本文共 7479 字,大约阅读时间需要 24 分钟。
在之前博客中编写了一个简单的apache镜像。
注意:ADD命令还有解压的意义指令 | 含义 |
---|---|
FROM镜像 | 指定新镜像所基于的镜像,第一条指令必须为FROM指令,每创建一个镜像就需要一条FROM指令 |
MAINTAINER 名字 | 说明新镜像的维护人信息 |
CMD[“要运行的程序”,“参数1”,“参数2 ”] | 指令启动容器时要运行的命令或者脚本,Dockerfile只能由一条CMD命令,如果指定多条则只能最后一条被执行 |
EXPOSE 端口号 | 指定新镜像加载到Docker时要开启的端口 |
ENV 环境变量 变量值 | 设置一个环境变量的值,会被后面的RUN使用 |
ADD 源文件/目录 目标文件/目录 | 将源文件复制到目标文件,源文件要与Dockerfile位于相同目录中,或者是一个URL |
COPY 源文件/目录 目标文件/目录 | 将本地主机上的文件/目录复制到目标地点,源文件/目录要与Dockerfile在相同的目录中 |
RUN命令 | 在所基于的镜像上执行命令,并提交到新的镜像中 |
VOLUME ["目录 "] | 在容器中创建一个挂载点 |
USER 命令/UID | 指定运行容器时的用户 |
WORKDIR 路径 | 为后续的RUN、CMD、ENTRYPOINT指定工作目录 |
ONBUILD 命令 | 指定所生成的镜像作为一个基础镜像时所要运行的命令 |
HEALTHCHECK | 健康检查 |
用docker exec 命令登录容器是不需要密码,存在一定的危险性。为了提高安全性,构建ssh密钥服务镜像,来新建一个容器。
mkdir sshdcd sshd/
构建镜像ssh
vi Dockerfile FROM centos:7MAINTAINER this is ssh#更新容器的yum源RUN yum -y update#安装ssh和其他服务软件包RUN yum install -y openssh* net-tools lsof telnet passwd#修改root用户密码RUN echo "123456" | passwd --stdin root#设置不使用ssh服务端的pam模块RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config#创建非对称秘钥RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key#关闭pam.d机制里的ssh会话模块RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^ /#/' /etc/pam.d/sshd#创建ssh工作目录并放通权限RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh#开通端口EXPOSE 22#开启sshd服务,容器的centos7镜像里没有systemctl命令,故不能用服务的方式启动CMD ["/usr/sbin/sshd","-D"]
docker build -t sshd:new . #(.)当前目录
docker run -d -P sshd:new # -P指随机分配一个端口映射
docker ps -a #查看端口ssh localhost -p 32768 #可以通过ssh端口登录容器,提高安全性。
容器的 centos7镜像里没有systemctl命令,故不能使用此命令管理服务。
mkdir /systemctlcd /systemctl
vi Dockerfile #基于ssh服务搭建systemctl服务FROM sshd:new#基于容器 ENV container dockerRUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i== \systemd-tmpfiles-setup.service ] || rm -f $i; done); \rm- f /lib/systemd/system/multi-user.target.wants/*; \rm -f /etc/systemd/system/*.wants/*; \rm -f /lib/systemd/system/local-fs.target.wants/*; \rm -f /lib/systemd/system/sockets.target.wants/*udev*; \rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \rm -f /lib/systemd/system/basic.target.wants/*; \rm -f /lib/systemd/system/anaconda.target.wants/*;VOLUME ["/sys/fs/cgroup"]CMD ["/usr/sbin/init"]
登录测试,systemctl命令可以tab补齐并使用。
mkdir nginxcd nginx/#注意:必须拷贝nginx-1.12.0源码包到nginx/中,不能缺少。
FROM centos:7MAINTAINER this is nginxRUN yum -y updateRUN yum -y install gcc gcc-c++ make pcre-devel zlib-develRUN useradd -M -s /sbin/nologin nginxADD nginx-1.12.2.tar.gz /usr/local/srcWORKDIR /usr/local/src/nginx-1.12.2RUN ./configure \--prefix=/usr/local/nginx \--user=nginx \--group=nginx \--with-http_stub_status_module && make && make installENV PATH /usr/local/nginx/sbin:$PATHEXPOSE 80EXPOSE 443RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.confADD run.sh /run.shRUN chmod 755 /run.shCMD ["/run.sh/"]
vi run.sh#!/bin/bash/usr/local/nginx/sbin/nginx
docker build -t nginx:new .docker run -d -P nginx:new
docker ps -a #查看容器随机指定的端口
访问http://192.168.158.10:32769/
mkdir tomcatcd tomcat#将jdk-8u91-linux-x64.tar.gz、apache-tomcat-9.0.16.tar.gz放在目录里
FROM centos:7MAINTAINER this is tomcat#解压java到目录/usr/local下,搭建tomcat的环境ADD jdk-8u91-linux-x64.tar.gz /usr/local/WORKDIR /usr/local/RUN mv jdk1.8.0_91 java#设置环境变量ENV JAVA_HOME /usr/local/javaENV JRE_HOME /usr/local/java/jreENV CLASSPATH /usr/local/java/lib:/usr/local/java/jre/libENV PATH /usr/local/java/bin:$PATH#解压安装tomcat包ADD apache-tomcat-8.5.16.tar.gz /usr/local/#进入目录/usr/local/WORKDIR /usr/local/#重命名方便管理RUN mv apache-tomcat-8.5.16 /usr/local/tomcat9#放通tomcat服务的8080端口EXPOSE 8080#在这里我用的是catalina.sh文件启动,startup.sh文件也可以。ENTRYPOINT ["/usr/local/tomcat9/bin/catalina.sh","run"]
docker build -t tomcat.new .docker run -d -P tomcat.new
查看端口号,打开浏览器测试
mkdir mysql && cd mysql
FROM centos:7RUN yum -y install ncurses ncurses-devel bison cmake make gcc gcc-c++RUN useradd -s /sbin/nologin mysqlADD mysql-boost-5.7.20.tar.gz /usr/local/srcWORKDIR /usr/local/src/mysql-5.7.20RUN cmake \-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \-DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \-DSYSCONFDIR=/etc \-DSYSTEMD_PID_DIR=/usr/local/mysql \-DDEFAULT_CHARSET=utf8 \-DDEFAULT_COLLATION=utf8_general_ci \-DWITH_INNOBASE_STORAGE_ENGINE=1 \-DWITH_ARCHIVE_STORAGE_ENGINE=1 \-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \-DMYSQL_DATADIR=/usr/local/mysql/data \-DWITH_BOOST=boost \-DWITH_SYSTEMD=1 && make -j4 && make installRUN chown -R mysql:mysql /usr/local/mysql/RUN rm -rf /etc/my.cnfADD my.cnf /etcRUN chown mysql:mysql /etc/my.cnfENV PATH=/usr/local/mysql/bin:/usr/local/mysql/lib:$PATHWORKDIR /usr/local/mysql/RUN bin/mysqld \--initialize-insecure \--user=mysql \--basedir=/usr/local/mysql \--datadir=/usr/local/mysql/dataRUN cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/EXPOSE 3306RUN echo -e "#!/bin/sh \nsystemctl enable mysqld" > /run.shRUN chmod 755 /run.shRUN sh /run.shCMD ["init"]
修改my.cnf
[client]port = 3306default-character-set=utf8socket = /usr/local/mysql/mysql.sock[mysql]port = 3306default-character-set=utf8socket = /usr/local/mysql/mysql.sock[mysqld]user = mysqlbasedir = /usr/local/mysdatadir = /usr/local/mysql/dataport = 3306character_set_server=utf8pid-file = /usr/local/mysql/mysqld.pidsocket = /usr/local/mysql/mysql.sockserver-id = 1sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
docker build -t mysql:centos . #.点不能忘记
[root@server1 ~]# docker ps -aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESd9f993051481 mysql:centos "init" 38 minutes ago Up 38 minutes 0.0.0.0:32769->3306/tcp mysql_serverdocker exec -it d9f993051481(id) /bin/bash
docker run --name=mysql_server -d -P --privileged mysql:centos #进入容器不降权
mysqlgrant all privileges on *.* to 'root'@'%' identified by 'abc123';grant all privileges on *.* to 'root'@'localhost' identified by 'abc123';
yum -y install mariadbmysql -h 192.168.158.10 -u root -P 32769 -pabc123
验证
真机中MySQL [(none)]> create database tom;Query OK, 1 row affected (0.00 sec)MySQL [(none)]> show databases;+--------------------+| Database |+--------------------+| information_schema || mysql || performance_schema || sys || tom |+--------------------+5 rows in set (0.01 sec)
[root@server1 ~]# docker exec -it d9f993051481 /bin/bash[root@d9f993051481 ~]# mysql -u root -pEnter password: Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 11Server version: 5.7.20 Source distributionCopyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;+--------------------+| Database |+--------------------+| information_schema || mysql || performance_schema || sys || tom |+--------------------+5 rows in set (0.00 sec)
转载地址:http://tfdaf.baihongyu.com/