2. 科技
    3. Docker commint 制作Docker基础镜像

    Docker commint 制作Docker基础镜像

    科技2022-07-13  138

    Docker官方默认制作很多基础镜像,为了满足企业不同实际需求,运维人员一般会对其基础镜像做二次修改,再制作。修改后的镜像如何制作Docker镜像?这里介绍一通过.Docker commint 来制作镜像,Docker save来把镜像生成tar文件。其他容器使用时,Docker load导入。

    一.Docker commint +save +load方式。通过docker commint制作镜像,再通过docker save把镜像导出。其它容器使用时,可以通过docker load把镜像导入来使用。

    实例: 制作前准备: 1.删除已有的Docker镜像

    [root@localhost tmp]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE <none> <none> efd998bd6817 6 years ago 297 MB [root@localhost tmp]# docker rmi efd998bd6817 Error response from daemon: conflict: unable to delete efd998bd6817 (must be forced) - image is being used by stopped container 9f9f59edeee5 [root@localhost tmp]# docker rmi -f efd998bd6817 Deleted: sha256:efd998bd6817af509d348b488e3ce4259f9f05632644a7bf574b785bbc8950b8 [root@localhost tmp]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE [root@localhost tmp]#

    2.导入CentOS7基础镜像

    可以通过docker pull 从docker镜像源服务器拉取指定镜像或者库镜像;为节约时间,这里直接上传下载的Docker镜像,然后docker load导入。

    [root@localhost src]# ls centos6-ssh.tar centos7-ansible.tar debug kernels [root@localhost src]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE [root@localhost src]# docker load -i centos7-ansible.tar 34e7b85d83e4: Loading layer [==================================================>] 199.9 MB/199.9 MB 0d1585b29470: Loading layer [==================================================>] 171.6 MB/171.6 MB f8c414e271fb: Loading layer [==================================================>] 2.048 kB/2.048 kB 7794e20d52b7: Loading layer [==================================================>] 3.072 kB/3.072 kB 596e51307fcb: Loading layer [==================================================>] 2.048 kB/2.048 kB cf4eb7184a66: Loading layer [==================================================>] 91.05 MB/91.05 MB Loaded image: centos7-ansible:latest [root@localhost src]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos7-ansible latest 688353a31fde 3 years ago 447 MB [root@localhost src]#

    3.基于这个CentOS7基础镜像,,启用一个CentOS7容器,然后进入容器后,通过Linux指令添加各种功能,比如安装NGINX以及SSH远程登录服务

    #启动容器 [root@localhost src]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost src]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos7-ansible latest 688353a31fde 3 years ago 447 MB [root@localhost src]# docker run -itd centos7-ansible:latest e32d067139c31b7582355bd73b05062ec55a724352de9019e263a4d58d5a530a [root@localhost src]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e32d067139c3 centos7-ansible:latest "/bin/bash" 12 seconds ago Up 9 seconds musing_northcutt [root@localhost src]# #登录容器,Yum安装nginx和SSH远程登录服务 [root@localhost src]# docker exec -i -t e32d067139c3 /bin/bash [root@e32d067139c3 ansible]# yum install nginx openssh-server #确认nginx和openssh-server安装成功,服务启动OK。 [root@localhost src]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e32d067139c3 centos7-ansible:latest "/bin/bash" 25 minutes ago Up 25 minutes musing_northcutt [root@localhost src]# docker exec -it e32d067139c3 /bin/bash [root@e32d067139c3 ansible]# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 214/nginx: master p tcp6 0 0 :::80 :::* LISTEN 214/nginx: master p [root@e32d067139c3 ansible]# /usr/sbin/sshd Could not load host key: /etc/ssh/ssh_host_rsa_key Could not load host key: /etc/ssh/ssh_host_ecdsa_key Could not load host key: /etc/ssh/ssh_host_ed25519_key sshd: no hostkeys available -- exiting. [root@e32d067139c3 ansible]# exit exit [root@localhost src]# docker cp /etc/ssh/ssh_host_rsa_key e32d067139c3:/etc/ssh/ [root@localhost src]# docker cp /etc/ssh/ssh_host_ecdsa_key e32d067139c3:/etc/ssh/ [root@localhost src]# docker cp /etc/ssh/ssh_host_ed25519_key e32d067139c3:/etc/ssh/ [root@localhost src]# docker exec -it e32d067139c3 /bin/bash [root@e32d067139c3 ansible]# /usr/sbin/sshd [root@e32d067139c3 ansible]# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 214/nginx: master p tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 251/sshd tcp6 0 0 :::80 :::* LISTEN 214/nginx: master p tcp6 0 0 :::22 :::* LISTEN 251/sshd [root@e32d067139c3 ansible]# #查看容器的IP地址。 [root@localhost src]# docker inspect e32d067139c3 |grep -ai ipaddr "SecondaryIPAddresses": null, "IPAddress": "172.17.0.2", "IPAddress": "172.17.0.2", #确认SSH远程可登录,NGNIX可访问 [root@e32d067139c3 ansible]# ssh 172.17.0.2 The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established. ECDSA key fingerprint is SHA256:TorTOceE2nsNTohOTfQGGTsICgLx+3Dyz2pSeqdeOiI. ECDSA key fingerprint is MD5:1d:6f:26:21:d5:7e:6d:0e:81:8d:97:37:cf:62:3c:28. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts. root@172.17.0.2's password: Last failed login: Mon Aug 10 05:34:45 UTC 2020 from gateway on ssh:notty There were 2 failed login attempts since the last successful login. [root@e32d067139c3 ~]# [root@e32d067139c3 ~]# curl 172.17.0.2 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.16.1</center> </body> </html>

    在物理机192.168.68.129上使用新镜像启用一个容器,并把80,22端口先别映射出给物理机的81,6022端口

    [root@localhost ~]# docker run -itd --privileged -p 81:80 -p 6022:22 f1130d65ffc6 /bin/bash c6c6017fb72abc58ef255b540ad8643ca509fd930822d47142d665a835877b73 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c6c6017fb72a f1130d65ffc6 "/bin/bash" 14 seconds ago Up 12 seconds 0.0.0.0:6022->22/tcp, 0.0.0.0:81->80/tcp sharp_goodall [root@localhost ~]#

    物理机上测试,可以NGINX访问,可以SSH远程登录。

    开始镜像制作: 4.通过docker commint 制作镜像

    [root@localhost src]# docker commit e32d067139c3 centos7-ansible:V2 sha256:f1130d65ffc6e641b9cc7f7f869755feea9ccc5148b50d75f8b18a369c0aa4e1 [root@localhost src]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos7-ansible V2 f1130d65ffc6 18 seconds ago 636 MB centos7-ansible latest 688353a31fde 3 years ago 447 MB [root@localhost src]#

    5.通过docker save ,将新制作的镜像centos7-ansible:v2保存为一Tar包。给其它容器使用

    [root@localhost src]# ls centos6-ssh.tar centos7-ansible.tar debug kernels [root@localhost src]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos7-ansible V2 f1130d65ffc6 About an hour ago 636 MB centos7-ansible latest 688353a31fde 3 years ago 447 MB [root@localhost src]# docker save f1130d65ffc6 > centos7-NGINX-SSH.tar [root@localhost src]# ls centos6-ssh.tar centos7-ansible.tar centos7-NGINX-SSH.tar debug kernels [root@localhost src]#

    其他容器通过docker load导入镜像后,需要手动启动服务。这也是docker commit制作镜像的一个缺点。

    Processed: 0.011, SQL: 8