用Dockerfile创建ssh,apache和nginx镜像，并优化nginx镜像

[[email protected] opt]# docker ps    # 查看正在运行的容器

[[email protected] opt]# docker rm vm1   # 删除正在使用的容器，不能删除

[[email protected] opt]# docker rm -f vm1      # 必须强制删除
vm1

1.创建apache镜像

[[email protected] opt]# pwd
/opt
[[email protected] opt]# mkdir docker
[[email protected] docker]# cd /var/www/html/images/
[[email protected] images]# docker load -i rhel7.tar 
[[email protected] images]# docker run -it --name rhel7 bash
bash-4.2# yum repolist    # 没有可用的yum源
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
repolist: 0
bash-4.2# cd /etc/yum.repos.d/           
bash-4.2# ls
rhel7.repo
bash-4.2# vi dvd.repo   # 我们自己编写一个yum源
[dvd]
name=rhel7.3
baseurl=http://172.25.254.78/rhel7.3
gpgcheck=0
bash-4.2# yum repolist

[[email protected] images]# cd /opt/docker/
[[email protected] docker]# vim dvd.repo
[dvd]
name=rhel7.3
baseurl=http://172.25.254.78/rhel7.3
gpgcheck=0
[[email protected] docker]# vim Dockerfile 
FROM rhel7    # 指定从哪个镜像构建,如果指定的镜像没有，会自动从互联网上下载
COPY dvd.repo /etc/yum.repos.d  
RUN  yum install -y httpd   # 在容器内运行指令（构建时）
EXPOSE 80        # 暴露端口号
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]     # 指定默认httpd的容器主进程的启动命令

[[email protected] docker]# docker build -t rhel7:v1 .   # 开始构建，有报错

[[email protected] docker]# vim Dockerfile 
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
RUN  rpmdb --rebuilddb && yum install -y httpd
EXPOSE 80
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]

[[email protected] docker]# docker build -t rhel7:v1 .    # 在当前路径下重新构建
[[email protected] docker]# docker run -d --name vm2 rhel7:v1 
e7dc139b3069f2999fef0e4346a14d04c6fde624980e13a878d4168fbe6e4030
[[email protected] docker]# docker ps

[[email protected] docker]# vim index.html
<h1>www.westos.org --apache</h1>
[[email protected] docker]# docker container cp index.html vm2:/var/www/html
[[email protected] docker]# docker inspect vm2    # 查看ip

# 测试，访问到发布目录里的内容就说明搭建成功

[[email protected] docker]# curl 172.17.0.3    
<h1>www.westos.org --apache</h1>

# 申明数据卷

[[email protected] docker]# pwd
/opt/docker
[[email protected] docker]# vim Dockerfile 
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
RUN  rpmdb --rebuilddb && yum install -y httpd
VOLUME ["/var/www/html"]
EXPOSE 80
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]

[[email protected] docker]# docker build -t rhel7:v2 .   # 重新构建，因为刚才构建过一次，所以这次的构建大部分都是从缓存中获得

# 比较v1和v2

[[email protected] docker]# docker history rhel7:v1  
[[email protected] docker]# docker history rhel7:v2

[[email protected] docker]# mkdir webdata
[[email protected] docker]# mv index.html webdata/
[[email protected] docker]# ls
Dockerfile  dvd.repo  webdata
[[email protected] docker]# docker rm -f vm1
vm1
[[email protected] docker]# docker run -d --name vm1 -v /opt/docker/webdata/:/var/www.html rhel7:v2   # 挂载数据卷,-v 物理路经:容器路径
87452d5927a922365ad32abae633b89434ef754c445f6f09400f72920c165b61
[[email protected] docker]# docker inspect vm1

[[email protected] docker]# cd /var/lib/docker/volumes/40f414f8485f9cc59a346ec6fa2a16306906af289fb88e796e0d932db5bb5da7/_data      # 切换到vm1的默认数据目录中，编写默认发布文件
[[email protected] _data]# ls
[[email protected] _data]# cp /opt/docker/webdata/index.html  .
[[email protected] _data]# ls
index.html

# 测试

[[email protected] _data]# curl 172.17.0.2   
<h1>www.westos.org --apache</h1>

2.比较CMD与ENTRYPOINT

(1)比较shell格式和exec格式

[[email protected] test]# cd /var/www/html/images/
[[email protected] images]# ls
busybox.tar  centos.tar  demo.tar  game2048.tar  nginx.tar  rhel7.tar  ubuntu.tar
[[email protected] images]# docker load -i busybox.tar 
[[email protected] images]# cd /opt/docker/
[[email protected] docker]# mkdir test
[[email protected] docker]# cd test/

# 1.用shell格式直接编写
[[email protected] test]# vim Dockerfile
	FROM busybox
	ENV name world
	CMD echo "hello, $name"

[[email protected] test]# docker build -t busybox:v1 .    # 构建容器
[[email protected] test]# docker run --rm busybox:v1   # 运行容器，解析name变量
hello, world

# 2.用exec格式编写

[[email protected] test]# vim Dockerfile
FROM busybox
ENV name world
CMD ["/bin/echo", "hello, $name"]

[[email protected] test]# docker build -t busybox:v2 .
[[email protected] test]# docker run --rm busybox:v2    # 不会解析变量
hello, $name

# 3.exec格式下解析变量
[[email protected] test]# vim Dockerfile 
FROM busybox
ENV name world
CMD ["/bin/sh","-c", "echo hello, $name"]

[[email protected] test]# docker build -t busybox:v3 .
[[email protected] test]# docker run --rm busybox:v3
hello, world

（2）比较CMD和ENTRYPOINT

[[email protected] test]# vim Dockerfile 
FROM busybox
ENTRYPOINT ["/bin/echo", "hello"]
CMD ["world"]

[[email protected] test]# docker build -t busybox:v4 .
[[email protected] test]# docker run --rm busybox:v4
hello world
[[email protected] test]# docker run --rm busybox:v4 westos   # 当shell后面有名称时，直接会覆盖掉CMD的输出内容
hello westos

3.创建ssh镜像

[[email protected] test]# cd ..
[[email protected] docker]# docker rmi rhel7:v2
[[email protected] docker]# docker rm -f vm2
[[email protected] docker]# mkdir ssh
[[email protected] docker]# cp dvd.repo ssh/
[[email protected] docker]# cd ssh/
[[email protected] ssh]# vim Dockerfile

FROM rhel7

EXPOSE 80

COPY dvd.repo /etc/yum.repos.d

RUN rpmdb --rebuilddb && yum install -y openssh-server openssh-clients && yum clean all && ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N “” && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N “” && ssh-keygen -q -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N “” && echo root:redhat | chpasswd

CMD ["/usr/sbin/sshd","-D"]

[[email protected] ssh]# docker build -t rhel7:v2 .
[[email protected] ssh]# docker run -d --name vm2 rhel7:v2
[[email protected] ssh]# docker inspect vm2

[[email protected] ssh]# ssh 172.17.0.3          #  登录成功，说明ssh镜像搭建成功
-bash-4.2# ls                      
anaconda-ks.cfg

4.搭建nginx镜像

[[email protected] ssh]# cd ..
[[email protected] docker]# pwd
/opt/docker
[[email protected] docker]# ls
Dockerfile  dvd.repo  nginx-1.15.6.tar.gz  test  webdata
[[email protected] docker]# vim Dockerfile 
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
RUN  yum install -y gcc pcre-devel zlib-devel make    # 下载依赖包
ADD nginx-1.15.6.tar.gz /mnt         # ADD可以自解压
WORKDIR /mnt/nginx-1.15.6         # WORKDIR，定义，相当于切换路径
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g'  auto/cc/gcc   # 关闭debug日志
RUN ./configure --prefix=/usr/local/nginx    
RUN make
RUN make install
VOLUME ["/usr/local/nginx/html"]     # 数据卷位置
EXPOSE 80     # 暴露端口
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]

[[email protected] docker]# docker build -t rhel7:v3 .
[[email protected] docker]# docker stop vm1
vm1
[[email protected] docker]# docker stop vm2
vm2
[[email protected] docker]# docker run -d --name nginx rhel7:v3
21a77f73c62102a878610bb13322c15ee4d397bdcc49bd8d22aece91456368c3
[[email protected] docker]# docker inspect nginx   # 查看id以及数据目录

[[email protected] docker]# cd /var/lib/docker/volumes/76479ee4c23d36b62f36c85371b7a71d32f7384988b1d56419fb1689a331c4eb/_data    # 进入到数据目录中
[[email protected] _data]# ls
50x.html  index.html
[[email protected] _data]# vim index.html    # 编写默认发布目录
<h1>www.westos.org --nginx</h1>

# 测试

[[email protected] docker]# docker images rhel7

[[email protected] docker]# docker rmi -f rhel7:v1
[[email protected] docker]# docker rmi -f rhel7:v2
[[email protected] docker]# docker images rhel7   # 只保留了nginx镜像

4.优化nginx镜像

（1）尽可能减少层数，清理一下输出

[[email protected] docker]# vim Dockerfile    # 尽可能减少层数，清理一下输出

FROM rhel7

COPY dvd.repo /etc/yum.repos.d

ADD nginx-1.15.6.tar.gz /mnt

WORKDIR /mnt/nginx-1.15.6

RUN yum install -y gcc pcre-devel zlib-devel make && yum clean all && sed -i ‘s/CFLAGS="$ CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g’ auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && rm -fr /mnt/nginx-1.15.6

VOLUME ["/usr/local/nginx/html"]

EXPOSE 80

CMD ["/usr/local/nginx/sbin/nginx","-g",“daemon off;”]

[[email protected] docker]# docker build -t rhel7:v4  .   # 重新构建
[[email protected] docker]# docker images rhel7

（2）继续优化,分阶段构建

[[email protected] docker]# vim Dockerfile

FROM rhel7 as build

COPY dvd.repo /etc/yum.repos.d

ADD nginx-1.15.6.tar.gz /mnt

WORKDIR /mnt/nginx-1.15.6

RUN yum install -y gcc pcre-devel zlib-devel make && yum clean all && sed -i 's/CFLAGS=" $ CFLAGS -g “/ #CFLAGS=”$CFLAGS -g"/g ’ auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && rm -fr /mnt/nginx-1.15.6

FROM rhel7

COPY --from=build /usr/local/nginx /usr/local/nginx

VOLUME ["/usr/local/nginx/html"]

EXPOSE 80

CMD ["/usr/local/nginx/sbin/nginx","-g",“daemon off;”]

[[email protected] docker]# docker build -t rhel7:v5  . 
[[email protected] docker]# docker images rhel7

[[email protected] docker]# cd test/
[[email protected] test]# vim Dockerfile 	  # 从官方nginx库里把nginx全部分离
FROM nginx as base	
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARG Asia/shanghai	              # 修改时区
RUN mkdir -p /opt/var/cache/nginx && \
    cp -a --parents /usr/lib/nginx /opt && \
    cp -a --parents /usr/share/nginx /opt && \
    cp -a --parents /var/log/nginx /opt && \
    cp -aL --parents /var/run /opt && \
    cp -a --parents /etc/nginx /opt && \
    cp -a --parents /etc/passwd /opt && \
    cp -a --parents /etc/group /opt && \
    cp -a --parents /usr/sbin/nginx /opt && \
    cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
    cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
    cp -a --parents /lib/x86_64-linux-gnu/libc.so.* /opt && \
    cp -a --parents /lib/x86_64-linux-gnu/libdl.so.* /opt && \
    cp -a --parents /lib/x86_64-linux-gnu/libpthread.so.* /opt && \
    cp -a --parents /lib/x86_64-linux-gnu/libcrypt.so.* /opt && \
    cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
    cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
    cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime

	FROM gcr.io/distroless/base

	COPY --from=base /opt  /

	EXPOSE 80

	ENTRYPOINT ["nginx", "-g", "daemon off;"]

[[email protected] test]# docker build -t rhel7:v6  .    # 构建失败，原因正在排查中