Article Directory
Preface
Each instruction in the Dockerfile will create a new mirroring layer. The mirroring layer will be cached and reused.
When the instructions of the Dockerfile are modified, the copied files are changed, or the variables specified when building the mirror are different
, the corresponding mirroring layer will be cached. will expire
after a certain level of mirrored cache invalidation, the cache will mirror layer after it failed
mirror layer is immutable, if you add a file in one layer, and then remove it the next level, then the mirror
image of the still Include the file
1. Environment Introduction
1. All files used in the Dockerfile must be in the same parent directory as the Dockerfile file, which can be a subdirectory of the Dockerfile parent directory.
2. The relative path in the Dockerfile is the directory where the Dockerfile is located by default
3. Jin, the instructions that can be written in one line must be written in one line because of the hierarchical construction and the feature of joint mounting.
Each instruction in the Dockerfile is treated as a layer
4. Capitalization is specified in the Dockerfile (by convention)
2. Instructions
FROM
The function is to specify the basic image and must be the first command.
If it is not based on any image, then the wording is: FROM scratch.
At the same time, it means that the instructions written next will start as the first level of the mirroring.
Syntax:
FROM <image>
FROM <image>:<tag>
FROM <image>:<digest>
三种写法,其中<tag>和<digest> 是可选项,如果没有选择,那么默认值为latest
MAINTAINER
Designated author
语法:
MAINTAINER <name>
Use LABEL to indicate in the new version of docker
LABEL
The function is to assign a label to the mirror
语法:
LABEL <key>=<value> <key>=<value> <key>=<value> ...
一个Dockerfile种可以有多个LABEL,如下:
LABEL "com.example.vendor"="ACME Incorporated"
LABEL com.example.label-with-value="foo"
LABEL version="1.0"
LABEL description="This text illustrates \
that label-values can span multiple lines."
但是并不建议这样写,最好就写成一行,如太长需要换行的话则使用\符号
如下:
LABEL multi.label1="value1" \
multi.label2="value2" \
other="value3"
说明:LABEL会继承基础镜像种的LABEL,如遇到key相同,则值覆盖
ADD
A copy command to copy files to the mirror.
If you think of the virtual machine and the container as two linux servers, then this command is similar to scp, except that scp needs to add user name and password authentication, but ADD does not.
语法如下:
1. ADD <src>... <dest>
2. ADD ["<src>",... "<dest>"]
路径的填写可以是容器内的绝对路径,也可以是相对于工作目录的相对路径,推荐写成绝对路径
可以是一个本地文件或者是一个本地压缩文件,还可以是一个url
如果把写成一个url,那么ADD就类似于wget命令
示例
ADD test relativeDir/
ADD test /relativeDir
ADD http://example.com/foobar /
注意事项
src为一个目录的时候,会自动把目录下的文件复制过去,目录本身不会复制
如果src为多个文件,dest一定要是一个目录
如果写成一个压缩包的话 ,那么ADD 想当于 TAR 命令,将目标解压,并放置到某路径下面,功能强大
例如:
#解压mysql包到OPT下
ADD mysql-5.6.36.tar.gz /opt/
COPY
Just look at the name, it's another copy command
The syntax is as follows:
COPY <src>... <dest>
COPY ["<src>",... "<dest>"]
Difference with ADD
COPY can only be local files, other usages are consistent
EXPOSE
The function is the listening port of the leak container runtime to the outside
But EXPOSE does not allow the container to access the host port
If you want to make the container and the host port have a mapping relationship, you must add the -P parameter when the container starts.
Syntax:
EXPOSE <port>/<tcp/udp>
ENV
Function is to set environment variables
语法有两种
ENV <key> <value>
ENV <key>=<value> ...
例如:
ENV PATH /usr/local/mysql/bin:$PATH
The difference between the two is that the first is to set one at a time, and the second is to set multiple at a time
Ways to use variables in Dockerfile
$varname
${varname}
${varname:-default value}
$(varname:+default value}
The first is the same as the second. The
third means to use the value after the-sign when the variable does not exist. The
fourth means to use the value after the + sign when the variable does not exist.
RUN
The function is to run the specified command
RUN command has two formats
1. RUN <command>
2. RUN ["executable", "param1", "param2"]
The first type is directly followed by shell commands
The default /bin/sh -c on the Linux operating
system is the default cmd /S /C on the Windows operating system.
The second is similar to a function call.
The executable can be understood as an executable file, followed by two parameters.
CMD
The function is the default command or parameter when the container starts
There are three ways to write grammar
CMD ["executable","param1","param2"]
CMD ["param1","param2"]
CMD command param1 param2
The third kind is easier to understand, just shell execution and writing
The first and second types are actually executable files plus parameters
Illustrate two ways of writing:
CMD [ "sh", "-c", "echo $HOME"
CMD [ "echo", "$HOME" ]
Additional details: Double quotation marks must be used to include parameters here, that is, ", cannot be single quotation marks. Never write single quotation marks.
The reason is that after the parameters are passed, docker parses a JSON array
RUN&&CMD
Don't confuse RUN with CMD.
RUN is a command that runs when the container is built and submits the running result
CMD is a command executed when the container is started. It does not run during component time. The component time specifies exactly what this command looks like.
ENTRYPOINT
The function is: the start command to run when the container starts
The syntax is as follows:
ENTRYPOINT ["executable", "param1", "param2"]
ENTRYPOINT command param1 param2
If you see here from top to bottom, then you should be familiar with these two syntaxes.
The second is to write shell
The first is the executable file plus parameters
Compared with CMD (the two commands are too similar, and can also be used together):
Similarity:
Only one can be written. If multiple ones are written, only the last one will take effect. The
container will only run when the container is started, and the running time will be the same
Difference:
ENTRYPOINT will not be overwritten by the running command, while CMD will be overwritten
If we write both ENTRYPOINT and CMD in the Dockerfile, and the CMD instruction is not a complete executable command, then the content specified by CMD will be used as the parameter of ENTRYPOINT
as follows:
FROM ubuntu
ENTRYPOINT ["top", "-b"]
CMD ["-c"]
If we write ENTRYPOINT and CMD in the Dockerfile at the same time, and CMD is a complete instruction, then the two will overwrite each other, and whoever takes effect at the end
as follows:
FROM ubuntu
ENTRYPOINT ["top", "-b"]
CMD ls -al
Then ls -al will be executed, top -b will not be executed.
Docker officially uses a table to show the execution of
different combinations of ENTRYPOINT and CMD
VOLUME
Can realize the mounting function, you can mount the host directory to the container
Everyone knows what I said here, you can use dedicated file storage as the data storage part of the Docker container
The syntax is as follows:
VOLUME ["/data"]
说明:
["/data"]可以是一个JsonArray ,也可以是多个值。所以如下几种写法都是正确的
VOLUME ["/var/log/"]
VOLUME /var/log
VOLUME /var/log /var/db
The general usage scenario is when data needs to be stored persistently
The container uses AUFS. This file system cannot persist data. When the container is closed, all changes will be lost.
So use this command when the data needs to be persisted.
USER
Set the user who starts the container. It can be a user name or UID. Therefore, only the following two writing methods are correct
USER daemo
USER UID
Note: If the container is set to run as the daemon user, then RUN, CMD and ENTRYPOINT will all run as this user. To
use this command, you must confirm that the container has this user and has sufficient permissions
WORKDIR
grammar:
WORKDIR /path/to/workdir
设置工作目录,对RUN,CMD,ENTRYPOINT,COPY,ADD生效。如果不存在则会创建,也可以设置多次。
如:
WORKDIR /a
WORKDIR b
WORKDIR c
RUN pwd
pwd执行的结果是/a/b/c
WORKDIR也可以解析环境变量
如:
ENV DIRPATH /path
WORKDIR $DIRPATH/$DIRNAME
RUN pwd
pwd的执行结果是/path/$DIRNAME
ARG
grammar:
ARG <name>[=<default value>]
Set variable command, ARG command defines a variable, when docker build creates the image, use --build-arg= to specify the parameter
如果用户在build镜像时指定了一个参数没有定义在Dockerfile种,那么将有一个Warning
提示如下:
[Warning] One or more build-args [foo] were not consumed.
我们可以定义一个或多个参数,如下:
FROM busybox
ARG user1
ARG buildno
也可以给参数一个默认值:
FROM busybox
ARG user1=someuser
ARG buildno=1
…
如果我们给了ARG定义的参数默认值,那么当build镜像时没有指定参数值,将会使用这个默认值
ONBUILD
grammar:
ONBUILD [INSTRUCTION]
这个命令只对当前镜像的子镜像生效。
比如当前镜像为A,在Dockerfile种添加:
ONBUILD RUN ls -al
这个 ls -al 命令不会在A镜像构建或启动的时候执行
此时有一个镜像B是基于A镜像构建的,那么这个ls -al 命令会在B镜像构建的时候被执行。
STOPSIGNAL
grammar:
STOPSIGNAL signal
STOPSIGNAL命令是的作用是当容器停止时给系统发送什么样的指令,默认是15
HEALTHCHECK
Container health check command
There are two kinds of syntax:
HEALTHCHECK [OPTIONS] CMD command
HEALTHCHECK NONE
The first function is to run a command inside the container to check the health of the container
The second function is to cancel the health check command in the base image
[OPTIONS]的选项支持以下三中选项:
–interval=DURATION 两次检查默认的时间间隔为30秒
–timeout=DURATION 健康检查命令运行超时时长,默认30秒
–retries=N 当连续失败指定次数后,则容器被认为是不健康的,状态为unhealthy,默认次数是3
注意:
HEALTHCHECK命令只能出现一次,如果出现了多次,只有最后一个生效。
CMD后边的命令的返回值决定了本次健康检查是否成功,具体的返回值如下:
0: success - 表示容器是健康的
1: unhealthy - 表示容器已经不能工作了
2: reserved - 保留值
例子:
HEALTHCHECK --interval=5m --timeout=3s \
CMD curl -f http://localhost/ || exit 1
健康检查命令是:curl -f http://localhost/ || exit 1
两次检查的间隔时间是5秒
命令超时时间为3秒
Three. Dockerfile create ssh mirror small case
Create Dockerfile file
vim Dockerfile
FROM centos:7
MAINTAINER The CentOS Project <cloud-centos>
RUN yum -y update
RUN yum -y install openssh* net-tools lsof telnet passwd
RUN echo '123456'| passwd --stdin root
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
Generate mirror
docker build -t sshd:new .
Build the container and run
[root@docker2 sshd]# docker run -d -P sshd:new
e72e20b755122d7262ab1a325b67510ef14f0f4c131ee6a1a8a2927f5b4bd10f