【Docker】Docker学习④ - Docker镜像与制作

一、Docker简介
二、Docker安装及基础命令介绍
三、Docker镜像管理
四、Docker镜像与制作
- 1. 手动制作yum版nginx镜像
- 2. DockerFile制作yum版nginx镜像
- 3. 手动制作编译版本nginx镜像
- 4. 自定义tomcat镜像
- 5. 构建haproxy镜像
- 6. 本地镜像上传至官方docker仓库
五、Docker数据管理
六、网络部分
七、Docker仓库之单机Dokcer Registry
八、Docker仓库之分布式Harbor
九、单机编排之Docker Compose

一、Docker简介

参考：【Docker】Dokcer学习① - 简介

二、Docker安装及基础命令介绍

参考：【Docker】Docker学习② - Docker安装及基础命令介绍

三、Docker镜像管理

参考：【Docker】Docker学习③ - Docker镜像管理

四、Docker镜像与制作

docker镜像有没有内核？

从镜像大小上面来说，一个比较小的镜像只有十几MB，而内核文件需要一百多兆，因此镜像里面是没有内核的，镜像在被启动为容器后将直接使用宿主机的内核，而镜像本身则只提供相应的rootfs，即系统正常运行所必须的用户空间的文件系统，比如/dev,/proc,/bin,/etc等目录，所以容器当中基本是没有/boot目录的，而/boot当中保存的就是与内核相关的文件和目录。

为什么没有内核？

由于容器启动和运行过程中是直接使用了宿主机的内核，所以没有直接调用过物理硬件，所以也不会涉及到硬件驱动，因此也用不上内核和驱动，另外有内核的那是虚拟机。

1. 手动制作yum版nginx镜像

Docker制作类似于虚拟机的镜像制作，即按照公司的实际业务需求将需要安装的软件、相关配置等基础环境配置完成，然后将其做成镜像，最后再批量从镜像批量生产实例，这样可以极大的简化相同环境的部署工作，Docker的镜像制作分为手动制作和自动制作（基于DockerFile），企业通常都是基于Dockerfile制作精细，其中手动制作镜像步骤具体如下：

1.1 下载镜像并初始化系统
基于某个基础镜像之上重新制作，因此需要先有一个基础镜像，本次使用官方提供的centos镜像为基础：

    docker pull centosdocker run -it docker.io/centos /bin/bashyum install wget -ycd /etc/yum.repos.d/rm -rf ./* #更改yum源wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repowget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

1.2 yum安装并配置nginx

	yum install nginx -y yum install -y vim wget pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop

1.3 关闭nginx后台运行

	vim /etc/nginx/nginx.confuser nginx;worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;daemon off;#关闭后台运行

1.4 自定义web页面

	vim /usr/share/nginx/html/index.htmlcat /usr/share/nginx/html/index.htmlDocker Yum Nginx #自定义web界面

1.5 提交为镜像
在宿主机基于容器ID提交为镜像
docker commit --help
日志：

	[root@gbase8c_private ~]# docker commit --helpUsage:	docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]Create a new image from a container's changesOptions:-a, --author string    Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")-c, --change list      Apply Dockerfile instruction to the created image-m, --message string   Commit message-p, --pause            Pause container during commit (default true)

docker commit -a “123456789@qq.com” -m “nginx yum v1” --change=“EXPOSE 80 443” 容器ID centos-nginx:v1
日志：

	[root@gbase8c_private ~]# docker commit -a "123456789@qq.com" -m "nginx yum v1" --change="EXPOSE 80 443" 6806eb0bfd6b centos-nginx:v1sha256:a93983db5db7f14b028edf94407ed1352efadf62dac88f6806366379a943403e

1.6 带tag的镜像提交
提交的时候标记tag号，标记tag号，生产当中比较常用，后期可以根据tag标记创建不同版本的镜像以及创建不同版本的容器
docker commit -m “nginx image” 容器ID jack/centos-nginx:v1
日志:

	[root@gbase8c_private ~]# docker commit -m "nginx image" 6806eb0bfd6b jack/centos-nginx:v1sha256:cd4faded8f63c375fbc924ab20173f00cecb4cb52ea0fbfb3041d41fb327c343[root@gbase8c_private ~]# docker images -aREPOSITORY          TAG                 IMAGE ID            CREATED             SIZEjack/centos-nginx   v1                  cd4faded8f63        59 seconds ago      431MBcentos-nginx        v1                  a93983db5db7        2 minutes ago       431MB

1.7 从自己镜像启动容器
docker run -d -p 80:80 --name my-centos-nginx jack/centos-nginx /usr/sbin/nginx
日志：

	[root@gbase8c_private ~]# docker run -d -p 80:80 --name my-centos-nginx centos-nginx:v1 /usr/sbin/nginx6cbb96e413b80336172714736302bdae09e5351e844a209518e09160fb9cb5c5

2. DockerFile制作yum版nginx镜像

DockerFile可以说是一种可以被Docker程序解释的脚本，DockerFile是由一条条的命令组成的，每条命令对应linux下面的一条命令，Docker程序将这些DockerFile指令再翻译成真正的linux命令，其有自己的书写方式和支持的命令，Docker程序读取DockerFile并根据指令生成Docker镜像，相比手动制作镜像的方式，DockerFile更能直观的展示镜像是怎么产生的，有了DockerFile，当后期有额外的需求时，只要在之前的DockerFile添加或者修改相应的命令即可重新生成新的Docker镜像，避免了重复手动制作镜像的麻烦，具体如下：

2.1 下载镜像并初始化系统

	docker pull centosdocker run -it docker.io/centos /bin/bashcd /opt/mkdir dockerfile/{web/{nginx,tomcat,jdk,apache},system/{centos,ubuntu,redhat}} -pv

目录结构按照业务类型或系统类型等方式划分，方便后期镜像比较多的时候进行分类

2.2 编写Dockerfile
cd /opt/dockerfile/web/nginx
vim ./Dockerfile #生成镜像的时候，会在执行命令的当前目录查找Dockerfile文件，所以名称不可写错，而且D必须大写

#My Dockerfile
#"#"为注释，等于shell脚本中的#
#除了注释行之外的第一行，必须是From xxx(xxx是基础镜像)
#第一行先定义基础镜像，后面的本地有效的镜像名，如果本地没有会从远程仓库下载，第一行很重要
From centos #镜像维护者的信息
MAINTAINER jack.Zhang 123456@qq.com#########其他可选参数###########
#USER  #指定该容器运行时的用户名和UID，后续的RUN命令也会使用这里指定的用户执行
#WORKDIR /a
#WORKDIR b #指定工作目录，最终为/a/b
#VOLUME ["/dir_1","/dir_2"]  #设置容器挂载主机目录
#ENV name jack #设置容器变量，常用于向容器内传递用户密码等################################
#执行的命令，将编译安装nginx的步骤执行一遍
RUN rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
#以下为centos8需要
RUN sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
RUN sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop make
#自动解压压缩包
ADD nginx-1.22.1.tar.gz /usr/local/src/  
RUN cd /usr/local/src/nginx-1.22.1 && ./configure --prefix=/usr/local/nginx --with-http_sub_module && make && make install
RUN cd /usr/local/nginx
ADD nginx.conf /usr/local/nginx/conf/nginx.conf
RUN useradd nginx -s /sbin/nologin
RUN ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx
RUN echo "test nginx page" > /usr/local/nginx/html/index.html
EXPOSE 80 443  
#向外开放的端口，多个端口用空格做间隔，启动容器时候-p需要使用此端口向外映射，如-p 8081:80,则80就是这里的80
CMD ["nginx"] 
#运行的命令，每个Dockerfile只能有一条，如果有多条则只有最后一条被执行
#如果再从该镜像启动容器的时候也指定了命令，那么指定的命令会覆盖Dockerfile构建的镜像里面的CMD命令，即指定的命令优先级更高，Dockerfile的优先级较低一些

2.3 准备源码包与配置文件

[root@gbase8c_private nginx]# cp /usr/local/nginx/conf/nginx.conf .    #配置文件关闭后台运行
[root@gbase8c_private nginx]# cp /usr/local/src/nginx-1.22.1.tar.gz .   #nginx 源码包

2.4 执行镜像构建
docker build -t jack/nginx-1.22.1:v1 /opt/dockerfile/web/nginx
日志：

	[root@gbase8c_private nginx]# docker build -t jack/nginx-1.22.1:v1 /opt/dockerfile/web/nginxSending build context to Docker daemon  1.082MBStep 1/15 : From centos---> 5d0da3dc9764Step 2/15 : MAINTAINER jack.Zhang 123456@qq.com---> Using cache---> 43ec73180728Step 3/15 : RUN rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm---> Using cache---> e143ccac7d7dStep 4/15 : RUN sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*---> Using cache---> b844d534721fStep 5/15 : RUN sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*---> Using cache---> 9e3a042b490cStep 6/15 : RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop make---> Using cache---> df76eecdf09fStep 7/15 : ADD nginx-1.22.1.tar.gz /usr/local/src/---> Using cache---> 98025681ea35Step 8/15 : RUN cd /usr/local/src/nginx-1.22.1 && ./configure --prefix=/usr/local/nginx --with-http_sub_module && make && make install---> Using cache---> 96186cea028eStep 9/15 : RUN cd /usr/local/nginx---> Using cache---> 4156022d8485Step 10/15 : ADD nginx.conf /usr/local/nginx/conf/nginx.conf---> Using cache---> 1c048d8e231eStep 11/15 : RUN useradd nginx -s /sbin/nologin---> Using cache---> b354065c9fc2Step 12/15 : RUN ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx---> Using cache---> a5b3a6e665f3Step 13/15 : RUN echo "test nginx page" > /usr/local/nginx/html/index.html---> Running in 7d4595c415e8Removing intermediate container 7d4595c415e8---> 242a23ccac4cStep 14/15 : EXPOSE 80 443---> Running in 7fd3a8e9c72dRemoving intermediate container 7fd3a8e9c72d---> 280671c13521Step 15/15 : CMD ["nginx"]---> Running in 866bfe9c8e53Removing intermediate container 866bfe9c8e53---> fdfce08f491fSuccessfully built fdfce08f491fSuccessfully tagged jack/nginx-1.22.1:v1[root@gbase8c_private nginx]# docker imagesREPOSITORY          TAG                 IMAGE ID            CREATED             SIZEjack/nginx-1.22.1   v1                  fdfce08f491f        30 seconds ago      638MB

2.5 从镜像启动容器
docker run -d -p 80:80 --name yum-nginx jack/nginx-1.22.1:v1 /usr/sbin/nginx
日志：

	[root@gbase8c_private nginx]# docker run -d -p 80:80 --name yum-nginx  jack/nginx-1.22.1:v1 /usr/sbin/nginx2649a84740d66098c1841387d306a245ee618f12a0df143ab0be5d7ab93c9c9d[root@gbase8c_private nginx]# docker ps -a CONTAINER ID        IMAGE                  COMMAND                   CREATED             STATUS                         PORTS               NAMES2649a84740d6        jack/nginx-1.22.1:v1   "/usr/sbin/nginx"         16 seconds ago      Exited (1) 15 seconds ago                          yum-nginx

↑容器并未成功启动，问题原因：

	[root@gbase8c_private nginx]# docker logs cb332665fbdfnginx: [emerg] open() "/var/log/nginx/error.log" failed (2: No such file or directory)nginx: [emerg] open() "/var/log/nginx/error.log" failed (2: No such file or directory)nginx: [emerg] open() "/var/log/nginx/error.log" failed (2: No such file or directory)[root@gbase8c_private nginx]# head -n 10 nginx.conf #user  nobody;user nginx;worker_processes auto;error_log /var/log/nginx/error.log;  - 》》》 /run/error.logpid /run/nginx.pid;daemon off;

❗原因：在 Docker 容器里面使用 root 用户的话，是不安全的，很容易出现越权的安全问题，所以一般情况下，我们都会使用普通用户来代替 root 进行服务的启动和管理的。
❗解决办法：发现还是 nginx.conf 配置文件，配置的有问题，需要将 Nginx 服务启动时候需要的文件都配置到一个无权限的目录，即可解决

3. 手动制作编译版本nginx镜像

过程为在centos基础镜像之上手动安装nginx，然后再提交为镜像

3.1 下载镜像并初始化系统

	docker pull centosdocker run -it docker.io/centos /bin/bashyum install wget -ycd /etc/yum/repos.d/sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*

❗不行再慎用↓

	rm -rf ./* #更改yum源wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repowget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

3.2 编译安装nginx

	yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop makecd /usr/local/src/wget http://nginx.org/download/nginx-1.22.1.tar.gztar xvf nginx-1.22.1.tar.gzcd nginx-1.22.1./configure --prefix=/usr/local/nginx --with-http_sub_modulemake && make install

3.3 关闭nginx后台运行

	vim /usr/local/nginx/conf/nginx.confuser nginx;worker_processes  auto;daemon off;ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx #创建软连

3.4 创建用户及授权

	useradd nginx -s /sbin/nologinchown nginx.nginx /usr/local/nginx -R

3.5 自定义web界面

	echo "My Nginx Test Page" > /usr/local/nginx/html/index.html

3.6 提交为镜像

	docker commit -m "test nginx" 88c367f1f97f jack/nginx-test-image:v1

3.7 从自己的镜像启动容器

	docker run -d -p 80:80 --name my-centos-nginx jack/nginx-test-image:v1 /usr/sbin/nginx

3.8 查看nginx访问日志
日志：

	[root@gbase8c_private nginx]# docker run -d -p 80:80 --name my-centos-nginx jack/nginx-test-image:v1 /usr/sbin/nginxe21b3af797570e7cd0a1426a74fa2953e282175e0793df70dc351fdf8767a036[root@gbase8c_private nginx]# docker ps -aCONTAINER ID        IMAGE                      COMMAND             CREATED             STATUS                      PORTS                NAMESe21b3af79757        jack/nginx-test-image:v1   "/usr/sbin/nginx"   4 seconds ago       Up 3 seconds                0.0.0.0:80->80/tcp   my-centos-nginx88c367f1f97f        centos                     "/bin/bash"         9 minutes ago       Exited (0) 2 minutes ago                         naughty_noyce7929901f31c9        jack/nginx-1.22.1:v1       "/usr/sbin/nginx"   27 minutes ago      Exited (0) 19 seconds ago                        yum-nginx[root@gbase8c_private nginx]# docker inspect -f "{{.State.Pid}}" e21b3af7975716623[root@gbase8c_private nginx]# nsenter -t 16623 -m -u -i -n -p[root@e21b3af79757 /]# tail -f /usr/local/nginx/logs/access.log 192.168.56.1 - - [28/Nov/2023:14:33:18 +0000] "GET / HTTP/1.1" 200 19 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"192.168.56.1 - - [28/Nov/2023:14:35:02 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"192.168.56.1 - - [28/Nov/2023:14:35:03 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"192.168.56.1 - - [28/Nov/2023:14:35:03 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"

4. 自定义tomcat镜像

基于官方提供的centos 基础镜像构建JDK和tomcat镜像，先构建JDK镜像，然后再基于JDK镜像构建tomcat镜像

4.1 构建JDK镜像

	docker pull centosmkdir /opt/dockerfile/{web/{nginx,tomcat,jdk,apache},system/{centos,ubuntu,redhat}} -pvcd /opt/dockerfile/web/jdkvim Dockerfile
#JDK Base Image
FROM centos:latest
MAINTAINER jack.Zhang 123456@qq.com
ADD jdk-8u391-linux-x64.tar.gz /usr/local/src/
RUN ln -sv /usr/local/src/jdk1.8.0_391 /usr/local/jdk
ADD profile /etc/profile
ENV JAVA_HOME /usr/local/jdk
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
ENV PATH $PATH:$JAVA_HOME/bin
RUN rm -rf /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo "Asia/Shanghai" > /etc/timezone

4.2 上传JDK压缩包和profile文件
将JDK压缩包上传到Dockerfile当前目录，然后执行构建：
4.3 执行构建镜像

	cat build-command.sh
#!/bin/bash
docker build -t centos-8-jdk:v1 .

日志：

	[root@gbase8c_private jdk]# bash build-command.sh Sending build context to Docker daemon  141.9MBStep 1/10 : FROM centos-7.5:latestpull access denied for centos-7.5, repository does not exist or may require 'docker login'[root@gbase8c_private jdk]# vim Dockerfile [root@gbase8c_private jdk]# bash build-command.sh Sending build context to Docker daemon  141.9MBStep 1/10 : FROM centos:latest---> 5d0da3dc9764Step 2/10 : MAINTAINER jack.Zhang 123456@qq.com---> Using cache---> 43ec73180728Step 3/10 : ADD jdk-8u391-linux-x64.tar.gz /usr/local/src/---> 21764746d490Step 4/10 : RUN ln -sv /usr/local/src/jdk-8u391-linux-x64/usr/local/jdk---> Running in a22ecd27e9f8'./jdk' -> '/usr/local/src/jdk-8u391-linux-x64/usr/local/jdk'Removing intermediate container a22ecd27e9f8---> 2f99e9a548c1Step 5/10 : ADD profile /etc/profile---> aef302c8a3daStep 6/10 : ENV JAVA_HOME /usr/local/jdk---> Running in 47c346592718Removing intermediate container 47c346592718---> da9972f86cd2Step 7/10 : ENV JRE_HOME $JAVA_HOME/jre---> Running in c83345919c81Removing intermediate container c83345919c81---> 460916698ef9Step 8/10 : ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/---> Running in 5114c8a4b7d9Removing intermediate container 5114c8a4b7d9---> d1d448d0c77cStep 9/10 : ENV PATH $PATH:$JAVA_HOME/bin---> Running in ae28d4c66b9eRemoving intermediate container ae28d4c66b9e---> 3ae8ad1733b5Step 10/10 : RUN rm -rf /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo "Asia/Shanghai" > /etc/timezone---> Running in 2690a5bb592fRemoving intermediate container 2690a5bb592f---> 2db525ca3854Successfully built 2db525ca3854Successfully tagged centos-8-jdk:v1

4.4 从镜像启动容器

	docker run -it centos-8-jdk bashdocker run -it --rm centos-8-jdk:v1 bash[root@gbase8c_private jdk]# docker run -it --rm centos-8-jdk:v1 bash[root@76ab942d4101 /]# java -versionjava version "1.8.0_391"Java(TM) SE Runtime Environment (build 1.8.0_391-b13)Java HotSpot(TM) 64-Bit Server VM (build 25.391-b13, mixed mode)[root@76ab942d4101 /]# dateThu Dec  7 21:48:47 CST 2023

4.5 将镜像上传到harbor

	docker push centos-8-jdk:v1docker tag centos-8-jdk:v1 192.168.56.199/jdk/centos-8-jdk:v1

日志：

	[root@gbase8c_private harbor]# docker push 192.168.56.199/jdk/centos-8-jdk:v1The push refers to repository [192.168.56.199/jdk/centos-8-jdk]7fea194b5bd5: Pushed fd55b5f95a06: Pushed 9bf99e4f3d89: Pushed a74f8d8f2d28: Pushed 74ddd0ec08fa: Pushed v1: digest: sha256:d43557182e4e243522036f884d79d7b8c3ccc3eaf727a3bdd56a44ce20976583 size: 1363

4.6 下载镜像并启动JDK容器
日志：

	[root@gbase8c_private harbor]# docker pull 192.168.56.199/jdk/centos-8-jdk:v1v1: Pulling from jdk/centos-8-jdkDigest: sha256:d43557182e4e243522036f884d79d7b8c3ccc3eaf727a3bdd56a44ce20976583Status: Image is up to date for 192.168.56.199/jdk/centos-8-jdk:v1[root@gbase8c_private harbor]# docker run -it --rm 192.168.56.199/jdk/centos-8-jdk:v1 bash[root@5b4cfa6cbf5a /]# dateSun Dec 10 20:38:53 CST 2023[root@5b4cfa6cbf5a /]# java -versionjava version "1.8.0_391"Java(TM) SE Runtime Environment (build 1.8.0_391-b13)Java HotSpot(TM) 64-Bit Server VM (build 25.391-b13, mixed mode)

4.7 从JDK镜像构建tomcat 8 Base 镜像：
- 4.7.1 编辑DockerFile：

	cd /opt/dockerfile/system/centos/tomcat8-basevim Dockerfile
#Tomcat Base Image
From 192.168.56.199/jdk/centos-8-jdk:v1
RUN useradd www -u 2000#ADD del_tomcatlog.sh /root/script
#RUN echo "0 2 * * * /bin/bash /root/script/del_tomcatlog.sh &> /dev/null" >> /var/spool/cron/root#env settinf
ENV TZ "Asiz/Shanghai"
ENV LANG en_US.UTF-8
ENV TERM xterm
ENV TOMCAT_MAJOR_VERSION 8
ENV TOMCAT_MINOR_VERSION 8.5.96
ENV CATALINA_HOME /apps/tomcat
ENV APP_DIR ${CATALINA_HOME}/webapps#tomcat settinf
RUN mkdir /apps
ADD apache-tomcat-8.5.96.tar.gz /apps
RUN ln -sv /apps/apache-tomcat-8.5.96 /apps/tomcat

4.7.2 通过脚本构建tomcat基础镜像

	cat build-command.sh #!/bin/bashdocker build -t tomcat8-base:v1 .

日志：

	[root@gbase8c_private tomcat8-base]# bash build-command.sh Sending build context to Docker daemon  10.78MBStep 1/12 : From 192.168.56.199/jdk/centos-8-jdk:v1---> a2b742b94015Step 2/12 : RUN useradd www -u 2000---> Running in d19d27df0448Removing intermediate container d19d27df0448---> 1bf6e78dc7c7Step 3/12 : ENV TZ "Asiz/Shanghai"---> Running in a99f9eb322ccRemoving intermediate container a99f9eb322cc---> 95c6a3cefc7fStep 4/12 : ENV LANG en_US.UTF-8---> Running in 805840b54de5Removing intermediate container 805840b54de5---> 7aab23b04eefStep 5/12 : ENV TERM xterm---> Running in 4ae0182d2195Removing intermediate container 4ae0182d2195---> 0804043c7b14Step 6/12 : ENV TOMCAT_MAJOR_VERSION 8---> Running in c825fe92e42dRemoving intermediate container c825fe92e42d---> 4d6fcd259f9cStep 7/12 : ENV TOMCAT_MINOR_VERSION 8.5.96---> Running in b4b7a0ed2797Removing intermediate container b4b7a0ed2797---> 626d7d9d2478Step 8/12 : ENV CATALINA_HOME /apps/tomcat---> Running in 37e5aff7d23cRemoving intermediate container 37e5aff7d23c---> eb992444e7f6Step 9/12 : ENV APP_DIR ${CATALINA_HOME}/webapps---> Running in de3421e3d164Removing intermediate container de3421e3d164---> 03766db8ca90Step 10/12 : RUN mkdir /apps---> Running in 5ba348fd64b4Removing intermediate container 5ba348fd64b4---> 5d60c75f47ecStep 11/12 : ADD apache-tomcat-8.5.96.tar.gz /apps---> cac315a6fd1bStep 12/12 : RUN ln -sv /apps/apache-tomcat-8.5.96 /apps/tomcat---> Running in 919329b80388'/apps/tomcat' -> '/apps/apache-tomcat-8.5.96'Removing intermediate container 919329b80388---> 2ab037a507a7Successfully built 2ab037a507a7Successfully tagged tomcat8-base:v1[root@gbase8c_private tomcat8-base]# docker imagesREPOSITORY                        TAG                 IMAGE ID            CREATED             SIZEtomcat8-base                      v1                  2ab037a507a7        8 seconds ago       597MB

4.8 构建业务镜像1、2
创建tomcat-app1 和 tomcat-app2两个目录，代表不同的两个基于tomcat的业务。
- 4.8.1 准备Dockerfile

	cd /opt/dockerfile/system/centos/tomcat-app1vim Dockerfile
#Tomcat Web Image
FROM tomcat8-base:v1
ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh
ADD myapp/* /apps/tomcat/webapps/myapp/
RUN chown www.www /apps/ -R
CMD ["/apps/tomcat/bin/run_tomcat.sh"]
EXPOSE 8080 8009

4.8.2 准备自定义myapp页面

	mkdir myappecho "Tomcat Web Page1" > myapp/index.htmlcat myapp/index.html

4.8.3 准备容器启动执行脚本

	cat run_tomcat.sh
#!/bin/bash
echo "1.1.1.1 abc.test.com" >> /etc/hosts
echo "nameserver 223.5.5.5" > /etc/resolv.conf
su - www -c "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/jdk/bin && export JAVA_HOME=/usr/local/jdk && export JRE_HOME=/usr/local/jdk/jre && export CLASSPATH=/usr/local/jdk/lib/:/usr/local/jdk/jre/lib/ && /apps/tomcat/bin/catalina.sh start && tail -f /etc/hosts"
#这里没有继承主机的环境变量，有没有懂哥。。。。
#su - www -c "/apps/tomcat/bin/catalina.sh start"

#su - www -c “tail -f /etc/hosts”

4.8.4 准备构建脚本

	vim build-command.sh
#!/bin/bash
docker build -t tomcat-web:app1 .

日志：

	[root@gbase8c_private tomcat-app1]# bash build-command.sh Sending build context to Docker daemon  5.632kBStep 1/6 : FROM tomcat8-base:v1---> 2ab037a507a7Step 2/6 : ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh---> 09983a7133b8Step 3/6 : ADD myapp/* /apps/tomcat/webapps/myapp/---> c5a2afd16dc5Step 4/6 : RUN chown www.www /apps/ -R---> Running in 869d5623188cRemoving intermediate container 869d5623188c---> c481b86618b4Step 5/6 : CMD ["/apps/tomcat/bin/run_tomcat.sh"]---> Running in a90ab30a9c8eRemoving intermediate container a90ab30a9c8e---> e5742f33c2bdStep 6/6 : EXPOSE 8080 8009---> Running in 15dea2dd3a7aRemoving intermediate container 15dea2dd3a7a---> 891a81d08424Successfully built 891a81d08424Successfully tagged tomcat-web:app1[root@gbase8c_private tomcat-app2]# docker imagesREPOSITORY                        TAG                 IMAGE ID            CREATED              SIZEtomcat-web                        app2                1c4e68330d53        3 seconds ago        612MBtomcat-web                        app1                891a81d08424        About a minute ago   612MB

4.8.5 从镜像启动容器测试

	docker run -it -d -p 8888:8080 tomcat-web:app1docker run -it -d -p 8889:8080 tomcat-web:app2

5. 构建haproxy镜像

5.1 准备Dockerfile

	cd /opt/dockerfile/system/centos/haproxyvim Dockerfile
#Haproxy Base Image
FROM centos:latest
MAINTAINER zhangshijie "zhangshijie@300.cm"
RUN yum install gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools vim iotop bc zip unzip zlib-devel lrzsz tree screen lsof tcpdump wget ntpdate -y
ADD haproxy-1.8.31.tar.gz /usr/lib/src/
RUN cd /usr/local/src/haproxy-1.8.31 && make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy && make install PRFEIX=/usr/local/haproxy && cp haproxy /usr/sbin/ && mkdir /usr/local/haproxy/run
ADD haproxy.cfg /etc/haproxyADD run_haproxy.sh /usr/bin
EXPOSE 80 9999
CMD ["/usr/bin/run_haproxy.sh"]

5.2 准备haproxy配置文件

	cat haproxy.cfg
global
chroot /usr/local/haproxy
#stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon 
nbproc 1
pidfile /usrs/local/haproxy/run/haproxy.pid
log 127.0.0.1 local3 infodefaults
option http-keep-alive
option forwardfor
mode http
timeout connect 300000ms
timeout client  300000ms
timeout server  300000mslisten statsmode httpbind 0.0.0.0:9999stats enablelog globalstats uri  /haproxy-statusstats auth haadmin:q1w2e3r4yslisten web_portbind 0.0.0.0:80mode httplog globalbalance roundrobinserver web1 192.168.56.199:8888 check inter 3000 fall 2 rise 5server web2 192.168.56.199:8889 check inter 3000 fall 2 rise 5

5.3 准备构建脚本

	cat build-command.sh
#!/bin/bash
docker build -t centos-haproxy-bash:7.5-1.8.31 .

5.4 执行构建haproxy镜像
5.5 从镜像启动容器

docker run -it -d -p80:80 -p9999:9999 centos-haproxy-bash:7.5-1.8.31

6. 本地镜像上传至官方docker仓库

将自制的镜像上传至docker仓库，https://hub.docker.com/

6.1 准备账户
登录到docker hub 官网创建账户，登陆后点击settings完善账户信息
6.2 在虚拟机使用自己的账号登录

	docker login https://hub.docker.com/

6.3 查看认证信息
登录成功之后会在当前目录生成一个隐藏文件用户保存登录认证信息

cat .docker/config.json

6.4 给镜像做tag并开始上传

	docker imagesdocker tag xxxx  docker.io/ck/centos-nginxdocker logindocker push xxxxx

6.5 到官方验证
6.6 更换到其他docker服务器下载镜像，并启动

五、Docker数据管理

参考：【Docker】Docker学习⑤ - Docker数据管理

六、网络部分

参考：【Docker】Docker学习⑥ - 网络部分

七、Docker仓库之单机Dokcer Registry

参考：【Docker】Docker学习⑦ - Docker仓库之单机Dokcer Registry

八、Docker仓库之分布式Harbor

参考：【Docker】Docker学习⑧ - Docker仓库之分布式Harbor

九、单机编排之Docker Compose

参考：【Docker】Docker学习⑨ - 单机编排之Docker Compose