一、Dockerfile引用自建dns服务
一)指定DNS服务器
1、docker 启动容器dns会读取宿主机的配置
]# cat /etc/resolv.conf
# Generated by NetworkManager
search test.com
nameserver 114.114.114.114
# docker images|grep centos
centos 7 eeb6ee3f44bd 2 weeks ago 204MB
基于centos7打了一个镜像,dockerfile如下:
FROM centos:7
RUN echo -e "search test.com\nnameserver 8.8.8.8">/etc/resolv.conf && echo "`sed 'p' -n /etc/resolv.conf`"
RUN echo "`sed 'p' -n /etc/resolv.conf`"
RUN yum install -y wget && yum clean all
2、尝试使用RUN 直接修改resolv.conf文件失败,因为在容器启动时的操作,会被docker run指定的参数覆盖
这里指定了dns配置,然后再下面打印了一下,效果如下:
# docker build -t test:dns .
Sending build context to Docker daemon 2.048kB
Step 1/4 : FROM centos:7
---> eeb6ee3f44bd
Step 2/4 : RUN echo "search test.com\nnameserver 8.8.8.8">/etc/resolv.conf && echo "`sed 'p' -n /etc/resolv.conf`"
---> Running in f3ec71d93b5f
search test.com
nameserver 8.8.8.8
Removing intermediate container f3ec71d93b5f
---> c2a5a9f9985f
Step 3/4 : RUN echo "`sed 'p' -n /etc/resolv.conf`"
---> Running in 08d22ef982d6
# Generated by NetworkManager
search test.com
nameserver 114.114.114.114
Removing intermediate container 08d22ef982d6
---> 9c01241bad24
Step 4/4 : RUN yum install -y wget
---> Running in e831037cf89b
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.bupt.edu.cn
* updates: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package wget.x86_64 0:1.14-18.el7_6.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
wget x86_64 1.14-18.el7_6.1 base 547 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 547 k
Installed size: 2.0 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/wget-1.14-18.el7_6.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for wget-1.14-18.el7_6.1.x86_64.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-9.2009.0.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wget-1.14-18.el7_6.1.x86_64 1/1
install-info: No such file or directory for /usr/share/info/wget.info.gz
Verifying : wget-1.14-18.el7_6.1.x86_64 1/1
Installed:
wget.x86_64 0:1.14-18.el7_6.1
Complete!
Removing intermediate container e831037cf89b
---> 747d8f4768dd
Successfully built 747d8f4768dd
Successfully tagged test:dns
# docker run --rm -it --name testdns test:dns /bin/sh -c "cat /etc/resolv.conf"
# Generated by NetworkManager
search test.com
nameserver 114.114.114.114
从这可以看到,在第二步设置dns,第三步打印出的结果还是读取的宿主机的配置。
** 这里分析了一下原因:由于以Dockerfile的形式构建镜像,其中每一个指令都是一层,它的过程是基于基础镜像运行一个容器,然后按指令执行,第一个指令完毕后,commit为一个新的镜像层,docker再运行一个基于新镜像的容器,执行下一步指令,直到结束。这样的好处是,假如共有四个指令,第三个失败了,那么可以基于第二个指令生成的镜像继续操作,不需要再从头操作一遍,节省资源。**
** 那么,由此可见,我在第二步设置完,docker提交一个镜像,docker接下来运行这个镜像的时候,会读取宿主机配置,所以我的设置也就不生效了。使用docker commit构建镜像也是一样的效果。**
** 如果想让它生效,需要在启动命令里指定。**
3、使用ENTRYPOINT在容器启动时的操作,而且不会被docker run指定的参数覆盖。
]# cat Dockerfile
FROM centos:7
ENTRYPOINT echo -e "search test.com\nnameserver 8.8.8.8">/etc/resolv.conf && echo "`sed 'p' -n /etc/resolv.conf`" && tail -f /dev/null
RUN echo "`sed 'p' -n /etc/resolv.conf`"
RUN yum install -y wget && yum clean all
使用entrypoint指令,这个指令的作用是在容器启动时的操作,而且不会被docker run指定的参数覆盖。(当然也可以覆盖,在启动的时候docker run --entrypoint=
可以这样指定临时的启动命令来覆盖dockerfile里的entrypoint)
# docker build -t test:dns .
Sending build context to Docker daemon 2.048kB
Step 1/4 : FROM centos:7
---> eeb6ee3f44bd
Step 2/4 : ENTRYPOINT echo -e "search test.com\nnameserver 8.8.8.8">/etc/resolv.conf && echo "`sed 'p' -n /etc/resolv.conf`" && tail -f /dev/null
---> Running in 361ec0e4cf3b
Removing intermediate container 361ec0e4cf3b
---> e062358b2b4d
Step 3/4 : RUN echo "`sed 'p' -n /etc/resolv.conf`"
---> Running in 1272cc8f69cb
# Generated by NetworkManager
search test.com
nameserver 114.114.114.114
Removing intermediate container 1272cc8f69cb
---> 08b7026e183e
Step 4/4 : RUN yum install -y wget
---> Running in 5346d673e0b7
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.bfsu.edu.cn
* updates: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package wget.x86_64 0:1.14-18.el7_6.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
wget x86_64 1.14-18.el7_6.1 base 547 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 547 k
Installed size: 2.0 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/wget-1.14-18.el7_6.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for wget-1.14-18.el7_6.1.x86_64.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-9.2009.0.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wget-1.14-18.el7_6.1.x86_64 1/1
install-info: No such file or directory for /usr/share/info/wget.info.gz
Verifying : wget-1.14-18.el7_6.1.x86_64 1/1
Installed:
wget.x86_64 0:1.14-18.el7_6.1
Complete!
Removing intermediate container 5346d673e0b7
---> e8c04c88aed2
Successfully built e8c04c88aed2
Successfully tagged test:dns
# docker run --rm -it --name testdns test:dns /bin/sh -c "cat /etc/resolv.conf"
search test.com
nameserver 8.8.8.8
可以看到,使用entrypoint之后,这个指定的配置便生效了。