是否可以合并两个镜像
部署某个开源程序的时候,需要node编译并运行一个socket程序,和nginx解析静态页面。这只需要两个容器分别运行node和nginx就轻易解决了,而且我用了alpine的版本的镜像,把体积控制到了极小。
但强迫症犯了......能不能合并成一个镜像呢?
Try:多步构建
Dockerfile多阶段构建可以吗?
FROM node:xxx AS run-socket ... FROM nginx AS www-page ...
不行。该程序需要node、nginx两个服务同时运行才能工作,这样写最后只能保留nginx服务。
Dockerfile里写两个"FROM",没有"as",会怎样?没用,第一个镜像构建等于白干活。
Dockerfile只能构建最后一个基础镜像,多阶段构建中的其余镜像都会生成<none>:<none>这种编译镜像,一个镜像就是一个layer。
[root@VM-8-17-centos ~]#docker images -a
REPOSITORY TAG IMAGE ID CREATED SIZE
oulh/syncplay-server alpine 96433458266b 26 hours ago 93.8MB
<none> <none> 9198cd83e566 26 hours ago 93.8MB
<none> <none> ed59470e7504 26 hours ago 11.3MB
<none> <none> bd320c5f8ffc 26 hours ago 9.39MB
<none> <none> 15d04ab81e42 26 hours ago 7.09MB
alpine latest 0ac33e5f5afa 9 days ago 5.57MB
[root@VM-8-17-centos ~]#docker history oulh/syncplay-server:alpine
IMAGE CREATED CREATED BY SIZE COMMENT
96433458266b 26 hours ago /bin/sh -c #(nop) CMD ["./syncplay_start.sh… 0B
9198cd83e566 26 hours ago /bin/sh -c apk add --no-cache py3-twisted py… 82.5MB
ed59470e7504 26 hours ago /bin/sh -c apk add --no-cache dpkg 1.9MB
bd320c5f8ffc 26 hours ago /bin/sh -c sed -i 's/dl-cdn.alpinelinux.org/… 2.3MB
15d04ab81e42 26 hours ago /bin/sh -c #(nop) COPY multi:6c89ab00d1a2c59… 1.52MB
0ac33e5f5afa 9 days ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 9 days ago /bin/sh -c #(nop) ADD file:5d673d25da3a14ce1… 5.57MB
Try:docker history
搜索引擎查了一下,有人说可以用docker history命令还原基础镜像,进行逆向工程,
docker history --no-trunc=true image > image1-dockerfile
docker history --no-trunc=true image2 > image2-dockerfile
原文: 接下来打开这两个文件,你可以看到每个镜像的命令堆栈。这是因为Docker镜像通过层的方式来构建。即你在Dockerfile中键入的每一个命令所构建的新镜像,都是在之前的命令产生的镜像之上。所以你可以对镜像进行逆向工程。
我试着操作了一下,得到的其中一个镜像的Dockerfile文件:(向左滑动~)
IMAGE CREATED CREATED BY SIZE COMMENT
sha256:41b9374c09018007d5ad0dc97aa1db92a56b0a792684ebfffebd8113b2f4be06 7 days ago /bin/sh -c #(nop) CMD ["node"] 0B
<missing> 7 days ago /bin/sh -c #(nop) ENTRYPOINT ["docker-entrypoint.sh"] 0B
<missing> 7 days ago /bin/sh -c #(nop) COPY file:4d192565a7220e135cab6c77fbc1c73211b69f3d9fb37e62857b2c6eb9363d51 in /usr/local/bin/ 388B
<missing> 7 days ago /bin/sh -c apk add --no-cache --virtual .build-deps-yarn curl gnupg tar && for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; done && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && mkdir -p /opt && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && apk del .build-deps-yarn && yarn --version 7.76MB
<missing> 7 days ago /bin/sh -c #(nop) ENV YARN_VERSION=1.22.18 0B
<missing> 7 days ago /bin/sh -c addgroup -g 1000 node && adduser -u 1000 -G node -s /bin/sh -D node && apk add --no-cache libstdc++ && apk add --no-cache --virtual .build-deps curl && ARCH= && alpineArch="$(apk --print-arch)" && case "${alpineArch##*-}" in x86_64) ARCH='x64' CHECKSUM="a6dc255e1ef1f20372306eec932b4a3648575c6d3024bcd685b8efc93dc95569" ;; *) ;; esac && if [ -n "${CHECKSUM}" ]; then set -eu; curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner && ln -s /usr/local/bin/node /usr/local/bin/nodejs; else echo "Building from source" && apk add --no-cache --virtual .build-deps-full binutils-gold g++ gcc gnupg libgcc linux-headers make python3 && for key in 4ED778F539E3634C779C87C6D7062848A1AB005C 141F07595B7B3FFE74309A937405533BE57C7D57 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 74F12602B6F1C4E913FAA37AD3A89613643B6201 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C DD8F2338BAE7501E3DD5AC78C273792F7D83545D A48C2BEE680E841632CD4E44F07496B3EB3C1762 108F52B48DB57BB0CC439B2997B01419BD92F80A B9E2F5981AA6E0CD28160D9FF13993A75599653C ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; done && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - && tar -xf "node-v$NODE_VERSION.tar.xz" && cd "node-v$NODE_VERSION" && ./configure && make -j$(getconf _NPROCESSORS_ONLN) V= && make install && apk del .build-deps-full && cd .. && rm -Rf "node-v$NODE_VERSION" && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; fi && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" && apk del .build-deps && node --version && npm --version 97.3MB
<missing> 7 days ago /bin/sh -c #(nop) ENV NODE_VERSION=16.14.2 0B
<missing> 9 days ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
<missing> 9 days ago /bin/sh -c #(nop) ADD file:cf4b631a115c2bbfbd81cad2d3041bceb64a8136aac92ba8a63b6c51d60af764 in /
仔细一看,还有ADD和COPY字段,这......
结论
利用docker history逆向构建的方法也许可行,但很麻烦,起码对我来说没有这个能力和时间成本。
好好让一个容器干一件事吧,结合docker-compose不也很高效吗