【Docker】Docker学习④ - Docker镜像与制作

四、Docker镜像与制作

docker镜像有没有内核？

• 从镜像大小上面来说，一个比较小的镜像只有十几MB，而内核文件需要一百多兆，因此镜像里面是没有内核的，镜像在被启动为容器后将直接使用宿主机的内核，而镜像本身则只提供相应的rootfs，即系统正常运行所必须的用户空间的文件系统，比如/dev,/proc,/bin,/etc等目录，所以容器当中基本是没有/boot目录的，而/boot当中保存的就是与内核相关的文件和目录。

为什么没有内核？

• 由于容器启动和运行过程中是直接使用了宿主机的内核，所以没有直接调用过物理硬件，所以也不会涉及到硬件驱动，因此也用不上内核和驱动，另外有内核的那是虚拟机。

1. 手动制作yum版nginx镜像

Docker制作类似于虚拟机的镜像制作，即按照公司的实际业务需求将需要安装的软件、相关配置等基础环境配置完成，然后将其做成镜像，最后再批量从镜像批量生产实例，这样可以极大的简化相同环境的部署工作，Docker的镜像制作分为手动制作和自动制作（基于DockerFile），企业通常都是基于Dockerfile制作精细，其中手动制作镜像步骤具体如下：

• 1.1 下载镜像并初始化系统
  基于某个基础镜像之上重新制作，因此需要先有一个基础镜像，本次使用官方提供的centos镜像为基础：

    docker pull centos
	docker run -it docker.io/centos /bin/bash
	yum install wget -y
	cd /etc/yum.repos.d/
	rm -rf ./* #更改yum源
	wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo
	wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

• 1.2 yum安装并配置nginx

	yum install nginx -y 
	yum install -y vim wget pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop 

• 1.3 关闭nginx后台运行

	vim /etc/nginx/nginx.conf
	user nginx;
	worker_processes auto;
	error_log /var/log/nginx/error.log;
	pid /run/nginx.pid;
	daemon off;#关闭后台运行

• 1.4 自定义web页面

	vim /usr/share/nginx/html/index.html
	cat /usr/share/nginx/html/index.html
	Docker Yum Nginx #自定义web界面

• 1.5 提交为镜像
  在宿主机基于容器ID提交为镜像
  docker commit --help
  日志：

	[root@gbase8c_private ~]# docker commit --help
	Usage:	docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
	Create a new image from a container's changes
	Options:
	-a, --author string    Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
	-c, --change list      Apply Dockerfile instruction to the created image
	-m, --message string   Commit message
	-p, --pause            Pause container during commit (default true)

docker commit -a “123456789@qq.com” -m “nginx yum v1” --change=“EXPOSE 80 443” 容器ID centos-nginx:v1
日志：

	[root@gbase8c_private ~]# docker commit -a "123456789@qq.com" -m "nginx yum v1" --change="EXPOSE 80 443" 6806eb0bfd6b centos-nginx:v1
	sha256:a93983db5db7f14b028edf94407ed1352efadf62dac88f6806366379a943403e

• 1.6 带tag的镜像提交
  提交的时候标记tag号，标记tag号，生产当中比较常用，后期可以根据tag标记创建不同版本的镜像以及创建不同版本的容器
  docker commit -m “nginx image” 容器ID jack/centos-nginx:v1
  日志:

	[root@gbase8c_private ~]# docker commit -m "nginx image" 6806eb0bfd6b jack/centos-nginx:v1
	sha256:cd4faded8f63c375fbc924ab20173f00cecb4cb52ea0fbfb3041d41fb327c343
	[root@gbase8c_private ~]# docker images -a
	REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
	jack/centos-nginx   v1                  cd4faded8f63        59 seconds ago      431MB
	centos-nginx        v1                  a93983db5db7        2 minutes ago       431MB

• 1.7 从自己镜像启动容器
  docker run -d -p 80:80 --name my-centos-nginx jack/centos-nginx /usr/sbin/nginx
  日志：

	[root@gbase8c_private ~]# docker run -d -p 80:80 --name my-centos-nginx centos-nginx:v1 /usr/sbin/nginx
	6cbb96e413b80336172714736302bdae09e5351e844a209518e09160fb9cb5c5

2. DockerFile制作yum版nginx镜像

DockerFile可以说是一种可以被Docker程序解释的脚本，DockerFile是由一条条的命令组成的，每条命令对应linux下面的一条命令，Docker程序将这些DockerFile指令再翻译成真正的linux命令，其有自己的书写方式和支持的命令，Docker程序读取DockerFile并根据指令生成Docker镜像，相比手动制作镜像的方式，DockerFile更能直观的展示镜像是怎么产生的，有了DockerFile，当后期有额外的需求时，只要在之前的DockerFile添加或者修改相应的命令即可重新生成新的Docker镜像，避免了重复手动制作镜像的麻烦，具体如下：

• 2.1 下载镜像并初始化系统

	docker pull centos
	docker run -it docker.io/centos /bin/bash
	cd /opt/
	mkdir dockerfile/{web/{nginx,tomcat,jdk,apache},system/{centos,ubuntu,redhat}} -pv

目录结构按照业务类型或系统类型等方式划分，方便后期镜像比较多的时候进行分类

• 2.2 编写Dockerfile
  cd /opt/dockerfile/web/nginx
  vim ./Dockerfile #生成镜像的时候，会在执行命令的当前目录查找Dockerfile文件，所以名称不可写错，而且D必须大写

#My Dockerfile
#"#"为注释，等于shell脚本中的#
#除了注释行之外的第一行，必须是From xxx(xxx是基础镜像)
#第一行先定义基础镜像，后面的本地有效的镜像名，如果本地没有会从远程仓库下载，第一行很重要
From centos 

#镜像维护者的信息
MAINTAINER jack.Zhang 123456@qq.com

#########其他可选参数###########
#USER  #指定该容器运行时的用户名和UID，后续的RUN命令也会使用这里指定的用户执行
#WORKDIR /a
#WORKDIR b #指定工作目录，最终为/a/b
#VOLUME ["/dir_1","/dir_2"]  #设置容器挂载主机目录
#ENV name jack #设置容器变量，常用于向容器内传递用户密码等

################################
#执行的命令，将编译安装nginx的步骤执行一遍
RUN rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
#以下为centos8需要
RUN sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
RUN sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop make
#自动解压压缩包
ADD nginx-1.22.1.tar.gz /usr/local/src/  
RUN cd /usr/local/src/nginx-1.22.1 && ./configure --prefix=/usr/local/nginx --with-http_sub_module && make && make install
RUN cd /usr/local/nginx
ADD nginx.conf /usr/local/nginx/conf/nginx.conf
RUN useradd nginx -s /sbin/nologin
RUN ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx
RUN echo "test nginx page" > /usr/local/nginx/html/index.html
EXPOSE 80 443  
#向外开放的端口，多个端口用空格做间隔，启动容器时候-p需要使用此端口向外映射，如-p 8081:80,则80就是这里的80
CMD ["nginx"] 
#运行的命令，每个Dockerfile只能有一条，如果有多条则只有最后一条被执行
#如果再从该镜像启动容器的时候也指定了命令，那么指定的命令会覆盖Dockerfile构建的镜像里面的CMD命令，即指定的命令优先级更高，Dockerfile的优先级较低一些

• 2.3 准备源码包与配置文件

[root@gbase8c_private nginx]# cp /usr/local/nginx/conf/nginx.conf .    #配置文件关闭后台运行
[root@gbase8c_private nginx]# cp /usr/local/src/nginx-1.22.1.tar.gz .   #nginx 源码包

• 2.4 执行镜像构建
  docker build -t jack/nginx-1.22.1:v1 /opt/dockerfile/web/nginx
  日志：

	[root@gbase8c_private nginx]# docker build -t jack/nginx-1.22.1:v1 /opt/dockerfile/web/nginx
	Sending build context to Docker daemon  1.082MB
	Step 1/15 : From centos
	---> 5d0da3dc9764
	Step 2/15 : MAINTAINER jack.Zhang 123456@qq.com
	---> Using cache
	---> 43ec73180728
	Step 3/15 : RUN rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
	---> Using cache
	---> e143ccac7d7d
	Step 4/15 : RUN sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
	---> Using cache
	---> b844d534721f
	Step 5/15 : RUN sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
	---> Using cache
	---> 9e3a042b490c
	Step 6/15 : RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop make
	---> Using cache
	---> df76eecdf09f
	Step 7/15 : ADD nginx-1.22.1.tar.gz /usr/local/src/
	---> Using cache
	---> 98025681ea35
	Step 8/15 : RUN cd /usr/local/src/nginx-1.22.1 && ./configure --prefix=/usr/local/nginx --with-http_sub_module && make && make install
	---> Using cache
	---> 96186cea028e
	Step 9/15 : RUN cd /usr/local/nginx
	---> Using cache
	---> 4156022d8485
	Step 10/15 : ADD nginx.conf /usr/local/nginx/conf/nginx.conf
	---> Using cache
	---> 1c048d8e231e
	Step 11/15 : RUN useradd nginx -s /sbin/nologin
	---> Using cache
	---> b354065c9fc2
	Step 12/15 : RUN ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx
	---> Using cache
	---> a5b3a6e665f3
	Step 13/15 : RUN echo "test nginx page" > /usr/local/nginx/html/index.html
	---> Running in 7d4595c415e8
	Removing intermediate container 7d4595c415e8
	---> 242a23ccac4c
	Step 14/15 : EXPOSE 80 443
	---> Running in 7fd3a8e9c72d
	Removing intermediate container 7fd3a8e9c72d
	---> 280671c13521
	Step 15/15 : CMD ["nginx"]
	---> Running in 866bfe9c8e53
	Removing intermediate container 866bfe9c8e53
	---> fdfce08f491f
	Successfully built fdfce08f491f
	Successfully tagged jack/nginx-1.22.1:v1
	[root@gbase8c_private nginx]# docker images
	REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
	jack/nginx-1.22.1   v1                  fdfce08f491f        30 seconds ago      638MB

• 2.5 从镜像启动容器
  docker run -d -p 80:80 --name yum-nginx jack/nginx-1.22.1:v1 /usr/sbin/nginx
  日志：

	[root@gbase8c_private nginx]# docker run -d -p 80:80 --name yum-nginx  jack/nginx-1.22.1:v1 /usr/sbin/nginx
	2649a84740d66098c1841387d306a245ee618f12a0df143ab0be5d7ab93c9c9d
	[root@gbase8c_private nginx]# docker ps -a 
	CONTAINER ID        IMAGE                  COMMAND                   CREATED             STATUS                         PORTS               NAMES
	2649a84740d6        jack/nginx-1.22.1:v1   "/usr/sbin/nginx"         16 seconds ago      Exited (1) 15 seconds ago                          yum-nginx

↑容器并未成功启动，问题原因：

	[root@gbase8c_private nginx]# docker logs cb332665fbdf
	nginx: [emerg] open() "/var/log/nginx/error.log" failed (2: No such file or directory)
	nginx: [emerg] open() "/var/log/nginx/error.log" failed (2: No such file or directory)
	nginx: [emerg] open() "/var/log/nginx/error.log" failed (2: No such file or directory)
	[root@gbase8c_private nginx]# head -n 10 nginx.conf 
	#user  nobody;
	user nginx;
	worker_processes auto;
	error_log /var/log/nginx/error.log;  - 》》》 /run/error.log
	pid /run/nginx.pid;
	daemon off;

• ?原因：在 Docker 容器里面使用 root 用户的话，是不安全的，很容易出现越权的安全问题，所以一般情况下，我们都会使用普通用户来代替 root 进行服务的启动和管理的。
• ?解决办法：发现还是 nginx.conf 配置文件，配置的有问题，需要将 Nginx 服务启动时候需要的文件都配置到一个无权限的目录，即可解决

3. 手动制作编译版本nginx镜像

过程为在centos基础镜像之上手动安装nginx，然后再提交为镜像

• 3.1 下载镜像并初始化系统

	docker pull centos
	docker run -it docker.io/centos /bin/bash
	yum install wget -y
	cd /etc/yum/repos.d/
	sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
	sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*

?不行再慎用↓

	rm -rf ./* #更改yum源
	wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo
	wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

• 3.2 编译安装nginx

	yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop make
	cd /usr/local/src/
	wget http://nginx.org/download/nginx-1.22.1.tar.gz
	tar xvf nginx-1.22.1.tar.gz
	cd nginx-1.22.1
	./configure --prefix=/usr/local/nginx --with-http_sub_module
	make && make install

• 3.3 关闭nginx后台运行

	vim /usr/local/nginx/conf/nginx.conf
	user nginx;
	worker_processes  auto;
	daemon off;
	ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx #创建软连

• 3.4 创建用户及授权

	useradd nginx -s /sbin/nologin
	chown nginx.nginx /usr/local/nginx -R

• 3.5 自定义web界面

	echo "My Nginx Test Page" > /usr/local/nginx/html/index.html

• 3.6 提交为镜像

	docker commit -m "test nginx" 88c367f1f97f jack/nginx-test-image:v1

• 3.7 从自己的镜像启动容器

	docker run -d -p 80:80 --name my-centos-nginx jack/nginx-test-image:v1 /usr/sbin/nginx

• 3.8 查看nginx访问日志
  日志：

	[root@gbase8c_private nginx]# docker run -d -p 80:80 --name my-centos-nginx jack/nginx-test-image:v1 /usr/sbin/nginx
	e21b3af797570e7cd0a1426a74fa2953e282175e0793df70dc351fdf8767a036
	[root@gbase8c_private nginx]# docker ps -a
	CONTAINER ID        IMAGE                      COMMAND             CREATED             STATUS                      PORTS                NAMES
	e21b3af79757        jack/nginx-test-image:v1   "/usr/sbin/nginx"   4 seconds ago       Up 3 seconds                0.0.0.0:80->80/tcp   my-centos-nginx
	88c367f1f97f        centos                     "/bin/bash"         9 minutes ago       Exited (0) 2 minutes ago                         naughty_noyce
	7929901f31c9        jack/nginx-1.22.1:v1       "/usr/sbin/nginx"   27 minutes ago      Exited (0) 19 seconds ago                        yum-nginx
	[root@gbase8c_private nginx]# docker inspect -f "{{.State.Pid}}" e21b3af79757
	16623
	[root@gbase8c_private nginx]# nsenter -t 16623 -m -u -i -n -p
	[root@e21b3af79757 /]# tail -f /usr/local/nginx/logs/access.log 
	192.168.56.1 - - [28/Nov/2023:14:33:18 +0000] "GET / HTTP/1.1" 200 19 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
	192.168.56.1 - - [28/Nov/2023:14:35:02 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
	192.168.56.1 - - [28/Nov/2023:14:35:03 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
	192.168.56.1 - - [28/Nov/2023:14:35:03 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"

4. 自定义tomcat镜像

基于官方提供的centos 基础镜像构建JDK和tomcat镜像，先构建JDK镜像，然后再基于JDK镜像构建tomcat镜像

• 4.1 构建JDK镜像

	docker pull centos
	mkdir /opt/dockerfile/{web/{nginx,tomcat,jdk,apache},system/{centos,ubuntu,redhat}} -pv
	cd /opt/dockerfile/web/jdk
	vim Dockerfile
#JDK Base Image
FROM centos:latest
MAINTAINER jack.Zhang 123456@qq.com
ADD jdk-8u391-linux-x64.tar.gz /usr/local/src/
RUN ln -sv /usr/local/src/jdk1.8.0_391 /usr/local/jdk
ADD profile /etc/profile
ENV JAVA_HOME /usr/local/jdk
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
ENV PATH $PATH:$JAVA_HOME/bin
RUN rm -rf /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo "Asia/Shanghai" > /etc/timezone

• 4.2 上传JDK压缩包和profile文件
  将JDK压缩包上传到Dockerfile当前目录，然后执行构建：
• 4.3 执行构建镜像

	cat build-command.sh
#!/bin/bash
docker build -t centos-8-jdk:v1 .

日志：

	[root@gbase8c_private jdk]# bash build-command.sh 
	Sending build context to Docker daemon  141.9MB
	Step 1/10 : FROM centos-7.5:latest
	pull access denied for centos-7.5, repository does not exist or may require 'docker login'
	[root@gbase8c_private jdk]# vim Dockerfile 
	[root@gbase8c_private jdk]# bash build-command.sh 
	Sending build context to Docker daemon  141.9MB
	Step 1/10 : FROM centos:latest
	---> 5d0da3dc9764
	Step 2/10 : MAINTAINER jack.Zhang 123456@qq.com
	---> Using cache
	---> 43ec73180728
	Step 3/10 : ADD jdk-8u391-linux-x64.tar.gz /usr/local/src/
	---> 21764746d490
	Step 4/10 : RUN ln -sv /usr/local/src/jdk-8u391-linux-x64/usr/local/jdk
	---> Running in a22ecd27e9f8
	'./jdk' -> '/usr/local/src/jdk-8u391-linux-x64/usr/local/jdk'
	Removing intermediate container a22ecd27e9f8
	---> 2f99e9a548c1
	Step 5/10 : ADD profile /etc/profile
	---> aef302c8a3da
	Step 6/10 : ENV JAVA_HOME /usr/local/jdk
	---> Running in 47c346592718
	Removing intermediate container 47c346592718
	---> da9972f86cd2
	Step 7/10 : ENV JRE_HOME $JAVA_HOME/jre
	---> Running in c83345919c81
	Removing intermediate container c83345919c81
	---> 460916698ef9
	Step 8/10 : ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
	---> Running in 5114c8a4b7d9
	Removing intermediate container 5114c8a4b7d9
	---> d1d448d0c77c
	Step 9/10 : ENV PATH $PATH:$JAVA_HOME/bin
	---> Running in ae28d4c66b9e
	Removing intermediate container ae28d4c66b9e
	---> 3ae8ad1733b5
	Step 10/10 : RUN rm -rf /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo "Asia/Shanghai" > /etc/timezone
	---> Running in 2690a5bb592f
	Removing intermediate container 2690a5bb592f
	---> 2db525ca3854
	Successfully built 2db525ca3854
	Successfully tagged centos-8-jdk:v1

• 4.4 从镜像启动容器

	docker run -it centos-8-jdk bash
	docker run -it --rm centos-8-jdk:v1 bash
	[root@gbase8c_private jdk]# docker run -it --rm centos-8-jdk:v1 bash
	[root@76ab942d4101 /]# java -version
	java version "1.8.0_391"
	Java(TM) SE Runtime Environment (build 1.8.0_391-b13)
	Java HotSpot(TM) 64-Bit Server VM (build 25.391-b13, mixed mode)
	[root@76ab942d4101 /]# date
	Thu Dec  7 21:48:47 CST 2023

• 4.5 将镜像上传到harbor

	docker push centos-8-jdk:v1
	docker tag centos-8-jdk:v1 192.168.56.199/jdk/centos-8-jdk:v1

日志：

	[root@gbase8c_private harbor]# docker push 192.168.56.199/jdk/centos-8-jdk:v1
	The push refers to repository [192.168.56.199/jdk/centos-8-jdk]
	7fea194b5bd5: Pushed 
	fd55b5f95a06: Pushed 
	9bf99e4f3d89: Pushed 
	a74f8d8f2d28: Pushed 
	74ddd0ec08fa: Pushed 
	v1: digest: sha256:d43557182e4e243522036f884d79d7b8c3ccc3eaf727a3bdd56a44ce20976583 size: 1363

• 4.6 下载镜像并启动JDK容器
  日志：

	[root@gbase8c_private harbor]# docker pull 192.168.56.199/jdk/centos-8-jdk:v1
	v1: Pulling from jdk/centos-8-jdk
	Digest: sha256:d43557182e4e243522036f884d79d7b8c3ccc3eaf727a3bdd56a44ce20976583
	Status: Image is up to date for 192.168.56.199/jdk/centos-8-jdk:v1
	[root@gbase8c_private harbor]# docker run -it --rm 192.168.56.199/jdk/centos-8-jdk:v1 bash
	[root@5b4cfa6cbf5a /]# date
	Sun Dec 10 20:38:53 CST 2023
	[root@5b4cfa6cbf5a /]# java -version
	java version "1.8.0_391"
	Java(TM) SE Runtime Environment (build 1.8.0_391-b13)
	Java HotSpot(TM) 64-Bit Server VM (build 25.391-b13, mixed mode)

• 4.7 从JDK镜像构建tomcat 8 Base 镜像：
  • 4.7.1 编辑DockerFile：

	cd /opt/dockerfile/system/centos/tomcat8-base
	vim Dockerfile
#Tomcat Base Image
From 192.168.56.199/jdk/centos-8-jdk:v1
RUN useradd www -u 2000

#ADD del_tomcatlog.sh /root/script
#RUN echo "0 2 * * * /bin/bash /root/script/del_tomcatlog.sh &> /dev/null" >> /var/spool/cron/root

#env settinf
ENV TZ "Asiz/Shanghai"
ENV LANG en_US.UTF-8
ENV TERM xterm
ENV TOMCAT_MAJOR_VERSION 8
ENV TOMCAT_MINOR_VERSION 8.5.96
ENV CATALINA_HOME /apps/tomcat
ENV APP_DIR ${CATALINA_HOME}/webapps

#tomcat settinf
RUN mkdir /apps
ADD apache-tomcat-8.5.96.tar.gz /apps
RUN ln -sv /apps/apache-tomcat-8.5.96 /apps/tomcat

• 4.7.2 通过脚本构建tomcat基础镜像

	cat build-command.sh 
	#!/bin/bash
	docker build -t tomcat8-base:v1 .

日志：

	[root@gbase8c_private tomcat8-base]# bash build-command.sh 
	Sending build context to Docker daemon  10.78MB
	Step 1/12 : From 192.168.56.199/jdk/centos-8-jdk:v1
	---> a2b742b94015
	Step 2/12 : RUN useradd www -u 2000
	---> Running in d19d27df0448
	Removing intermediate container d19d27df0448
	---> 1bf6e78dc7c7
	Step 3/12 : ENV TZ "Asiz/Shanghai"
	---> Running in a99f9eb322cc
	Removing intermediate container a99f9eb322cc
	---> 95c6a3cefc7f
	Step 4/12 : ENV LANG en_US.UTF-8
	---> Running in 805840b54de5
	Removing intermediate container 805840b54de5
	---> 7aab23b04eef
	Step 5/12 : ENV TERM xterm
	---> Running in 4ae0182d2195
	Removing intermediate container 4ae0182d2195
	---> 0804043c7b14
	Step 6/12 : ENV TOMCAT_MAJOR_VERSION 8
	---> Running in c825fe92e42d
	Removing intermediate container c825fe92e42d
	---> 4d6fcd259f9c
	Step 7/12 : ENV TOMCAT_MINOR_VERSION 8.5.96
	---> Running in b4b7a0ed2797
	Removing intermediate container b4b7a0ed2797
	---> 626d7d9d2478
	Step 8/12 : ENV CATALINA_HOME /apps/tomcat
	---> Running in 37e5aff7d23c
	Removing intermediate container 37e5aff7d23c
	---> eb992444e7f6
	Step 9/12 : ENV APP_DIR ${CATALINA_HOME}/webapps
	---> Running in de3421e3d164
	Removing intermediate container de3421e3d164
	---> 03766db8ca90
	Step 10/12 : RUN mkdir /apps
	---> Running in 5ba348fd64b4
	Removing intermediate container 5ba348fd64b4
	---> 5d60c75f47ec
	Step 11/12 : ADD apache-tomcat-8.5.96.tar.gz /apps
	---> cac315a6fd1b
	Step 12/12 : RUN ln -sv /apps/apache-tomcat-8.5.96 /apps/tomcat
	---> Running in 919329b80388
	'/apps/tomcat' -> '/apps/apache-tomcat-8.5.96'
	Removing intermediate container 919329b80388
	---> 2ab037a507a7
	Successfully built 2ab037a507a7
	Successfully tagged tomcat8-base:v1
	[root@gbase8c_private tomcat8-base]# docker images
	REPOSITORY                        TAG                 IMAGE ID            CREATED             SIZE
	tomcat8-base                      v1                  2ab037a507a7        8 seconds ago       597MB

• 4.8 构建业务镜像1、2
  创建tomcat-app1 和 tomcat-app2两个目录，代表不同的两个基于tomcat的业务。
  • 4.8.1 准备Dockerfile

	cd /opt/dockerfile/system/centos/tomcat-app1
	vim Dockerfile
#Tomcat Web Image
FROM tomcat8-base:v1
ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh
ADD myapp/* /apps/tomcat/webapps/myapp/
RUN chown www.www /apps/ -R
CMD ["/apps/tomcat/bin/run_tomcat.sh"]
EXPOSE 8080 8009

• 4.8.2 准备自定义myapp页面

	mkdir myapp
	echo "Tomcat Web Page1" > myapp/index.html
	cat myapp/index.html

• 4.8.3 准备容器启动执行脚本

	cat run_tomcat.sh
#!/bin/bash
echo "1.1.1.1 abc.test.com" >> /etc/hosts
echo "nameserver 223.5.5.5" > /etc/resolv.conf
su - www -c "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/jdk/bin && export JAVA_HOME=/usr/local/jdk && export JRE_HOME=/usr/local/jdk/jre && export CLASSPATH=/usr/local/jdk/lib/:/usr/local/jdk/jre/lib/ && /apps/tomcat/bin/catalina.sh start && tail -f /etc/hosts"
#这里没有继承主机的环境变量，有没有懂哥。。。。
#su - www -c "/apps/tomcat/bin/catalina.sh start"

#su - www -c “tail -f /etc/hosts”

• 4.8.4 准备构建脚本

	vim build-command.sh
#!/bin/bash
docker build -t tomcat-web:app1 .

日志：

	[root@gbase8c_private tomcat-app1]# bash build-command.sh 
	Sending build context to Docker daemon  5.632kB
	Step 1/6 : FROM tomcat8-base:v1
	---> 2ab037a507a7
	Step 2/6 : ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh
	---> 09983a7133b8
	Step 3/6 : ADD myapp/* /apps/tomcat/webapps/myapp/
	---> c5a2afd16dc5
	Step 4/6 : RUN chown www.www /apps/ -R
	---> Running in 869d5623188c
	Removing intermediate container 869d5623188c
	---> c481b86618b4
	Step 5/6 : CMD ["/apps/tomcat/bin/run_tomcat.sh"]
	---> Running in a90ab30a9c8e
	Removing intermediate container a90ab30a9c8e
	---> e5742f33c2bd
	Step 6/6 : EXPOSE 8080 8009
	---> Running in 15dea2dd3a7a
	Removing intermediate container 15dea2dd3a7a
	---> 891a81d08424
	Successfully built 891a81d08424
	Successfully tagged tomcat-web:app1
	[root@gbase8c_private tomcat-app2]# docker images
	REPOSITORY                        TAG                 IMAGE ID            CREATED              SIZE
	tomcat-web                        app2                1c4e68330d53        3 seconds ago        612MB
	tomcat-web                        app1                891a81d08424        About a minute ago   612MB

• 4.8.5 从镜像启动容器测试

	docker run -it -d -p 8888:8080 tomcat-web:app1
	docker run -it -d -p 8889:8080 tomcat-web:app2

5. 构建haproxy镜像

• 5.1 准备Dockerfile

	cd /opt/dockerfile/system/centos/haproxy
	vim Dockerfile
#Haproxy Base Image
FROM centos:latest
MAINTAINER zhangshijie "zhangshijie@300.cm"
RUN yum install gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools vim iotop bc zip unzip zlib-devel lrzsz tree screen lsof tcpdump wget ntpdate -y
ADD haproxy-1.8.31.tar.gz /usr/lib/src/
RUN cd /usr/local/src/haproxy-1.8.31 && make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy && make install PRFEIX=/usr/local/haproxy && cp haproxy /usr/sbin/ && mkdir /usr/local/haproxy/run
ADD haproxy.cfg /etc/haproxy

ADD run_haproxy.sh /usr/bin
EXPOSE 80 9999
CMD ["/usr/bin/run_haproxy.sh"]

• 5.2 准备haproxy配置文件

	cat haproxy.cfg
global
chroot /usr/local/haproxy
#stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon 
nbproc 1
pidfile /usrs/local/haproxy/run/haproxy.pid
log 127.0.0.1 local3 info

defaults
option http-keep-alive
option forwardfor
mode http
timeout connect 300000ms
timeout client  300000ms
timeout server  300000ms

listen stats
    mode http
	bind 0.0.0.0:9999
	stats enable
	log global
	stats uri  /haproxy-status
	stats auth haadmin:q1w2e3r4ys

listen web_port
    bind 0.0.0.0:80
	mode http
	log global
	balance roundrobin
	server web1 192.168.56.199:8888 check inter 3000 fall 2 rise 5
	server web2 192.168.56.199:8889 check inter 3000 fall 2 rise 5

• 5.3 准备构建脚本

	cat build-command.sh
#!/bin/bash
docker build -t centos-haproxy-bash:7.5-1.8.31 .

• 5.4 执行构建haproxy镜像
• 5.5 从镜像启动容器

docker run -it -d -p80:80 -p9999:9999 centos-haproxy-bash:7.5-1.8.31 

6. 本地镜像上传至官方docker仓库

将自制的镜像上传至docker仓库，https://hub.docker.com/

• 6.1 准备账户
  登录到docker hub 官网创建账户，登陆后点击settings完善账户信息
• 6.2 在虚拟机使用自己的账号登录

	docker login https://hub.docker.com/

• 6.3 查看认证信息
  登录成功之后会在当前目录生成一个隐藏文件用户保存登录认证信息

cat .docker/config.json

• 6.4 给镜像做tag并开始上传

	docker images
	docker tag xxxx  docker.io/ck/centos-nginx
	docker login
	docker push xxxxx

• 6.5 到官方验证
• 6.6 更换到其他docker服务器下载镜像，并启动