Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen gezeigt.

--- admin_grundlagen:docker:build [2026/05/08 14:09]
ingo_wichmann
+++ admin_grundlagen:docker:build [2026/06/01 12:13] (aktuell)
peter_rossbach2 [Docker Image aktualisieren]
@@ Zeile 1: / Zeile 1: @@
 ====== erstes Docker Image selbst bauen ======
 ===== Pakete =====
-  * Rocky Linux (9):
+=== Rocky Linux (10): ===
-    * erst ''epel-release'' installieren (fügt neues Repository hinzu)
+  dnf config-manager --enable crb
-    * debootstrap
+  dnf install -y epel-release
-  * Debian (ab 12): debootstrap
+  dnf install -y debootstrap
+=== Debian (ab 12) ===
+  apt install -y debootstrap
 ===== Image bauen =====
 (( anders als das Image aus https://hub.docker.com/_/debian ist dieses Image nicht reproduzierbar ))
   sudo debootstrap --variant=minbase trixie ./debian http://debian/debian
+(( unter RockyLinux ''--keyring'' ergänzen:
+  sudo debootstrap --variant=minbase --keyring=/usr/share/keyrings/debian-archive-trixie-stable.gpg trixie ./debian http://debian.linuxhotel.de/debian
+))
   sudo tar cC debian/ . | docker image import - ingo/debian:trixie
 Tag ''latest'' hinzufügen:
@@ Zeile 17: / Zeile 22: @@
 ==== testen ====
   docker container run ingo/debian echo hello world
+-> ''hello world''
 ====== Dockerfile - Docker Images weiterbauen ======
   mkdir nginx
   cd nginx
+++++ podman |
+bei Podman darf die Datei auch ''Containerfile'' heißen
+++++
 <file txt Dockerfile>
 FROM ingo/debian:trixie
@@ Zeile 38: / Zeile 46: @@
 LABEL org.opencontainers.image.created=$REFRESHED_AT
 </file> (( https://docs.docker.com/reference/dockerfile/ ))
 ++++ ENTRYPOINT / CMD / run-Command |
 ^ ''ENTRYPOINT'' ^ ''CMD'' ^ run-Command ^ ausgeführt wird ^
@@ Zeile 72: / Zeile 79: @@
   docker build --no-cache --pull -t='ingo/nginx:0.0.2' .
-Jetzt noch mal testen und
+++++ podman |
+  podman build --no-cache -t='ingo/nginx:0.0.2' .
+-> allerdings werden dann alle 12 STEPs neu gebaut.
+TODO: liegt das an dem fehlenden --pull?
+AI Slop Vermutung:
+Docker built your image without errors because it keeps un-namespaced local images as-is. In contrast, Podman automatically prefixes locally built or untagged registry images with localhost/ to prevent collisions with official registries.
+When you use the --pull flag, Podman is forced to try downloading a fresh version of that base image from an external source. Because it sees localhost/ingo/debian:trixie, Podman literally looks for a web-facing registry running on your actual machine (https://localhost/v2/). Since you don't have a container registry service actively running on port 443 of your host machine, the network request fails with "connection refused"
+Unter Debian mit Docker version 26.1.5+dfsg1, build a72d7cd klappt ''--pull'' auch nicht.
+ERROR: failed to solve: ingo/debian:trixie: failed to resolve source metadata for docker.io/ingo/debian:trixie: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
+++++
+Jetzt noch mal Container starten und
   docker logs
 ansehen.
@@ Zeile 86: / Zeile 106: @@
 </code>
+Nginx as Systemd:
+<code bash>
+mkdir ~/ubi9-nginx && cd ~/ubi9-nginx
+cat >Dockerfile <<EOR
+FROM registry.access.redhat.com/ubi9/ubi-init
+RUN cat <<'EOF' >/etc/yum.repos.d/nginx.repo
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/rhel/9/\$basearch/
+gpgcheck=1
+enabled=1
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+EOF
+RUN dnf -y install nginx \
+ && dnf clean all \
+ && systemctl enable nginx
+STOPSIGNAL SIGRTMIN+3
+CMD ["/sbin/init"]
+EOR
+docker build -t ubi9-nginx-systemd:0.0.1 .
+docker run --name ubi9-nginx --privileged -d -p 8090:80 ubi9-nginx-systemd:0.0.1
+docker exec -it ubi9-nginx nginx -v
+docker exec -it ubi9-nginx systemctl status
+docker exec -it ubi9-nginx journalctl -u nginx
+# ups..
+docker logs ubi9-nginx
+</code>
+<code bash>
+# build with compose
+cat >compose.yml <<EOR
+services:
+  nginx:
+    build: .
+    privileged: true
+    ports:
+      - "8090:80"
+    tmpfs:
+      - /run
+      - /run/lock
+      - /tmp
+    stop_signal: SIGRTMIN+3
+EOR
+docker compose build
+docker compose up -d
+docker compose exec nginx ps -ef
+docker compose down
+</code>
+++++ this doesn't solve the console logging problem |
+<code bash>
+cat >Dockerfile <<EOR
+FROM registry.access.redhat.com/ubi9/ubi-init
+RUN cat <<'EOF' >/etc/yum.repos.d/nginx.repo
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/rhel/9/\$basearch/
+gpgcheck=1
+enabled=1
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+EOF
+RUN dnf -y install nginx \
+ && dnf clean all
+# nginx logs to files (important for tail)
+RUN mkdir -p /var/log/nginx
+# systemd override for nginx
+RUN mkdir -p /etc/systemd/system/nginx.service.d && \
+    cat <<'EOF' >/etc/systemd/system/nginx.service.d/override.conf
+[Service]
+StandardOutput=journal
+StandardError=journal
+EOF
+# log forwarder service
+RUN cat <<'EOF' >/etc/systemd/system/nginx-log-forwarder.service
+[Unit]
+Description=Nginx log forwarder
+After=nginx.service
+Requires=nginx.service
+[Service]
+Type=simple
+ExecStart=/bin/sh -c '/usr/bin/tail -F /var/log/nginx/access.log /var/log/nginx/error.log'
+Restart=always
+[Install]
+WantedBy=multi-user.target
+EOF
+RUN systemctl enable nginx \
+ && systemctl enable nginx-log-forwarder
+STOPSIGNAL SIGRTMIN+3
+CMD ["/sbin/init"]
+EOR
+# docker
+docker compose build
+docker compose up -d
+curl 127.0.0.1:8090
+docker compose exec nginx systemctl status nginx-log-forwarder
+docker compose exec nginx journalctl -u nginx-log-forwarder
+# see access logs
+docker logs nginx_nginx_1
+# podman
+podman compose build
+podman compose up -d
+curl 127.0.0.1:8090
+podman compose exec nginx systemctl status nginx-log-forwarder
+podman compose exec nginx journalctl -u nginx-log-forwarder
+# see access logs
+podman logs nginx_nginx_1
+# no logging output!
+</code>
+++++

Linuxhotel Wiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Unterschiede

Seiten-Werkzeuge