文章目錄
- 一:創建包含sshd的鏡像
- 1.1 以centos:7現有鏡像爲例,鏡像內沒有sshd和systemctl功能,需要創建新鏡像
- 1.2 查看鏡像
- 1.3 啓動容器
- 1.4 使用ssh登錄
- 1.5 查看sshd狀態,發現無法使用systemctl ,這裏再以當前sshd鏡像部署systemctl
- 二:基於ssh添加systemctl功能
- 2.1 退出,繼續創建
- 2.2 查看宿主系統掛載點,這個使核心目錄,在運行容器時,要指定掛載點爲只讀
- 2.3 構建鏡像
- 2.4 創建容器
- 2.5 這時開啓一個新終端去登錄
- 2.6 此時便可以使用systemctl了
- 2.7 此時將鏡像導出到本地,方便以後使用
- 三:創建nginx鏡像
- 四:構建tomcat鏡像
- 五:構建mysql鏡像
前言:
安裝docker-ce環境,優化網絡
#!/bin/bash
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
setenforce 0
rpm -q docker-ce && echo "docker-ce is 安裝" || echo "docker-ce is not 安裝" && exit 1
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
systemctl restart network
systemctl restart docker
一:創建包含sshd的鏡像
鏈接容器除了使用exec鏈接,還可以使用ssh
1.1 以centos:7現有鏡像爲例,鏡像內沒有sshd和systemctl功能,需要創建新鏡像
mkdir /sshd
cd /sshd
vim Dockerfile
FROM centos:7
#指定基礎鏡像
MAINTAINER to finsh sshd
#描述信息
RUN yum -y update
#更新容器yum源
RUN yum -y install openssh* net-tools lsof telnet passwd
#部署環境工具
RUN echo "123123" | passwd --stdin root
#設置root登錄密碼
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
#禁用ssh中的pam驗證,這裏使用echo ''導致Dockerfile文件中單引號沒有識別
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
#創建非對稱密鑰,並指定文件路徑
RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/ s/^/#/' /etc/pam.d/sshd
#禁用pam的ssh的pam會話模塊,這裏使用echo ''導致Dockerfile文件中單引號沒有識別
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh
#創建ssh工作目錄和權限設置
EXPOSE 22
#開放22端口
CMD ["/usr/sbin/sshd","-D"]
#容器加載時啓動sshd服務
#生成鏡像
docker build -t sshd:new .
1.2 查看鏡像
[root@gsy sshd]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd new d31bc030782a 23 seconds ago 585MB
centos 7 5e35e350aded 5 months ago 203MB
1.3 啓動容器
#並ssh修改密碼
[root@gsy sshd]# docker run -d -P sshd:new
fd7d16146e92e0c0956288ac64fed9abe4ccf7028d08dd4e95bfe37f9050c90d
[root@gsy sshd]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fd7d16146e92 sshd:new "/usr/sbin/sshd -D" 9 seconds ago Up 8 seconds 0.0.0.0:32789->22/tcp happy_hamilton
8fc55eb83b8a e018d6ade3a8 "/bin/sh -c 'sed -i …" 4 minutes ago Exited (1) 4 minutes ago cool_perlman
1.4 使用ssh登錄
[root@gsy sshd]# ssh 127.0.0.1 -p 32789
The authenticity of host '[127.0.0.1]:32789 ([127.0.0.1]:32789)' can't be established.
RSA key fingerprint is SHA256:6cwYZkYEBG+kK1QOrWTtJ/ZjLxwwnuufh/0RlEnJaCs.
RSA key fingerprint is MD5:7b:90:7c:44:ba:f4:14:75:c3:67:6c:cf:f1:a7:55:e4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:32789' (RSA) to the list of known hosts.
[email protected]'s password: 123123
[root@fd7d16146e92 ~]# ls
anaconda-ks.cfg
[root@fd7d16146e92 ~]# cd /
[root@fd7d16146e92 /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@fd7d16146e92 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 82 bytes 8653 (8.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 55 bytes 7913 (7.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
1.5 查看sshd狀態,發現無法使用systemctl ,這裏再以當前sshd鏡像部署systemctl
[root@fd7d16146e92 /]# systemctl status sshd
Failed to get D-Bus connection: Operation not permitted
二:基於ssh添加systemctl功能
2.1 退出,繼續創建
mkdir /systemctl
cd /systemctl
vim Dockerfile
FROM sshd:new
MAINTAINER to finsh systemctl
ENV container docker
RUN yum install -y vim
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *;do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
#init指執行初始化
2.2 查看宿主系統掛載點,這個使核心目錄,在運行容器時,要指定掛載點爲只讀
[root@gsy systemctl]# cd /sys/fs/cgroup/
[root@gsy cgroup]# ls
blkio cpuacct cpuset freezer memory net_cls,net_prio perf_event systemd
cpu cpu,cpuacct devices hugetlb net_cls net_prio pids
2.3 構建鏡像
[root@gsy systemctl]# docker build -t systemctl:new .
[root@gsy cgroup]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
systemctl new a2c3616f15d1 4 minutes ago 717MB
sshd new d31bc030782a 37 minutes ago 585MB
centos 7 5e35e350aded 5 months ago 203MB
2.4 創建容器
–privateged 使container內的root擁有真正的root權限,不進行降權處理。否則,container內的用戶只是外部的一個普通用戶
[root@gsy cgroup]# docker run --privileged -it --name systemctl -v /sys/fs/cgroup:/sys/fs/cgroup:ro systemctl:new sbin/init
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization docker.
Detected architecture x86-64.
Welcome to CentOS Linux 7 (Core)!
Set hostname to <48f496e4b8fc>.
[ OK ] Reached target Local File Systems.
[ OK ] Reached target Paths.
[ OK ] Reached target Swap.
[ OK ] Created slice Root Slice.
[ OK ] Listening on Journal Socket.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Created slice System Slice.
Starting Create Volatile Files and Directories...
[ OK ] Reached target Slices.
Starting Journal Service...
[ OK ] Started Create Volatile Files and Directories.
[ INFO ] Update UTMP about System Boot/Shutdown is not active.
[DEPEND] Dependency failed for Update UTMP about System Runlevel Changes.
Job systemd-update-utmp-runlevel.service/start failed with result 'dependency'.
[ OK ] Started Journal Service.
[ OK ] Reached target System Initialization.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
[ OK ] Reached target Multi-User System.
2.5 這時開啓一個新終端去登錄
[root@gsy ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
48f496e4b8fc systemctl:new "sbin/init" 58 seconds ago Up 57 seconds 22/tcp systemctl
fd7d16146e92 sshd:new "/usr/sbin/sshd -D" 39 minutes ago Up 39 minutes 0.0.0.0:32789->22/tcp happy_hamilton
8fc55eb83b8a e018d6ade3a8 "/bin/sh -c 'sed -i …" 43 minutes ago Exited (1) 43 minutes ago cool_perlman
[root@gsy ~]# docker exec -it systemctl bash
[root@48f496e4b8fc /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@48f496e4b8fc /]#
2.6 此時便可以使用systemctl了
[root@48f496e4b8fc /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:sshd(8)
man:sshd_config(5)
[root@48f496e4b8fc /]# systemctl start sshd
[root@48f496e4b8fc /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2020-04-20 14:51:15 UTC; 1s ago
備註:可以發現這時sshd並沒有設爲enable,後續可以再創建一個enable的sshd鏡像
2.7 此時將鏡像導出到本地,方便以後使用
[root@gsy ~]# docker save -o sshdsystemctl systemctl:new
[root@gsy ~]# ls -lh
total 699M
-rw-------. 1 root root 1.6K Mar 22 18:56 anaconda-ks.cfg
drwxr-xr-x. 2 root root 56 Apr 19 23:05 apache
drwxr-xr-x. 2 root root 6 Apr 6 14:51 perl5
-rw-------. 1 root root 699M Apr 20 22:56 sshdsystemctl
三:創建nginx鏡像
3.1 編輯Dockerfile
mkdir /nginx
cd /nginx
vim Dockerfile
FROM systemctl:new
MAINTAINER to finsh nginx
RUN yum -y update
RUN yum -y install gcc gcc-c++ pcre* make cmake zlib-devel openssh* net-tools lsof telnet passwd vim
ADD nginx-1.12.2.tar.gz /usr/local/src
RUN useradd -M -s /sbin/nologin nginx
WORKDIR /usr/local/src/nginx-1.12.2
RUN (./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module)
RUN make && make install
ENV PATH /usr/local/nginx/sbin/:$PATH
#RUN ln -s /usr/local/nginx/sbin/* /usr/local/sbin/
EXPOSE 80
EXPOSE 443
RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf
#指關閉守護進程啓動
CMD ["/bin/bash","/usr/local/nginx/sbin/nginx"]
3.2 構建鏡像前先查看一下文件
[root@gsy nginx]# ls
Dockerfile nginx-1.12.2.tar.gz
3.3 開始構建並創建容器
[root@gsy nginx]# docker build -t nginx:new .
[root@gsy nginx]# docker run -d --name nginx2 -P nginx:new
[root@gsy nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
75e348457107 nginx:new "/usr/local/nginx/sb…" 5 minutes ago Up 5 minutes 0.0.0.0:32798->22/tcp, 0.0.0.0:32797->80/tcp, 0.0.0.0:32796->443/tcp nginx2
48f496e4b8fc systemctl:new "sbin/init" 26 minutes ago Up 26 minutes 22/tcp systemctl
fd7d16146e92 sshd:new "/usr/sbin/sshd -D" About an hour ago Up About an hour 0.0.0.0:32789->22/tcp happy_hamilton
8fc55eb83b8a e018d6ade3a8 "/bin/sh -c 'sed -i …" About an hour ago Exited (1) About an hour ago cool_perlman
3.4 瀏覽器訪問驗證
四:構建tomcat鏡像
4.1 編輯Dockerfile
mkdir /tomcat
cd /tomcat
vim Dockerfile
FROM systemctl:new
MAINTAINER gsy
EXPOSE 8080
ADD jdk-8u201-linux-x64.rpm /usr/local/src
WORKDIR /usr/local/src
RUN rpm -ivh jdk-8u201-linux-x64.rpm
ENV JAVA_HOME /usr/java/jdk1.8.0_201-amd64
ENV CLASSPATH $JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
ENV PATH $JAVA_HOME/bin:$PATH
ADD apache-tomcat-9.0.16.tar.gz /usr/local/src
RUN mv apache-tomcat-9.0.16/ /usr/local/tomcat9
ENV PATH /usr/local/tomcat9/bin/:$PATH
ADD tomcat9.run.sh /usr/local/src
RUN chmod 755 /usr/local/src/tomcat9.run.sh
CMD ["/usr/local/src/tomcat9.run.sh"]
#ENTRYPOINT ["/usr/local/tomcat9/bin/catalina.sh","run"]
vim tomcat9.run.sh
#!/bin/bash
/usr/local/tomcat9/bin/catalina.sh run
4.2 查看目錄下文件
[root@gsy tomcat]# ls
apache-tomcat-9.0.16.tar.gz Dockerfile jdk-8u201-linux-x64.rpm tomcat9.run.sh
4.3 開始構建
[root@gsy tomcat]# docker build -t tomcat:new .
[root@gsy tomcat]# docker images | grep tomcat
tomcat new 225a1be5485f 51 seconds ago 1.32GB
[root@gsy tomcat]# docker run -d --name tomcat1 -P tomcat:new
4fe9b06ad3e02e19d8affb2338db15e41f5b59790dad98cef091a091fe268562
[root@gsy tomcat]# docker ps -a | grep tomcat
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4fe9b06ad3e0 tomcat:new "/usr/local/src/tomc…" 6 seconds ago Up 5 seconds 0.0.0.0:32807->22/tcp, 0.0.0.0:32805->8080/tcp tomcat1
4.4 驗證
4.5 備註:還有一種方法,不使用CMD,使用ENTRYPOINT
ENTRYPOINT與CMD之間的區別:
ENRYPOINT指開啓容器前鏡像就已經執行了括號內的命令
CMD是開啓容器時,要執行的指令,如果CMD與docker run中後面的命令指令優先級高的時docker run的,只會執行docker run後面的;CMD相當於啓動docker時後面添加的參數
基於Dockerfile內有CMD或者ENTRYPOINT創建鏡像時,docker run 後面就不要加指令(/bin/bash)了,會覆蓋掉Dockerfile中的指令或者語法報錯
五:構建mysql鏡像
備註:mysql使用docekr用的比較少
5.1 編輯Dokcerfile
mkdir /mysqld
cd /mysqld
vim Dockerfile
FROM systemctl:new
MAINTAINER to finsh mysqld
EXPOSE 3306
ADD mysql-boost-5.7.20.tar.gz /usr/local/src
WORKDIR /usr/local/src/mysql-5.7.20
RUN useradd mysql -M -s /sbin/nologin
RUN yum -y install \
gcc \
gcc-c++ \
make \
pcre-devel \
expat-devel \
perl \
ncurses* \
bison \
autoconf \
cmake expect
RUN cmake \
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
-DSYSCONFDIR=/etc \
-DSYSTEMD_PID_DIR=/usr/local/mysql \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DMYSQL_DATADIR=/usr/local/mysql/data \
-DWITH_BOOST=boost \
-DWITH_SYSTEMD=1
RUN make && make install
RUN chown -R mysql:mysql /usr/local/mysql/
#RUN rm -rf /etc/my.cnf
ADD my.cnf /etc/my.cnf
#也可以先刪掉文件,再添加進去
RUN chown mysql:mysql /etc/my.cnf
ENV PATH $PATH:/usr/local/mysql/bin:/usr/local/mysql/lib
RUN /usr/local/mysql/bin/mysqld \
--initialize-insecure \
--user=mysql \
--basedir=/usr/local/mysql \
--datadir=/usr/local/mysql/data
RUN cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /lib/systemd/system/
ADD run.sh /usr/local/src
RUN chmod 755 /usr/local/src/run.sh
RUN sh /usr/local/src/run.sh
CMD ["init"]
vim my.cnf
[root@localhost local]# vim /etc/my.cnf
[client]
port = 3306
default-character-set=utf8
socket = /usr/local/mysql/mysql.sock
[mysql]
port = 3306
default-character-set=utf8
socket = /usr/local/mysql/mysql.sock
[mysqld]
user = mysql
basedir = /usr/local/mysql
datadir = /usr/local/mysql/data
port = 3306
character_set_server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket = /usr/local/mysql/mysql.sock
server-id = 1
#
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
5.2 編寫run.sh
vim run.sh
#!/bin/bash
#/usr/local/mysql/bin/mysqld
#這條命令是開啓mysql,不過是在進入容器後手動開啓
systemctl enable mysqld
#設置爲開啓自啓,即當開啓容器時自動啓動
5.3 開始構建mysql鏡像
docker build -t mysql:new .
docker run -d -P --name mysqld1 --privileged mysql:new
[root@ct ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2bed4471244b mysql:new "init" 10 hours ago Up 10 hours 0.0.0.0:32775->22/tcp, 0.0.0.0:32774->3306/tcp mysqld1
5.4 中間出現的一些問題:
因爲是測試環境,出現了空間不夠的報錯,清理下docker緩存
Disk Requirements:
At least 918MB more space needed on the / filesystem.
[root@gsy lib]# docker system prune
5.5 進入容器內給數據庫權限,也可以寫sql腳本授予權限
docker exec -it mysqld1 /bin/bash
mysql -uroot -p
grant all privileges on *.* to 'root'@'%' identified by '123123';
grant all privileges on *.* to 'root'@'localhost' identified by '123123';
5.6 登錄測試
[root@ct ~]# mysql -h 192.168.247.20 -uroot -p123123 -P 32776
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.20 Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]>