• 容器技术之Dockerfile(三)


      前面我们聊到了dockerfile的 FROM、COPY 、ADD、LABEL、MAINTAINER、ENV、ARG、WORKDIR、VOLUME、EXPOSE、RUN、CMD、ENTRYPOINT指令的使用和说明,回顾请参考https://www.cnblogs.com/qiuhom-1874/tag/Dockerfile/;今天我们来聊聊剩下的dockerfile指令的使用和说明;

      1、USER:该指令用于指定运行image时的或运行dockerfile中任何RUN、CMD或ENTRYPOINT指令指定的程序时的用户名或UID;默认情况下,container的运行身份为root用户;语法格式 USER <UID>|<UserName>; 需要注意的是,<UID>可以为任意数字,但实践中其必须为/etc/passwd中某用户的有效UID,否则,docker run命令将运行失败;

      示例: 

    [root@node1 test]# cat Dockerfile 
    FROM centos:7
    
    LABEL maintainer="qiuhom <qiuhom@linux-1874.com>"
    
    LABEL version="1.0"
    
    LABEL description="this is test file  that label-values can span multiple lines."
    
    RUN useradd nginx
    
    USER nginx
    
    CMD ["sleep","3000"]
    
    [root@node1 test]# 
    

      提示:以上dockerfile表示在镜像运行成容器时,以nginx用户运行 sleep 3000

      验证:编译成镜像,启动为容器,然后进入到容器里看看sleep 3000 是否是nginx用户在运行?

    [root@node1 test]# docker build . -t test:v1
    Sending build context to Docker daemon  1.051MB
    Step 1/7 : FROM centos:7
     ---> b5b4d78bc90c
    Step 2/7 : LABEL maintainer="qiuhom <qiuhom@linux-1874.com>"
     ---> Running in 0f503dae4448
    Removing intermediate container 0f503dae4448
     ---> d31363b96f38
    Step 3/7 : LABEL version="1.0"
     ---> Running in 8dad05999903
    Removing intermediate container 8dad05999903
     ---> 2281f36d7c3c
    Step 4/7 : LABEL description="this is test file  that label-values can span multiple lines."
     ---> Running in d2be9ed44aee
    Removing intermediate container d2be9ed44aee
     ---> 8de872e222fb
    Step 5/7 : RUN useradd nginx
     ---> Running in 37bda6ba6b60
    Removing intermediate container 37bda6ba6b60
     ---> dc681f95f5ca
    Step 6/7 : USER nginx
     ---> Running in 97d2357826f9
    Removing intermediate container 97d2357826f9
     ---> ed277ac0c482
    Step 7/7 : CMD ["sleep","3000"]
     ---> Running in 0ea578fa10bc
    Removing intermediate container 0ea578fa10bc
     ---> 461f6ceabc88
    Successfully built 461f6ceabc88
    Successfully tagged test:v1
    [root@node1 test]# docker images
    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    test                v1                  461f6ceabc88        3 seconds ago       204MB
    centos              7                   b5b4d78bc90c        4 weeks ago         203MB
    [root@node1 test]# docker run --name t1 --rm -d test:v1
    37e46346d6ca0ab05b67f5350d4c2a7b6b86b8d34c8d1622d78ef70b7d3dff86
    [root@node1 test]# docker ps 
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
    37e46346d6ca        test:v1             "sleep 3000"        3 seconds ago       Up 2 seconds                            t1
    [root@node1 test]# docker exec -it t1 /bin/bash
    [nginx@37e46346d6ca /]$ ps aux
    USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    nginx         1  0.1  0.0   4364   352 ?        Ss   10:02   0:00 sleep 3000
    nginx         6  0.4  0.0  11828  1808 pts/0    Ss   10:02   0:00 /bin/bash
    nginx        23  0.0  0.0  51756  1708 pts/0    R+   10:02   0:00 ps aux
    [nginx@37e46346d6ca /]$ exit
    exit
    [root@node1 test]#
    

      提示:可以看到基于上面的dockerfile构建的镜像运行为容器,里面默认跑的进程就是我们在dockerfile中指定用户运行的进程;使用USER指定用户运行容器里的进程,需要注意该用户要对运行进程所需资源的所有权限;否则容器运行不起来;

      2、HEALTHCHECK:该指令用于定义如何对容器做健康状态检测;运行为容器后,容器里的进程不挂掉,当然容器也就不会挂掉,但是存在一种情况,容器没有挂掉,容器里的进程无法正常提供服务了,这个时候我们就需要通过一定的手段,第一时间知道容器里的进程是否健康(是否能够正常提供服务);healthcheck指令就是用来定义如果去检测容器内部进程是否健康;语法格式HEALTHCHECK [OPTIONS] CMD command;其中CMD是固定格式,而后面的command是对容器里的进程做健康状态检查的命令;而options是用来指定对容器做健康状态检查的周期时间相关信息;--interval=DURATION (default: 30s),该选项用于指定对容器做健康状态检查的频率,默认是30s一次;--timeout=DURATION (default: 30s),该选项用于指定对容器内部的进程做健康状态检查的超时时长,默认是30秒;--start-period=DURATION (default: 0s)指定对容器中的进程做健康状态检查延迟时间,默认0表示不延迟;这里补充一点,之所以要延迟多少秒做健康状态检查是因为,docker运行为容器以后,会立刻把该容器的状态标记为running状态,而对于有些初始化比较慢的容器,如果马上对它做健康状态检查,可能是不健康的状态,这样一来我们对了解容器是否健康就不是很准确了;如果配合某些工具,很可能存在检测到容器不健康就把该容器删除,然后重新创建,以此重复;这样就会导致我们的容器启动不起来; --retries=N (default: 3)表示指定对容器做健康状态检查的重试次数,默认是3次;也就是说检查到容器不健康的前提或健康的前提,它都会检查3次,如果3次检查都是失败状态那么就标记该容器不健康;而对于我们指定的命令来讲,命令的返回值就决定了容器是否健康,通常命令返回值为0表示我们执行的命令正常退出,也就意味着容器是健康状态;命令返回值为1表示容器不健康;返回值为2我们通常都是保留不使用;HEALTHCHECK NONE就表示不对容器做健康状态检查;

      示例:

    [root@node1 test]# cat Dockerfile 
    FROM centos:7
    
    LABEL maintainer="qiuhom <qiuhom@linux-1874.com>"
    
    LABEL version="1.0"
    
    LABEL description="this is test file  that label-values can span multiple lines."
    
    RUN yum install -y httpd 
    
    ADD ok.html /var/www/html/
    
    CMD ["/usr/sbin/httpd","-DFOREGROUND"]
    
    HEALTHCHECK --interval=5s --timeout=5s --start-period=5s --retries=2 
            CMD curl -f http://localhost/ok.html || exit 1
    
    [root@node1 test]# 
    

      提示:以上HEALTHCHECK指令表示每5秒检查一次,超时时长为5秒,延迟5秒开始检查,重试2次;如果curl -f http://localhost/ok.html这条命令正常返回0,那么就表示容器健康,否则就返回1,表示容器不健康;

      验证:把以上dockerfile构建成镜像启动为容器,我们把ok.html删除或移动到别的目录,看看容器是否标记为不健康?

    [root@node1 test]# docker build . -t test:v1.1
    Sending build context to Docker daemon  1.052MB
    Step 1/8 : FROM centos:7
     ---> b5b4d78bc90c
    Step 2/8 : LABEL maintainer="qiuhom <qiuhom@linux-1874.com>"
     ---> Using cache
     ---> d31363b96f38
    Step 3/8 : LABEL version="1.0"
     ---> Using cache
     ---> 2281f36d7c3c
    Step 4/8 : LABEL description="this is test file  that label-values can span multiple lines."
     ---> Using cache
     ---> 8de872e222fb
    Step 5/8 : RUN yum install -y httpd
     ---> Running in 9964718a2c3e
    Loaded plugins: fastestmirror, ovl
    Determining fastest mirrors
     * base: mirrors.bfsu.edu.cn
     * extras: mirrors.aliyun.com
     * updates: mirrors.aliyun.com
    Resolving Dependencies
    --> Running transaction check
    ---> Package httpd.x86_64 0:2.4.6-93.el7.centos will be installed
    --> Processing Dependency: httpd-tools = 2.4.6-93.el7.centos for package: httpd-2.4.6-93.el7.centos.x86_64
    --> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-93.el7.centos.x86_64
    --> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-93.el7.centos.x86_64
    --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64
    --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64
    --> Running transaction check
    ---> Package apr.x86_64 0:1.4.8-5.el7 will be installed
    ---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
    ---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed
    ---> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be installed
    ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
     Package             Arch          Version                    Repository   Size
    ================================================================================
    Installing:
     httpd               x86_64        2.4.6-93.el7.centos        base        2.7 M
    Installing for dependencies:
     apr                 x86_64        1.4.8-5.el7                base        103 k
     apr-util            x86_64        1.5.2-6.el7                base         92 k
     centos-logos        noarch        70.0.6-3.el7.centos        base         21 M
     httpd-tools         x86_64        2.4.6-93.el7.centos        base         92 k
     mailcap             noarch        2.1.41-2.el7               base         31 k
    
    Transaction Summary
    ================================================================================
    Install  1 Package (+5 Dependent packages)
    
    Total download size: 24 M
    Installed size: 32 M
    Downloading packages:
    warning: /var/cache/yum/x86_64/7/base/packages/apr-1.4.8-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
    Public key for apr-1.4.8-5.el7.x86_64.rpm is not installed
    --------------------------------------------------------------------------------
    Total                                              2.0 MB/s |  24 MB  00:12     
    Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
    Importing GPG key 0xF4A80EB5:
     Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
     Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
     Package    : centos-release-7-8.2003.0.el7.centos.x86_64 (@CentOS)
     From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : apr-1.4.8-5.el7.x86_64                                       1/6 
      Installing : apr-util-1.5.2-6.el7.x86_64                                  2/6 
      Installing : httpd-tools-2.4.6-93.el7.centos.x86_64                       3/6 
      Installing : centos-logos-70.0.6-3.el7.centos.noarch                      4/6 
      Installing : mailcap-2.1.41-2.el7.noarch                                  5/6 
      Installing : httpd-2.4.6-93.el7.centos.x86_64                             6/6 
      Verifying  : mailcap-2.1.41-2.el7.noarch                                  1/6 
      Verifying  : apr-util-1.5.2-6.el7.x86_64                                  2/6 
      Verifying  : httpd-2.4.6-93.el7.centos.x86_64                             3/6 
      Verifying  : apr-1.4.8-5.el7.x86_64                                       4/6 
      Verifying  : httpd-tools-2.4.6-93.el7.centos.x86_64                       5/6 
      Verifying  : centos-logos-70.0.6-3.el7.centos.noarch                      6/6 
    
    Installed:
      httpd.x86_64 0:2.4.6-93.el7.centos                                            
    
    Dependency Installed:
      apr.x86_64 0:1.4.8-5.el7                                                      
      apr-util.x86_64 0:1.5.2-6.el7                                                 
      centos-logos.noarch 0:70.0.6-3.el7.centos                                     
      httpd-tools.x86_64 0:2.4.6-93.el7.centos                                      
      mailcap.noarch 0:2.1.41-2.el7                                                 
    
    Complete!
    Removing intermediate container 9964718a2c3e
     ---> a931e93eea06
    Step 6/8 : ADD ok.html /var/www/html/
     ---> 97e61f41911d
    Step 7/8 : CMD ["/usr/sbin/httpd","-DFOREGROUND"]
     ---> Running in e91ccdef90c2
    Removing intermediate container e91ccdef90c2
     ---> 7c8af9bb7eb3
    Step 8/8 : HEALTHCHECK --interval=5s --timeout=5s --start-period=5s --retries=2         CMD curl -f http://localhost/ok.html || exit 1
     ---> Running in 80682ab087d3
    Removing intermediate container 80682ab087d3
     ---> aa53cba15046
    Successfully built aa53cba15046
    Successfully tagged test:v1.1
    [root@node1 test]# docker images
    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    test                v1.1                aa53cba15046        8 seconds ago       312MB
    test                v1                  461f6ceabc88        57 minutes ago      204MB
    centos              7                   b5b4d78bc90c        4 weeks ago         203MB
    [root@node1 test]# docker run --name t1 --rm -d test:v1.1
    332590e683fcb29f60a28703548fce7aa83df715cbb840e1283472834867d6a1
    [root@node1 test]# docker ps
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                            PORTS               NAMES
    332590e683fc        test:v1.1           "/usr/sbin/httpd -DF…"   3 seconds ago       Up 2 seconds (health: starting)                       t1
    [root@node1 test]# docker ps
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                   PORTS               NAMES
    332590e683fc        test:v1.1           "/usr/sbin/httpd -DF…"   7 seconds ago       Up 6 seconds (healthy)                       t1
    [root@node1 test]# 
    

      提示:可以看到基于我们写的dockerfile构建的镜像已经成功运行为容器,并且标记为healthy;接下来我们进入容器把ok.html干掉,然后在看看容器是否标记为不健康状态?

      提示:从上面的信息可以看到我们把ok.html移除后,容器状态就变成不健康状态了;我们再把ok.html还原到原有位置,看看容器是否会从不健康转换为健康呢?

      提示:可以看到把ok.html还原到/var/www/html/目录后,容器从不健康状态变为了健康状态;

      3、SHELL:该指令用于指定默认shell,该指令开始到下一个SHELL中间的命令都是SHELL指定的shell 运行,所以SHELL指令在dockerfile中可出现多次,后面的SHELL指令指定的shell会覆盖前面所有SHELL指令指定的shell;默认在Linux上是["/bin/sh","-c"]在Windows上述["cmd","/s","/c"];SHELL指令必须是以json数组的格式定义;语法SHELL ["executable", "parameters"];

      4、STOPSIGNAL:该指令用于定义停止容器的信号;默认停止容器是15号信号 SIGTERM;语法STOPSIGNAL signal

      5、ONBUILD:该指令用于在Dockerfile中定义一个触发器;Dockerfile用于build映像文件,此映像文件亦可作为base image被另一个Dockerfile用作FROM指令的参数,并以之构建新的映像文件;在后面的这个Dockerfile中的FROM指令在build过程中被执行时,将会“触发”创建其base image的Dockerfile文件中的ONBUILD指令定义的触发器;用法格式ONBUILD <INSTRUCTION>;尽管任何指令都可注册成为触发器指令,但ONBUILD不能自我嵌套,且不会触发FROM和MAINTAINER指令;使用包含ONBUILD指令的Dockerfile构建的镜像应该使用特殊的标签,例如ruby:2.0-onbuild;在ONBUILD指令中使用ADD或COPY指令应该格外小心,因为新构建过程的上下文在缺少指定的源文件时会失败;

      示例:

    [root@node1 test]# cat Dockerfile
    FROM centos:7
    
    LABEL maintainer="qiuhom <qiuhom@linux-1874.com>"
    
    ONBUILD RUN yum install -y httpd
    
    
    
    
    [root@node1 test]# 
    

      提示:以上dockerfile表示在本次构建镜像中不运行yum install -y httpd这条命令,而是在后面的dockerfile中以本dockerfile制作的进行作为基础继续时,yum install -y httpd这条命令就会被触发执行;简单讲onbuild就是指定dockerfile指令延迟执行;这里一定要记住一点onbuild指令后面一定是跟的是dockerfile指令;

      验证:将上面的dockerfile编译镜像,看看yum install -y httpd 是否执行了?

    [root@node1 test]# docker build . -t test:v1.5
    Sending build context to Docker daemon  1.052MB
    Step 1/3 : FROM centos:7
     ---> b5b4d78bc90c
    Step 2/3 : LABEL maintainer="qiuhom <qiuhom@linux-1874.com>"
     ---> Using cache
     ---> d31363b96f38
    Step 3/3 : ONBUILD RUN yum install -y httpd
     ---> Running in d3601fa1c3b7
    Removing intermediate container d3601fa1c3b7
     ---> 370e3a843c3c
    Successfully built 370e3a843c3c
    Successfully tagged test:v1.5
    [root@node1 test]# 
    

      提示:可以看到yum install -y httpd 这条命令并没有执行;

      验证:将我们上面制作好的镜像作为基础镜像,再来制作其他镜像,看看yum install -y httpd 被执行?

    [root@node1 aaa]# pwd
    /root/test/aaa
    [root@node1 aaa]# ls
    Dockerfile
    [root@node1 aaa]# cat Dockerfile 
    FROM test:v1.5
    
    LABEL maintainer="qiuhom <admin@admin.com>"
    [root@node1 aaa]# docker build . -t myweb:v1
    Sending build context to Docker daemon  2.048kB
    Step 1/2 : FROM test:v1.5
    # Executing 1 build trigger
     ---> Running in cf93e9f03e89
    Loaded plugins: fastestmirror, ovl
    Determining fastest mirrors
     * base: mirrors.huaweicloud.com
     * extras: mirrors.aliyun.com
     * updates: mirrors.aliyun.com
    Resolving Dependencies
    --> Running transaction check
    ---> Package httpd.x86_64 0:2.4.6-93.el7.centos will be installed
    --> Processing Dependency: httpd-tools = 2.4.6-93.el7.centos for package: httpd-2.4.6-93.el7.centos.x86_64
    --> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-93.el7.centos.x86_64
    --> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-93.el7.centos.x86_64
    --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64
    --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-93.el7.centos.x86_64
    --> Running transaction check
    ---> Package apr.x86_64 0:1.4.8-5.el7 will be installed
    ---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
    ---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed
    ---> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be installed
    ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ================================================================================
     Package             Arch          Version                    Repository   Size
    ================================================================================
    Installing:
     httpd               x86_64        2.4.6-93.el7.centos        base        2.7 M
    Installing for dependencies:
     apr                 x86_64        1.4.8-5.el7                base        103 k
     apr-util            x86_64        1.5.2-6.el7                base         92 k
     centos-logos        noarch        70.0.6-3.el7.centos        base         21 M
     httpd-tools         x86_64        2.4.6-93.el7.centos        base         92 k
     mailcap             noarch        2.1.41-2.el7               base         31 k
    
    Transaction Summary
    ================================================================================
    Install  1 Package (+5 Dependent packages)
    
    Total download size: 24 M
    Installed size: 32 M
    Downloading packages:
    warning: /var/cache/yum/x86_64/7/base/packages/apr-1.4.8-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
    Public key for apr-1.4.8-5.el7.x86_64.rpm is not installed
    --------------------------------------------------------------------------------
    Total                                              7.2 MB/s |  24 MB  00:03     
    Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
    Importing GPG key 0xF4A80EB5:
     Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
     Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
     Package    : centos-release-7-8.2003.0.el7.centos.x86_64 (@CentOS)
     From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : apr-1.4.8-5.el7.x86_64                                       1/6 
      Installing : apr-util-1.5.2-6.el7.x86_64                                  2/6 
      Installing : httpd-tools-2.4.6-93.el7.centos.x86_64                       3/6 
      Installing : centos-logos-70.0.6-3.el7.centos.noarch                      4/6 
      Installing : mailcap-2.1.41-2.el7.noarch                                  5/6 
      Installing : httpd-2.4.6-93.el7.centos.x86_64                             6/6 
      Verifying  : mailcap-2.1.41-2.el7.noarch                                  1/6 
      Verifying  : apr-util-1.5.2-6.el7.x86_64                                  2/6 
      Verifying  : httpd-2.4.6-93.el7.centos.x86_64                             3/6 
      Verifying  : apr-1.4.8-5.el7.x86_64                                       4/6 
      Verifying  : httpd-tools-2.4.6-93.el7.centos.x86_64                       5/6 
      Verifying  : centos-logos-70.0.6-3.el7.centos.noarch                      6/6 
    
    Installed:
      httpd.x86_64 0:2.4.6-93.el7.centos                                            
    
    Dependency Installed:
      apr.x86_64 0:1.4.8-5.el7                                                      
      apr-util.x86_64 0:1.5.2-6.el7                                                 
      centos-logos.noarch 0:70.0.6-3.el7.centos                                     
      httpd-tools.x86_64 0:2.4.6-93.el7.centos                                      
      mailcap.noarch 0:2.1.41-2.el7                                                 
    
    Complete!
    Removing intermediate container cf93e9f03e89
     ---> a89914bda4b5
    Step 2/2 : LABEL maintainer="qiuhom <admin@admin.com>"
     ---> Running in e175e0542b5e
    Removing intermediate container e175e0542b5e
     ---> 4f406abeaab7
    Successfully built 4f406abeaab7
    Successfully tagged myweb:v1
    [root@node1 aaa]#
    

      提示:可以看到在我们的dockerfile中并没有写 RUN  yum install -y httpd  ,但build时却执行了 yum install -y httpd ;这是因为onbuild指令被触发了;我们可以理解为如果我们制作的镜像有onbuild指令指定的命令,那么该镜像被其他dockerfile 作为基础镜像时(或者被其他docker FROM指令引用时)onbuild指定就会被激活,被执行;

  • 相关阅读:
    BigDecimal中的8中舍入模式详解
    使用二倍均值法完成红包算法
    使用Calendar类和它的子类GregorianCalendar类实现构建动态日历
    『MelodyHub』书写是对思维的缓存
    本站已接入音乐播放器API
    【LeetCode】35. 搜索插入位置
    配置NodeJs环境变量
    利用GitHub博客连接多仓库
    hexo 大型车祸现场
    随机图片API
  • 原文地址:https://www.cnblogs.com/qiuhom-1874/p/13051542.html
Copyright © 2020-2023  润新知