2020/11/11

今回できたこと

CentOS 7で、Docker環境を構築する。

未解決

お約束

文章化作業

定例作業

docker buildコマンドによる新規イメージ作成

code:shell

$ sudo docker help build

Build an image from a Dockerfile

Options:

--add-host list Add a custom host-to-IP mapping (host:ip)

--build-arg list Set build-time variables

--cache-from strings Images to consider as cache sources

--cgroup-parent string Optional parent cgroup for the container

--compress Compress the build context using gzip

--cpu-period int Limit the CPU CFS (Completely Fair

Scheduler) period

--cpu-quota int Limit the CPU CFS (Completely Fair

Scheduler) quota

-c, --cpu-shares int CPU shares (relative weight)

--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)

--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)

--disable-content-trust Skip image verification (default true)

-f, --file string Name of the Dockerfile (Default is

'PATH/Dockerfile')

--force-rm Always remove intermediate containers

--iidfile string Write the image ID to the file

--isolation string Container isolation technology

--label list Set metadata for an image

-m, --memory bytes Memory limit

--memory-swap bytes Swap limit equal to memory plus swap:

'-1' to enable unlimited swap

--network string Set the networking mode for the RUN

instructions during build (default "default")

--no-cache Do not use cache when building the image

-o, --output stringArray Output destination (format:

type=local,dest=path)

--platform string Set platform if server is multi-platform

capable

--progress string Set type of progress output (auto, plain,

tty). Use plain to show container output

(default "auto")

--pull Always attempt to pull a newer version of

the image

-q, --quiet Suppress the build output and print image

ID on success

--rm Remove intermediate containers after a

successful build (default true)

--secret stringArray Secret file to expose to the build (only

if BuildKit enabled):

id=mysecret,src=/local/secret

--security-opt strings Security options

--shm-size bytes Size of /dev/shm

--squash Squash newly built layers into a single

new layer

--ssh stringArray SSH agent socket or keys to expose to the

build (only if BuildKit enabled) (format:

--stream Stream attaches to server to negotiate

build context

-t, --tag list Name and optionally a tag in the

'name:tag' format

--target string Set the target build stage to build.

--ulimit ulimit Ulimit options (default [])

CPUやメモリ、ネットワークなどの資源に関するオプションが多いが、当面は以下のオプションを使うだけで大丈夫なようだ。

table:重要そうなコマンドラインオプション

オプション 意味 デフォルト

-f Dockerfile Dockerfileで指定されるファイルを利用する PATH/Dockerfile

-t REPOSITORY :TAG DockerイメージのREPOSITORY とTAGを設定する <none>:<none>

--no-cache Dockerイメージ作成時にキャッシュを使わない キャッシュを使う

-q 作成ステップに関する情報を出力しない(quiet) 出力する(auto)

Dockerfileに関する調査

紙の手順書を無くし、導入作業や設定などをファイルで記述することで、誰の目から見ても手順が明らかになる

Keyword: インフラストラクチャ・アズ・コード

Dockerfileを使ったイメージ作成(docker build)@Raspberry Pi

エラーメッセージから、CPUがARMであることに起因する可能性があると思われたため、VirtualBox上のx86_64環境で同じ操作を試すこととした。

code:Dockerfile

FROM centos:latest

MAINTAINER Takeshi MUTOH <takeshi.mutoh@gmail.com>

ENV container docker

RUN yum update -y && yum clean all

RUN yum install -y httpd && yum clean all

RUN echo "Hello Apache." > /var/www/html/test.html

EXPOSE 80

code:shell

$ pwd /home/pi/docker/httpd

$ sudo docker build .

Sending build context to Docker daemon 2.048kB

Step 1/8 : FROM centos:latest

latest: Pulling from library/centos

no matching manifest for linux/arm/v8 in the manifest list entries

VirtualBox上のCentOS 8.2でのDocker環境の構築

はじめに、 CentOS 8.2で導入作業を行なったが、以下のように失敗した。

code:shell

$ sudo yum update -y

(snip)

$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2

(snip)

Failed to set locale, defaulting to C.UTF-8

$ sudo yum install -y docker-ce docker-ce-cli containerd.io

Failed to set locale, defaulting to C.UTF-8

Docker CE Stable - x86_64 10 kB/s | 3.8 kB 00:00

Last metadata expiration check: 0:00:01 ago on Wed Nov 11 10:58:01 2020.

Error:

Problem 1: problem with installed package podman-1.6.4-10.module_el8.2.0+305+5e198a41.x86_64

- package podman-1.6.4-10.module_el8.2.0+305+5e198a41.x86_64 requires runc >=

1.0.0-57, but none of the providers can be installed

- package containerd.io-1.3.7-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.0-65.rc10.module_el8.2.0+305+5e198a41.x86_64

- package containerd.io-1.3.7-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.0-65.rc10.module_el8.2.0+305+5e198a41.x86_64

- conflicting requests

- package runc-1.0.0-64.rc10.module_el8.2.0+304+65a3c2ac.x86_64 is filtered out by modular filtering

Problem 2: problem with installed package buildah-1.11.6-7.module_el8.2.0+305+5e198a41.x86_64

- package buildah-1.11.6-7.module_el8.2.0+305+5e198a41.x86_64 requires runc >= 1.0.0-26, but none of the providers can be installed

- package containerd.io-1.3.7-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.0-65.rc10.module_el8.2.0+305+5e198a41.x86_64

- package containerd.io-1.3.7-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.0-65.rc10.module_el8.2.0+305+5e198a41.x86_64

- package docker-ce-3:19.03.13-3.el8.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed

- conflicting requests

- package runc-1.0.0-56.rc5.dev.git2abd837.module_el8.2.0+303+1105185b.x86_64

is filtered out by modular filtering

- package runc-1.0.0-64.rc10.module_el8.2.0+304+65a3c2ac.x86_64 is filtered out by modular filtering

(try to add '--allowerasing' to command line to replace conflicting packages or

'--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

code:shell

$ sudo yum install docker

Failed to set locale, defaulting to C.UTF-8

Last metadata expiration check: 0:02:29 ago on Wed Nov 11 10:44:54 2020.

All matches were filtered out by modular filtering for argument: docker

Error: Unable to find a match: docker

改めて、CentOS 7で導入作業を行なった。

code:shell

$ sudo yum update -y

(snip)

$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2

(snip)

$ sudo yum install -y docker

(snip)

code:shell

$ sudo systemctl start docker

$ sudo systemctl enable docker

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

$ sudo docker version

Client:

Version: 1.13.1

API version: 1.26

Package version: docker-1.13.1-162.git64e9980.el7.centos.x86_64

Go version: go1.10.3

Git commit: 64e9980/1.13.1

Built: Wed Jul 1 14:56:42 2020

OS/Arch: linux/amd64

Server:

Version: 1.13.1

API version: 1.26 (minimum version 1.12)

Package version: docker-1.13.1-162.git64e9980.el7.centos.x86_64

Go version: go1.10.3

Git commit: 64e9980/1.13.1

Built: Wed Jul 1 14:56:42 2020

OS/Arch: linux/amd64

Experimental: false

Dockerfileを使ったイメージ作成(docker build)@x86_64

code:shell

$ pwd

/home/mutoh/docker/httpd

$ ls

Dockerfile

code:Dockerfile

FROM centos:latest

MAINTAINER Takeshi MUTOH <takeshi.mutoh@gmail.com>

ENV container docker

RUN yum update -y && yum clean all

RUN yum install -y httpd && yum clean all

RUN echo "Hello Apache." > /var/www/html/test.html

EXPOSE 80

以下のようなステップでイメージが作成される。

code:shell

$ sudo docker build -t centos:httpd .

Sending build context to Docker daemon 2.048 kB

Step 1/8 : FROM centos:latest

Trying to pull repository docker.io/library/centos ...

latest: Pulling from docker.io/library/centos

3c72a8ed6814: Pull complete

Digest: sha256:76d24f3ba3317fa945743bb3746fbaf3a0b752f10b10376960de01da70685fbd

Status: Downloaded newer image for docker.io/centos:latest

---> 0d120b6ccaa8

Step 2/8 : MAINTAINER Takeshi MUTOH <takeshi.mutoh@gmail.com>

---> Running in 6de5483e5326

---> bd4da84152b1

Removing intermediate container 6de5483e5326

Step 3/8 : ENV container docker

---> Running in 003bde044f0a

---> 48d2397d5f87

Removing intermediate container 003bde044f0a

Step 4/8 : RUN yum update -y && yum clean all

---> Running in 00c411291563

CentOS-8 - AppStream 938 kB/s | 5.8 MB 00:06

CentOS-8 - Base 647 kB/s | 2.2 MB 00:03

CentOS-8 - Extras 1.1 kB/s | 8.1 kB 00:07

Dependencies resolved.

================================================================================

Package Arch Version Repository Size

================================================================================

Upgrading:

bind-export-libs x86_64 32:9.11.13-6.el8_2.1 BaseOS 1.1 M

ca-certificates noarch 2020.2.41-80.0.el8_2 BaseOS 391 k

centos-gpg-keys noarch 8.2-2.2004.0.2.el8 BaseOS 12 k

centos-release x86_64 8.2-2.2004.0.2.el8 BaseOS 21 k

centos-repos x86_64 8.2-2.2004.0.2.el8 BaseOS 13 k

librepo x86_64 1.11.0-3.el8_2 BaseOS 90 k

tzdata noarch 2020d-1.el8 BaseOS 471 k

zlib x86_64 1.2.11-16.el8_2 BaseOS 102 k

Transaction Summary

===============================================================================$

Upgrade 8 Packages

(snip)

warning: /var/cache/dnf/BaseOS-f6a80ba95cf937f2/packages/bind-export-libs-9.11.1

3-6.el8_2.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY

Importing GPG key 0x8483C65D:

Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>"

Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D

From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

Key imported successfully

(snip)

Upgraded:

bind-export-libs-32:9.11.13-6.el8_2.1.x86_64

ca-certificates-2020.2.41-80.0.el8_2.noarch

centos-gpg-keys-8.2-2.2004.0.2.el8.noarch

centos-release-8.2-2.2004.0.2.el8.x86_64

centos-repos-8.2-2.2004.0.2.el8.x86_64

librepo-1.11.0-3.el8_2.x86_64

tzdata-2020d-1.el8.noarch

zlib-1.2.11-16.el8_2.x86_64

Complete!

20 files removed

---> a7f4dcbfe63c

Removing intermediate container 00c411291563

Step 5/8 : RUN yum install -y httpd && yum clean all

---> Running in 8860e2164098

CentOS-8 - AppStream 713 kB/s | 5.8 MB 00:08

CentOS-8 - Base 771 kB/s | 2.2 MB 00:02

CentOS-8 - Extras 2.4 kB/s | 8.1 kB 00:03

Dependencies resolved.

================================================================================

Package Arch Version Repo Size

================================================================================

Installing:

httpd x86_64 2.4.37-21.module_el8.2.0+494+1df74eae AppStream 1.7 M

Installing dependencies:

apr x86_64 1.6.3-9.el8 AppStream 125 k

apr-util x86_64 1.6.1-6.el8 AppStream 105 k

brotli x86_64 1.0.6-1.el8 BaseOS 323 k

centos-logos-httpd

noarch 80.5-2.el8 BaseOS 24 k

httpd-filesystem noarch 2.4.37-21.module_el8.2.0+494+1df74eae AppStream 36 k

httpd-tools x86_64 2.4.37-21.module_el8.2.0+494+1df74eae AppStream 103 k

mailcap noarch 2.1.48-3.el8 BaseOS 39 k

mod_http2 x86_64 1.11.3-3.module_el8.2.0+486+c01050f0.1 AppStream 156 k

Installing weak dependencies:

apr-util-bdb x86_64 1.6.1-6.el8 AppStream 25 k

apr-util-openssl x86_64 1.6.1-6.el8 AppStream 27 k

Enabling module streams:

httpd 2.4

Transaction Summary

================================================================================

Install 11 Packages

(snip)

Complete!

20 files removed

---> 520839c4b4b2

Removing intermediate container 8860e2164098

Step 6/8 : RUN echo "Hello Apache." > /var/www/html/test.html

---> Running in ba30568e0499

---> 9e908d00ba12

Removing intermediate container ba30568e0499

Step 7/8 : EXPOSE 80

---> Running in e7362f04af99

---> d1b11ccc48f2

Removing intermediate container e7362f04af99

Step 8/8 : ENTRYPOINT /usr/sbin/httpd -DFOREGROUND

---> Running in f1336c75a5d0

---> 76c530a966a6

Removing intermediate container f1336c75a5d0

Successfully built 76c530a966a6

作成されたイメージは、以下のように確認できる。

code:shell

# -t centos:httpdの時

$ sudo docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

centos httpd 30709addd43f 23 seconds ago 259 MB

docker.io/centos latest 0d120b6ccaa8 3 months ago 215 MB

# -t コマンドラインオプション不使用の時

$ sudo docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

<none> <none> 431f22fb1733 About a minute ago 259 MB

docker.io/centos latest 0d120b6ccaa8 3 months ago 215 MB

以下のように、このイメージを動作させ、動作確認を行う。

code:shell

$ sudo docker run -it centos:httpd

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message

実行したイメージの状況は、以下の通り。

code:shell

$ sudo docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

74b3c52a9d42 centos:httpd "/usr/sbin/httpd -..." 8 minutes ago Up 8 minutes 80/tcp elastic_clarke

$ sudo docker exec -it 74b3c52a9d42 /bin/bash

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND

root 1 0.0 0.1 257956 6744 ? Ss+ 04:20 0:00 /usr/sbin/httpd

apache 6 0.0 0.0 260528 3824 ? S+ 04:20 0:00 /usr/sbin/httpd

apache 7 0.0 0.2 1449428 9328 ? Sl+ 04:20 0:00 /usr/sbin/httpd

apache 8 0.0 0.1 1318300 7296 ? Sl+ 04:20 0:00 /usr/sbin/httpd

apache 9 0.0 0.2 1318300 7828 ? Sl+ 04:20 0:00 /usr/sbin/httpd

root 235 0.3 0.0 12008 2116 ? Ss 04:29 0:00 /bin/bash

root 248 0.0 0.0 44584 1820 ? R+ 04:29 0:00 ps agxu

code:shell

$ telnet 172.17.0.2 80

Trying 172.17.0.2...

Connected to 172.17.0.2.

Escape character is '^]'.

GET /test.html

Hello Apache.

Connection closed by foreign host.

イメージ作成過程は、cacheされており、2回目からは直ちにビルドが終了する。

code:shell

$ sudo docker build .

Sending build context to Docker daemon 2.048 kB

Step 1/8 : FROM centos:latest

---> 0d120b6ccaa8

Step 2/8 : MAINTAINER Takeshi MUTOH <takeshi.mutoh@gmail.com>

---> Using cache

---> 6d180c6eb30e

Step 3/8 : ENV container docker

---> Using cache

---> 20c6d089bde5

Step 4/8 : RUN yum update -y && yum clean all

---> Using cache

---> b2d7de4ea419

Step 5/8 : RUN yum install -y httpd && yum clean all

---> Using cache

---> f6b87ca0c5f6

Step 6/8 : RUN echo "Hello Apache." > /var/www/html/test.html

---> Using cache

---> 85c933e7c363

Step 7/8 : EXPOSE 80

---> Using cache

---> a2a602a446cb

Step 8/8 : ENTRYPOINT /usr/sbin/httpd -DFOREGROUND

---> Using cache

---> 431f22fb1733

Successfully built 431f22fb1733

code:Dockerfile.diff

$ diff -u Dockerfile.org Dockerfile

--- Dockerfile.org 2020-11-11 13:53:28.118521592 +0900

+++ Dockerfile 2020-11-11 13:53:46.409115627 +0900

@@ -4,5 +4,6 @@

RUN yum update -y && yum clean all

RUN yum install -y httpd && yum clean all

RUN echo "Hello Apache." > /var/www/html/test.html

+RUN echo "Hello Apache, again." > /var/www/html/index.html

EXPOSE 80

code:shell

$ sudo docker build .

Sending build context to Docker daemon 3.072 kB

Step 1/9 : FROM centos:latest

---> 0d120b6ccaa8

Step 2/9 : MAINTAINER Takeshi MUTOH <takeshi.mutoh@gmail.com>

---> Using cache

---> 6d180c6eb30e

Step 3/9 : ENV container docker

---> Using cache

---> 20c6d089bde5

Step 4/9 : RUN yum update -y && yum clean all

---> Using cache

---> b2d7de4ea419

Step 5/9 : RUN yum install -y httpd && yum clean all

---> Using cache

---> f6b87ca0c5f6

Step 6/9 : RUN echo "Hello Apache." > /var/www/html/test.html

---> Using cache

---> 85c933e7c363

Step 7/9 : RUN echo "Hello Apache, again." > /var/www/html/index.html

---> Running in c400f514c991

---> 15fad1683f01

Removing intermediate container c400f514c991

Step 8/9 : EXPOSE 80

---> Running in d5abe70446f0

---> 2e49a2bf6d79

Removing intermediate container d5abe70446f0

Step 9/9 : ENTRYPOINT /usr/sbin/httpd -DFOREGROUND

---> Running in 5d9347765409

---> d804c00d9067

Removing intermediate container 5d9347765409

Successfully built d804c00d9067

新たに作成したこのイメージの動作は、以下の通り。

code:shell

# イメージの実行

$ sudo docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

<none> <none> d804c00d9067 37 seconds ago 259 MB

centos httpd 431f22fb1733 38 minutes ago 259 MB

docker.io/centos latest 0d120b6ccaa8 3 months ago 215 MB

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message

# ホストからの動作確認

$ telnet 172.17.0.3 80

Trying 172.17.0.3...

Connected to 172.17.0.3.

Escape character is '^]'.

GET /index.html

Hello Apache, again.

Connection closed by foreign host.