3.16 Dockfile-----Dockerfile的使用,和Docfile的优化
制作Docker image 有两种方式:一是使用 Docker container,直接构建容器,再导出成 image 使用;二是使用 Dockerfile,将所有动作写在文件中,再 build 成 image。Dockerfile 的方式非常灵活,推荐使用。实验环境rhel7.3,并安装了Docker一、使用Dockerfile构建镜像(http服务)1、首先载入镜像,接下来会...
制作Docker image 有两种方式:一是使用 Docker container,直接构建容器,再导出成 image 使用;二是使用 Dockerfile,将所有动作写在文件中,再 build 成 image。Dockerfile 的方式非常灵活,推荐使用。
实验环境
rhel7.3,并安装了Docker
一、使用Dockerfile构建镜像(http服务)
1、首先载入镜像,接下来会用到
[root@foundation85 images]# ls
distroless-java.tar distroless.tar docker-registry-web.tar haproxy.tar nginx.tar registry.tar ubuntu.tar
distroless-python.tar docker-registry-frontend.tar game2048.tar httpd.tar nodejs.tar rhel7.tar visualizer.tar
[root@foundation85 images]# docker load -i rhel7.tar ##导入rhel7的镜像,以此为基础(环境)构建镜像
e1f5733f050b: Loading layer [==================================================>] 147.1MB/147.1MB
2、编写Dockerfile
[root@server1 docker]# pwd
/tmp/docker
[root@server1 docker]# cat dvd.repo
[dvd]
name=rhel7.3
baseurl=http://172.25.85.250/7.3yumpak
gpgcheck=0
[root@server1 docker]# cat Dockerfile
FROM rhel7
ENV HOSTNAME server1
EXPOSE 80
COPY dvd.repo /etc/yum.repos.d/dvd.repo
RUN rpmdb --rebuilddb && yum install -y httpd && yum clean all
VOLUME ["/var/www/html"]
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~解释~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FROM rhel7 #重建镜像的源镜像,必须先得有这个镜像
ENV HOSTNAME server1 #设定容器主机名
EXPOSE 80 #httpd服务端口
COPY dvd.repo /etc/yum.repos.d/dvd.repo #拷贝yum源文件
RUN rpmdb --rebuilddb && yum install -y httpd && yum clean all #镜像操作命令
VOLUME ["/var/www/html"] #镜像启动命令
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2、Dockerfile 常用指令:
1. 指定容器运行的用户
该用户将作为后续的 RUN 命令执行的用户。这个命令本实验不需要,但在一些需要指定用
户来运行的应用部署时非常关键,比如提供 hadoop 服务的容器通常会使用 hadoop 用户来启
动服务。
命令使用方式,例如使用 shiyanlou 用户来执行后续命令:
USER shiyanlou
2. 指定后续命令的执行目录
由于我们需要运行的是一个静态网站,将启动后的工作目录切换到/var/www/html 目录:WORKDIR /var/www/html
3. 对外连接端口号
由于内部服务会启动 Web 服务,我们需要把对应的 80 端口暴露出来,可以提供给容器间互
联使用,可以使用 EXPOSE 命令。
在镜像操作部分增加下面一句:
EXPOSE 80
4. 设置容器主机名
ENV 命令能够对容器内的环境变量进行设置:
ENV HOSTNAME sevrer1.example.com
5. 向镜像中增加文件
向镜像中添加文件有两种命令:COPY 和 ADD。
COPY 命令可以复制本地文件夹到镜像中:
COPY website /var/www/html
ADD 命令支持添加本地的 tar 压缩包到容器中指定目录,压缩包会被自动解压为目录,也可以自动下载 URL 并拷贝到镜像,例如:
ADD html.tar /var/www
ADD http://www.westos.org/html.tar /var/www
根据实验需求,我们把需要的一个网站放到镜像里,需要把一个 tar 包添加到 apache 的/var/www 目录下,因此选择使用 ADD 命令:
ADD html.tar /var/www
6. CMD 与 ENTRYPOINT
ENTRYPOINT 容器启动后执行的命令,让容器执行表现的像一个可执行程序一样,与
CMD 的 区 别 是 不 可 以 被 docker run 覆 盖 , 会 把 docker run 后 面 的 参 数 当 作 传 递 给
ENTRYPOINT 指令的参数。Dockerfile 中只能指定一个 ENTRYPOINT,如果指定了很多,
只 有 最 后 一 个 有 效 。 docker run 命 令 的 -entrypoint 参 数 可 以 把 指 定 的 参 数 继 续 传 递 给
ENTRYPOINT。在本实验中两种方式都可以选择。
7. 挂载数据卷
将 apache 访问的日志数据存储到宿主机可以访问的数据卷中:
VOLUME ["/var/log/apche2"]
8.RUN和CMD的
CMD不同于RUN,CMD用于指定在容器启动时所要执行的命令。而RUN用于指定镜像构建时所要执行的命令。
--RUN(安装软件用) RUN可以运行任何被基础image支持的命令
如果基础image指定的是ubuntu,那么RUN中只能使用ubuntu的命令
--CMD(设置容器启动是执行的操作) 可以是自定义脚本,也可是系统命令,
该指令只能出现一次,如果有多条,则只执行最后一条
3、文件编写完成之后,就可以重建镜像包并设定TAG为v1,这个可以随便写,只是一个标签而已:
注意:指令最后面还有个点,表示Dockerfile文件在当前目录,不能忽略了!
[root@server1 docker]# docker build -t rhel7:v1 .
Sending build context to Docker daemon 5.12kB
Step 1/7 : FROM rhel7
---> 0a3eb3fde7fd
Step 2/7 : ENV HOSTNAME server1
---> Using cache
---> f04a58050710
Step 3/7 : EXPOSE 80
---> Using cache
---> bea99f83b9e8
Step 4/7 : COPY dvd.repo /etc/yum.repos.d/dvd.repo
---> Using cache
---> f26e361e6aeb
Step 5/7 : RUN rpmdb --rebuilddb && yum install -y httpd && yum clean all
---> Running in 5564f4777073
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-45.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-45.el7 for package: httpd-2.4.6-45.el7.x86_64
......
Step 6/7 : VOLUME ["/var/www/html"]
---> Running in 94c4585837e8
Removing intermediate container 94c4585837e8
---> 421e75fe2203
Step 7/7 : CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
---> Running in dedc68252b44
Removing intermediate container dedc68252b44
---> 68d93c7d9569
Successfully built 68d93c7d9569
Successfully tagged rhel7:v1
重建镜像包会逐步编译Dockerfile,没有问题会在最后面提示建立成功:
Successfully built 68d93c7d9569
可以发现建立成功的提示后面有一个码af1cbc442eab,这个码就是rhel7镜像v1的码:
[root@server1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v1 68d93c7d9569 6 minutes ago 169MB
nginx latest 881bd08c0b08 9 days ago 109MB
<none> <none> e548f1a579cf 12 months ago 109MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 4 years ago 140MB
4、用新建的镜像建立一个容器vm3并将httpd首页文件所在的目录挂载到httpd的默认发布目录下,查看容器vm3的ip为172.17.0.2:
[root@server1 docker]# mkdir web
[root@server1 docker]# mv index.html web/
[root@server1 docker]# cd web/
[root@server1 web]# cat index.html
<h1>www.wen.org</h1>
[root@server1 web]# docker run -d --name vm3 -v /tmp/docker/web/:/var/www/html/ rhel7:v1
11d9787d855387096771fff0e042fad4dbecf689af71bc5718f2727b16c4059f
[root@server1 web]# docker inspect vm3 | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
测试:
[root@server1 web]# curl 172.17.0.2
<h1>www.wen.org</h1>
使用history查看镜像的创建过程,体现了镜像的分层创立,是通过一步一步实现的。
[root@foundation85 docker]# docker history rhel7
IMAGE CREATED CREATED BY SIZE COMMENT
2e649931efe8 3 minutes ago /bin/sh -c #(nop) CMD ["/usr/sbin/httpd" "-… 0B
d5819cd74081 3 minutes ago /bin/sh -c #(nop) VOLUME [/var/www/html] 0B
555ad48fa577 3 minutes ago /bin/sh -c rpmdb --rebuilddb && yum install … 29.1MB
78cd3400c3ba 3 minutes ago /bin/sh -c #(nop) COPY file:87e2254e13a578af… 69B
5517dbc75f8d 3 minutes ago /bin/sh -c #(nop) EXPOSE 80 0B
0a3eb3fde7fd 4 years ago 140MB Imported from -
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
关于卷的管理说明:
每一个容器都会有卷,如果删除了容器,卷还是会留下的,如何清理没有容器的卷。
[root@foundation85 docker]# docker volume ls ##查看卷
DRIVER VOLUME NAME
local 14e3adbfdb031de479902ebd3eb6ab83676d1347cbe800d1117576f57f5b2c4e
local 1cc215b82f580aeff7ca39b404e2d27d2058e273d8d965ca8ae602a545551e15
local 20ed13944e4d79c6ef25a111e30cf483b0bcc3801c8c856ec554608ec31f8b78
local 3de2e4a941fbc3c5d14a1d4c9ebe43299972e9a6817ad695bd01fdd322bf5ffa
local b5a4801e00ba112fc38703e062c61bfffe67cbd4fdd5868563e68dc776ac1c8b
[root@foundation85 docker]# docker volume prune ##清理无容器的卷
WARNING! This will remove all local volumes not used by at least one container.
Are you sure you want to continue? [y/N] y
Deleted Volumes:
14e3adbfdb031de479902ebd3eb6ab83676d1347cbe800d1117576f57f5b2c4e
1cc215b82f580aeff7ca39b404e2d27d2058e273d8d965ca8ae602a545551e15
20ed13944e4d79c6ef25a111e30cf483b0bcc3801c8c856ec554608ec31f8b78
3de2e4a941fbc3c5d14a1d4c9ebe43299972e9a6817ad695bd01fdd322bf5ffa
b5a4801e00ba112fc38703e062c61bfffe67cbd4fdd5868563e68dc776ac1c8b
Total reclaimed space: 175.3kB
[root@foundation85 docker]# docker volume ls
DRIVER VOLUME NAME
docker的卷都在/var/lib/docker
[root@foundation85 docker]# cd /var/lib/docker/
[root@foundation85 docker]# ls
builder buildkit containerd containers image network overlay2 plugins runtimes swarm tmp trust volumes
[root@foundation85 docker]# cd volumes/
[root@foundation85 volumes]# ls
004329a0642600c32edccc0e6a85c3971d08ba000d4ef5cdf076a5a160b1ead2 acfc99171b5b454aedae298d2e7198cff29c315fd3449cb0994c9af9fae899a4
01bf983ce832663a13b62fac16469845f66340155536f6d9df2c3af7af94d16c d9e584a3f055054bff27803ca52622728b8718db5d4a8918aeaf4a17da1354e1
0566c0522a4c14a6564d703dbb922a7fa0631348e420b918faa1b884f69e6311 dc11da1b23db1114974685990c787dc1dbaea8dbf9b58f176d581e307b5a6e77
3cc6098f0b181bac4be8a17ad46bbd8db22f47f2d77c3336d5f3ab952f817ad4 e02f20f10f7569e52c6e96a0030a96aa2ccb3bfa526e14ec20bdf4d282fe7bf1
75b98f170034352d36309521722821fe810f9cbfa66f2f00855bbe2beb8e3454 fe4e66dac7b00b759186bf65a4a804f901faa22b772f2136ffd7da774ed0969a
92f8effbcdf236c8fdbbf2bccb8a0ca481dbb38d11e8b9bb816f6c06416fe291 metadata.db
952344416efa035087ac5e05947c4058b5342aaefdce0d77608d880b1da44295
[root@foundation85 volumes]# docker volume ls
DRIVER VOLUME NAME
local 004329a0642600c32edccc0e6a85c3971d08ba000d4ef5cdf076a5a160b1ead2
local 01bf983ce832663a13b62fac16469845f66340155536f6d9df2c3af7af94d16c
local 0566c0522a4c14a6564d703dbb922a7fa0631348e420b918faa1b884f69e6311
local 3cc6098f0b181bac4be8a17ad46bbd8db22f47f2d77c3336d5f3ab952f817ad4
local 75b98f170034352d36309521722821fe810f9cbfa66f2f00855bbe2beb8e3454
local 92f8effbcdf236c8fdbbf2bccb8a0ca481dbb38d11e8b9bb816f6c06416fe291
local 952344416efa035087ac5e05947c4058b5342aaefdce0d77608d880b1da44295
local acfc99171b5b454aedae298d2e7198cff29c315fd3449cb0994c9af9fae899a4
local d9e584a3f055054bff27803ca52622728b8718db5d4a8918aeaf4a17da1354e1
local dc11da1b23db1114974685990c787dc1dbaea8dbf9b58f176d581e307b5a6e77
local e02f20f10f7569e52c6e96a0030a96aa2ccb3bfa526e14ec20bdf4d282fe7bf1
local fe4e66dac7b00b759186bf65a4a804f901faa22b772f2136ffd7da774ed0969a
清理
[root@foundation85 volumes]# docker volume prune
WARNING! This will remove all local volumes not used by at least one container.
Are you sure you want to continue? [y/N] y
Deleted Volumes:
01bf983ce832663a13b62fac16469845f66340155536f6d9df2c3af7af94d16c
fe4e66dac7b00b759186bf65a4a804f901faa22b772f2136ffd7da774ed0969a
d9e584a3f055054bff27803ca52622728b8718db5d4a8918aeaf4a17da1354e1
acfc99171b5b454aedae298d2e7198cff29c315fd3449cb0994c9af9fae899a4
75b98f170034352d36309521722821fe810f9cbfa66f2f00855bbe2beb8e3454
dc11da1b23db1114974685990c787dc1dbaea8dbf9b58f176d581e307b5a6e77
952344416efa035087ac5e05947c4058b5342aaefdce0d77608d880b1da44295
3cc6098f0b181bac4be8a17ad46bbd8db22f47f2d77c3336d5f3ab952f817ad4
004329a0642600c32edccc0e6a85c3971d08ba000d4ef5cdf076a5a160b1ead2
Total reclaimed space: 0B
清理后查看
[root@foundation85 volumes]# ls
0566c0522a4c14a6564d703dbb922a7fa0631348e420b918faa1b884f69e6311 e02f20f10f7569e52c6e96a0030a96aa2ccb3bfa526e14ec20bdf4d282fe7bf1
92f8effbcdf236c8fdbbf2bccb8a0ca481dbb38d11e8b9bb816f6c06416fe291 metadata.db
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
yumdb的重新搭建
背景:
一次yum做更新的时候,强制终止了该进程,后来再使用yum的时候就报错了:
error: cannot open providename index using db3 - bad file descriptor
如报错所述,rpmdb损坏,rpmdb简单来说是用来存储一些软件包的依赖关系,解析安装过程中的依赖关系的
解决方法:
rpmdb --rebuilddb
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
二、CMD和和ENTRYPOINT的区别
请参考下面的博客
https://blog.csdn.net/abc8286946/article/details/41380539
1、使用CMD,shell编写一个镜像
首先,载入busybox,是最基础的镜像,构建镜像从这里开始
[root@foundation85 image]# docker load -i busybox.tar
8a788232037e: Loading layer [==================================================>] 1.37MB/1.37MB
Loaded image: busybox:latest
第二,编辑dockerfile文件
[root@foundation85 docker]# pwd
/mnt/docker
[root@foundation85 docker]# vim Dockerfile
[root@foundation85 docker]# cat Dockerfile
FROM busybox ##从busybox开始
ENV name world ##定义变量,name=world CMD echo "hello, $name" ##最后输出,这里使用的是shell模式,加[]是ENTRYPOINT模式,使用参数可以使用exec模式
第三、构建镜像
[root@foundation85 docker]# docker build -t busybox:v1 .
Sending build context to Docker daemon 4.608kB
Step 1/3 : FROM busybox
---> 59788edf1f3e
Step 2/3 : ENV name world
---> Running in a30c8d64538b
Removing intermediate container a30c8d64538b
---> 2d6264801d31
Step 3/3 : CMD echo "hello, $name"
---> Running in 20187388b7fe
Removing intermediate container 20187388b7fe
---> 0b2934ce7d0b
Successfully built 0b2934ce7d0b
Successfully tagged busybox:v1
测试:运行镜像,发现发生了变量替换
[root@foundation85 docker]# docker run --rm busybox:v1
hello, world
2,使用ENTRYPOINT模式,相当于一个接入点
[root@foundation85 docker]# vim Dockerfile
[root@foundation85 docker]# cat Dockerfile
FROM busybox
ENV name world
CMD ["/bin/echo","hello, $name"]
[root@foundation85 docker]# docker build -t busybox:v2 .
Sending build context to Docker daemon 4.608kB
Step 1/3 : FROM busybox
---> 59788edf1f3e
Step 2/3 : ENV name world
---> Using cache
---> 2d6264801d31
Step 3/3 : CMD ["/bin/echo","hello, $name"]
---> Running in c2adcfe9865c
Removing intermediate container c2adcfe9865c
---> a440aca82c20
Successfully built a440aca82c20
Successfully tagged busybox:v2
测试:结果没有解析变量
[root@foundation85 docker]# docker run --rm busybox:v2
hello, $name
3、使用ENTRYPOINT模式,但是打开了一个shell在使用,相当于shell模式
[root@foundation85 docker]# vim Dockerfile
[root@foundation85 docker]# cat Dockerfile
FROM busybox
ENV name world
CMD ["/bin/sh","-c","echo hello, $name"]
[root@foundation85 docker]# docker build -t busybox:v3 .
Sending build context to Docker daemon 4.608kB
Step 1/3 : FROM busybox
---> 59788edf1f3e
Step 2/3 : ENV name world
---> Using cache
---> 2d6264801d31
Step 3/3 : CMD ["/bin/sh","-c","echo hello, $name"]
---> Running in f561eeee7d67
Removing intermediate container f561eeee7d67
---> 08f8c56e1efe
Successfully built 08f8c56e1efe
Successfully tagged busybox:v3
[root@foundation85 docker]# docker run --rm busybox:v3
hello, world
4、使用ENTRYPOINT输出
[root@foundation85 docker]# vim Dockerfile
[root@foundation85 docker]# cat Dockerfile
FROM busybox
ENV name world
ENTRYPOINT ["/bin/echo", "hello, $name"]
[root@foundation85 docker]# docker build -t busybox:v5 .
Sending build context to Docker daemon 4.608kB
Step 1/3 : FROM busybox
---> 59788edf1f3e
Step 2/3 : ENV name world
---> Using cache
---> 2d6264801d31
Step 3/3 : ENTRYPOINT ["/bin/echo", "hello, $name"]
---> Running in 07ebf4fdb013
Removing intermediate container 07ebf4fdb013
---> d345c403b68e
Successfully built d345c403b68e
Successfully tagged busybox:v5
[root@foundation85 docker]# docker run --rm busybox:v5
hello, $name
三、如何使用dockerfile搭建一个nginx,并优化
1、编写基础的dockerfile生成nginx
[root@foundation85 docker]# pwd
/mnt/docker
[root@foundation85 docker]# ls
Dockerfile dvd.repo nginx-1.15.8.tar.gz webdata
[root@foundation85 docker]# cat Dockerfile
FROM rhel7 ##镜像7开始
COPY dvd.repo /etc/yum.repos.d ##配置yum源
RUN yum install -y gcc pcre-devel zlib-devel make ##安装依赖软件
ADD nginx-1.15.8.tar.gz /mnt ##解压nginx压缩包
WORKDIR /mnt/nginx-1.15.8 ##切换目录
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc ##关闭debug模式
RUN ./configure --prefix=/usr/loacl/nginx ##环境检查
RUN make ##编译
RUN make install ##安装
EXPOSE 80 ##暴露80端口
VOLUME ["/usr/local/nginx/html"] ##卷的位置
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"] ##启动nginx
[root@foundation85 docker]# docker images rhel7 ##查看初始rhel7的大小
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 latest 2e649931efe8 38 hours ago 169MB
[root@foundation85 docker]# docker build -t rhel7:v1 . ##构建镜像
Sending build context to Docker daemon 1.033MB
Step 1/12 : FROM rhel7
---> 2e649931efe8
Step 2/12 : COPY dvd.repo /etc/yum.repos.d
---> c832f55faea8
Step 3/12 : RUN yum install -y gcc pcre-devel zlib-devel make
....
Step 12/12 : CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
---> Running in f38d9c7632f7
Removing intermediate container f38d9c7632f7
---> 06b3d626579e
Successfully built 06b3d626579e
Successfully tagged rhel7:v1
测试:成功后查看镜像,rhel7的基础为169MB,nginx为305MB
[root@foundation85 docker]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v1 06b3d626579e 5 minutes ago 305MB
rhel7 latest 2e649931efe8 38 hours ago 169MB
查看镜像创建的历史,是分层的,每多加一层消耗的时间就越多
[root@foundation85 volumes]# docker history rhel7:v1
IMAGE CREATED CREATED BY SIZE COMMENT
99566f04fa22 5 minutes ago /bin/sh -c #(nop) CMD ["/usr/local/nginx/sb… 0B
9dd997b0d44c 5 minutes ago /bin/sh -c #(nop) VOLUME [/usr/local/nginx/… 0B
149d339a2924 5 minutes ago /bin/sh -c #(nop) EXPOSE 80 0B
58ac63df8f1b 5 minutes ago /bin/sh -c make install 845kB
70631cde8a50 5 minutes ago /bin/sh -c make 2.17MB
acb64a7d6370 5 minutes ago /bin/sh -c ./configure --prefix=/usr/loacl/n… 71.6kB
b4ff825c9878 5 minutes ago /bin/sh -c sed -i 's/CFLAGS="$CFLAGS -g"/#CF… 3.59kB
a20b6d6d3729 5 minutes ago /bin/sh -c #(nop) WORKDIR /mnt/nginx-1.15.8 0B
f38e160d9b72 5 minutes ago /bin/sh -c #(nop) ADD file:08059423b65e676c2… 6.16MB
1038dd67b85a 5 minutes ago /bin/sh -c yum install -y gcc pcre-devel zli… 127MB
24163c42c0bd 6 minutes ago /bin/sh -c #(nop) COPY file:87e2254e13a578af… 0B
2e649931efe8 39 hours ago /bin/sh -c #(nop) CMD ["/usr/sbin/httpd" "-… 0B
d5819cd74081 39 hours ago /bin/sh -c #(nop) VOLUME [/var/www/html] 0B
555ad48fa577 39 hours ago /bin/sh -c rpmdb --rebuilddb && yum install … 29.1MB
78cd3400c3ba 39 hours ago /bin/sh -c #(nop) COPY file:87e2254e13a578af… 69B
5517dbc75f8d 39 hours ago /bin/sh -c #(nop) EXPOSE 80 0B
0a3eb3fde7fd 4 years ago 140MB Imported from -
2、清理缓存优化nginx
[root@foundation85 docker]# cat Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
RUN yum install -y gcc pcre-devel zlib-devel make && yum clean all ##清理镜像缓存
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/loacl/nginx &> /dev/null ##不显示编译过程
RUN make &> /dev/null
RUN make install &> /dev/null
RUN cd && rm -rf /mnt/nginx-1.15.8 ##安装后删除编译包
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
构建镜像,这里前几步相同的会cache,这就是镜像的有点,已经做过的不会重复作
[root@foundation85 docker]# docker build -t rhel7:v2 .
Sending build context to Docker daemon 1.033MB
Step 1/13 : FROM rhel7
---> 2e649931efe8
Step 2/13 : COPY dvd.repo /etc/yum.repos.d
---> Using cache
---> 24163c42c0bd
...
Successfully built 31342dc77fbe
Successfully tagged rhel7:v2
测试结果,缩小到282MB
[root@foundation85 docker]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v2 31342dc77fbe About a minute ago 282MB
rhel7 v1 99566f04fa22 15 minutes ago 305MB
rhel7 latest 2e649931efe8 39 hours ago 169MB
3.减少层数进一步的优化
[root@foundation85 docker]# vim Dockerfile
[root@foundation85 docker]# cat Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN yum install -y gcc pcre-devel zlib-devel make && yum clean all && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/loacl/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && cd && rm -rf /mnt/nginx-1.15.8
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@foundation85 docker]# docker build -t rhel7:v3 .
Sending build context to Docker daemon 1.033MB
Step 1/8 : FROM rhel7
---> 2e649931efe8
Step 2/8 : COPY dvd.repo /etc/yum.repos.d
---> Using cache
...
Successfully built 0bc121703531
Successfully tagged rhel7:v3
结果发现少了3MB
[root@foundation85 docker]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v3 0bc121703531 21 seconds ago 279MB
rhel7 v2 31342dc77fbe 7 minutes ago 282MB
rhel7 v1 99566f04fa22 21 minutes ago 305MB
rhel7 latest 2e649931efe8 39 hours ago 169MB
4、编译好之后复制,进行优化
[root@foundation85 docker]# vim Dockerfile
[root@foundation85 docker]# cat Dockerfile
FROM rhel7 as build
COPY dvd.repo /etc/yum.repos.d
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN yum install -y gcc pcre-devel zlib-devel make && yum clean all && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/loacl/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && cd && rm -rf /mnt/nginx-1.15.8
FROM rhel7
COPY --from=build /usr/local/nginx /usr/local/nginx
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@foundation85 docker]# docker build -t rhel7:v4 .
Sending build context to Docker daemon 1.034MB
Step 1/10 : FROM rhel7 as build
---> 2e649931efe8
Step 2/10 : COPY dvd.repo /etc/yum.repos.d
---> Using cache
测试结果:此处有问题从别人那里取的图是从v5到v6,少了9MB
5、修改底层
其实运行nginx并不需要全部的rhel7的东西,可以通过ldd命令查看,启动程序需要什么
[root@foundation85 docker]# ldd /usr/local/nginx/sbin/nginx
linux-vdso.so.1 => (0x00007ffca5a5c000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fbc4e3e4000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fbc4e1c8000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fbc4df90000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fbc4dd2f000)
libz.so.1 => /lib64/libz.so.1 (0x00007fbc4db19000)
libc.so.6 => /lib64/libc.so.6 (0x00007fbc4d757000)
/lib64/ld-linux-x86-64.so.2 (0x00007fbc4e5fc000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007fbc4d554000)
这里官方文档已经下载了一些东西可以参考,加载distroless.tar包,里面是nginx需要支持
[root@foundation85 docker]# docker load -i /home/kiosk/Desktop/3.10/docker/images/distroless.tar
668afdbd4462: Loading layer [==================================================>] 18.39MB/18.39MB
Loaded image: gcr.io/distroless/base:latest
[root@foundation85 docker]# vim Dockerfile
[root@foundation85 docker]# cat Dockerfile
FROM gcr.io/distroless/base as build
COPY dvd.repo /etc/yum.repos.d
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN yum install -y gcc pcre-devel zlib-devel make && yum clean all && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/loacl/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && cd && rm -rf /mnt/nginx-1.15.8
FROM gcr.io/distroless/base
COPY --from=build /usr/local/nginx /usr/local/nginx
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@foundation85 docker]# docker build -t rhel7:v6 .
Sending build context to Docker daemon 1.034MB
Step 1/10 : FROM gcr.io/distroless/base as build
---> 9a255d5fe262
这里的结果显示,是被人的图,最后nginx只有23.5MB
更多推荐
所有评论(0)