从iso到docker image
1 ISO The ISO format is a disk image formatted with the read-only ISO 9660 (also known as ECMA-119) file system commonly used for CDs and DVDs. While wedon't normally think of ISO as a virtua
1 ISO
The ISO format is a disk image formatted with the read-only ISO 9660 (also known as ECMA-119) file system commonly used for CDs and DVDs. While we don't normally think of ISO as a virtual machine image format, since ISOs contain bootable file systems with an installed operating system.
因为ISO是安装镜像,不是操作系统的rootfs的镜像,所以直接mount后导入到docker中生成的docker镜像不能使用。
mkdir tmp
mount -o loop /path/to/iso tmp
tar -C tmp -c . | docker import - zhai-ubuntu
root@docker:/var/lib/docker# mount -o loop image/ubuntu-14.04.4-server-ppc64el.iso /var/lib/docker/tmp/
mount: block device /var/lib/docker/image/ubuntu-14.04.4-server-ppc64el.iso is write-protected, mounting read-only
root@docker:/var/lib/docker# tar -C tmp/ -c . | docker import - zhai-ubuntu
sha256:0bfbdd5d17274f8219afb6c4613a697fea2f61f0ea1e36bfa269e93a7baa94f4
root@docker:/var/lib/docker# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zhai-ubuntu latest 0bfbdd5d1727 7 seconds ago 551.7 MB
root@docker:/var/lib/docker# docker run -i -t zhai-ubuntu /bin/bash
docker: Error response from daemon: Cannot start container abf492fbb77d462c82d6cedeb78f8714b3cf1be8beebac2c64ca8333aa67ef66: mkdir /var/lib/docker/tmp/abf492fbb77d462c82d6cedeb78f8714b3cf1be8beebac2c64ca8333aa67ef66933918870: read-only file system.
root@docker:/var/lib/docker# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
abf492fbb77d zhai-ubuntu "/bin/bash" 42 seconds ago Created grave_davinci
root@docker:/var/lib/docker# umount tmp/
root@docker:/var/lib/docker# ls tmp/
root@docker:/var/lib/docker# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
abf492fbb77d zhai-ubuntu "/bin/bash" 3 minutes ago Created grave_davinci
root@docker:/var/lib/docker# docker run -i -t zhai-ubuntu /bin/bash
exec: "/bin/bash": stat /bin/bash: no such file or directory
docker: Error response from daemon: Container command not found or does not exist..从最后一行,可以看出试图在zhai-ubuntu这个镜像中执行bash时,出现错误。
因此需要把ISO镜像制作成virtual machine image。
ISO镜像与制作好的VM镜像内容对比,参考2.3。
2 debootstrap
2.1 简介
debootstrap 是一个可以快速获得基本 Debian 系统的一个工具, 你可以将 Debootstrap 看作是一种特殊的安装工具. 她不同于 Debian Installter , 不需要安装用的CD/DVD ISO, 仅需连接到 Debian 软件仓库, 软件仓库简介(英文) . 无论你是否使用 Debian , 只要是任何的 Linux/GNU 发行版, 例如 Fedora/Gentoo/Arch/OpenSUSE, 甚至是 Ubuntu , 均可运行 debootstrap . 当然如果你正在使用 Ubuntu , 你一定到 Debian 的软件仓库下载一个 debootstrap , 而不能使用 Ubuntu 自己的 debootstrap.
例如你正在使用 Gentoo , 想尝试一下 Debian , 那么可以利用 debootstrap 将 Debian 安装到一个未使用的分区上.
debootstrap 的工作是将基本的 Debian 系统安装到一个目录上, 然后可以通过 chroot 切换到新安装的 Debian 系统. 另外, debootstrap 也可以获得其他架构的 Debian , 例如你可以在 AMD64 的 Debian 系统上安装 armhf 架构的 Debian . 当然也有另外的工具, 例如 "cross-debootstrapping". 有一个大抵相当的工具, 用 C 语言写成, 即 cdebootstrap, 体积更加小, Debian的安装工具 debian-installer 就用到这个 cdebootstrap .
如果你对在 chroot 环境下构建 Debian 的软件包, 你可以了解这些软件包 sbuild, cowbuilder 以及 pbuilder.
debootstrap 仅能从一个软件仓库获取软件包( 但是 apt 可以 ), 假如你需要从多个软件仓库安装或合并软件包用以建立 Debian rootfs , 或者你希望自动定制 Debian rootfs ,那么可以使用 Multistrap.
自从 DebianTesting 以及 DebianUnstable 更新变得更加频繁后, 如果你希望利用 debootstrap 来安装 DebianTesting 或 DebianUnstable, 建议你从以下链接下载一个最新的 debootstrap 使用, 即 package page .
这样做的话可能会存在一个问题, 例如你正在使用 DebianStable , 而打算体验一把 DebianTesting 或 DebianUnstable , 那么从 DebianStable 安装一个DebianUnstable 的软件包当然是有风险的. 不过在这个情况下, 你不必太过担心, 因为 debootstrap 已经彻底变成一个 shell script , 而且依赖也极小.
先从以下列表获得一个离你最近而且最快的服务器 Debian 全球镜像服务器列表.
安装一个 Wheezy :
main # cd /
main # mkdir /wheezy-chroot
main # debootstrap wheezy ./wheezy-chroot http://http.debian.net/debian/
下面是一个含有完整步骤的例子, 即如何安装一个 Debian sid (unstable):
main # export MY_CHROOT=/sid-root
main # cd /
main # mkdir $MY_CHROOT
main # debootstrap --arch i386 sid $MY_CHROOT http://http.debian.net/debian/
[ ... 这时可以观察到正在下载整个系统所需要的软件包 ]
main # echo "proc $MY_CHROOT/proc proc defaults 0 0" >> /etc/fstab
main # mount proc $MY_CHROOT/proc -t proc
main # echo "sysfs $MY_CHROOT/sys sysfs defaults 0 0" >> /etc/fstab
main # mount sysfs $MY_CHROOT/sys -t sysfs
main # cp /etc/hosts $MY_CHROOT/etc/hosts
main # cp /proc/mounts $MY_CHROOT/etc/mtab
main # chroot $MY_CHROOT /bin/bash
chroot # dselect
[ ... 也可以使用 aptitude 或 apt-get , 然后安装所需的软件包 ..]
[ ... 例如 mc 和 vim 等等等等... ]
main # echo "8:23:respawn:/usr/sbin/chroot $MY_CHROOT " \
"/sbin/getty 38400 tty8" >> /etc/inittab
[ define a login tty that will use this system ]
[ i.e. create tty8 with `mknod tty8 c 4 8' and run `passwd' ]
main # init q
[ 重新加载 init ]
2.2 help
安装debootstrap: apt-get install debootstrap
查看帮助:debootstrap --help
Debootstrap can be used to install Debian in a system without using an installation disk but can also be used to run a different Debian flavor in a chroot environment. This way you can create a full (minimal) Debian installation which can be used for testing purposes (see the EXAMPLES section).
EXAMPLES
To setup a wheezy system:
debootstrap wheezy ./wheezy-chroot http://ftp.us.debian.org/debian
debootstrap wheezy ./wheezy-chroot file:///LOCAL_MIRROR/debian
Full process to create a complete Debian installation of sid (unstable) in a chroot:
main # debootstrap sid sid-root http://ftp.us.debian.org/debian/
[ ... watch it download the whole system ]
main # echo "proc sid-root/proc proc defaults 0 0" >> /etc/fstab
main # mount proc sid-root/proc -t proc
main # echo "sysfs sid-root/sys sysfs defaults 0 0" >> /etc/fstab
main # mount sysfs sid-root/sys -t sysfs
main # cp /etc/hosts sid-root/etc/hosts
main # chroot sid-root /bin/bash
root@ubuntu:~# debootstrap --help
Usage: debootstrap [OPTION]... <suite> <target> [<mirror> [<script>]]
Bootstrap a Debian base system into a target directory.
--help display this help and exit
--version display version information and exit
--verbose don't turn off the output of wget
--download-only download packages, but don't perform installation
--print-debs print the packages to be installed, and exit
--arch=A set the architecture to install (use if no dpkg)
[ --arch=powerpc ]
--include=A,B,C adds specified names to the list of base packages
--exclude=A,B,C removes specified packages from the list
--components=A,B,C use packages from the listed components of the
archive
--variant=X use variant X of the bootstrap scripts
(currently supported variants: buildd, fakechroot,
scratchbox, minbase)
--keyring=K check Release files against keyring K
--no-check-gpg avoid checking Release file signatures
--no-resolve-deps don't try to resolve dependencies automatically
--unpack-tarball=T acquire .debs from a tarball instead of http
--make-tarball=T download .debs and create a tarball (tgz format)
--second-stage-target=DIR
Run second stage in a subdirectory instead of root
(can be used to create a foreign chroot)
(requires --second-stage)
--extractor=TYPE override automatic .deb extractor selection
(supported: dpkg-deb ar)
--debian-installer used for internal purposes by debian-installer
--private-key=file read the private key from file
--certificate=file use the client certificate stored in file (PEM)
--no-check-certificate do not check certificate against certificate authoritiesdebootstrap bootstraps a basic Debian system of SUITE into TARGET from MIRROR by running SCRIPT. MIRROR can be an http:// or https:// URL, a file:/// URL, or an ssh:/// URL.
MIRROR 一般默认使用官方的源构建,这个源默认是在/usr/share/debootstrap/scripts/的构建脚本中设置的,直接加在命令行会覆盖里面的设置
SCRIPT debootstrap做镜像构建的参考脚本,默认使用/usr/share/debootstrap/scripts/目录下的,可以自己编写。
root@ubuntu:~# ls /usr/share/debootstrap/scripts/
breezy etch-m68k hoary jessie maverick potato sarge sid trusty warty woody
dapper feisty hoary.buildd karmic natty precise sarge.buildd squeeze unstable warty.buildd woody.buildd
edgy gutsy intrepid lenny oldstable quantal sarge.fakechroot stable utopic wheezy xenial
etch hardy jaunty lucid oneiric raring saucy testing vivid wily2.3 制作镜像
debootstrap --variant=buildd --arch=amd64 trusty zhai-trusty http://mirrors.163.com/ubuntu/
tar -C zhai-trusty -c . | docker import - zhai-trusty
root@ubuntu:~# debootstrap --variant=buildd --arch=amd64 trusty trusty http://mirrors.163.com/ubuntu/
I: Retrieving Release
I: Retrieving Release.gpg
I: Checking Release signature
I: Valid Release signature (key id 790BC7277767219C42C86F933B4FE6ACC0B21F32)
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Checking component main on http://mirrors.163.com/ubuntu...
I: Retrieving adduser 3.113+nmu3ubuntu3
I: Validating adduser 3.113+nmu3ubuntu3
I: Retrieving apt 1.0.1ubuntu2
I: Validating apt 1.0.1ubuntu2
。。。
I: Base system installed successfully.
查看安装好的镜像:
root@ubuntu:~# ls zhai-trusty/
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
对比ISO镜像文件,可看出这两个镜像中的文件明显的不同:
root@ubuntu:~# mount -o loop ubuntu-14.04.3-server-amd64.iso /root/tmp/
mount: block device /root/ubuntu-14.04.3-server-amd64.iso is write-protected, mounting read-only
root@ubuntu:~# ls tmp/
boot dists doc EFI install isolinux md5sum.txt pics pool preseed README.diskdefines ubuntu
root@ubuntu:~# umount tmp/
3 把ISO制作成qcow2格式的VM文件,再导入docker
3.1 把ISO制作成qcow2文件
3.2 用guestmount修改qcow2镜像文件
命令:
guestmount -a zhai_ubuntu_14.14.4.qcow2 -i --rw /mnt/zhai-trusty
对镜像做相关的修改,再打包导入docker
4 使用官方构建脚本
使用官方的构建脚本,在github上官方源码里面就有。
git clone https://github.com/dotcloud/docker.git
cd docker/contrib
./mkimage-debootstrap.sh ubuntu12 precise http://mirrors.sohu.com/ubuntu/
可以看到自动制作镜像,并且自动提交。
5 Dockerfile配置文件来制作镜像
FROM scratch
ADD trusty-core-amd64.tar.gz /
# a few minor docker-specific tweaks
# see https://github.com/dotcloud/docker/blob/master/contrib/mkimage/debootstrap
RUN echo '#!/bin/sh' > /usr/sbin/policy-rc.d \
&& echo 'exit 101' >> /usr/sbin/policy-rc.d \
&& chmod +x /usr/sbin/policy-rc.d \
\
&& dpkg-divert --local --rename --add /sbin/initctl \
&& cp -a /usr/sbin/policy-rc.d /sbin/initctl \
&& sed -i 's/^exit.*/exit 0/' /sbin/initctl \
\
&& echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \
\
&& echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean \
&& echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean \
&& echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean \
\
&& echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages \
\
&& echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes
# delete all the apt list files since they're big and get stale quickly
RUN rm -rf /var/lib/apt/lists/*
# this forces "apt-get update" in dependent images, which is also good
# enable the universe
RUN sed -i 's/^#\s*\(deb.*universe\)$/\1/g' /etc/apt/sources.list
# upgrade packages for now, since the tarballs aren't updated frequently enough
RUN apt-get update && apt-get dist-upgrade -y && rm -rf /var/lib/apt/lists/*
# overwrite this with 'CMD []' in a dependent Dockerfile
CMD ["/bin/bash"]There are lots more resources available to help you write your ‘Dockerfile`.
- There’s a complete guide to all the instructions available for use in a
Dockerfilein the reference section. - To help you write a clear, readable, maintainable
Dockerfile, we’ve also written aDockerfileBest Practices guide. - If your goal is to create a new Official Repository, be sure to read up on Docker’s Official Repositories.
参考:
1 Debootstrap: https://wiki.debian.org/zh_CN/Debootstrap
2 使用febootstrap制作CentOS镜像:http://blog.csdn.net/s1234567_89/article/details/50698111
3Docker Official Images:https://github.com/docker-library/official-images
4 Dockerfile: https://github.com/tianon/docker-brew-ubuntu-core/blob/2b105575647a7e2030ff344d427c3920b89e17a9/trusty/Dockerfile
5 Dockerfile配置文件来制作镜像
权威|前沿|技术|干货|国内首个API全生命周期开发者社区
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)