一. BusyBox工具箱
Linux系統(tǒng)的瑞士軍刀呈队,集成了100多個常用的軟件工具箱,但大小卻只有幾兆唱歧,十分精巧宪摧。
首先,下載 BusyBox 鏡像:
[root@localhost ~]# docker pull 192.168.255.128:5000/busybox
Using default tag: latest
latest: Pulling from busybox
e2334dd9fee4: Pull complete
Digest: sha256:a2490cec4484ee6c1068ba3a05f89934010c85242f736280b35343483b2264b6
Status: Downloaded newer image for 192.168.255.128:5000/busybox:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.255.128:5000/busybox latest be5888e67be6 7 days ago 1.22MB
此處小編還是從自己配的私服上下載的颅崩,當(dāng)然也可以使用阿里云鏡像加速器或者DaoCloud鏡像市場下載几于。下載完成后,啟動 busybox 容器沿后,進(jìn)入 busybox 容器終端 /bin/ash沿彭,可以發(fā)現(xiàn) busybox 集成了很多 linux 命令。
[root@localhost ~]# docker run -itd --name busybox 192.168.255.128:5000/busybox
f8a44c4c3b31a545bd5a9e66a5209a13d74ff147cf017d4bafc0ada742ba842f
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f8a44c4c3b31 192.168.255.128:5000/busybox "sh" 5 seconds ago Up 4 seconds busybox
[root@localhost ~]# docker exec -it busybox /bin/ash
/ # pwd
/
/ # ls | grep a
var
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
...
/ # mount --help
BusyBox v1.31.1 (2020-04-14 01:09:51 UTC) multi-call binary.
Usage: mount [OPTIONS] [-o OPT] DEVICE NODE
Mount a filesystem. Filesystem autodetection requires /proc.
-a Mount all filesystems in fstab
-f Dry run
...
ro Same as -r
There are filesystem-specific -o flags.
/ # exit
[root@localhost ~]#
二. Tomcat 應(yīng)用服務(wù)器
關(guān)于 tomcat 鏡像的下載此處不再贅述尖滚,注意啟動Tomcat容器時膝蜈,進(jìn)行端口的映射锅移,并掛載宿主機(jī)上的目錄到容器中tomcat的 webapps 目錄。
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.255.128:5000/tomcat latest 31a47677561a 5 days ago 529MB
192.168.255.128:5000/busybox latest be5888e67be6 7 days ago 1.22MB
[root@localhost ~]# docker run -itd --name tomcat -p 8080:8080 -v /opt/docker/tomcat/webapps:/usr/local/tomcat/webapps 192.168.255.128:5000/tomcat
697193985a92166ec45c6fff6dbf141f866e41e80c05410c8bb3ae98bd0c5579
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
697193985a92 192.168.255.128:5000/tomcat "catalina.sh run" 4 seconds ago Up 3 seconds 0.0.0.0:8080->8080/tcp tomcat
f8a44c4c3b31 192.168.255.128:5000/busybox "sh" 9 minutes ago Up 9 minutes busybox
[root@localhost ~]# cd /opt/docker/tomcat/webapps/
[root@localhost webapps]# mkdir abc
[root@localhost webapps]# cd abc
[root@localhost abc]# touch index.html
[root@localhost abc]# vim index.html
[root@localhost abc]# cat index.html
<h1>Hello, Docker!</P>
注:-p 8080:8080 -> 將主機(jī)的8080端口映射到容器的8080端口饱搏;-v /opt/docker/tomcat/webapps:/usr/local/tomcat/webapps -> 掛載主機(jī)上的目錄到webapps非剃。
在瀏覽器地址欄中輸入 http://192.168.255.128:8080/abc/index.html 訪問結(jié)果如下:
三. Mysql 數(shù)據(jù)庫服務(wù)器
首先創(chuàng)建一個臨時的 mysql 鏡像,以便在掛載數(shù)據(jù)卷之前確認(rèn)好相關(guān)的文件路徑推沸,必要時還可以將相關(guān)文件拷貝下來备绽,以便在宿主機(jī)上使用:
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest df5748206578 2 days ago 98.3MB
mongo latest 4e9495ea1bc6 2 days ago 388MB
mysql latest 9b51d9275906 7 weeks ago 547MB
registry latest 708bc6af7e5e 3 months ago 25.7MB
scrapinghub/splash latest 241c7dde86d9 14 months ago 1.22GB
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@localhost ~]# docker run -itd --rm -e MYSQL_ROOT_PASSWORD=root123 mysql
f4a6c895c3dc61076a3530184b16b741a3a362605c775f7d8a57e7336189843b
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f4a6c895c3dc mysql "docker-entrypoint..." 5 seconds ago Up 4 seconds 3306/tcp, 33060/tcp condescending_leavitt
[root@localhost ~]# docker exec -it f4 /bin/bash
root@f4a6c895c3dc:/# cd /var/lib/mysql/
root@f4a6c895c3dc:/var/lib/mysql# ls
'#innodb_temp' binlog.000002 ca.pem f4a6c895c3dc.err ib_logfile1 mysql private_key.pem server-key.pem undo_002
auto.cnf binlog.index client-cert.pem ib_buffer_pool ibdata1 mysql.ibd public_key.pem sys
binlog.000001 ca-key.pem client-key.pem ib_logfile0 ibtmp1 performance_schema server-cert.pem undo_001
root@f4a6c895c3dc:/var/lib/mysql# cd /etc/mysql/conf.d/
root@f4a6c895c3dc:/etc/mysql/conf.d# ls
docker.cnf mysql.cnf
root@f4a6c895c3dc:/etc/mysql/conf.d# exit
exit
[root@localhost ~]# docker cp f4a6c895c3dc:/etc/mysql/conf.d/mysql.cnf /opt/docker/mysql/mysql.cnf
[root@localhost docker]# ls mysql/
mysql.cnf
注:docker run 添加 --rm 參數(shù)后,可以創(chuàng)建并運行一個臨時的容器鬓催,當(dāng)容器停止后肺素,會自動將容器刪除。
下面宇驾,我們修改宿主機(jī)上的 /opt/docker/mysql/mysql.cnf 配置文件倍靡,修改 mysql 默認(rèn)的字符集為utf,在修改之前课舍,我們不妨先查看下 mysql 的默認(rèn)字符集:
[root@localhost docker]# docker exec -it mysql /bin/bash
root@a2991f6f5ea2:/# mysql -uroot -proot123
...
Server version: 8.0.19 MySQL Community Server - GPL
...
mysql> show variables like 'char%'
-> ;
+--------------------------+--------------------------------+
| Variable_name | Value |
+--------------------------+--------------------------------+
| character_set_client | latin1 |
| character_set_connection | latin1 |
| character_set_database | utf8mb4 |
| character_set_filesystem | binary |
| character_set_results | latin1 |
| character_set_server | utf8mb4 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql-8.0/charsets/ |
+--------------------------+--------------------------------+
8 rows in set (0.00 sec)
備注:要在 Mysql 中保存 4 字節(jié)長度的 UTF-8 字符塌西,需要使用 utf8mb4 字符集,但只有 5.5.3 版本以后的才支持筝尾。低版本的MySQL支持的utf8編碼捡需,最大字符長度為 3 字節(jié),如果遇到 4 字節(jié)的字符就會出現(xiàn)錯誤了筹淫。三個字節(jié)的 UTF-8 最大能編碼的 Unicode 字符是 0xFFFF站辉,也就是 Unicode 中的基本多文平面(BMP)。任何不在基本多文平面的 Unicode字符损姜,都無法使用MySQL原有的 utf8 字符集存儲饰剥。這些不在BMP中的字符包括哪些呢?最常見的就是Emoji 表情(Emoji 是一種特殊的 Unicode 編碼摧阅,常見于 ios 和 android 手機(jī)上)汰蓉,和一些不常用的漢字,以及任何新增的 Unicode 字符等等逸尖。如果實際用途上來看,可以給要用到emoji的庫或者說表,設(shè)置utf8mb4古沥。比如評論要支持emoji可以用到。
打開我們拷貝到宿主機(jī) /opt/docker/mysql/mysql.cnf 的文件娇跟,添加如下內(nèi)容:
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8
[mysqld]
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake
接下來岩齿,讓我們停止剛剛創(chuàng)建的 mysql 臨時容器:
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fd648a0e2101 mysql "docker-entrypoint..." 13 minutes ago Up 13 minutes 3306/tcp, 33060/tcp stoic_almeida
[root@localhost ~]# docker stop fd
fd
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]#
創(chuàng)建一個具有端口映射和掛載數(shù)據(jù)卷的正式 mysql 容器:
[root@localhost docker]# docker run -itd --name mysql -p 3306:3306 -v /opt/docker/mysql/mysql.cnf:/etc/mysql/conf.d/mysql.cnf -v /opt/docker/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=root123 mysql
a2991f6f5ea2fd0a01b286ae7e99301132dce9430ff63a23f9faa48704ce9f24
[root@localhost docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a2991f6f5ea2 mysql "docker-entrypoint..." 5 seconds ago Up 3 seconds 0.0.0.0:3306->3306/tcp, 33060/tcp mysql
[root@localhost docker]# docker exec -it mysql /bin/bash
root@a2991f6f5ea2:/# mysql -uroot -proot123
...
Server version: 8.0.19 MySQL Community Server - GPL
...
mysql> show variables like 'char%'
-> ;
+--------------------------+--------------------------------+
| Variable_name | Value |
+--------------------------+--------------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql-8.0/charsets/ |
+--------------------------+--------------------------------+
8 rows in set (0.02 sec)
注:啟動過程中,出現(xiàn)任何問題可以使用 docker logs mysql 查看 mysql 容器的輸出日志苞俘。
我們掛載的宿主機(jī)目錄下也將產(chǎn)生 mysql 的數(shù)據(jù)文件:
四. 創(chuàng)建支持SSH服務(wù)的鏡像
本節(jié)的最后一部分我們介紹如何為Docker容器啟用ssh服務(wù):首先使用傳統(tǒng)的 docker commit 方式為Docker容器安裝ssh服務(wù)盹沈,然后將此修改提交為新的鏡像;接著我們會討論使用Dockerfile創(chuàng)建上述的鏡像,以此來拋磚引玉乞封,第七講 Docker案例實戰(zhàn)(二)將詳細(xì)介紹 Dockerfile 的使用以及注意事項做裙。
4.1 基于 docker commit 方式
首先下載 centos 鏡像,并啟動為 centos 容器:
[root@localhost docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost docker]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
8a29a15cefae: Pull complete
Digest: sha256:fe8d824220415eed5477b63addf40fb06c3b049404242b31982106ac204f6700
Status: Downloaded newer image for centos:latest
[root@localhost docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 470671670cac 3 months ago 237MB
[root@localhost docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost docker]# docker run -itd --name centos centos
4dc83818fba06e41b17ab6f58c15734477a4e7592708d9677791e0afc5ed3866
[root@localhost docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4dc83818fba0 centos "/bin/bash" 4 seconds ago Up 2 seconds centos
進(jìn)入 centos 容器肃晚,下載锚贱、安裝、配置并啟動 ssh 服務(wù):
[root@localhost docker]# docker exec -it centos /bin/bash
[root@4dc83818fba0 /]# yum install -y openssh-server sudo
Failed to set locale, defaulting to C.UTF-8
... 略
Installed:
openssh-server-8.0p1-4.el8_1.x86_64 sudo-1.8.25p1-8.el8_1.1.x86_64
fipscheck-1.5.0-4.el8.x86_64 fipscheck-lib-1.5.0-4.el8.x86_64
openssh-8.0p1-4.el8_1.x86_64
Complete!
[root@4dc83818fba0 /]# sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
[root@4dc83818fba0 /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
Generating public/private dsa key pair.
... 略
The key's randomart image is:
+---[DSA 1024]----+
| . *E|
| . #.o|
| .+.@.|
| . . o=.B|
| S . +.O*|
| o . + %|
| + . =+|
| + . . ..=|
| o.. +X|
+----[SHA256]-----+
[root@4dc83818fba0 /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
Generating public/private rsa key pair.
... 略
The key's randomart image is:
+---[RSA 3072]----+
|oo .o.+.oo.o ..|
|..+o.+.= E=..... |
|. o++o* o. .+ o. |
| o+oo + o + o. |
| . . S o + .o|
| . o o..o|
| o .o |
| oo. |
| oo |
+----[SHA256]-----+
[root@4dc83818fba0 /]# mkdir /var/run/sshd
[root@4dc83818fba0 /]# /usr/sbin/sshd -D
在宿主機(jī)上查看 centos 容器的IP地址关串,并使用 ssh 命令登錄容器測試:
[root@localhost ~]# docker inspect centos | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[root@localhost ~]# ssh root@172.17.0.2
root@172.17.0.2's password: # 輸入我們設(shè)置的root用戶密碼12345678
Last login: Fri Apr 24 05:46:42 2020 from 172.17.0.1
[root@4dc83818fba0 ~]#
提交鏡像:
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4dc83818fba0 centos "/bin/bash" About an hour ago Up About an hour centos
[root@localhost ~]# docker commit -m "my centos with ssh" centos centos-ssh:1.0
sha256:4f27624e33f2fe6d85b18564d29937333283dd5821cb57d63d336d6aa54e0abe
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-ssh 1.0 4f27624e33f2 4 seconds ago 274MB
centos latest 470671670cac 3 months ago 237MB
運行新的鏡像 centos-ssh:1.0 拧廊,并指定端口映射及啟動容器時的命令:
[root@localhost ~]# docker run -itd --name centos-ssh -p 2222:22 centos-ssh:1.0 /usr/sbin/sshd -D
758080715cee484b8d271b72049f59597121becad5991524680bb2d0e122a130
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
758080715cee centos-ssh:1.0 "/usr/sbin/sshd -D" 4 seconds ago Up 4 seconds 0.0.0.0:2222->22/tcp centos-ssh
4dc83818fba0 centos "/bin/bash" About an hour ago Up About an hour centos
在局域網(wǎng)的其它主機(jī)上即可使用 ssh 命令登錄到我們剛剛創(chuàng)建的容器:
[root@localhost ~]# ssh -p2222 root@192.168.255.128
The authenticity of host '[192.168.255.128]:2222 ([192.168.255.128]:2222)' can't be established.
RSA key fingerprint is SHA256:Q6AN5pejJINAc8taZ1F1Wgv9+H7gz8RlQ5QaOstgSNw.
RSA key fingerprint is MD5:48:e0:fa:bb:9f:98:8e:be:3f:36:b3:55:37:00:a6:20.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.255.128]:2222' (RSA) to the list of known hosts.
root@192.168.255.128's password:
Last login: Fri Apr 24 05:58:56 2020 from 172.17.0.1
[root@758080715cee ~]#
總結(jié):基于 docker commit 命令創(chuàng)建鏡像只適合于創(chuàng)建臨時的鏡像,一旦軟件需要更新或者要修改容器的其它內(nèi)容晋修,我們都必須進(jìn)入容器再進(jìn)行修改吧碾,不利于擴(kuò)展。Dockerfile 則是一種更加推薦的方式墓卦,可以將我們創(chuàng)建鏡像的命令記錄下來倦春,當(dāng)需要修改鏡像時,只需要更新該腳本文件即可落剪,非常簡潔睁本。下面就讓我們領(lǐng)會下Dockerfile的強(qiáng)大吧!
4.2 基于 Dockerfile 方式
首先創(chuàng)建一個空目錄著榴,在目錄下新建文件 Dockerfile 添履,文件內(nèi)容如下:
[root@localhost dockerfile]# ls
Dockerfile
[root@localhost dockerfile]# cat Dockerfile
FROM centos:latest
LABEL maintainer="miali MiaLi0521@outlook.com" description="centos with sshd"
RUN yum install -y openssh-server sudo
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
RUN echo "root:12345678"|chpasswd
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN mkdir /var/run/sshd
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
[root@localhost dockerfile]#
上述的 Dockerfile 中記錄了我們在4.1中的操作屁倔,因此 Dockerfile 創(chuàng)建鏡像的方式具有很好的擴(kuò)展性脑又。上述 Dockerfile 中用到的指令總結(jié)如下:
這里只拋磚引玉介紹了Dockerfile最常用的幾個指令,下一講中锐借,我們將詳細(xì)介紹Dockerfile的更多細(xì)節(jié)问麸。注意RUN和CMD的區(qū)別:不要混淆 RUN和 CMD。RUN 實際上運行一個命令并提交結(jié)果; CMD 在構(gòu)建時不執(zhí)行任何操作钞翔,但指定鏡像的默認(rèn)命令严卖。
Dockerfile 文件編輯完成后,即可使用 dcoker build 命令來創(chuàng)建鏡像了:
[root@localhost dockerfile]# ls
Dockerfile
[root@localhost dockerfile]# docker build -t centos-ssh:2.0 .
Sending build context to Docker daemon 2.048kB
Step 1/10 : FROM centos:latest
---> 470671670cac
Step 2/10 : LABEL maintainer "miali MiaLi0521@outlook.com" description "centos with sshd"
---> Running in 85876864991a
---> fd93b5681921
Removing intermediate container 85876864991a
Step 3/10 : RUN yum install -y openssh-server sudo
---> Running in 4e24b0f735ba
CentOS-8 - AppStream 2.1 MB/s | 5.7 MB 00:02
CentOS-8 - Base 267 kB/s | 2.2 MB 00:08
CentOS-8 - Extras 7.8 kB/s | 5.5 kB 00:00
Dependencies resolved.
... 略
Installed:
openssh-server-8.0p1-4.el8_1.x86_64 sudo-1.8.25p1-8.el8_1.1.x86_64
fipscheck-1.5.0-4.el8.x86_64 fipscheck-lib-1.5.0-4.el8.x86_64
openssh-8.0p1-4.el8_1.x86_64
Complete!
---> 354e1b84c6a1
Removing intermediate container 4e24b0f735ba
Step 4/10 : RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
---> Running in 6e2bf574016c
---> 84436db4d051
Removing intermediate container 6e2bf574016c
Step 5/10 : RUN echo "root:12345678"|chpasswd
---> Running in aa22909bac6d
---> 16a97d3c55f0
Removing intermediate container aa22909bac6d
Step 6/10 : RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
---> Running in e4a787153c89
Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private dsa key pair.
... 略
The key's randomart image is:
+---[DSA 1024]----+
| o=.o. |
| +.=o.. |
|. Eo.. |
|ooB.=. . |
|*oB* . S |
|o%.+. . |
|*=*o |
|+O+ |
|o.+o. |
+----[SHA256]-----+
---> 0735d70f817e
Removing intermediate container e4a787153c89
Step 7/10 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
---> Running in 7b101987969c
Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private rsa key pair.
... 略
The key's randomart image is:
+---[RSA 3072]----+
| .. ..=|
| o. .X=|
| . o. +O=B|
| ... . =**|
| S. . o o+|
| o o ..ooE|
| = . . .*o+|
| o . .o=+|
| .o=o|
+----[SHA256]-----+
---> ea08f06c0e6c
Removing intermediate container 7b101987969c
Step 8/10 : RUN mkdir /var/run/sshd
---> Running in 983401b4c171
---> 5375b063e253
Removing intermediate container 983401b4c171
Step 9/10 : EXPOSE 22
---> Running in dd837d3c9d17
---> d699d8eee6a3
Removing intermediate container dd837d3c9d17
Step 10/10 : CMD /usr/sbin/sshd -D
---> Running in d43d558687b7
---> f086b91faede
Removing intermediate container d43d558687b7
Successfully built f086b91faede
Successfully tagged centos-ssh:2.0
[root@localhost dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-ssh 2.0 f086b91faede 12 seconds ago 274MB
[root@localhost dockerfile]# docker run -itd --name centos-ssh2.0 -p 2223:22 centos-ssh:2.0
5ccd02e765a69e260f34d1b95c59393e1b1f0f3e2f416c61c40241077c9a5b41
[root@localhost dockerfile]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ccd02e765a6 centos-ssh:2.0 "/usr/sbin/sshd -D" 9 seconds ago Up 7 seconds 0.0.0.0:2223->22/tcp centos-ssh2.0
仔細(xì)觀察上面 Dockerfile 的執(zhí)行過程布轿,你會發(fā)現(xiàn)哮笆,每一個RUN命令都會創(chuàng)建一個容器,進(jìn)行修改汰扭,然后提交一個新的鏡像稠肘,并刪除當(dāng)前容器;然后下一個RUN命令運行剛剛創(chuàng)建的鏡像萝毛,依次進(jìn)行修改寄悯、提交厂庇、刪除容器谤草;依次類推蒜胖,直到所有的RUN指令執(zhí)行完畢。
