基础镜像
注意:每次安装的jdk版本和路径可能不一样
echo "*" > .dockerignorevi DockerfileFROM centos:7MAINTAINER "Geray <1690014753@qq.com>"RUN yum -y install telnet wget iproute net-tools kde-l10n-Chinese reinstall glibc-common && \# 安装jdk# yum -y install java-1.8.0-openjdk && \yum -y install java-1.8.0-openjdk-devel.x86_64 && \yum clean all && \rm -rf /var/cache/yum/* && \localedef -c -f UTF-8 -i zh_CN zh_CN.utf8 && \cat /dev/null > /etc/locale.conf && echo "LC_ALL=\"zh_CN.UTF-8\"" > /etc/locale.conf#envENV TZ "Asia/Shanghai"#ENV LANG en_US.UTF-8ENV LANG zh_CN.UTF-8#声明CATALINA_HOME环境变量ENV CATALINA_HOME /usr/local/tomcat#将Tomcat下的bin路径加入到PATH环境变量中。ENV PATH $CATALINA_HOME/bin:$PATH#Tomcat相关文件的版本。ENV TOMCAT_MAJOR 8ENV TOMCAT_VERSION 8.5.69#Tomcat相关文件下载地址ENV TOMCAT_TGZ_URL "https://www.apache.org/dyn/closer.cgi?action=download&filename=tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz"#下载验证文件#ENV TOMCAT_ASC_URL https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc#执行命令RUN set -x && \mkdir -p $CATALINA_HOME && \wget -O tomcat.tar.gz $TOMCAT_TGZ_URL && \#wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_URL" && \tar -xvf tomcat.tar.gz --strip-components=1 -C $CATALINA_HOME && \# 禁用jdk随机数#sed -i '1a JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"' $CATALINA_HOME/bin/catalina.sh && \echo 'JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"' > $CATALINA_HOME/bin/setenv.sh && \rm -rf $CATALINA_HOME/bin/*.bat && \rm -rf $CATALINA_HOME/webapps/* && \rm -rf tomcat.tar.gz* && \mkdir -p $CATALINA_HOME/webapps/ROOT && \echo "ok" > $CATALINA_HOME/webapps/ROOT/index.html#指定RUN、CMD、ENTRYPOINT命令的当前工作路径WORKDIR $CATALINA_HOME#暴露8080端口EXPOSE 8080#容器启动时执行的命令。CMD ["catalina.sh", "run"]
根据要求生产环境所需的镜像
增加的基础命令:
scp : yum -y install openssh-clients
unzip:yum -y install unzip zip
添加agent
需要添加jdk证书:
根证书:
jdk根证书问题:https://www.yuque.com/geray-alxoc/cl987x/hvamds
vi .dockerignore*!agent.zip!UCA-RSA-Non-Public-CA-G1.cervi DockerfileFROM centos:7MAINTAINER "Geray <1690014753@qq.com>"RUN yum -y install telnet wget unzip zip openssh-clients iproute net-tools kde-l10n-Chinese reinstall glibc-common && \# 安装jdk# yum -y install java-1.8.0-openjdk && \yum -y install java-1.8.0-openjdk-devel.x86_64 && \yum clean all && \rm -rf /var/cache/yum/* && \localedef -c -f UTF-8 -i zh_CN zh_CN.utf8 && \cat /dev/null > /etc/locale.conf && echo "LC_ALL=\"zh_CN.UTF-8\"" > /etc/locale.conf#envENV TZ "Asia/Shanghai"#ENV LANG en_US.UTF-8ENV LANG zh_CN.UTF-8#JDK环境变量ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el7_9.x86_64ENV JRE_HOME ${JAVA_HOME}/jreENV CLASS_PATH .:${JAVA_HOME}/jre/lib/rt.jar:${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar:${JRE_HOME}/libENV PATH $PATH:${JAVA_HOME}/bin:${JRE_HOME}/bin#声明CATALINA_HOME环境变量ENV CATALINA_HOME /usr/local/tomcat#将Tomcat下的bin路径加入到PATH环境变量中。ENV PATH $CATALINA_HOME/bin:$PATH#Tomcat相关文件的版本。ENV TOMCAT_MAJOR 8ENV TOMCAT_VERSION 8.5.69#Tomcat相关文件下载地址ENV TOMCAT_TGZ_URL "https://www.apache.org/dyn/closer.cgi?action=download&filename=tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz"#下载验证文件#ENV TOMCAT_ASC_URL https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc#添加agent和证书文件ADD agent.zip /usr/localADD UCA-RSA-Non-Public-CA-G1.cer $JRE_HOME/lib/security#执行命令RUN set -x && \mkdir -p $CATALINA_HOME && \wget -O tomcat.tar.gz $TOMCAT_TGZ_URL && \#wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_URL" && \tar -xvf tomcat.tar.gz --strip-components=1 -C $CATALINA_HOME && \# 禁用jdk随机数#sed -i '1a JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"' $CATALINA_HOME/bin/catalina.sh && \echo 'JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"' > $CATALINA_HOME/bin/setenv.sh && \rm -rf $CATALINA_HOME/bin/*.bat && \rm -rf $CATALINA_HOME/webapps/* && \rm -rf tomcat.tar.gz* && \mkdir -p $CATALINA_HOME/webapps/ROOT && \echo "ok" > $CATALINA_HOME/webapps/ROOT/index.html && \#解压agentunzip /usr/local/agent.zip -d /usr/local/ && \rm -rf /usr/local/agent.zip && \#添加jdk证书cd $JRE_HOME/lib/security && \echo y | keytool -import -trustcacerts -alias UCA-RSA-Non-Public-CA-G1.cer -file UCA-RSA-Non-Public-CA-G1.cer -keystore cacerts -storepass changeit#指定RUN、CMD、ENTRYPOINT命令的当前工作路径WORKDIR $CATALINA_HOME#暴露8080端口EXPOSE 8080#容器启动时执行的命令。CMD ["catalina.sh", "run"]
构建、压缩导出,导入
docker build -t tomcat:v8.5.69-jdk1.8.0_292 .docker save tomcat:v8.5.69-jdk1.8.0_292 | gzip > tomcat-8.tar.gzdocker load -i tomcat-8.tar.gz
项目实例
# 添加参数cat setenv.shJAVA_OPTS="${JAVA_OPTS} -Djava.awt.headless=true -javaagent:/usr/local/agent/webgate-agent/lib/webgate-agent.jar -Dpinpoint.licence=8621990031 -Dpinpoint.applicationName=gs_4a -Dpinpoint.agentId=135.152.12.80_30063 -Dwebgate.agent.name=gs4a_web_sec_tomcat -Dwebgate.was.instance.home=/usr/local/agent/webgate-agent/gs4a_web_sec_tomcat -javaagent:/usr/local/agent/aiopsagent-1.8.0/aiopsagent-1.8.0.jar -server -Xms4096m -Xmx4096m -Xss512k -XX:+AggressiveOpts -XX:+UseBiasedLocking -XX:PermSize=256M -XX:MaxPermSize=1024M"# 构建cat .dockerignore*!setenv.sh# Dockerfilecat DockerfileFROM tomcat:v9.0.50-jdk1.8.0_292MAINTAINER "Geray <1690014753@qq.com>"COPY setenv.sh /usr/local/tomcat/bindocker build -t tomcat9:v2 .
无jdk证书
vi .dockerignore*!agent.zipvi DockerfileFROM centos:7MAINTAINER "Geray <1690014753@qq.com>"RUN yum -y install telnet wget unzip zip openssh-clients iproute net-tools kde-l10n-Chinese reinstall glibc-common && \# 安装jdk# yum -y install java-1.8.0-openjdk && \yum -y install java-1.8.0-openjdk-devel.x86_64 && \yum clean all && \rm -rf /var/cache/yum/* && \localedef -c -f UTF-8 -i zh_CN zh_CN.utf8 && \cat /dev/null > /etc/locale.conf && echo "LC_ALL=\"zh_CN.UTF-8\"" > /etc/locale.conf#envENV TZ "Asia/Shanghai"#ENV LANG en_US.UTF-8ENV LANG zh_CN.UTF-8#JDK环境变量ENV JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64ENV JRE_HOME ${JAVA_HOME}/jreENV CLASS_PATH .:${JAVA_HOME}/jre/lib/rt.jar:${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar:${JRE_HOME}/libENV PATH $PATH:${JAVA_HOME}/bin:${JRE_HOME}/bin#声明CATALINA_HOME环境变量ENV CATALINA_HOME /usr/local/tomcat#将Tomcat下的bin路径加入到PATH环境变量中。ENV PATH $CATALINA_HOME/bin:$PATH#Tomcat相关文件的版本。ENV TOMCAT_MAJOR 9ENV TOMCAT_VERSION 9.0.52#Tomcat相关文件下载地址ENV TOMCAT_TGZ_URL "https://www.apache.org/dyn/closer.cgi?action=download&filename=tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz"#下载验证文件#ENV TOMCAT_ASC_URL https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc#添加agent和证书文件COPY agent.zip /usr/local#COPY UCA-RSA-Non-Public-CA-G1.cer $JRE_HOME/lib/security#执行命令RUN set -x && \mkdir -p $CATALINA_HOME && \wget -O tomcat.tar.gz $TOMCAT_TGZ_URL && \#wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_URL" && \tar -xvf tomcat.tar.gz --strip-components=1 -C $CATALINA_HOME && \# 禁用jdk随机数#sed -i '1a JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"' $CATALINA_HOME/bin/catalina.sh && \echo 'JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"' > $CATALINA_HOME/bin/setenv.sh && \rm -rf $CATALINA_HOME/bin/*.bat && \rm -rf $CATALINA_HOME/webapps/* && \rm -rf tomcat.tar.gz* && \mkdir -p $CATALINA_HOME/webapps/ROOT && \echo "ok" > $CATALINA_HOME/webapps/ROOT/index.html && \#解压agentunzip /usr/local/agent.zip -d /usr/local/ && \rm -rf /usr/local/agent.zip# 注释掉一下所有内容需要将上面放开#添加jdk证书#cd $JRE_HOME/lib/security && \#echo y | keytool -import -trustcacerts -alias UCA-RSA-Non-Public-CA-G1.cer -file UCA-RSA-Non-Public-CA-G1.cer -keystore cacerts -storepass changeit#指定RUN、CMD、ENTRYPOINT命令的当前工作路径WORKDIR $CATALINA_HOME#暴露8080端口EXPOSE 8080#容器启动时执行的命令。ENTRYPOINT ["catalina.sh", "run"]
构建
docker build -t tomcat:v9.0.52-jdk1.8.0_302 .docker save tomcat:v9.0.52-jdk1.8.0_302 | gzip > tomcat-9.tar.gzdocker load -i tomcat-9.tar.gz
若有收获,就点个赞吧
0 人点赞
