我正在考虑使用Docker在持续集成(CI)服务器上构建依赖关系,这样我就不必在代理本身上安装所有运行时和库。
为了实现这一点,我需要将容器内部构建的构建工件复制回主机。这可能吗?
当前回答
如果您使用podman/buildah1,它为将文件从容器复制到主机提供了更大的灵活性,因为它允许您装载容器。
创建容器后,如以下回答所示
podman create --name dummy IMAGE_NAME
现在,我们可以装载整个容器,然后使用几乎每个linux盒子中的cp实用程序将/etc/foobar的内容从容器(虚拟)复制到主机上的/tmp中。所有这些都可以无根地完成。观察:
$ podman unshare -- bash -c '
mnt=$(podman mount dummy)
cp -R ${mnt}/etc/foobar /tmp
podman umount dummy
'
1.podman在内部使用buildah,它们也共享几乎相同的api
其他回答
您不需要使用docker run。
你可以用docker create来完成。
从文档中:
docker create命令在指定的映像上创建一个可写容器层,并为运行指定的命令做好准备。然后将容器ID打印到STDOUT。这与docker run-d类似,只是容器从未启动。
因此,您可以做到:
docker create --name dummy IMAGE_NAME
docker cp dummy:/path/to/file /dest/to/file
docker rm -f dummy
在这里,您永远不会启动容器。这看起来对我有利。
随着Docker 19.03的发布,您可以跳过创建容器甚至构建映像。基于BuildKit的构建有一个选项可以更改输出目标。您可以使用它将构建结果写入本地目录,而不是写入映像。例如,这里是go二进制文件的构建:
$ ls
Dockerfile go.mod main.go
$ cat Dockerfile
FROM golang:1.12-alpine as dev
RUN apk add --no-cache git ca-certificates
RUN adduser -D appuser
WORKDIR /src
COPY . /src/
CMD CGO_ENABLED=0 go build -o app . && ./app
FROM dev as build
RUN CGO_ENABLED=0 go build -o app .
USER appuser
CMD [ "./app" ]
FROM scratch as release
COPY --from=build /etc/passwd /etc/group /etc/
COPY --from=build /src/app /app
USER appuser
CMD [ "/app" ]
FROM scratch as artifact
COPY --from=build /src/app /app
FROM release
从上面的Dockerfile中,我构建的工件阶段只包含我想要导出的文件。新引入的--output标志允许我将它们写入本地目录,而不是图像。这需要使用19.03附带的BuildKit引擎执行:
$ DOCKER_BUILDKIT=1 docker build --target artifact --output type=local,dest=. .
[+] Building 43.5s (12/12) FINISHED
=> [internal] load build definition from Dockerfile 0.7s
=> => transferring dockerfile: 572B 0.0s
=> [internal] load .dockerignore 0.5s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/golang:1.12-alpine 0.9s
=> [dev 1/5] FROM docker.io/library/golang:1.12-alpine@sha256:50deab916cce57a792cd88af3479d127a9ec571692a1a9c22109532c0d0499a0 22.5s
=> => resolve docker.io/library/golang:1.12-alpine@sha256:50deab916cce57a792cd88af3479d127a9ec571692a1a9c22109532c0d0499a0 0.0s
=> => sha256:1ec62c064901392a6722bb47a377c01a381f4482b1ce094b6d28682b6b6279fd 155B / 155B 0.3s
=> => sha256:50deab916cce57a792cd88af3479d127a9ec571692a1a9c22109532c0d0499a0 1.65kB / 1.65kB 0.0s
=> => sha256:2ecd820bec717ec5a8cdc2a1ae04887ed9b46c996f515abc481cac43a12628da 1.36kB / 1.36kB 0.0s
=> => sha256:6a17089e5a3afc489e5b6c118cd46eda66b2d5361f309d8d4b0dcac268a47b13 3.81kB / 3.81kB 0.0s
=> => sha256:89d9c30c1d48bac627e5c6cb0d1ed1eec28e7dbdfbcc04712e4c79c0f83faf17 2.79MB / 2.79MB 0.6s
=> => sha256:8ef94372a977c02d425f12c8cbda5416e372b7a869a6c2b20342c589dba3eae5 301.72kB / 301.72kB 0.4s
=> => sha256:025f14a3d97f92c07a07446e7ea8933b86068d00da9e252cf3277e9347b6fe69 125.33MB / 125.33MB 13.7s
=> => sha256:7047deb9704134ff71c99791be3f6474bb45bc3971dde9257ef9186d7cb156db 125B / 125B 0.8s
=> => extracting sha256:89d9c30c1d48bac627e5c6cb0d1ed1eec28e7dbdfbcc04712e4c79c0f83faf17 0.2s
=> => extracting sha256:8ef94372a977c02d425f12c8cbda5416e372b7a869a6c2b20342c589dba3eae5 0.1s
=> => extracting sha256:1ec62c064901392a6722bb47a377c01a381f4482b1ce094b6d28682b6b6279fd 0.0s
=> => extracting sha256:025f14a3d97f92c07a07446e7ea8933b86068d00da9e252cf3277e9347b6fe69 5.2s
=> => extracting sha256:7047deb9704134ff71c99791be3f6474bb45bc3971dde9257ef9186d7cb156db 0.0s
=> [internal] load build context 0.3s
=> => transferring context: 2.11kB 0.0s
=> [dev 2/5] RUN apk add --no-cache git ca-certificates 3.8s
=> [dev 3/5] RUN adduser -D appuser 1.7s
=> [dev 4/5] WORKDIR /src 0.5s
=> [dev 5/5] COPY . /src/ 0.4s
=> [build 1/1] RUN CGO_ENABLED=0 go build -o app . 11.6s
=> [artifact 1/1] COPY --from=build /src/app /app 0.5s
=> exporting to client 0.1s
=> => copying files 10.00MB 0.1s
构建完成后,将导出应用程序二进制文件:
$ ls
Dockerfile app go.mod main.go
$ ./app
Ready to receive requests on port 8080
Docker对上游BuildKit repo中记录的--output标志有其他选项:https://github.com/moby/buildkit#output
装载一个“卷”并将工件复制到其中:
mkdir artifacts
docker run -i -v ${PWD}/artifacts:/artifacts ubuntu:14.04 sh << COMMANDS
# ... build software here ...
cp <artifact> /artifacts
# ... copy more artifacts into `/artifacts` ...
COMMANDS
然后,当构建完成并且容器不再运行时,它已经将构建中的工件复制到主机上的工件目录中。
Edit
注意:当您这样做时,可能会遇到docker用户的用户id与当前运行用户的用户id匹配的问题。也就是说,/fartifacts中的文件将显示为用户所有,用户的UID在docker容器中使用。解决此问题的一种方法可能是使用主叫用户的UID:
docker run -i -v ${PWD}:/working_dir -w /working_dir -u $(id -u) \
ubuntu:14.04 sh << COMMANDS
# Since $(id -u) owns /working_dir, you should be okay running commands here
# and having them work. Then copy stuff into /working_dir/artifacts .
COMMANDS
这也可以在SDK中完成,例如python。如果你已经构建了一个容器,你可以通过控制台(docker ps-a)查找这个名称,这个名称似乎是科学家和形容词(即“relaxed_pasteur”)的连接。
查看帮助(container.get_archive):
Help on method get_archive in module docker.models.containers:
get_archive(path, chunk_size=2097152) method of docker.models.containers.Container instance
Retrieve a file or folder from the container in the form of a tar
archive.
Args:
path (str): Path to the file or folder to retrieve
chunk_size (int): The number of bytes returned by each iteration
of the generator. If ``None``, data will be streamed as it is
received. Default: 2 MB
Returns:
(tuple): First element is a raw tar data stream. Second element is
a dict containing ``stat`` information on the specified ``path``.
Raises:
:py:class:`docker.errors.APIError`
If the server returns an error.
Example:
>>> f = open('./sh_bin.tar', 'wb')
>>> bits, stat = container.get_archive('/bin/sh')
>>> print(stat)
{'name': 'sh', 'size': 1075464, 'mode': 493,
'mtime': '2018-10-01T15:37:48-07:00', 'linkTarget': ''}
>>> for chunk in bits:
... f.write(chunk)
>>> f.close()
因此,类似这样的东西将从容器中的指定路径(/output)拉出到主机并解压缩tar。
import docker
import os
import tarfile
# Docker client
client = docker.from_env()
#container object
container = client.containers.get("relaxed_pasteur")
#setup tar to write bits to
f = open(os.path.join(os.getcwd(),"output.tar"),"wb")
#get the bits
bits, stat = container.get_archive('/output')
#write the bits
for chunk in bits:
f.write(chunk)
f.close()
#unpack
tar = tarfile.open("output.tar")
tar.extractall()
tar.close()
docker run -dit --rm IMAGE
docker cp CONTAINER:SRC_PATH DEST_PATH
https://docs.docker.com/engine/reference/commandline/run/https://docs.docker.com/engine/reference/commandline/cp/
推荐文章
- 试图连接到https://index.docker.io时,网络超时
- 为每个Docker图像查找图层和图层大小
- 如何避免在为Python项目构建Docker映像时重新安装包?
- 如何用docker-compose更新现有图像?
- 如何在构建docker期间设置环境变量
- 拉访问拒绝存储库不存在或可能需要docker登录
- 如何在ENTRYPOINT数组中使用Docker环境变量?
- Docker:容器不断地重新启动
- Mac/OS X上的/var/lib/docker在哪里
- 如何用docker-compose标记docker图像
- 从环境文件中读入环境变量
- 禁用特定RUN命令的缓存
- 从Docker容器获取环境变量
- E: gnupg, gnupg2和gnupg1似乎没有安装,但是这个操作需要其中一个
- 如何从docker更改默认docker注册表。IO到我的私人注册表?
