Benutzer-Werkzeuge
admin_grundlagen:docker:build
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
| Beide Seiten, vorherige Überarbeitung Vorherige Überarbeitung Nächste Überarbeitung | Vorherige Überarbeitung | ||
|
admin_grundlagen:docker:build [2026/05/08 10:57] peter_rossbach2 [Docker Image aktualisieren] |
admin_grundlagen:docker:build [2026/06/01 12:13] (aktuell) peter_rossbach2 [Docker Image aktualisieren] |
||
|---|---|---|---|
| Zeile 1: | Zeile 1: | ||
| ====== erstes Docker Image selbst bauen ====== | ====== erstes Docker Image selbst bauen ====== | ||
| ===== Pakete ===== | ===== Pakete ===== | ||
| - | * Rocky Linux (9): | + | === Rocky Linux (10): === |
| - | * erst ''epel-release'' installieren (fügt neues Repository hinzu) | + | dnf config-manager --enable crb |
| - | * debootstrap | + | dnf install -y epel-release |
| - | * Debian (ab 12): debootstrap | + | dnf install -y debootstrap |
| + | === Debian (ab 12) === | ||
| + | apt install -y debootstrap | ||
| ===== Image bauen ===== | ===== Image bauen ===== | ||
| (( anders als das Image aus https://hub.docker.com/_/debian ist dieses Image nicht reproduzierbar )) | (( anders als das Image aus https://hub.docker.com/_/debian ist dieses Image nicht reproduzierbar )) | ||
| sudo debootstrap --variant=minbase trixie ./debian http://debian/debian | sudo debootstrap --variant=minbase trixie ./debian http://debian/debian | ||
| + | (( unter RockyLinux ''--keyring'' ergänzen: | ||
| + | sudo debootstrap --variant=minbase --keyring=/usr/share/keyrings/debian-archive-trixie-stable.gpg trixie ./debian http://debian.linuxhotel.de/debian | ||
| + | )) | ||
| sudo tar cC debian/ . | docker image import - ingo/debian:trixie | sudo tar cC debian/ . | docker image import - ingo/debian:trixie | ||
| Tag ''latest'' hinzufügen: | Tag ''latest'' hinzufügen: | ||
| Zeile 17: | Zeile 22: | ||
| ==== testen ==== | ==== testen ==== | ||
| docker container run ingo/debian echo hello world | docker container run ingo/debian echo hello world | ||
| + | -> ''hello world'' | ||
| ====== Dockerfile - Docker Images weiterbauen ====== | ====== Dockerfile - Docker Images weiterbauen ====== | ||
| mkdir nginx | mkdir nginx | ||
| cd nginx | cd nginx | ||
| + | ++++ podman | | ||
| + | bei Podman darf die Datei auch ''Containerfile'' heißen | ||
| + | ++++ | ||
| <file txt Dockerfile> | <file txt Dockerfile> | ||
| FROM ingo/debian:trixie | FROM ingo/debian:trixie | ||
| - | LABEL version="0.0.1" | + | |
| - | LABEL maintainer="me@example.com" | + | |
| ENV DEBIAN_FRONTEND=noninteractive | ENV DEBIAN_FRONTEND=noninteractive | ||
| - | ARG REFRESHED_AT=2026-01-07 | ||
| RUN set -eux; \ | RUN set -eux; \ | ||
| apt-get -qq update; \ | apt-get -qq update; \ | ||
| Zeile 33: | Zeile 39: | ||
| EXPOSE 80 | EXPOSE 80 | ||
| ENTRYPOINT ["/usr/sbin/nginx", "-g", "daemon off;"] | ENTRYPOINT ["/usr/sbin/nginx", "-g", "daemon off;"] | ||
| - | </file> (( https://docs.docker.com/reference/dockerfile/ )) | ||
| + | ARG REFRESHED_AT=2026-01-07 | ||
| + | LABEL version="0.0.1" | ||
| + | LABEL maintainer="me@example.com" | ||
| + | LABEL org.opencontainers.image.authors="me@example.com" | ||
| + | LABEL org.opencontainers.image.created=$REFRESHED_AT | ||
| + | </file> (( https://docs.docker.com/reference/dockerfile/ )) | ||
| ++++ ENTRYPOINT / CMD / run-Command | | ++++ ENTRYPOINT / CMD / run-Command | | ||
| ^ ''ENTRYPOINT'' ^ ''CMD'' ^ run-Command ^ ausgeführt wird ^ | ^ ''ENTRYPOINT'' ^ ''CMD'' ^ run-Command ^ ausgeführt wird ^ | ||
| Zeile 68: | Zeile 79: | ||
| docker build --no-cache --pull -t='ingo/nginx:0.0.2' . | docker build --no-cache --pull -t='ingo/nginx:0.0.2' . | ||
| - | Jetzt noch mal testen und | + | ++++ podman | |
| + | podman build --no-cache -t='ingo/nginx:0.0.2' . | ||
| + | -> allerdings werden dann alle 12 STEPs neu gebaut. | ||
| + | |||
| + | TODO: liegt das an dem fehlenden --pull? | ||
| + | AI Slop Vermutung: | ||
| + | Docker built your image without errors because it keeps un-namespaced local images as-is. In contrast, Podman automatically prefixes locally built or untagged registry images with localhost/ to prevent collisions with official registries. | ||
| + | When you use the --pull flag, Podman is forced to try downloading a fresh version of that base image from an external source. Because it sees localhost/ingo/debian:trixie, Podman literally looks for a web-facing registry running on your actual machine (https://localhost/v2/). Since you don't have a container registry service actively running on port 443 of your host machine, the network request fails with "connection refused" | ||
| + | |||
| + | Unter Debian mit Docker version 26.1.5+dfsg1, build a72d7cd klappt ''--pull'' auch nicht. | ||
| + | ERROR: failed to solve: ingo/debian:trixie: failed to resolve source metadata for docker.io/ingo/debian:trixie: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed | ||
| + | ++++ | ||
| + | |||
| + | Jetzt noch mal Container starten und | ||
| docker logs | docker logs | ||
| ansehen. | ansehen. | ||
| - | docker build --no-cache --pull --build-arg REFRESHED_AT=$(date '+%Y-%m-%d')-t='ingo/nginx:0.0.2' . | + | Bauen mit einem Release Zeitstempel: |
| + | <code shell> | ||
| + | REFRESHED_AT=$(date '+%Y-%m-%d') | ||
| + | docker build --no-cache --pull \ | ||
| + | --build-arg REFRESHED_AT=$REFRESHED_AT \ | ||
| + | -t='ingo/nginx:0.0.2' \ | ||
| + | -t=ingo/nginx:$REFRESHED_AT . | ||
| + | </code> | ||
| + | |||
| + | |||
| + | Nginx as Systemd: | ||
| + | |||
| + | <code bash> | ||
| + | mkdir ~/ubi9-nginx && cd ~/ubi9-nginx | ||
| + | cat >Dockerfile <<EOR | ||
| + | FROM registry.access.redhat.com/ubi9/ubi-init | ||
| + | RUN cat <<'EOF' >/etc/yum.repos.d/nginx.repo | ||
| + | [nginx-stable] | ||
| + | name=nginx stable repo | ||
| + | baseurl=http://nginx.org/packages/rhel/9/\$basearch/ | ||
| + | gpgcheck=1 | ||
| + | enabled=1 | ||
| + | gpgkey=https://nginx.org/keys/nginx_signing.key | ||
| + | module_hotfixes=true | ||
| + | EOF | ||
| + | |||
| + | RUN dnf -y install nginx \ | ||
| + | && dnf clean all \ | ||
| + | && systemctl enable nginx | ||
| + | STOPSIGNAL SIGRTMIN+3 | ||
| + | CMD ["/sbin/init"] | ||
| + | EOR | ||
| + | |||
| + | docker build -t ubi9-nginx-systemd:0.0.1 . | ||
| + | docker run --name ubi9-nginx --privileged -d -p 8090:80 ubi9-nginx-systemd:0.0.1 | ||
| + | docker exec -it ubi9-nginx nginx -v | ||
| + | docker exec -it ubi9-nginx systemctl status | ||
| + | docker exec -it ubi9-nginx journalctl -u nginx | ||
| + | # ups.. | ||
| + | docker logs ubi9-nginx | ||
| + | </code> | ||
| + | |||
| + | <code bash> | ||
| + | # build with compose | ||
| + | cat >compose.yml <<EOR | ||
| + | services: | ||
| + | nginx: | ||
| + | build: . | ||
| + | privileged: true | ||
| + | ports: | ||
| + | - "8090:80" | ||
| + | tmpfs: | ||
| + | - /run | ||
| + | - /run/lock | ||
| + | - /tmp | ||
| + | stop_signal: SIGRTMIN+3 | ||
| + | EOR | ||
| + | docker compose build | ||
| + | docker compose up -d | ||
| + | docker compose exec nginx ps -ef | ||
| + | docker compose down | ||
| + | </code> | ||
| + | |||
| + | ++++ this doesn't solve the console logging problem | | ||
| + | |||
| + | <code bash> | ||
| + | |||
| + | cat >Dockerfile <<EOR | ||
| + | FROM registry.access.redhat.com/ubi9/ubi-init | ||
| + | RUN cat <<'EOF' >/etc/yum.repos.d/nginx.repo | ||
| + | [nginx-stable] | ||
| + | name=nginx stable repo | ||
| + | baseurl=http://nginx.org/packages/rhel/9/\$basearch/ | ||
| + | gpgcheck=1 | ||
| + | enabled=1 | ||
| + | gpgkey=https://nginx.org/keys/nginx_signing.key | ||
| + | module_hotfixes=true | ||
| + | EOF | ||
| + | |||
| + | RUN dnf -y install nginx \ | ||
| + | && dnf clean all | ||
| + | |||
| + | # nginx logs to files (important for tail) | ||
| + | RUN mkdir -p /var/log/nginx | ||
| + | |||
| + | # systemd override for nginx | ||
| + | RUN mkdir -p /etc/systemd/system/nginx.service.d && \ | ||
| + | cat <<'EOF' >/etc/systemd/system/nginx.service.d/override.conf | ||
| + | [Service] | ||
| + | StandardOutput=journal | ||
| + | StandardError=journal | ||
| + | EOF | ||
| + | |||
| + | # log forwarder service | ||
| + | RUN cat <<'EOF' >/etc/systemd/system/nginx-log-forwarder.service | ||
| + | [Unit] | ||
| + | Description=Nginx log forwarder | ||
| + | After=nginx.service | ||
| + | Requires=nginx.service | ||
| + | [Service] | ||
| + | Type=simple | ||
| + | ExecStart=/bin/sh -c '/usr/bin/tail -F /var/log/nginx/access.log /var/log/nginx/error.log' | ||
| + | Restart=always | ||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | EOF | ||
| + | |||
| + | RUN systemctl enable nginx \ | ||
| + | && systemctl enable nginx-log-forwarder | ||
| + | STOPSIGNAL SIGRTMIN+3 | ||
| + | CMD ["/sbin/init"] | ||
| + | EOR | ||
| + | |||
| + | # docker | ||
| + | docker compose build | ||
| + | docker compose up -d | ||
| + | curl 127.0.0.1:8090 | ||
| + | docker compose exec nginx systemctl status nginx-log-forwarder | ||
| + | docker compose exec nginx journalctl -u nginx-log-forwarder | ||
| + | # see access logs | ||
| + | docker logs nginx_nginx_1 | ||
| + | |||
| + | # podman | ||
| + | podman compose build | ||
| + | podman compose up -d | ||
| + | curl 127.0.0.1:8090 | ||
| + | podman compose exec nginx systemctl status nginx-log-forwarder | ||
| + | podman compose exec nginx journalctl -u nginx-log-forwarder | ||
| + | # see access logs | ||
| + | podman logs nginx_nginx_1 | ||
| + | # no logging output! | ||
| + | </code> | ||
| + | |||
| + | ++++ | ||
admin_grundlagen/docker/build.1778237878.txt.gz · Zuletzt geändert: 2026/05/08 10:57 von peter_rossbach2
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial-Share Alike 4.0 International
