id = 1 sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
准备run.sh文件
vim run.sh #!/bin/bash systemctl enable mysqld
创建镜像,生成容器,随机端口32775
[root@localhost mysql]#docker build -t mysql:test . Successfully tagged mysql:new2 [root@localhost mysql]# docker run -d -P --privileged mysql:new2 94bd8ed7f0ff6131406c0f2b3f68b32dc03a927f95ef0c22e216ee4a3131f013 [root@localhost mysql]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 94bd8ed7f0ff mysql:new2 "init" 5 seconds ago Up 5 seconds 0.0.0.0:32775->3306/tcp dazzling_robinson
进入容器,进入数据库,初次进入直接回车,不须要密码
[root@localhost mysql]# docker exec -it 94bd8ed7f0ff /bin/bash [root@94bd8ed7f0ff mysql]# mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.7.20 Source distribution Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. 给本地和远程链接受权 mysql>grant all privileges on *.* to 'root'@'%' identified by 'abc123'; mysql>grant all privileges on *.* to 'root'@'localhost' identified by 'abc123'; mysql>flush privileges;
测试
另外一台虚拟机 [root@localhost ~]# yum -y install mariadb [root@localhost ~]# mysql -h 20.0.0.22 -P 32775 -uroot -p Enter password: 这里是刚刚受权设置的密码 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 5 Server version: 5.7.20 Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]> MySQL [(none)]> create database info; ###在这里建立数据库 Query OK, 1 row affected (0.00 sec) 在容器里看,有info mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | info | | mysql | | performance_schema | | sys | +--------------------+ 5 rows in set (0.00 sec)