Benutzer-Werkzeuge
admin_grundlagen:docker:build
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
| Beide Seiten, vorherige Überarbeitung Vorherige Überarbeitung Nächste Überarbeitung | Vorherige Überarbeitung | ||
|
admin_grundlagen:docker:build [2026/02/22 13:04] ingo_wichmann |
admin_grundlagen:docker:build [2026/06/01 12:13] (aktuell) peter_rossbach2 [Docker Image aktualisieren] |
||
|---|---|---|---|
| Zeile 1: | Zeile 1: | ||
| ====== erstes Docker Image selbst bauen ====== | ====== erstes Docker Image selbst bauen ====== | ||
| ===== Pakete ===== | ===== Pakete ===== | ||
| - | * Rocky Linux (9): | + | === Rocky Linux (10): === |
| - | * erst ''epel-release'' installieren (fügt neues Repository hinzu) | + | dnf config-manager --enable crb |
| - | * debootstrap | + | dnf install -y epel-release |
| - | * Debian (ab 12): debootstrap | + | dnf install -y debootstrap |
| + | === Debian (ab 12) === | ||
| + | apt install -y debootstrap | ||
| ===== Image bauen ===== | ===== Image bauen ===== | ||
| (( anders als das Image aus https://hub.docker.com/_/debian ist dieses Image nicht reproduzierbar )) | (( anders als das Image aus https://hub.docker.com/_/debian ist dieses Image nicht reproduzierbar )) | ||
| sudo debootstrap --variant=minbase trixie ./debian http://debian/debian | sudo debootstrap --variant=minbase trixie ./debian http://debian/debian | ||
| + | (( unter RockyLinux ''--keyring'' ergänzen: | ||
| + | sudo debootstrap --variant=minbase --keyring=/usr/share/keyrings/debian-archive-trixie-stable.gpg trixie ./debian http://debian.linuxhotel.de/debian | ||
| + | )) | ||
| sudo tar cC debian/ . | docker image import - ingo/debian:trixie | sudo tar cC debian/ . | docker image import - ingo/debian:trixie | ||
| Tag ''latest'' hinzufügen: | Tag ''latest'' hinzufügen: | ||
| Zeile 17: | Zeile 22: | ||
| ==== testen ==== | ==== testen ==== | ||
| docker container run ingo/debian echo hello world | docker container run ingo/debian echo hello world | ||
| + | -> ''hello world'' | ||
| ====== Dockerfile - Docker Images weiterbauen ====== | ====== Dockerfile - Docker Images weiterbauen ====== | ||
| mkdir nginx | mkdir nginx | ||
| - | cd static_web | + | cd nginx |
| + | ++++ podman | | ||
| + | bei Podman darf die Datei auch ''Containerfile'' heißen | ||
| + | ++++ | ||
| <file txt Dockerfile> | <file txt Dockerfile> | ||
| FROM ingo/debian:trixie | FROM ingo/debian:trixie | ||
| - | LABEL version="0.0.1" | + | |
| - | LABEL maintainer="me@example.com" | + | |
| ENV DEBIAN_FRONTEND=noninteractive | ENV DEBIAN_FRONTEND=noninteractive | ||
| - | ENV REFRESHED_AT=2026-01-07 | ||
| RUN set -eux; \ | RUN set -eux; \ | ||
| apt-get -qq update; \ | apt-get -qq update; \ | ||
| apt-get install -y --no-install-recommends nginx | apt-get install -y --no-install-recommends nginx | ||
| - | RUN find / -xdev -user root -type f -perm /u+s -exec chmod u-s {} + | ||
| RUN echo 'A warm welcome from your Dockerfile' > /var/www/html/index.html | RUN echo 'A warm welcome from your Dockerfile' > /var/www/html/index.html | ||
| EXPOSE 80 | EXPOSE 80 | ||
| ENTRYPOINT ["/usr/sbin/nginx", "-g", "daemon off;"] | ENTRYPOINT ["/usr/sbin/nginx", "-g", "daemon off;"] | ||
| - | </file> | ||
| - | docker build -t='ingo/nginx:0.0.1' . | ||
| - | docker image ls ingo/nginx:0.0.1 | ||
| - | -> id rauskopieren (z.B. ''5879d7773761'') | ||
| - | docker image tag 5879d7773761 ingo/nginx:latest | ||
| - | docker container run -d -p 80:80 --name my_nginx ingo/nginx | ||
| - | curl -s http://localhost:80 | ||
| - | -> im Browser http://localhost öffnen | ||
| - | ===== ENTRYPOINT / CMD / run-Command ===== | + | ARG REFRESHED_AT=2026-01-07 |
| + | LABEL version="0.0.1" | ||
| + | LABEL maintainer="me@example.com" | ||
| + | LABEL org.opencontainers.image.authors="me@example.com" | ||
| + | LABEL org.opencontainers.image.created=$REFRESHED_AT | ||
| + | </file> (( https://docs.docker.com/reference/dockerfile/ )) | ||
| + | ++++ ENTRYPOINT / CMD / run-Command | | ||
| ^ ''ENTRYPOINT'' ^ ''CMD'' ^ run-Command ^ ausgeführt wird ^ | ^ ''ENTRYPOINT'' ^ ''CMD'' ^ run-Command ^ ausgeführt wird ^ | ||
| |<code>["script.sh"]</code>| | | <code>script.sh</code> | | |<code>["script.sh"]</code>| | | <code>script.sh</code> | | ||
| Zeile 51: | Zeile 54: | ||
| | | <code>["/bin/sh"]</code> | | <code>/bin/sh</code> | | | | <code>["/bin/sh"]</code> | | <code>/bin/sh</code> | | ||
| | | <code>["/bin/sh"]</code> | <code>/bin/dash</code> | <code>/bin/dash</code> | | | | <code>["/bin/sh"]</code> | <code>/bin/dash</code> | <code>/bin/dash</code> | | ||
| - | | | | | <code>/bin/bash</code>((https://docs.docker.com/reference/dockerfile/#understand-how-cmd-and-entrypoint-interact sagt ''error, not allowed''. Docker Version 20.10.24+dfsg1 hat ''bash'' ausgeführt.)) | | + | | | | | <code>/bin/bash</code> (( https://docs.docker.com/reference/dockerfile/#understand-how-cmd-and-entrypoint-interact sagt ''error, not allowed''. Docker Version 20.10.24+dfsg1 hat ''bash'' ausgeführt.)) | |
| + | ++++ | ||
| + | Image mit den Erweiterungen aus dem ''Dockerfile'' bauen: | ||
| + | docker build -t='ingo/nginx:0.0.1' . | ||
| + | Image anzeigen: | ||
| + | docker image ls ingo/nginx:0.0.1 | ||
| + | -> id rauskopieren (z.B. ''5879d7773761'') | ||
| + | Image taggen: | ||
| + | docker image tag 5879d7773761 ingo/nginx:latest | ||
| + | Container starten: | ||
| + | docker container run -d -p 80:80 --name my_nginx ingo/nginx | ||
| + | Zugriff auf nginx testen: | ||
| + | curl -s http://localhost:80 | ||
| + | -> im Browser http://localhost öffnen | ||
| + | |||
| + | ====== Docker Image aktualisieren ====== | ||
| + | <file txt Dockerfile> | ||
| + | … | ||
| + | RUN ln -sf /dev/stdout /var/log/nginx/access.log \ | ||
| + | && ln -sf /dev/stderr /var/log/nginx/error.log | ||
| + | … | ||
| + | </file> | ||
| + | |||
| + | docker build --no-cache --pull -t='ingo/nginx:0.0.2' . | ||
| + | |||
| + | ++++ podman | | ||
| + | podman build --no-cache -t='ingo/nginx:0.0.2' . | ||
| + | -> allerdings werden dann alle 12 STEPs neu gebaut. | ||
| + | |||
| + | TODO: liegt das an dem fehlenden --pull? | ||
| + | AI Slop Vermutung: | ||
| + | Docker built your image without errors because it keeps un-namespaced local images as-is. In contrast, Podman automatically prefixes locally built or untagged registry images with localhost/ to prevent collisions with official registries. | ||
| + | When you use the --pull flag, Podman is forced to try downloading a fresh version of that base image from an external source. Because it sees localhost/ingo/debian:trixie, Podman literally looks for a web-facing registry running on your actual machine (https://localhost/v2/). Since you don't have a container registry service actively running on port 443 of your host machine, the network request fails with "connection refused" | ||
| + | |||
| + | Unter Debian mit Docker version 26.1.5+dfsg1, build a72d7cd klappt ''--pull'' auch nicht. | ||
| + | ERROR: failed to solve: ingo/debian:trixie: failed to resolve source metadata for docker.io/ingo/debian:trixie: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed | ||
| + | ++++ | ||
| + | |||
| + | Jetzt noch mal Container starten und | ||
| + | docker logs | ||
| + | ansehen. | ||
| + | |||
| + | Bauen mit einem Release Zeitstempel: | ||
| + | |||
| + | <code shell> | ||
| + | REFRESHED_AT=$(date '+%Y-%m-%d') | ||
| + | docker build --no-cache --pull \ | ||
| + | --build-arg REFRESHED_AT=$REFRESHED_AT \ | ||
| + | -t='ingo/nginx:0.0.2' \ | ||
| + | -t=ingo/nginx:$REFRESHED_AT . | ||
| + | </code> | ||
| + | |||
| + | |||
| + | Nginx as Systemd: | ||
| + | |||
| + | <code bash> | ||
| + | mkdir ~/ubi9-nginx && cd ~/ubi9-nginx | ||
| + | cat >Dockerfile <<EOR | ||
| + | FROM registry.access.redhat.com/ubi9/ubi-init | ||
| + | RUN cat <<'EOF' >/etc/yum.repos.d/nginx.repo | ||
| + | [nginx-stable] | ||
| + | name=nginx stable repo | ||
| + | baseurl=http://nginx.org/packages/rhel/9/\$basearch/ | ||
| + | gpgcheck=1 | ||
| + | enabled=1 | ||
| + | gpgkey=https://nginx.org/keys/nginx_signing.key | ||
| + | module_hotfixes=true | ||
| + | EOF | ||
| + | |||
| + | RUN dnf -y install nginx \ | ||
| + | && dnf clean all \ | ||
| + | && systemctl enable nginx | ||
| + | STOPSIGNAL SIGRTMIN+3 | ||
| + | CMD ["/sbin/init"] | ||
| + | EOR | ||
| + | |||
| + | docker build -t ubi9-nginx-systemd:0.0.1 . | ||
| + | docker run --name ubi9-nginx --privileged -d -p 8090:80 ubi9-nginx-systemd:0.0.1 | ||
| + | docker exec -it ubi9-nginx nginx -v | ||
| + | docker exec -it ubi9-nginx systemctl status | ||
| + | docker exec -it ubi9-nginx journalctl -u nginx | ||
| + | # ups.. | ||
| + | docker logs ubi9-nginx | ||
| + | </code> | ||
| + | |||
| + | <code bash> | ||
| + | # build with compose | ||
| + | cat >compose.yml <<EOR | ||
| + | services: | ||
| + | nginx: | ||
| + | build: . | ||
| + | privileged: true | ||
| + | ports: | ||
| + | - "8090:80" | ||
| + | tmpfs: | ||
| + | - /run | ||
| + | - /run/lock | ||
| + | - /tmp | ||
| + | stop_signal: SIGRTMIN+3 | ||
| + | EOR | ||
| + | docker compose build | ||
| + | docker compose up -d | ||
| + | docker compose exec nginx ps -ef | ||
| + | docker compose down | ||
| + | </code> | ||
| + | |||
| + | ++++ this doesn't solve the console logging problem | | ||
| + | |||
| + | <code bash> | ||
| + | |||
| + | cat >Dockerfile <<EOR | ||
| + | FROM registry.access.redhat.com/ubi9/ubi-init | ||
| + | RUN cat <<'EOF' >/etc/yum.repos.d/nginx.repo | ||
| + | [nginx-stable] | ||
| + | name=nginx stable repo | ||
| + | baseurl=http://nginx.org/packages/rhel/9/\$basearch/ | ||
| + | gpgcheck=1 | ||
| + | enabled=1 | ||
| + | gpgkey=https://nginx.org/keys/nginx_signing.key | ||
| + | module_hotfixes=true | ||
| + | EOF | ||
| + | |||
| + | RUN dnf -y install nginx \ | ||
| + | && dnf clean all | ||
| + | |||
| + | # nginx logs to files (important for tail) | ||
| + | RUN mkdir -p /var/log/nginx | ||
| + | |||
| + | # systemd override for nginx | ||
| + | RUN mkdir -p /etc/systemd/system/nginx.service.d && \ | ||
| + | cat <<'EOF' >/etc/systemd/system/nginx.service.d/override.conf | ||
| + | [Service] | ||
| + | StandardOutput=journal | ||
| + | StandardError=journal | ||
| + | EOF | ||
| + | |||
| + | # log forwarder service | ||
| + | RUN cat <<'EOF' >/etc/systemd/system/nginx-log-forwarder.service | ||
| + | [Unit] | ||
| + | Description=Nginx log forwarder | ||
| + | After=nginx.service | ||
| + | Requires=nginx.service | ||
| + | [Service] | ||
| + | Type=simple | ||
| + | ExecStart=/bin/sh -c '/usr/bin/tail -F /var/log/nginx/access.log /var/log/nginx/error.log' | ||
| + | Restart=always | ||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | EOF | ||
| + | |||
| + | RUN systemctl enable nginx \ | ||
| + | && systemctl enable nginx-log-forwarder | ||
| + | STOPSIGNAL SIGRTMIN+3 | ||
| + | CMD ["/sbin/init"] | ||
| + | EOR | ||
| + | # docker | ||
| + | docker compose build | ||
| + | docker compose up -d | ||
| + | curl 127.0.0.1:8090 | ||
| + | docker compose exec nginx systemctl status nginx-log-forwarder | ||
| + | docker compose exec nginx journalctl -u nginx-log-forwarder | ||
| + | # see access logs | ||
| + | docker logs nginx_nginx_1 | ||
| + | # podman | ||
| + | podman compose build | ||
| + | podman compose up -d | ||
| + | curl 127.0.0.1:8090 | ||
| + | podman compose exec nginx systemctl status nginx-log-forwarder | ||
| + | podman compose exec nginx journalctl -u nginx-log-forwarder | ||
| + | # see access logs | ||
| + | podman logs nginx_nginx_1 | ||
| + | # no logging output! | ||
| + | </code> | ||
| + | ++++ | ||
admin_grundlagen/docker/build.1771765489.txt.gz · Zuletzt geändert: 2026/02/22 13:04 von ingo_wichmann
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial-Share Alike 4.0 International
