1,dockerfile定义
使用dockerfile主要是用于构建docker镜像文件信息,相当于一个脚本,通过dockerfile自己的指令,来构建软件依赖,文件依赖,存储等等情况。
2,dockerfile使用
在docker中创建镜像可以分为两个方法,这两个具体可以总结为如下:
1、手动修改容器内容,然后docker commit提交容器为新的镜像文件
2、通过在dockerfile中定义一系列的命令和参数构成的脚本,然后这些命令应用于基础镜像,依次添加层,最终生成一个新的镜像,这样就极大的简化了部署的工作。
3,Dockerfile组成部分
Dockerfile的主要组成部分可以汇总为:
1、基础镜像信息
2、制作镜像操作指令RUM
3、容器启动时执行指令CMD[“/bin/bash”]
4,Dockerfile基本指令
Docker的指令主要可以汇总为如下,使用Dockerfile的前提是学习会这些指令的基本使用,具体如下: 1、FROM #指定基础镜像 2、MAINTAINER #指定维护者信息,也可以没有 3、RUN #具体执行的操作,在命令前面加上RUN即可 4、ADD #COPY文件,会自动进行解压 5、WORKDIR #设置当前工作目录 6、VOLUME #设置卷,挂载主机目录 7、EXPOSE #指定对外的端口 8、CMD #指定容器启动后需要干的事情 9、COPY #复制文件 10、ENV #环境变量 11、ENIRYPOINT #容器启动后执行的命令
5,构建httpd服务镜像
[root@localhost ~]# cd /opt/
[root@localhost opt]# mkdir sshd ##创建目录
[root@localhost opt]# cd sshd/
[root@localhost sshd]# vim Dockerfile ##编写dockerfile文件
#sshd服务的镜像构建——基于Dockerfile
#首先先下载基础镜像centos,创建对应的工作目录
#开始编写nginx的Dockerfile
#第一步:基础镜像
FROM centos:7
#第二步:维护者信息
MAINTAINER zjz
#第三步:指令集
RUN yum -y update
RUN yum -y install openssh* net-tools lsof telnet passwd
RUN echo '123123' | passwd --stdin root
#不以PAM认证登录而是以密钥对登录(非对称密钥),即禁用ssh的PAM认证
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
#禁用ssh中PAM会话模块
RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd
#创建ssh工作目录和权限设置
RUN mkdir -p /root/.ssh && chown root:root /root && chmod 700 /root/.ssh
#开放22端口
EXPOSE 22
#第四步:启动容器时执行指令
CMD ["/usr/sbin/sshd","-D"]
构建镜像和运行容器
[root@localhost sshd]# docker run -d -P sshd:new
6005aaad0e99897e11672e081101a43aee169c06acba08a48b1353317d9504eb
[root@localhost sshd]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6005aaad0e99 sshd:new "/usr/sbin/sshd -D" 7 seconds ago Up 6 seconds 0.0.0.0:32768->22/tcp pensive_poincare
测试
[root@localhost sshd]# ssh 192.168.10.52 -p 32768
The authenticity of host '[192.168.10.52]:32768 ([192.168.10.52]:32768)' can't be established.
RSA key fingerprint is c5:95:5d:0a:ce:b3:d8:cc:43:f7:b6:32:89:12:28:21.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.10.52]:32768' (RSA) to the list of known hosts.
root@192.168.10.52's password:
Permission denied, please try again.
root@192.168.10.52's password:
[root@6005aaad0e99 ~]# exit
logout
Connection to 192.168.10.52 closed.
此时我们登录该容器(ssh或者docker exec命令)查看sshd服务的状态(但是systemctl无法使用)
[root@6005aaad0e99 ~]# systemctl status sshd
Failed to get D-Bus connection: Operation not permitted
一则我们可以使用下面的命令使用该命令,二则我们可以基于上面构建的镜像作为基础镜像构建systemctl的镜像来测试验证。
[root@localhost sshd]# docker run --privileged -itd -P sshd:new /usr/sbin/init
bf552af2fb6b7d512bc44c32262a5dcce092e26bb7bec8e73c866a5c5a755d83
[root@localhost sshd]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bf552af2fb6b sshd:new "/usr/sbin/init" 6 seconds ago Up 6 seconds 0.0.0.0:32770->22/tcp adoring_bose
bb24b2efd442 systemctl:new "/usr/sbin/init" 13 minutes ago Up 13 minutes 22/tcp sleepy_curie
0467d8d2d590 httpd:new "/run.sh" 27 minutes ago Up 27 minutes 0.0.0.0:32769->80/tcp test
6005aaad0e99 sshd:new "/usr/sbin/sshd -D" About an hour ago Up About an hour 0.0.0.0:32768->22/tcp pensive_poincare
[root@localhost sshd]# ssh 192.168.10.52 -p 32770
The authenticity of host '[192.168.10.52]:32770 ([192.168.10.52]:32770)' can't be established.
ECDSA key fingerprint is e7:5b:57:32:ea:12:db:90:c5:da:d5:3d:95:ff:48:ab.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.10.52]:32770' (ECDSA) to the list of known hosts.
root@192.168.10.52's password:
[root@bf552af2fb6b ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-07-28 02:55:53 UTC; 48s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 75 (sshd)
CGroup: /docker/bf552af2fb6b7d512bc44c32262a5dcce092e26bb7bec8e73c866a5c5a755d83/system.slice/sshd.service
├─ 75 /usr/sbin/sshd -D
├─ 85 sshd: root@pts/1
├─ 89 -bash
└─102 systemctl status sshd
‣ 75 /usr/sbin/sshd -D
Jul 28 02:55:53 bf552af2fb6b systemd[1]: Starting OpenSSH server daemon...
Jul 28 02:55:53 bf552af2fb6b sshd[75]: Server listening on 0.0.0.0 port 22.
Jul 28 02:55:53 bf552af2fb6b sshd[75]: WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and ...lems.
Jul 28 02:55:53 bf552af2fb6b sshd[75]: Server listening on :: port 22.
Jul 28 02:55:53 bf552af2fb6b systemd[1]: Started OpenSSH server daemon.
Jul 28 02:56:23 bf552af2fb6b sshd[85]: WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and ...lems.
Jul 28 02:56:27 bf552af2fb6b sshd[85]: Failed password for root from 192.168.10.52 port 35474 ssh2
Jul 28 02:56:29 bf552af2fb6b sshd[85]: Failed password for root from 192.168.10.52 port 35474 ssh2
Jul 28 02:56:31 bf552af2fb6b sshd[85]: Accepted password for root from 192.168.10.52 port 35474 ssh2
Hint: Some lines were ellipsized, use -l to show in full.
构建和使用镜像(创建运行容器)
[root@localhost apache]# docker build -t httpd:new .基于构建的镜像创建并运行容器,给容器取名为test
[root@localhost apache]# docker run --name test -d -P httpd:new 6, 扫雷实例 站点部署
1、所需软件包和环境
Centos-7.repo epel-7.repo saolei.zip
server1:部署docker扫雷案例
server2:部署apache,将saolei.zip软件包上传上去
[root@130 ~]# dnf -y install httpd
[root@130 ~]# cd /var/www/html/
[root@130 html]# ls
[root@130 html]# dnf -y install lrzsz
[root@130 html]# rz -E
rz waiting to receive.
[root@130 html]# ls
saolei.zip
[root@130 html]# systemctl start httpd
[root@130 html]# systemctl stop firewalld.service
[root@130 html]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@130 html]# vim /etc/selinux/config
SELINUX= disabled
2、编辑Dockerfile,使用基础镜像centos:7
[root@133 ~]# vim Dockerfile
FROM centos:7
MAINTAINER jay@example.com
ADD Centos-7.repo /etc/yum.repos.d/
ADD epel-7.repo /etc/yum.repos.d/
RUN yum -y install tomcat unzip curl
WORKDIR /var/lib/tomcat/webapps/
RUN curl -O http://192.168.78.130/saolei.zip && \
unzip saolei.zip && \
mv saolei ROOT
ADD jay.sh /jay.sh
EXPOSE 8080
CMD ["/bin/bash","/jay.sh"]
[root@133 ~]# vim jay.sh
#!/bin/bash
/usr/libexec/tomcat/server start
3、构建镜像saolei:v1
[root@130 ~]# docker build -t saolei:v1 .
Step 1/10 : FROM centos:7
---> ecb9ed3f35bd
Step 2/10 : MAINTAINER haha@example.com
---> Using cache
---> esf51681ce2d
Step 3/10 : ADD Centos-7.repo /etc/yum.repos.d/
---> Using cache
---> 05ce78dga763
Step 4/10 : ADD epel-7.repo /etc/yum.repos.d/
---> Using cache
---> 152d3df57361
Step 5/10 : RUN yum -y install tomcat unzip curl
---> Using cache
---> 46cde6926f67
Step 6/10 : WORKDIR /var/lib/tomcat/webapps/
---> Using cache
---> 03593fgcd50f
Step 7/10 : RUN curl -O http://192.168.40.100/saolei.zip && unzip saolei.zip && mv saolei ROOT
---> Using cache
---> cf53960e2c0d
Step 8/10 : ADD haha.sh /haha.sh
---> ea0e79356fd9
Step 9/10 : EXPOSE 8080
---> Running in 3418e48ecf01
Removing intermediate container 5762e22fff09
---> 135f98468e3d
Step 10/10 : CMD ["/bin/bash","/haha.sh"]
---> Running in 4c2917273d9e
Removing intermediate container 4c8838135c2e
---> 2df364de9d45
Successfully built de5134cd9e63
Successfully tagged saolei:v1
4、运行容器,指定映射端口8081:8080,容器名为自己名字的全拼
[root@130 ~]# docker run -d --name yijunqi -p 8081:8080 saolei:v1
f2a976f932ec6fe48978c1cdde2c8217a497b1f080c80e49049e02757302cf74
[root@130 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f2a976f932ec saolei:v1 "/bin/bash /jay.sh" 10 seconds ago Up 8 seconds 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp yijunqi
7、使用浏览器访问http://自己docker服务器的ip/saolei.jsp,能够实现扫雷游戏的使用
No Comments