CCIE那点事

https://docs.docker.com/develop/develop-images/baseimages/#more-resources

 

试验如下：在centos7机器上做centos镜像

直接参考这个脚本

https://raw.githubusercontent.com/docker/docker/master/contrib/mkimage-yum.sh

./mkimage-yum.sh -y /etc/yum.conf centos7

执行如上脚本，成功后，就可以看到镜像了【docker images】,概要说明一下，主要是如下几步：

1．tmp目录下建立临时目录和文件系统

2．使用yum安装相关的软件包

3．软件包安装和信息定制

4．tar打包

5．清理

建立目录结构[rootfs]

target=(mktemp−d−−tmpdir<?XML:NAMESPACE PREFIX = [default] http://www.w3.org/1998/Math/MathML NS = "http://www.w3.org/1998/Math/MathML" />(mktemp−d−−tmpdir(basename $0).XXXXXX)

set -x

mkdir -m 755 "$target"/dev

mknod -m 600 "$target"/dev/console c 5 1

mknod -m 600 "$target"/dev/initctl p

mknod -m 666 "$target"/dev/full c 1 7

mknod -m 666 "$target"/dev/null c 1 3

mknod -m 666 "$target"/dev/ptmx c 5 2

mknod -m 666 "$target"/dev/random c 1 8

mknod -m 666 "$target"/dev/tty c 5 0

mknod -m 666 "$target"/dev/tty0 c 4 0

mknod -m 666 "$target"/dev/urandom c 1 9

mknod -m 666 "$target"/dev/zero c 1 5

# amazon linux yum will fail without vars set

if [ -d /etc/yum/vars ]; then

mkdir -p -m 755 "$target"/etc/yum

cp -a /etc/yum/vars "$target"/etc/yum/

fi

软件包安装和信息定制

yum -c "yumconfig"−−installroot="yumconfig"−−installroot="target" –releasever=/ –setopt=tsflags=nodocs \

    –setopt=group_package_types=mandatory -y groupinstall Core

yum -c "yumconfig"−−installroot="yumconfig"−−installroot="target" -y clean all

…

打包

tar –numeric-owner -c -C "target".|dockerimport−target".|dockerimport−name:$version

docker run -i -t name:name:version echo success

清理

rm -rf "$target"

如果我们需要自己的安全增强软件等定制，只需要在第2步将我们的内容合并进去即可

 

Most Dockerfiles start from a parent image. If you need to completely control the contents of your image, you might need to create a base image instead. Here’s the difference:

• A parent image is the image that your image is based on. It refers to the contents of the FROM directive in the Dockerfile. Each subsequent declaration in the Dockerfile modifies this parent image. Most Dockerfiles start from a parent image, rather than a base image. However, the terms are sometimes used interchangeably.

• A base image either has no FROM line in its Dockerfile, or has FROM scratch.

This topic shows you several ways to create a base image. The specific process will depend heavily on the Linux distribution you want to package. We have some examples below, and you are encouraged to submit pull requests to contribute new ones.

Create a full image using tar

In general, start with a working machine that is running the distribution you’d like to package as a parent image, though that is not required for some tools like Debian’s Debootstrap, which you can also use to build Ubuntu images.

It can be as simple as this to create an Ubuntu parent image:

$ sudo debootstrap xenial xenial > /dev/null
$ sudo tar -C xenial -c . | docker import - xenial

a29c15f1bf7a

$ docker run xenial cat /etc/lsb-release

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04 LTS"

There are more example scripts for creating parent images in the Docker GitHub Repo:

• BusyBox
• CentOS / Scientific Linux CERN (SLC) on Debian/Ubuntu or on CentOS/RHEL/SLC/etc.
• Debian / Ubuntu

Create a simple parent image using scratch

You can use Docker’s reserved, minimal image, scratch, as a starting point for building containers. Using the scratch “image” signals to the build process that you want the next command in the Dockerfile to be the first filesystem layer in your image.

While scratch appears in Docker’s repository on the hub, you can’t pull it, run it, or tag any image with the name scratch. Instead, you can refer to it in your Dockerfile. For example, to create a minimal container using scratch:

FROM scratch
ADD hello /
CMD ["/hello"]

Assuming you built the “hello” executable example by following the instructions at https://github.com/docker-library/hello-world/, and you compiled it with the -static flag, you can build this Docker image using this docker build command:

docker build --tag hello .

Don’t forget the . character at the end, which sets the build context to the current directory.

Note: Because Docker for Mac and Docker for Windows use a Linux VM, you need a Linux binary, rather than a Mac or Windows binary. You can use a Docker container to build it:

$ docker run --rm -it -v $PWD:/build ubuntu:16.04

container# apt-get update && apt-get install build-essential
container# cd /build
container# gcc -o hello -static -nostartfiles hello.c

To run your new image, use the docker run command:

docker run --rm hello

This example creates the hello-world image used in the tutorials. If you want to test it out, you can clone the image repo.

More resources

There are lots more resources available to help you write your Dockerfile.

• There’s a complete guide to all the instructions available for use in a Dockerfile in the reference section.
• To help you write a clear, readable, maintainable Dockerfile, we’ve also written a Dockerfile best practices guide.
• If your goal is to create a new Official Repository, be sure to read up on Docker’s Official Repositories.