镜像构建思路
思路:分层设计
最底层:系统层,构建自己适用的不同操作系统镜像;
中间层:根据运行环境,如php、java、python等,构建业务基础运行环境层镜像;
最上层:根据具体的业务模块,构建应用服务层镜像。
目录构建树结构
案例1:centos 7系统镜像构建
cd /rootmkdir -p /root/docker/system/centoscd /root/docker/system/centoswget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo # 下载阿里RHEL 7 epel源cp /etc/yum.repos.d/epel.repo epel.repo
创建镜像文件
vim Dockerfile# This Dockerfile # Base imageFROM centos # WhoMAINTAINER shhnwangjian xxx@163.com # EPELADD epel.repo /etc/yum.repos.d/# Base pkgRUN yum install -y wget supervisor git tree net-tools sudo psmisc mysql-devel && yum clean all
构建镜像
docker build -t shhnwangjian/centos:base .
案例2:基于案例1的centos系统镜像,构建python运行环境镜像
mkdir -p /root/docker/runtime/pythoncd /root/docker/runtime/python
创建镜像文件
vim Dockerfile# Base imageFROM shhnwangjian/centos:base# WhoMAINTAINER shhnwangjian xxx@163.com# Python envRUN yum install -y python-devel python-pip supervisor# Upgrade pipRUN pip install --upgrade pip
构建镜像
docker build -t shhnwangjian/python .
案例3:构建带SSH功能的centos 7系统镜像
mkdir -p /root/docker/system/centos-sshcd /root/docker/system/centos-sshwget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo # 下载阿里RHEL 7 epel源cp /etc/yum.repos.d/epel.repo epel.repo
创建镜像文件
# Docker for CentOS# Base imageFROM centos # WhoMAINTAINER shhnwangjian xxx@163.com # EPELADD epel.repo /etc/yum.repos.d/# Base pkgRUN yum install -y openssh-clients openssl-devel openssh-server wget supervisor git tree net-tools sudo psmisc mysql-devel && yum clean all# For SSHDRUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_keyRUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_keyRUN echo "root:123456" | chpasswd
构建镜像
docker build -t shhnwangjian/centos-ssh .
案例4:基于案例3的centos-ssh系统镜像,构建python-ssh运行环境镜像
mkdir -p /root/docker/runtime/python-sshcd /root/docker/runtime/python-ssh
创建镜像文件
# Base imageFROM shhnwangjian/centos-ssh# WhoMAINTAINER shhnwangjian xxx@163.com# Python envRUN yum install -y python-devel python-pip supervisor# Upgrade pipRUN pip install --upgrade pip
构建镜像
docker build -t shhnwangjian/python-ssh .
案例5:基于案例4的python-ssh镜像,构建app应用服务镜像
mkdir -p /root/docker/app/web-appcd /root/docker/app/web-app
应用程序文件app.py
from flask import Flaskapp = Flask(__name__)@app.route('/')def hello(): return "Hello World!"if __name__ == "__main__": app.run(host="0.0.0.0", debug=True) python依赖包文件requirements.txt
Flask
supervisor配置文件app-supervisor.ini
[program:web-api]command=/usr/bin/python2.7 /opt/app.pyprocess_name=%(program_name)sautostart=trueuser=wwwstdout_logfile=/tmp/app.logstderr_logfile=/tmp/app.error[program:sshd]command=/usr/sbin/sshd -Dprocess_name=%(program_name)sautostart=true
在宿主机上安装supervisor,将默认生成的supervisord.conf放入docker构建环境目录下
; Sample supervisor config file.[unix_http_server]file=/var/run/supervisor/supervisor.sock ; (the path to the socket file);chmod=0700 ; sockef file mode (default 0700);chown=nobody:nogroup ; socket file uid:gid owner;username=user ; (default is no username (open server));password=123 ; (default is no password (open server));[inet_http_server] ; inet (TCP) server disabled by default;port=127.0.0.1:9001 ; (ip_address:port specifier, *:port for all iface);username=user ; (default is no username (open server));password=123 ; (default is no password (open server))[supervisord]logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB)logfile_backups=10 ; (num of main logfile rotation backups;default 10)loglevel=info ; (log level;default info; others: debug,warn,trace)pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)nodaemon=true ; (start in foreground if true;default false)minfds=1024 ; (min. avail startup file descriptors;default 1024)minprocs=200 ; (min. avail process descriptors;default 200);umask=022 ; (process file creation umask;default 022);user=chrism ; (default is current user, required if root);identifier=supervisor ; (supervisord identifier, default is 'supervisor');directory=/tmp ; (default is not to cd during start);nocleanup=true ; (don't clean up tempfiles at start;default false);childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP);environment=KEY=value ; (key value pairs to add to environment);strip_ansi=false ; (strip ansi escape codes in logs; def. false); the below section must remain in the config file for RPC; (supervisorctl/web interface) to work, additional interfaces may be; added by defining them in separate rpcinterface: sections[rpcinterface:supervisor]supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface[supervisorctl]serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL for a unix socket;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket;username=chris ; should be same as http_username if set;password=123 ; should be same as http_password if set;prompt=mysupervisor ; cmd line prompt (default "supervisor");history_file=~/.sc_history ; use readline history if available; The below sample program section shows all possible program subsection values,; create one or more 'real' program: sections to be able to control them under; supervisor.;[program:theprogramname];command=/bin/cat ; the program (relative uses PATH, can take args);process_name=%(program_name)s ; process_name expr (default %(program_name)s);numprocs=1 ; number of processes copies to start (def 1);directory=/tmp ; directory to cwd to before exec (def no cwd);umask=022 ; umask for process (default None);priority=999 ; the relative start priority (default 999);autostart=true ; start at supervisord start (default: true);autorestart=true ; retstart at unexpected quit (default: true);startsecs=10 ; number of secs prog must stay running (def. 1);startretries=3 ; max # of serial start failures (default 3);exitcodes=0,2 ; 'expected' exit codes for process (default 0,2);stopsignal=QUIT ; signal used to kill process (default TERM);stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10);user=chrism ; setuid to this UNIX account to run the program;redirect_stderr=true ; redirect proc stderr to stdout (default false);stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB);stdout_logfile_backups=10 ; # of stdout logfile backups (default 10);stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0);stdout_events_enabled=false ; emit events on stdout writes (default false);stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB);stderr_logfile_backups=10 ; # of stderr logfile backups (default 10);stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0);stderr_events_enabled=false ; emit events on stderr writes (default false);environment=A=1,B=2 ; process environment additions (def no adds);serverurl=AUTO ; override serverurl computation (childutils); The below sample eventlistener section shows all possible; eventlistener subsection values, create one or more 'real'; eventlistener: sections to be able to handle event notifications; sent by supervisor.;[eventlistener:theeventlistenername];command=/bin/eventlistener ; the program (relative uses PATH, can take args);process_name=%(program_name)s ; process_name expr (default %(program_name)s);numprocs=1 ; number of processes copies to start (def 1);events=EVENT ; event notif. types to subscribe to (req'd);buffer_size=10 ; event buffer queue size (default 10);directory=/tmp ; directory to cwd to before exec (def no cwd);umask=022 ; umask for process (default None);priority=-1 ; the relative start priority (default -1);autostart=true ; start at supervisord start (default: true);autorestart=unexpected ; restart at unexpected quit (default: unexpected);startsecs=10 ; number of secs prog must stay running (def. 1);startretries=3 ; max # of serial start failures (default 3);exitcodes=0,2 ; 'expected' exit codes for process (default 0,2);stopsignal=QUIT ; signal used to kill process (default TERM);stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10);user=chrism ; setuid to this UNIX account to run the program;redirect_stderr=true ; redirect proc stderr to stdout (default false);stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB);stdout_logfile_backups=10 ; # of stdout logfile backups (default 10);stdout_events_enabled=false ; emit events on stdout writes (default false);stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB);stderr_logfile_backups ; # of stderr logfile backups (default 10);stderr_events_enabled=false ; emit events on stderr writes (default false);environment=A=1,B=2 ; process environment additions;serverurl=AUTO ; override serverurl computation (childutils); The below sample group section shows all possible group values,; create one or more 'real' group: sections to create "heterogeneous"; process groups.;[group:thegroupname];programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions;priority=999 ; the relative start priority (default 999); The [include] section can just contain the "files" setting. This; setting can list multiple files (separated by whitespace or; newlines). It can also contain wildcards. The filenames are; interpreted as relative to this file. Included files *cannot*; include files themselves.[include]files = supervisord.d/*.ini 备注:nodaemon=true ,前台启动
创建镜像文件
# Base imageFROM shhnwangjian/python-ssh# WhoMAINTAINER shhnwangjian xxx@163.com# ADD user wwwRUN useradd -s /sbin/nologin -M www# ADD fileADD app.py /opt/app.pyADD requirements.txt /opt/ADD supervisord.conf /etc/supervisord.confADD app-supervisor.ini /etc/supervisord.d/# Pip installRUN /usr/bin/pip2.7 install -r /opt/requirements.txt# PortEXPOSE 22 5000# CMDCMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
构建镜像
docker build -t shhnwangjian/web-api .
启动容器
docker run --name web-api -d -p 88:5000 -p 8022:22 shhnwangjian/web-api
