vim Dockerfile
FROM sshd:new MAINTAINER lokott@123.com ENV container docker #下面的命令是放在一个镜像层中执行的,可以减少镜像层 #括号中的指令含义是遍历进入的目录文件,删除除了systemd-tmpfiles-setup.service的所有文件,之后删除一些其他文件 RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /etc/systemd/system/*.wants/*; \ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*; \ rm -f /lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"]构建运行及测试
[root@localhost systemctl]# docker build -t systemctl:new . [root@localhost systemctl]# docker run --privileged -it -v /sys/fs/cgroup/:/sys/fs/cgroup:ro systemctl:new /usr/sbin/init systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN) Detected virtualization docker. Detected architecture x86-64. Welcome to CentOS Linux 7 (Core)! Set hostname to <e99fd581042a>. [ OK ] Reached target Paths. [ OK ] Reached target Local File Systems. [ OK ] Reached target Swap. [ OK ] Created slice Root Slice. [ OK ] Listening on Journal Socket. [ OK ] Created slice System Slice. Starting Create Volatile Files and Directories... [ OK ] Listening on Delayed Shutdown Socket. [ OK ] Reached target Slices. Starting Journal Service... [ OK ] Started Create Volatile Files and Directories. [ INFO ] Update UTMP about System Boot/Shutdown is not active. [DEPEND] Dependency failed for Update UTMP about System Runlevel Changes. Job systemd-update-utmp-runlevel.service/start failed with result 'dependency'. [ OK ] Started Journal Service. [ OK ] Reached target System Initialization. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. [ OK ] Listening on D-Bus System Message Bus Socket. [ OK ] Reached target Sockets. [ OK ] Reached target Basic System. [ OK ] Reached target Multi-User System.重新开启一个终端进行测试
[root@localhost systemctl]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e99fd581042a systemctl:new "/usr/sbin/init" About a minute ago Up About a minute 22/tcp gifted_edison 8dafa05dc12f sshd:new "/usr/sbin/init" 6 minutes ago Up 6 minutes 0.0.0.0:32770->22/tcp hardcore_mccarthy c7991648efeb sshd:new "/usr/sbin/sshd -D" 27 minutes ago Up 27 minutes 0.0.0.0:32769->22/tcp jolly_ishizaka b7ec122849c6 httpd:new "/run.sh" 46 minutes ago Up 46 minutes 0.0.0.0:32768->80/tcp test [root@localhost systemctl]# docker exec -it gifted_edison /bin/bash [root@e99fd581042a /]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:sshd(8) man:sshd_config(5) [root@e99fd581042a /]# systemctl start sshd [root@e99fd581042a /]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled) Active: active (running) since Wed 2020-04-22 02:36:18 UTC; 1s ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 51 (sshd) CGroup: /docker/e99fd581042af009c4a15e9ab7bdd231c0052056051a1b18e9996f57eb7f2c6b/system.slice/sshd.service └─51 /usr/sbin/sshd -D Apr 22 02:36:18 e99fd581042a systemd[1]: Starting OpenSSH server daemon... Apr 22 02:36:18 e99fd581042a sshd[51]: WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several problems. Apr 22 02:36:18 e99fd581042a sshd[51]: Server listening on 0.0.0.0 port 22. Apr 22 02:36:18 e99fd581042a sshd[51]: Server listening on :: port 22. Apr 22 02:36:18 e99fd581042a systemd[1]: Started OpenSSH server daemon. #开启sshd服务后进行访问宿主机测试成功 [root@e99fd581042a /]# ssh 20.0.0.149 -p 22 The authenticity of host '20.0.0.149 (20.0.0.149)' can't be established. ECDSA key fingerprint is SHA256:pT/8N0H/tNaMm4Zqh7u28Jm5EtmDkidSaih4lWzFIQY. ECDSA key fingerprint is MD5:16:47:40:1f:40:1b:34:e9:ff:f9:15:7b:0b:f4:02:8b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '20.0.0.149' (ECDSA) to the list of known hosts. root@20.0.0.149's password: Last login: Wed Apr 22 10:35:20 2020 from 20.0.0.149 [root@localhost ~]# exit 登出 Connection to 20.0.0.149 closed. [root@e99fd581042a /]# exit exit 总结 本文回顾了Dockerfile,结合三个案例(httpd服务、sshd服务、systemd服务)来深入理解Dockerfile构建镜像的过程。其中我们需要理解的是
1、每个服务都需要有自己的目录和文件
2、Dockerfile的分层和中间缓存镜像和容器的创建和删除特点
3、--privileged的作用
4、体会整个从构建镜像、创建运行容器到测试验证的过程
谢谢阅读!
Linux公社的RSS地址:https://www.linuxidc.com/rssFeed.aspx