1 Dockerfile结构
基础镜像信息
镜像操作指令
容器启动时执行指令
2 FROM
指定基础镜像,用于继承其他镜像使用的
FROM ubuntu:14.06 FROM centos FROM nginx:latest
3 LABEL
镜像创建者的基本信息
4 ENV
定义Docker容器内的环境变量,使用ENV声明变量
- ENV # 只能设置一个变量
- ENV = … # 允许一次设置多个变量
ENV <key> <value> 指定一个环境变量,会被后续RUN指令使用,并在容器运行时保持 示例: ENV TZ "Asia/Shanghai"
例如,在Dockerfile容器声明一个变量
FROM centos:7 LABEL darren darren@gmail.com ENV TZ "Asia/Shanghai" RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "$TZ" ADD ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key ADD ssh_host_ed25519_key /tmp/ssh_host_ed25519_key ADD ssh_host_rsa_key /tmp/ssh_host_rsa_key #CMD ["/usr/sbin/sshd", "-D"]
5 ADD
将复制指定的 到容器中
ADD <src> <dest> 复制指定的<src>到容器中的<dest> <src>可以是dockerfile所在目录的一个相对路径,也可以是一个url,或者tar文件(会自动解压缩) 示例: ADD aliyun-mirror.repo /etc/yum.repos.d/CentOS-Base.repo
源不能是绝对路径,必须是相对于Dockerfile的相对路径,例如如下操作
[root@docker-server3 openssh]# mkdir keys
[root@docker-server3 openssh]# mv ssh_host_* keys/
[root@docker-server3 openssh]# vi Dockerfile
FROM centos:7 LABEL darren darren@gmail.com ENV TZ "Asia/Shanghai" RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "$TZ" ADD keys/ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key ADD keys/ssh_host_rsa_key /tmp/ssh_host_rsa_key #CMD ["/usr/sbin/sshd", "-D"]
6 COPY
将复制本地主机的 (为 Dockerfile 所在目录的相对路径)到容器中的
COPY <src> <dest> 与ADD类似 目录路径不存在时,会自动创建 示例: COPY aliyun-mirror.repo /etc/yum.repos.d/CentOS-Base.repo
ADD和COPY的区别
在上面的那个ADD情况下,ADD和COPY没有任何区别
ADD与COPY是完全不同的命令。COPY是这两个中最简单的,它只是从主机复制一份文件或者目录到镜像里。ADD同样可以这么做,但是它还有更神奇的功能,像解压TAR文件或从远程URLs获取文件。为了降低Dockerfile的复杂度以及防止意外的操作,最好用COPY来复制文件。Best Practices for Writing Dockerfiles建议尽量使用COPY,并使用RUN与COPY的组合来代替ADD,这是因为虽然COPY只支持本地文件拷贝到container,但它的处理比ADD更加透明,建议只在复制tar文件时使用ADD,如ADD trusty-core-amd64.tar.gz /。
例如使用这种方式进行拷贝
[root@docker-server3 openssh]# tar zcf keys.tar.gz keys
[root@docker-server3 openssh]# vi Dockerfile
FROM centos:7 LABEL darren darren@gmail.com ENV TZ "Asia/Shanghai" RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "$TZ" #ADD keys/ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key #ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key #COPY keys/ssh_host_rsa_key /tmp/ssh_host_rsa_key COPY keys.tar.gz /keys.tar.gz RUN tar -zxf /keys.tar.gz && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ CMD ["/usr/sbin/sshd", "-D"]
[root@docker-server3 openssh]# docker build -t openssh:v1.5 .
Sending build context to Docker daemon 10.24kB Step 1/7 : FROM centos:7 ---> 5e35e350aded Step 2/7 : LABEL darren darren@gmail.com ---> Using cache ---> eb19f72c1afd Step 3/7 : ENV TZ "Asia/Shanghai" ---> Running in d8f0df141bae Removing intermediate container d8f0df141bae ---> ef9b5d7d9bb0 Step 4/7 : RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "$TZ" ---> Running in 2aef49fc1769 Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirror.pregi.net * extras: hk.mirrors.thegigabit.com * updates: hk.mirrors.thegigabit.com http://centos.uhost.hk/7.7.1908/os/x86_64/repodata/04efe80d41ea3d94d36294f7107709d1c8f70db11e152d6ef562da344748581a-primary.sqlite.bz2: [Errno 12] Timeout on http://centos.uhost.hk/7.7.1908/os/x86_64/repodata/04efe80d41ea3d94d36294f7107709d1c8f70db11e152d6ef562da344748581a-primary.sqlite.bz2: (28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds') Trying other mirror. Resolving Dependencies --> Running transaction check ---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be installed --> Processing Dependency: openssh = 7.4p1-21.el7 for package: openssh-server-7.4p1-21.el7.x86_64 --> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-7.4p1-21.el7.x86_64 --> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64 --> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64 --> Running transaction check ---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed --> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64 ---> Package openssh.x86_64 0:7.4p1-21.el7 will be installed ---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed --> Running transaction check ---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: openssh-server x86_64 7.4p1-21.el7 base 459 k Installing for dependencies: fipscheck x86_64 1.4.1-6.el7 base 21 k fipscheck-lib x86_64 1.4.1-6.el7 base 11 k openssh x86_64 7.4p1-21.el7 base 510 k tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k Transaction Summary ================================================================================ Install 1 Package (+4 Dependent packages) Total download size: 1.0 M Installed size: 3.0 M Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-1.4.1-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY Public key for fipscheck-1.4.1-6.el7.x86_64.rpm is not installed -------------------------------------------------------------------------------- Total 391 kB/s | 1.0 MB 00:02 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-7.1908.0.el7.centos.x86_64 (@CentOS) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : fipscheck-1.4.1-6.el7.x86_64 1/5 Installing : fipscheck-lib-1.4.1-6.el7.x86_64 2/5 Installing : openssh-7.4p1-21.el7.x86_64 3/5 Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/5 Installing : openssh-server-7.4p1-21.el7.x86_64 5/5 Verifying : fipscheck-lib-1.4.1-6.el7.x86_64 1/5 Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 2/5 Verifying : fipscheck-1.4.1-6.el7.x86_64 3/5 Verifying : openssh-7.4p1-21.el7.x86_64 4/5 Verifying : openssh-server-7.4p1-21.el7.x86_64 5/5 Installed: openssh-server.x86_64 0:7.4p1-21.el7 Dependency Installed: fipscheck.x86_64 0:1.4.1-6.el7 fipscheck-lib.x86_64 0:1.4.1-6.el7 openssh.x86_64 0:7.4p1-21.el7 tcp_wrappers-libs.x86_64 0:7.6-77.el7 Complete! Changing password for user natash. passwd: all authentication tokens updated successfully. Changing password for user root. passwd: all authentication tokens updated successfully. Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_ed25519_key. Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub. The key fingerprint is: SHA256:e5C8TNeWaFze+kluznGRnyGTuUPVGRMtSM7J1w7VBA0 root@2aef49fc1769 The key's randomart image is: +---[DSA 1024]----+ | ...EO*| | +...oO| | * o+o| | . o = ++o.| | S = =*.+.| | o * ...+ =| | + . .oo.o| | . =o+ | | o* | +----[SHA256]-----+ Asia/Shanghai #这里就是打印的ENV声明的变量 Removing intermediate container 2aef49fc1769 ---> e11453e3dd3b Step 5/7 : COPY keys.tar.gz /keys.tar.gz #COPY的操作 ---> bddfb2743c4d Step 6/7 : RUN tar -zxf /keys.tar.gz && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ ---> Running in eddbbc44e2a6 Removing intermediate container eddbbc44e2a6 ---> 79e6df645d78 Step 7/7 : CMD ["/usr/sbin/sshd", "-D"] ---> Running in 217fbee101d4 Removing intermediate container 217fbee101d4 ---> 90743d882696 Successfully built 90743d882696 Successfully tagged openssh:v1.5
[root@docker-server3 openssh]# docker run -d openssh:v1.5
41e2d69f3503d0cd459d1f7cd56ae9f51aaf7749bef7f79f089e551bc4de4ecb
[root@docker-server3 openssh]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 41e2d69f3503 openssh:v1.5 "/usr/sbin/sshd -D" 9 seconds ago Up 8 seconds objective_sinoussi db351e66fc63 openssh:v1.4 "/usr/sbin/sshd -D" 34 minutes ago Up 34 minutes nifty_curran f6a4ebe048cd openssh:v1.4 "/bin/bash" 35 minutes ago Exited (0) 35 minutes ago adoring_archimedes fd2c629a2b3c openssh:v1.3 "/usr/sbin/sshd -D" 42 hours ago Up 42 hours
上面这种是COPY,使用ADD操作
FROM centos:7 LABEL darren darren@gmail.com ENV TZ "Asia/Shanghai" RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "$TZ" #ADD keys/ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key #ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key #COPY keys/ssh_host_rsa_key /tmp/ssh_host_rsa_key #COPY keys.tar.gz /keys.tar.gz #RUN tar -zxf /keys.tar.gz && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ ADD keys.tar.gz / RUN cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ #少一个解压操作 CMD ["/usr/sbin/sshd", "-D"]
ADD会把压缩文件自动解压,而且会删除压缩包
7 WORKDIR
进入容器的默认路径,相当于cd,后续的RUN、CMD、ENTRYPOINT也会使用指定路径。
WORKDIR </path/to/workdir> 为后续的RUN、CMDENTRYPOINT指令配置工作目录 可以使用多个WORKDIR,后续命令如果参数是相对路径,则会基于之前命令指定的路径 示例: WORKDIR /a WORKDIR b WORKDIR c
例如在面的操作中,我们会把文件copy到/tmp下,我们可以这么设置
FROM centos:7 LABEL darren darren@gmail.com ENV TZ "Asia/Shanghai" RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "$TZ" #ADD keys/ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key #ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key #COPY keys/ssh_host_rsa_key /tmp/ssh_host_rsa_key #COPY keys.tar.gz /keys.tar.gz #RUN tar -zxf /keys.tar.gz && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ ADD keys.tar.gz / WORKDIR /tmp RUN cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key ./ CMD ["/usr/sbin/sshd", "-D"]
8 USER
指定运行容器时的用户名或UID,后续的RUN、CMD、ENTRYPOINT也会使用指定用户
当服务不需要管理员权限时,可以通过该命令指定运行用户,如果不指定就默认是root用户
USER <username>
示例:
USRE www
例指定用户为natash,那么在这个指定用户后的所有操作都将是natash
FROM centos:7 LABEL darren darren@gmail.com ENV TZ "Asia/Shanghai" RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "$TZ" #ADD keys/ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key #ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key #COPY keys/ssh_host_rsa_key /tmp/ssh_host_rsa_key #COPY keys.tar.gz /keys.tar.gz #RUN tar -zxf /keys.tar.gz && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ ADD keys.tar.gz / WORKDIR /tmp USER natash RUN cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key ./ CMD ["/usr/sbin/sshd", "-D"]
同时USER和WORKDIR可以出现多次,就是切换用户和目录的过程
9 RUN
RUN用来执行命令行命令的,只是在构建镜像build的时候执行
RUN <command> 或者 RUN ["executable","param1","param2"] 前者将在shell命令终端中执行,即/bin/sh -c ;后者使用exec执行 每条RUN指令将在当前镜像基础上执行指定命令,并提交为新的镜像 当命令较长时,可使用/换行 示例: RUN ["/bin/bash","-c","echo hello"] RUN apt install -y openssh-server
RUN在执行的时候,会多镜像层,所以尽可能在完成功能的前提下,少执行RUN,ADD,COPY等操作
比如我们对上个Dockerfile做一个优化
FROM centos:7 LABEL darren darren@gmail.com ENV TZ "Asia/Shanghai" ADD keys.tar.gz / RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "$TZ" && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ #ADD keys/ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key #ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key #COPY keys/ssh_host_rsa_key /tmp/ssh_host_rsa_key #COPY keys.tar.gz /keys.tar.gz #RUN tar -zxf /keys.tar.gz && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ #RUN cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key ./ CMD ["/usr/sbin/sshd", "-D"]
这样就少一个RUN指令,少一个镜像层,镜像层越多,性能越差
10 VOLUME
创建一个挂载点,类似于容器启动时使用的-v选项,只不过这里不能指定挂载到宿主机的位置
默认为/var/lib/docker/${文件系统名称}目录下
一般用来存放数据库和需要保持的数据
VOLUME <path> 示例: VOLUME ["data"]
11 EXPOSE
告诉docker容器需要暴露的端口,对外声明端口使用的
在启动容器时需要通过-P,docker主机会自动分配一个端口转发到指定的端口
使用-p,则可以具体指定哪个本地端口映射过来
EXPOSE <port> [<port>...] 示例: EXPOSE 22 80
例如,运行一个nginx容器
[root@docker-server3 openssh]# docker run -d nginx
[root@docker-server3 openssh]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e0847916fa35 nginx "nginx -g 'daemon of…" 14 seconds ago Up 13 seconds 80/tcp pedantic_blackburn #80端口 41e2d69f3503 openssh:v1.5 "/usr/sbin/sshd -D" 7 hours ago Up 7 hours objective_sinoussi db351e66fc63 openssh:v1.4 "/usr/sbin/sshd -D" 7 hours ago Up 7 hours nifty_curran f6a4ebe048cd openssh:v1.4 "/bin/bash" 7 hours ago Exited (0) 7 hours ago adoring_archimedes fd2c629a2b3c openssh:v1.3 "/usr/sbin/sshd -D" 2 days ago Up 2 days
意味着nginx会监听在80端口上
EXPOSE会声明监听在那个端口上,没有声明,他的端口也是打开的
FROM centos:7 LABEL darren darren@gmail.com ENV TZ "Asia/Shanghai" ADD keys.tar.gz / RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "$TZ" && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ #ADD keys/ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key #ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key #COPY keys/ssh_host_rsa_key /tmp/ssh_host_rsa_key #COPY keys.tar.gz /keys.tar.gz #RUN tar -zxf /keys.tar.gz && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ #RUN cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key ./ EXPOSE 22 80 CMD ["/usr/sbin/sshd", "-D"]
这个端口,只是声明
[root@docker-server3 openssh]# docker build -t openssh:v1.6 .
[root@docker-server3 openssh]# docker run -d openssh:v1.6
[root@docker-server3 openssh]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 131649a5d893 openssh:v1.6 "/usr/sbin/sshd -D" 5 seconds ago Up 4 seconds 22/tcp, 80/tcp zealous_poincare e0847916fa35 nginx "nginx -g 'daemon of…" 8 minutes ago Up 8 minutes 80/tcp pedantic_blackburn 41e2d69f3503 openssh:v1.5 "/usr/sbin/sshd -D" 7 hours ago Up 7 hours objective_sinoussi db351e66fc63 openssh:v1.4 "/usr/sbin/sshd -D" 7 hours ago Up 7 hours nifty_curran f6a4ebe048cd openssh:v1.4 "/bin/bash" 7 hours ago Exited (0) 7 hours ago adoring_archimedes fd2c629a2b3c openssh:v1.3 "/usr/sbin/sshd -D" 2 days ago Up 2 days
可以看到声明的两个端口22和80
查看docker的日志,docker logs +dockerid
12 HEALTHCHECK
用于检测容器指定的进程是否存活
避免进程僵死导致容器未异常退出引起的故障
HEALTHCHECK [args] CMD <指令> 示例: FROM nginx RUN apt-get update && apt-get install -y curl && rm -rf /var/lib /apt/lists/* HEALTHCHECK --interval=5s --retries=3 --timeout=3s CMD curl -fs http://localhost/ || exit 1
13 CMD
指定启动容器时执行的命令,默认执行的任务
每个Dockerfile只能有一条CMD命令,如果指定了多条,只有最后一条会被执行
如果用户启动容器时指定了运行的命令,则会覆盖掉CMD指定的命令
语法: CMD ["executable","param1","param2"] #使用exec执行,推荐的方式 CMD command param1 param2 #在/bin/sh中执行,提供给需要交互的应用 CMD ["param1","param2"] #提供给ENTRYPOINT的默认参数 示例: CMD ["supervisord","-c","/etc/supervisord.conf"]
如果不加,就没有默认指令,但是启动容器的时候也会指定一个指令
例如注释掉上个镜像的CMD指令,启动一个容器
[root@docker-server3 openssh]# vi Dockerfile
FROM centos:7 LABEL darren darren@gmail.com RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' ADD ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key ADD ssh_host_ed25519_key /tmp/ssh_host_ed25519_key ADD ssh_host_rsa_key /tmp/ssh_host_rsa_key #CMD ["/usr/sbin/sshd", "-D"]
[root@docker-server3 openssh]# docker build -t openssh:v1.4 .
Sending build context to Docker daemon 7.168kB Step 1/6 : FROM centos:7 ---> 5e35e350aded Step 2/6 : LABEL darren darren@gmail.com ---> Using cache ---> eb19f72c1afd Step 3/6 : RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' ---> Using cache ---> 2be613021085 Step 4/6 : ADD ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key ---> Using cache ---> c64f7dcda4c1 Step 5/6 : ADD ssh_host_ed25519_key /tmp/ssh_host_ed25519_key ---> Using cache ---> 86e57a7a4313 Step 6/6 : ADD ssh_host_rsa_key /tmp/ssh_host_rsa_key ---> Using cache ---> 2412a6e26b9c Successfully built 2412a6e26b9c Successfully tagged openssh:v1.4
[root@docker-server3 openssh]# docker run -d openssh:v1.4
f6a4ebe048cd04d4b7407f3f452d22d8ecfdee3b87f36a3c84524eacf467bf4d
[root@docker-server3 openssh]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f6a4ebe048cd openssh:v1.4 "/bin/bash" 4 seconds ago Exited (0) 3 seconds ago adoring_archimedes #默认执行/bin/bash,并退出 fd2c629a2b3c openssh:v1.3 "/usr/sbin/sshd -D" 41 hours ago Up 41 hours
/bin/bash指令来源于基础镜像centos:7
在命令行指定一个默认指令,启动容器效果一样
[root@docker-server3 openssh]# docker run -d openssh:v1.4 /usr/sbin/sshd -D
db351e66fc63fc4aa5f84c48a14d7ee4ced18c3a079deeae6332dfb4c8b1933
[root@docker-server3 openssh]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES db351e66fc63 openssh:v1.4 "/usr/sbin/sshd -D" 4 seconds ago Up 3 seconds nifty_curran f6a4ebe048cd openssh:v1.4 "/bin/bash" 31 seconds ago Exited (0) 29 seconds ago adoring_archimedes fd2c629a2b3c openssh:v1.3 "/usr/sbin/sshd -D" 41 hours ago Up 41 hours
使用另一种方式写CMD
FROM centos:7 LABEL darren darren@gmail.com ENV TZ "Asia/Shanghai" ADD keys.tar.gz / RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key -N '' && echo "$TZ" && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ #ADD keys/ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key #ADD keys/ssh_host_ed25519_key /tmp/ssh_host_ed25519_key #COPY keys/ssh_host_rsa_key /tmp/ssh_host_rsa_key #COPY keys.tar.gz /keys.tar.gz #RUN tar -zxf /keys.tar.gz && cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key /tmp/ #RUN cp /keys/ssh_host_ecdsa_key /keys/ssh_host_ed25519_key /keys/ssh_host_rsa_key ./ EXPOSE 22 80 #CMD ["/usr/sbin/sshd", "-D"] CMD /usr/sbin/sshd -D
[root@docker-server3 openssh]# docker build -t openssh:v1.7 .
[root@docker-server3 openssh]# docker run -d openssh:v1.7
[root@docker-server3 openssh]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 915f9a1854c6 openssh:v1.7 "/bin/sh -c '/usr/sb…" 6 seconds ago Up 5 seconds 22/tcp, 80/tcp practical_margulis 131649a5d893 openssh:v1.6 "/usr/sbin/sshd -D" 7 minutes ago Up 7 minutes 22/tcp, 80/tcp zealous_poincare e0847916fa35 nginx "nginx -g 'daemon of…" 15 minutes ago Up 15 minutes 80/tcp pedantic_blackburn 41e2d69f3503 openssh:v1.5 "/usr/sbin/sshd -D" 7 hours ago Up 7 hours objective_sinoussi db351e66fc63 openssh:v1.4 "/usr/sbin/sshd -D" 8 hours ago Up 8 hours nifty_curran f6a4ebe048cd openssh:v1.4 "/bin/bash" 8 hours ago Exited (0) 8 hours ago adoring_archimedes fd2c629a2b3c openssh:v1.3 "/usr/sbin/sshd -D" 2 days ago Up 2 days
也会运行,但是会自动运行一个/bin/sh -c 来执行我们的默认指令
第三种,只用CMD传递参数,但是必须配和ENTRYPOINT使用
14 ENTRYPOINT
配置容器启动后执行的命令
不会被docker run 提供的参数覆盖
每个Dockerfile只能有一个ENTRYPOINT,如果指定了多个,只有最后一个被执行
语法: ENTRYPOINT ["executable","param1","param2"] ENTRYPOINT command param1 param2 示例: ENTRYPOINT ["/build.sh"]
15 ONBUILD
配置当所创建的镜像作为其它新创建镜像的基础镜像时,所执行的操作指令
语法: ONBUILD [INSTRUTION] 示例: 创建镜像A: ONBUILD ADD . /app/src ONBUILD RUN /usr/local/bin/pypthon-build --dir /app/src 如果基于镜像A创建新的镜像时,新的Dockerfile使用FROM A指定基础镜像时,会自动执行ONBUILD指令内容,等价于在后面添加了两条指令: FROM A ADD . /app/src RUN /usr/local/bin/python-build --dir /app/src 使用ONBUILD指令的镜像,推荐在标签中注明,如:ruby:1.9-onbuild
16 编写Dockerfile的原则,最佳实践
尽可能让变更少的镜像层优先构建
二次构建时,利用镜像的缓存特性提升构建效率
尽可能少的使用生成镜像层的指令关键字
每使用一次指令关键字,就会创建一个新的只读层
尽可能清理不必要的文件
使构建后的镜像尽可能的小
博主声明:本文的内容来源主要来自誉天教育晏威老师,由本人实验完成操作验证,需要的博友请联系誉天教育(http://www.yutianedu.com/),获得官方同意或者晏老师(https://www.cnblogs.com/breezey/)本人同意即可转载,谢谢!