How to use Dockerfile to build images in Docker

Build the image

Earlier we used various images for testing and demonstration. In many cases, we need our own images to meet our business needs. This requires us to be able to customize the images we need. There are two ways to build Docker images.

• Use the docker commit command.
• Use the docker build command and the Dockerfile to build the file.

We now do not recommend using the docker commit command, and instead use the more flexible and powerful Dockerfile to build Docker images.

1. Use the commit command to build

The docker commit command is the most intuitive way to create a new image. The process consists of three steps:

• Run the container;
• Modify the container;
• Save the container as a new image.

Let’s start by creating a new container. We will use the common Ubuntu image for this container. The steps are as follows:

1.1 Run a container to be modified

root@ubuntu:~# docker run -ti ubuntu /bin/bash
root@733a4b080491:/#

1.2 Install Apache packages

root@733a4b080491:/# apt-get update
... ...
root@733a4b080491:/# apt-get install -y apache2
... ...

We started a container and installed Apache in it. We will run this container as a web server, and we need to save it so that we don't have to run this step every time.

1.3 Submitting a custom container

root@ubuntu:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
733a4b080491 ubuntu "/bin/bash" 11 minutes ago Exited (0) 5 seconds ago suspicious_mestorf

root@ubuntu:~# docker commit 733a4b080491 wzlinux/ubuntu_with_apache
sha256:902ac2c87147fefc5b70c741ce9550dcda426cea9f824f442d5cc2744bdc90ae

root@ubuntu:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wzlinux/ubuntu_with_apache latest 902ac2c87147 33 seconds ago 261MB
ubuntu latest 20c44cd7596f 10 days ago 123MB

As you can see, we used docker commit to submit the modified container. From the size, we can see that the image has become larger due to the installation of software. Docker commit only submits the difference between the image used to create the container and the current state of the container, which makes the update very lightweight.

The above demonstrates how to create a new image using docker commit. However, Docker does not recommend that users build images in this way. Because this is a manual way of creating images, it is prone to errors, inefficient and has poor repeatability. For example, if you want to add Apache to the Debian base image, you have to repeat all the previous steps. More importantly: users do not know how the image is created or whether there are malicious programs in it. In other words, the image cannot be audited, which poses a security risk.

However, in order to have a more comprehensive understanding of Docker, we still need to understand how to use docker commit to build a Docker image. Because even if you use Dockerfile (recommended method) to build an image, the underlying docker commit builds the new image layer by layer. Learning docker commit can help us understand the build process and the hierarchical structure of the image more deeply.

2. Build using Dockerfile

Dockerfile uses basic DSL (Domain Specific Language) syntax-based instructions to build a Docker image. We recommend using the Dockerfile method instead of docker commit because building images with the former is more repeatable, transparent, and idempotent.

Once we have a Dockerfile, we can use the docker build command to build a new image based on the instructions in the Dockerfile.

2.1 Our first Dockerfile

Use Dockerfile to create the above ubuntu_with_apache, the content is as follows.

# Version 0.0.1
FROM ubuntu
RUN sed -i 's/archive.ubuntu.com/cn.archive.ubuntu.com/g' /etc/apt/sources.list
RUN sed -i 's/security.ubuntu/cn.archive.ubuntu/g' /etc/apt/sources.list
RUN apt-get -y update && apt-get -y install apache2
EXPOSE 80

When the docker build command is executed, all instructions in the Dockerfile are executed and committed, and a new image is returned after the command completes successfully.

root@ubuntu:~/sample# docker build -t ubuntu_with_apache_dockerfile . ①
Sending build context to Docker daemon 6.144kB ②
Step 1/5: FROM ubuntu ③
 ---> 20c44cd7596f
Step 2/5 : RUN sed -i 's/archive.ubuntu.com/cn.archive.ubuntu.com/g' /etc/apt/sources.list
 ---> Running in bac6dc3b900f
 ---> c66ad94ad8a4
Removing intermediate container bac6dc3b900f
Step 3/5 : RUN sed -i 's/security.ubuntu/cn.archive.ubuntu/g' /etc/apt/sources.list
 ---> Running in 5158558b6403
 ---> 0a4c480147c5
Removing intermediate container 5158558b6403
Step 4/5 : RUN apt-get -y update && apt-get -y install apache2 ④
 ---> Running in f547ce7a1b39 ⑤
 …
 …
 ---> 118bde35120a ⑥
Removing intermediate container f547ce7a1b39 ⑦
Step 5/5: EXPOSE 80
 ---> Running in e546786de05b
 ---> f55d7b07365b
Removing intermediate container e546786de05b
Successfully built f55d7b07365b ⑧
Successfully tagged ubuntu_with_apache_dockerfile:latest

① Run the docker build command. -t names the new image ubuntu-with-apache-dockerfile. The . at the end of the command indicates that the build context is the current directory. By default, Docker will search for the Dockerfile file in the build context. We can also specify the location of the Dockerfile through the -f parameter.

② From this step on, the actual image building process begins. First, Docker sends all the files in the build context to the Docker daemon. The build context provides the files or directories required for image building.

The ADD, COPY and other commands in the Dockerfile can add files in the build context to the image. In this example, the build context is the current directory /sample, and all files and subdirectories under this directory will be sent to the Docker daemon.

Therefore, you must be careful when using build context. Do not put unnecessary files into the build context. In particular, do not use / or /usr as the build context. Otherwise, the build process will be very slow or even fail.

③ Step 1: Execute FROM and use ubuntu as the base image. The ubuntu image ID is 452a96d81c30.

④ Step 4: Execute RUN to install Apache. The specific steps are ⑤ ~ ⑬.

⑤ Start the temporary container with ID e38bc83df8b1 and install Apache in the container using apt-get.

⑥ After the installation is successful, save the container as an image with the ID fbc9af08328d. This step uses a command similar to docker commit at the bottom layer.

⑦ Delete the temporary container 02a4f3243dda.

⑧ The image is built successfully.

View the image information through docker images.

root@ubuntu:~/sample# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu_with_apache_dockerfile latest f55d7b07365b 27 minutes ago 261MB
wzlinux/ubuntu_with_apache latest 902ac2c87147 About an hour ago 261MB
ubuntu latest 20c44cd7596f 10 days ago 123MB

2.2 View the image structure

ubuntu_with_apache_dockerfile is obtained by adding several new image layers on top of the base image.

The picture above is copied from the original text, and the picture below is the data obtained by experimenting on my computer. The IMAGE ID is different, but everything else is the same.

Check the IMAGE history of my Ubuntu machine as follows:

As can be seen from the output, each command will generate a mirror layer.

Docker history will show the build history of the image, that is, the execution process of the Dockerfile.

Compared with the ubuntu image, ubuntu_with_apache_dockerfile does have only a few more layers. Each instruction in the Dockerfile will create a layer. The docker history also shows us the layered structure of the image, with each layer arranged from top to bottom.

2.3 Image caching features

Since each step of the build process submits the result as an image, Docker's image building process is very smart. It treats the previous image layer as a cache.

For example, we change EXPOSE 80 to EXPOSE 8080.

root@ubuntu:~/sample# docker build -t ubuntu_with_apache_8080 .   
Sending build context to Docker daemon 6.144kB
Step 1/5: FROM ubuntu 
---> 20c44cd7596f
Step 2/5 : RUN sed -i 's/archive.ubuntu.com/cn.archive.ubuntu.com/g' /etc/apt/sources.list
 ---> Using cache ---> c66ad94ad8a4Step 3/5 : RUN sed -i 's/security.ubuntu/cn.archive.ubuntu/g' /etc/apt/sources.list 
---> Using cache 
---> 0a4c480147c5
Step 4/5 : RUN apt-get -y update && apt-get -y install apache2 
---> Using cache 
---> 118bde35120a
Step 5/5: EXPOSE 8080 
---> Running in c89f8210c56a 
---> ac88967e578e
Removing intermediate container c89f8210c56a
Successfully built ac88967e578e
Successfully tagged ubuntu_with_apache_8080:latest

We can see that the previous instructions are the same, so Docker directly uses the previous cache and only builds the instructions we changed. The new image layer is as follows.

If we do not want to use cache when building the image, we can add the --no-cache parameter to the docker build command.

Each instruction in the Dockerfile creates an image layer, and the upper layer depends on the lower layer. Whenever a layer changes, the caches of all layers above it become invalid. That is, if we change the order in which the Dockerfile instructions are executed, or modify or add instructions, the cache will be invalidated. For example, we add the command MAINTAINER wzlinux "[email protected]" in the front. as follows:

# Version 0.0.1
FROM ubuntu
MAINTAINER wzlinux "[email protected]"
RUN sed -i 's/archive.ubuntu.com/cn.archive.ubuntu.com/g' /etc/apt/sources.list
RUN sed -i 's/security.ubuntu/cn.archive.ubuntu/g' /etc/apt/sources.list
RUN apt-get -y update && apt-get -y install apache2
EXPOSE 80

Then use docker to build and see the process.

root@ubuntu:~/sample# docker build -t ubuntu_with_apache_author .

Sending build context to Docker daemon 6.144kB
Step 1/6: FROM ubuntu
 ---> 20c44cd7596f
Step 2/6: MAINTAINER wzlinux "[email protected]" 
---> Running in 637bb3457407 
---> 829b24531d69
Removing intermediate container 637bb3457407
Step 3/6 : RUN sed -i 's/archive.ubuntu.com/cn.archive.ubuntu.com/g' /etc/apt/sources.list 
---> Running in 416ae8aefb61 
---> 84643fe8447a
Removing intermediate container 416ae8aefb61
Step 4/6 : RUN sed -i 's/security.ubuntu/cn.archive.ubuntu/g' /etc/apt/sources.list 
---> Running in 58d8375fd5c3 
---> 1cb5776982d3
Removing intermediate container 58d8375fd5c3
Step 5/6 : RUN apt-get -y update && apt-get -y install apache2 
---> Running in 0514a7d04814
 …
 …
Processing triggers for sgml-base (1.26+nmu4ubuntu1)
 ... 
---> 30eb21527fee
Removing intermediate container 0514a7d04814
Step 6/6: EXPOSE 80 
---> Running in 476ca5f98886 
---> 30672998f3d0
Removing intermediate container 476ca5f98886
Successfully built 30672998f3d0
Successfully tagged ubuntu_with_apache_author:latest 

Many new image layers are generated from the output results, and the cache has become invalid.

2.4 Debugging Dockerfile

Any script or program, including a Dockerfile, will fail. It is not terrible to have mistakes, but there must be a way to troubleshoot them. Let's test what to do if an error occurs in the command during the build process. For example, we wrote the second sed command incorrectly, writing sd instead.

# Version 0.0.1
FROM ubuntu
MAINTAINER wzlinux "[email protected]"
RUN sed -i 's/archive.ubuntu.com/cn.archive.ubuntu.com/g' /etc/apt/sources.list
RUN sd -i 's/security.ubuntu/cn.archive.ubuntu/g' /etc/apt/sources.list
RUN apt-get -y update && apt-get -y install apache2
EXPOSE 80

Execute docker build as follows.

The Dockerfile fails when executing the fourth step, the RUN instruction. We can use the image 84643fe8447a created in the third step for debugging by starting a container of the image through docker run -it.

root@ubuntu:~/sample# docker run -ti 84643fe8447a /bin/bash
root@422ecce78664:/#sd
bash: sd: command not found

In fact, we are definitely not stupid enough to not know that sd does not exist. I am just using this as an example. We will use this method for other more difficult troubleshooting methods.

2.5 Dockerfile instructions

FROM
Specify the base image.

MAINTAINER
Set the author of the image, which can be any string.

COPY
Copies files from the build context to the image.
COPY supports two forms:
COPY src dest COPY ["src", "dest"]
Note: src can only specify files or directories in the build context.

ADD
Similar to COPY, copies files from the build context to the image. The difference is that if src is an archive file (tar, zip, tgz, xz, etc.), the files will be automatically unpacked into dest.

ENV
Set environment variables, which can be used by subsequent instructions. For example:

ENV MY_VERSION 1.3RUN apt-get install -y mypackage=$MY_VERSION

EXPOSE
Docker can expose a port by specifying that the process in the container listens on it.

VOLUME
Declare a file or directory as a volume.

WORKDIR
Sets the current working directory in the image for subsequent RUN, CMD, ENTRYPOINT, ADD or COPY instructions.

RUN
Runs the specified command in the container.

CMD
Runs the specified command when the container starts.
There can be multiple CMD instructions in a Dockerfile, but only the last one takes effect. CMD can be replaced by parameters after docker run.

ENTRYPOINT
Set the command to run when the container starts.
There can be multiple ENTRYPOINT instructions in a Dockerfile, but only the last one takes effect. The parameters after CMD or docker run will be passed as parameters to ENTRYPOINT.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.