標籤:
http://www.oschina.net/news/62897/docker-hub-contains-high-risk-vulnerabilities 這裡有個統計,docker官方和個人發布的鏡像由於版本等各種原因,漏洞較多,那我們如何自己從頭開始做個定製的鏡像呢?
對,找官方文檔 http://docs.docker.com/articles/baseimages/,這裡說明的很清楚了
實驗如下:在centos7機器上做centos鏡像
直接參考這個指令碼
https://raw.githubusercontent.com/docker/docker/master/contrib/mkimage-yum.sh
./mkimage-yum.sh -y /etc/yum.conf centos7
執行如上指令碼,成功後,就可以看到鏡像了【docker images】,概要說明一下,主要是如下幾步:
1.tmp目錄下建立臨時目錄和檔案系統
2.使用yum安裝相關的軟體包
3.軟體包安裝和資訊定製
4.tar打包
5.清理
建立目錄結構[rootfs]
target=$(mktemp -d --tmpdir $(basename $0).XXXXXX)
set -x
mkdir -m 755 "$target"/dev
mknod -m 600 "$target"/dev/console c 5 1
mknod -m 600 "$target"/dev/initctl p
mknod -m 666 "$target"/dev/full c 1 7
mknod -m 666 "$target"/dev/null c 1 3
mknod -m 666 "$target"/dev/ptmx c 5 2
mknod -m 666 "$target"/dev/random c 1 8
mknod -m 666 "$target"/dev/tty c 5 0
mknod -m 666 "$target"/dev/tty0 c 4 0
mknod -m 666 "$target"/dev/urandom c 1 9
mknod -m 666 "$target"/dev/zero c 1 5
# amazon linux yum will fail without vars set
if [ -d /etc/yum/vars ]; then
mkdir -p -m 755 "$target"/etc/yum
cp -a /etc/yum/vars "$target"/etc/yum/
fi
軟體包安裝和資訊定製yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
--setopt=group_package_types=mandatory -y groupinstall Core
yum -c "$yum_config" --installroot="$target" -y clean all
...
打包tar --numeric-owner -c -C "$target" . | docker import - $name:$version
docker run -i -t $name:$version echo success
清理rm -rf "$target"
如果我們需要自己的安全增強軟體等定製,只需要在第2步將我們的內容合并進去即可
產生的鏡像可以作為我們工作的基礎,當然你也可以push到開源社區
Docker 從零開始製作基礎鏡像[centos]
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
