Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen gezeigt.

--- admin_grundlagen:docker:build [2026/03/24 10:11]
ingo_wichmann [Dockerfile - Docker Images weiterbauen]
+++ admin_grundlagen:docker:build [2026/06/01 12:13] (aktuell)
peter_rossbach2 [Docker Image aktualisieren]
@@ Zeile 1: / Zeile 1: @@
 ====== erstes Docker Image selbst bauen ======
 ===== Pakete =====
-  * Rocky Linux (9):
+=== Rocky Linux (10): ===
-    * erst ''epel-release'' installieren (fügt neues Repository hinzu)
+  dnf config-manager --enable crb
-    * debootstrap
+  dnf install -y epel-release
-  * Debian (ab 12): debootstrap
+  dnf install -y debootstrap
+=== Debian (ab 12) ===
+  apt install -y debootstrap
 ===== Image bauen =====
 (( anders als das Image aus https://hub.docker.com/_/debian ist dieses Image nicht reproduzierbar ))
   sudo debootstrap --variant=minbase trixie ./debian http://debian/debian
+(( unter RockyLinux ''--keyring'' ergänzen:
+  sudo debootstrap --variant=minbase --keyring=/usr/share/keyrings/debian-archive-trixie-stable.gpg trixie ./debian http://debian.linuxhotel.de/debian
+))
   sudo tar cC debian/ . | docker image import - ingo/debian:trixie
 Tag ''latest'' hinzufügen:
@@ Zeile 17: / Zeile 22: @@
 ==== testen ====
   docker container run ingo/debian echo hello world
+-> ''hello world''
 ====== Dockerfile - Docker Images weiterbauen ======
   mkdir nginx
   cd nginx
+++++ podman |
+bei Podman darf die Datei auch ''Containerfile'' heißen
+++++
 <file txt Dockerfile>
 FROM ingo/debian:trixie
-LABEL version="0.0.1"
-LABEL maintainer="me@example.com"
 ENV DEBIAN_FRONTEND=noninteractive
-ARG REFRESHED_AT=2026-01-07
 RUN set -eux; \
   apt-get -qq update; \
@@ Zeile 33: / Zeile 39: @@
 EXPOSE 80
 ENTRYPOINT ["/usr/sbin/nginx", "-g", "daemon off;"]
+ARG REFRESHED_AT=2026-01-07
+LABEL version="0.0.1"
+LABEL maintainer="me@example.com"
+LABEL org.opencontainers.image.authors="me@example.com"
+LABEL org.opencontainers.image.created=$REFRESHED_AT
 </file> (( https://docs.docker.com/reference/dockerfile/ ))
+++++ ENTRYPOINT / CMD / run-Command |
+^ ''ENTRYPOINT'' ^ ''CMD'' ^ run-Command ^ ausgeführt wird ^
+|<code>["script.sh"]</code>|                          |                        | <code>script.sh</code> |
+|<code>["script.sh"]</code>|                          | <code>/bin/dash</code> | <code>script.sh /bin/dash</code> |
+|<code>["script.sh"]</code>| <code>["httpd"]</code>   |                        | <code>script.sh httpd</code> |
+|<code>["script.sh"]</code>| <code>["httpd"]</code>   | <code>/bin/dash</code> | <code>script.sh /bin/dash</code> |
+|                          | <code>["/bin/sh"]</code> |                        | <code>/bin/sh</code>   |
+|                          | <code>["/bin/sh"]</code> | <code>/bin/dash</code> | <code>/bin/dash</code> |
+|                          |                          |                        | <code>/bin/bash</code> (( https://docs.docker.com/reference/dockerfile/#understand-how-cmd-and-entrypoint-interact sagt ''error, not allowed''. Docker Version 20.10.24+dfsg1 hat ''bash'' ausgeführt.)) |
+++++
+Image mit den Erweiterungen aus dem ''Dockerfile'' bauen:
   docker build -t='ingo/nginx:0.0.1' .
+Image anzeigen:
   docker image ls ingo/nginx:0.0.1
 -> id rauskopieren (z.B. ''5879d7773761'')
+Image taggen:
   docker image tag 5879d7773761 ingo/nginx:latest
+Container starten:
   docker container run -d -p 80:80 --name my_nginx ingo/nginx
+Zugriff auf nginx testen:
   curl -s http://localhost:80
 -> im Browser http://localhost öffnen
 ====== Docker Image aktualisieren ======
+<file txt Dockerfile>
+…
+RUN ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log
+…
+</file>
   docker build --no-cache --pull -t='ingo/nginx:0.0.2' .
-===== ENTRYPOINT / CMD / run-Command =====
+++++ podman |
-^ ''ENTRYPOINT'' ^ ''CMD'' ^ run-Command ^ ausgeführt wird ^
+  podman build --no-cache -t='ingo/nginx:0.0.2' .
-|<code>["script.sh"]</code>|                          |                        | <code>script.sh</code> |
+-> allerdings werden dann alle 12 STEPs neu gebaut.
-|<code>["script.sh"]</code>|                          | <code>/bin/dash</code> | <code>script.sh /bin/dash</code> |
-|<code>["script.sh"]</code>| <code>["httpd"]</code>   |                        | <code>script.sh httpd</code> |
+TODO: liegt das an dem fehlenden --pull?
-|<code>["script.sh"]</code>| <code>["httpd"]</code>   | <code>/bin/dash</code> | <code>script.sh /bin/dash</code> |
+AI Slop Vermutung:
-|                          | <code>["/bin/sh"]</code> |                        | <code>/bin/sh</code>   |
+Docker built your image without errors because it keeps un-namespaced local images as-is. In contrast, Podman automatically prefixes locally built or untagged registry images with localhost/ to prevent collisions with official registries.
-|                          | <code>["/bin/sh"]</code> | <code>/bin/dash</code> | <code>/bin/dash</code> |
+When you use the --pull flag, Podman is forced to try downloading a fresh version of that base image from an external source. Because it sees localhost/ingo/debian:trixie, Podman literally looks for a web-facing registry running on your actual machine (https://localhost/v2/). Since you don't have a container registry service actively running on port 443 of your host machine, the network request fails with "connection refused"
-|                          |                          |                        | <code>/bin/bash</code>((https://docs.docker.com/reference/dockerfile/#understand-how-cmd-and-entrypoint-interact sagt ''error, not allowed''. Docker Version 20.10.24+dfsg1 hat ''bash'' ausgeführt.)) |
+Unter Debian mit Docker version 26.1.5+dfsg1, build a72d7cd klappt ''--pull'' auch nicht.
+ERROR: failed to solve: ingo/debian:trixie: failed to resolve source metadata for docker.io/ingo/debian:trixie: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
+++++
+Jetzt noch mal Container starten und
+  docker logs
+ansehen.
+Bauen mit einem Release Zeitstempel:
+<code shell>
+REFRESHED_AT=$(date '+%Y-%m-%d')
+docker build --no-cache --pull \
+  --build-arg REFRESHED_AT=$REFRESHED_AT \
+  -t='ingo/nginx:0.0.2' \
+  -t=ingo/nginx:$REFRESHED_AT .
+</code>
+Nginx as Systemd:
+<code bash>
+mkdir ~/ubi9-nginx && cd ~/ubi9-nginx
+cat >Dockerfile <<EOR
+FROM registry.access.redhat.com/ubi9/ubi-init
+RUN cat <<'EOF' >/etc/yum.repos.d/nginx.repo
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/rhel/9/\$basearch/
+gpgcheck=1
+enabled=1
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+EOF
+RUN dnf -y install nginx \
+ && dnf clean all \
+ && systemctl enable nginx
+STOPSIGNAL SIGRTMIN+3
+CMD ["/sbin/init"]
+EOR
+docker build -t ubi9-nginx-systemd:0.0.1 .
+docker run --name ubi9-nginx --privileged -d -p 8090:80 ubi9-nginx-systemd:0.0.1
+docker exec -it ubi9-nginx nginx -v
+docker exec -it ubi9-nginx systemctl status
+docker exec -it ubi9-nginx journalctl -u nginx
+# ups..
+docker logs ubi9-nginx
+</code>
+<code bash>
+# build with compose
+cat >compose.yml <<EOR
+services:
+  nginx:
+    build: .
+    privileged: true
+    ports:
+      - "8090:80"
+    tmpfs:
+      - /run
+      - /run/lock
+      - /tmp
+    stop_signal: SIGRTMIN+3
+EOR
+docker compose build
+docker compose up -d
+docker compose exec nginx ps -ef
+docker compose down
+</code>
+++++ this doesn't solve the console logging problem |
+<code bash>
+cat >Dockerfile <<EOR
+FROM registry.access.redhat.com/ubi9/ubi-init
+RUN cat <<'EOF' >/etc/yum.repos.d/nginx.repo
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/rhel/9/\$basearch/
+gpgcheck=1
+enabled=1
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+EOF
+RUN dnf -y install nginx \
+ && dnf clean all
+# nginx logs to files (important for tail)
+RUN mkdir -p /var/log/nginx
+# systemd override for nginx
+RUN mkdir -p /etc/systemd/system/nginx.service.d && \
+    cat <<'EOF' >/etc/systemd/system/nginx.service.d/override.conf
+[Service]
+StandardOutput=journal
+StandardError=journal
+EOF
+# log forwarder service
+RUN cat <<'EOF' >/etc/systemd/system/nginx-log-forwarder.service
+[Unit]
+Description=Nginx log forwarder
+After=nginx.service
+Requires=nginx.service
+[Service]
+Type=simple
+ExecStart=/bin/sh -c '/usr/bin/tail -F /var/log/nginx/access.log /var/log/nginx/error.log'
+Restart=always
+[Install]
+WantedBy=multi-user.target
+EOF
+RUN systemctl enable nginx \
+ && systemctl enable nginx-log-forwarder
+STOPSIGNAL SIGRTMIN+3
+CMD ["/sbin/init"]
+EOR
+# docker
+docker compose build
+docker compose up -d
+curl 127.0.0.1:8090
+docker compose exec nginx systemctl status nginx-log-forwarder
+docker compose exec nginx journalctl -u nginx-log-forwarder
+# see access logs
+docker logs nginx_nginx_1
+# podman
+podman compose build
+podman compose up -d
+curl 127.0.0.1:8090
+podman compose exec nginx systemctl status nginx-log-forwarder
+podman compose exec nginx journalctl -u nginx-log-forwarder
+# see access logs
+podman logs nginx_nginx_1
+# no logging output!
+</code>
+++++

Linuxhotel Wiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Unterschiede

Seiten-Werkzeuge