鏡像構建工具SOURCE TO IMAGE（S2I）實踐

（首先附上github地址）
https://github.com/openshift/source-to-image
（s2i的安裝過程，目錄文件結構，及腳本說明可以參考下面的文章）
https://ywnz.com/linuxyffq/5177.html

s2i是紅帽開源的一款鏡像構建工具，屬于openshift的一部分，可以提供一套模板化的構建方案，讓開發(fā)人員為各種不同類型的源代碼提前準備好運行環(huán)境（builder-image），并進行快速構建和運行。 在學習了一段時間之后，我對s2i總結的優(yōu)勢可以分為以下幾點：

模板化及擴展能力（builder-image）：可以提前準備好不同的源代碼執(zhí)行環(huán)境，這部分工作和docker build并沒有本質上的區(qū)別，builder image本身也是一個基于docker file構建出來的鏡像，不同點在于s2i的builder image 在構建過程里可以封裝進一組腳本，這些腳本在鏡像構建及運行的各個階段發(fā)揮著關鍵作用，使鏡像的構建者能夠更全面的掌控構建過程。

層次化及快速構建（增量構建）：s2i允許在構建時指定一個增量構建對象（s2i build --incremental），這里不稱之為基礎鏡像主要是為了和builder image區(qū)分。使用增量構建時，save-artifacts腳本將發(fā)揮作用，將當前鏡像內部的數(shù)據(jù)進行轉移，新鏡像構建時assemble腳本執(zhí)行，將數(shù)據(jù)進行拷貝，典型的數(shù)據(jù)傳輸對象可以是maven .m2文件夾等等。這個過程帶來的好處除了加速構建之外，還有層次化：builder image 提供了橫向擴展（例如 html、java、python等運行環(huán)境），而被增量構建的鏡像則體現(xiàn)了相同運行環(huán)境中的縱向擴展（例如 一般maven項目、 spring boot項目等）。

開發(fā)過程及概念上的轉變：s2i使開發(fā)人員不用再去關注docker file的編寫過程，專注于源代碼的更新迭代，容器的運行環(huán)境均由s2i的builder image和增量構建鏡像準備。

一個標準的s2i構建過程，可以分為以下幾個步驟：

準備builder image的上下文環(huán)境，其本質是一個docker image 所以包括docker file，s2i腳本，及相關依賴。

使用docker build命令構建builder image。

使用s2i build命令構建目標鏡像 s2i build <source location> <builder image> [<tag>] [flags]builder image參數(shù)是第二步構建出來的鏡像。

使用上一步中構建的鏡像進行增量構建。

以下為一個war包運行環(huán)境的builder image構建方式：

#DockerfileFROM openshift/base-centos7 EXPOSE 8080ENV TOMCAT_VERSION=8.5.53 \MAVEN_VERSION=3.6.3LABEL io.k8s.description="Platform for building and running JEE applications on Tomcat" \io.k8s.display-name="Tomcat Builder" \io.openshift.expose-services="8080:http" \io.openshift.tags="builder,tomcat" \io.openshift.s2i.destination="/opt/s2i/destination"#這個label比較重要，在s2i build時，s2i會將基礎鏡像的上下文環(huán)境包括源碼、腳本拷貝進指定目錄COPY apache-maven-$MAVEN_VERSION-bin.tar.gz / COPY apache-tomcat-$TOMCAT_VERSION.tar.gz /# Install Maven, Tomcat RUN INSTALL_PKGS="tar java-1.8.0-openjdk java-1.8.0-openjdk-devel" && \yum install -y --enablerepo=centosplus $INSTALL_PKGS && \rpm -V $INSTALL_PKGS && \yum clean all -y && \tar -zxvf /apache-maven-$MAVEN_VERSION-bin.tar.gz -C /usr/local && \ln -sf /usr/local/apache-maven-$MAVEN_VERSION/bin/mvn /usr/local/bin/mvn && \mkdir -p $HOME/.m2 && \mkdir -p /tomcat && \tar -zxvf /apache-tomcat-$TOMCAT_VERSION.tar.gz --strip-components=1 -C /tomcat && \ rm -rf /tomcat/webapps/* && \mkdir -p /opt/s2i/destination && \mkdir /tmp/src# Add s2i customizations ADD ./settings.xml $HOME/.m2/# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH COPY ./s2i/bin/ $STI_SCRIPTS_PATHRUN chmod -R a+rw /tomcat && \chmod a+rwx /tomcat/* && \chmod +x /tomcat/bin/*.sh && \chmod -R a+rw $HOME && \chmod -R +x $STI_SCRIPTS_PATH && \chmod -R g+rw /opt/s2i/destinationUSER 1001CMD $STI_SCRIPTS_PATH/usage #assembleif [[ "$1" == "-h" ]]; thenexec /usr/libexec/s2i/usage fi# Restore artifacts from the previous build (if they exist). # # restore build artifactsif [ -d /opt/s2i/destination/artifacts/.m2 ]; thenecho "restore build artifacts"rm -rf $HOME/.m2mv /opt/s2i/destination/artifacts/.m2 $HOME/ fiecho "---> Installing application source..." #cp -Rf /tmp/src/. ./ a=`ls /tmp/` echo $a echo "**********" b=`ls /opt/s2i/destination/` echo $b echo "------***" c=`ls /opt/s2i/destination/src` echo $ccp -R /opt/s2i/destination/src/. ./ cp /opt/s2i/destination/src/config/catalina.sh /tomcat/bin/catalina.shecho "---> Building application from source..." # TODO: Add build steps for your application, eg npm install, bundle install, pip install, etc.mvn -Dmaven.test.skip=true clean package #mv ./target/*.war /tomcat/webapps/ROOT.war find ./ -name *.war -exec mv {} /tomcat/webapps/ROOT.war \; #runbash -c "/tomcat/bin/catalina.sh run" #save-artifacts#!/bin/bash pushd ${HOME} >/dev/null if [ -d .m2 ]; then# all .m2 contents to tar streamtar cf - .m2 fi popd >/dev/null

builder image 中封裝了centos7，jdk，maven和一個tomcat。
save-artifacts和assemble腳本在鏡像構建期間執(zhí)行，完成增量構建的數(shù)據(jù)傳輸，源代碼拷貝及編譯工作。
run腳本在鏡像運行階段執(zhí)行。

JAR運行環(huán)境

# DockerFileFROM openshift/base-centos7 EXPOSE 8080ENV MAVEN_VERSION=3.6.3LABEL io.k8s.description="Platform for building and running JEE applications on Tomcat" \io.k8s.display-name="Tomcat Builder" \io.openshift.expose-services="8080:http" \io.openshift.tags="builder,tomcat" \io.openshift.s2i.destination="/opt/s2i/destination"COPY apache-maven-$MAVEN_VERSION-bin.tar.gz /# Install Maven RUN INSTALL_PKGS="tar java-1.8.0-openjdk java-1.8.0-openjdk-devel" && \yum install -y --enablerepo=centosplus $INSTALL_PKGS && \rpm -V $INSTALL_PKGS && \yum clean all -y && \tar -zxvf /apache-maven-$MAVEN_VERSION-bin.tar.gz -C /usr/local && \ln -sf /usr/local/apache-maven-$MAVEN_VERSION/bin/mvn /usr/local/bin/mvn && \mkdir -p $HOME/.m2 && \mkdir -p /opt/s2i/destination && \mkdir -p /webapps && \mkdir /tmp/src# Add s2i customizations ADD ./settings.xml $HOME/.m2/# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH COPY ./s2i/bin/ $STI_SCRIPTS_PATHRUN chmod -R a+rw /webapps && \chmod -R a+rw $HOME && \chmod -R +x $STI_SCRIPTS_PATH && \chmod -R g+rw /opt/s2i/destinationUSER 1001CMD $STI_SCRIPTS_PATH/usage #assembleif [[ "$1" == "-h" ]]; thenexec /usr/libexec/s2i/usage fi# Restore artifacts from the previous build (if they exist). # # restore build artifactsif [ -d /opt/s2i/destination/artifacts/.m2 ]; thenecho "restore build artifacts"rm -rf $HOME/.m2mv /opt/s2i/destination/artifacts/.m2 $HOME/ fiecho "---> Installing application source..." #cp -Rf /tmp/src/. ./ a=`ls /tmp/` echo $a echo "**********" b=`ls /opt/s2i/destination/` echo $b echo "------***" c=`ls /opt/s2i/destination/src` echo $ccp -R /opt/s2i/destination/src/. ./echo "---> Building application from source..." # TODO: Add build steps for your application, eg npm install, bundle install, pip install, etc.mvn -Dmaven.test.skip=true clean package find ./ -name *.jar -exec mv {} /tomcat/webapps/ROOT.jar \; #save-artifactspushd ${HOME} >/dev/null if [ -d .m2 ]; then# all .m2 contents to tar streamtar cf - .m2 fi popd >/dev/null #runbash -c "java -jar -Dserver.port=8080 /webapps/ROOT.jar"

NGINX運行環(huán)境

FROM openshift/base-centos7EXPOSE 8080 EXPOSE 8443ENV NAME=nginx \NGINX_VERSION=1.16 \NGINX_SHORT_VER=116 \VERSION=0ENV SUMMARY="Platform for running nginx $NGINX_VERSION or building nginx-based application" \DESCRIPTION="Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP \ protocols, with a strong focus on high concurrency, performance and low memory usage. The container \ image provides a containerized packaging of the nginx $NGINX_VERSION daemon. The image can be used \ as a base image for other applications based on nginx $NGINX_VERSION web server. \ Nginx server image can be extended using source-to-image tool."LABEL summary="${SUMMARY}" \description="${DESCRIPTION}" \io.k8s.description="${DESCRIPTION}" \io.k8s.display-name="Nginx ${NGINX_VERSION}" \io.openshift.expose-services="8080:http" \io.openshift.expose-services="8443:https" \io.openshift.tags="builder,${NAME},rh-${NAME}${NGINX_SHORT_VER}" \com.redhat.component="rh-${NAME}${NGINX_SHORT_VER}-container" \name="centos/${NAME}-${NGINX_SHORT_VER}-centos7" \version="${NGINX_VERSION}" \maintainer="SoftwareCollections.org <sclorg@redhat.com>" \help="For more information visit https://github.com/sclorg/${NAME}-container" \usage="s2i build <SOURCE-REPOSITORY> centos/${NAME}-${NGINX_SHORT_VER}-centos7:latest <APP-NAME>"ENV NGINX_CONFIGURATION_PATH=${APP_ROOT}/etc/nginx.d \NGINX_CONF_PATH=/etc/opt/rh/rh-nginx${NGINX_SHORT_VER}/nginx/nginx.conf \NGINX_DEFAULT_CONF_PATH=${APP_ROOT}/etc/nginx.default.d \NGINX_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/nginx \NGINX_APP_ROOT=${APP_ROOT} \NGINX_LOG_PATH=/var/opt/rh/rh-nginx${NGINX_SHORT_VER}/log/nginxRUN yum install -y yum-utils gettext hostname && \yum install -y centos-release-scl-rh && \INSTALL_PKGS="nss_wrapper bind-utils rh-nginx${NGINX_SHORT_VER} rh-nginx${NGINX_SHORT_VER}-nginx \rh-nginx${NGINX_SHORT_VER}-nginx-mod-stream" && \yum install -y centos-release-scl-rh && \yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \rpm -V $INSTALL_PKGS && \yum -y clean all --enablerepo='*'# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH COPY ./s2i/bin/ $STI_SCRIPTS_PATH# Copy extra files to the image. COPY ./root/ /# In order to drop the root user, we have to make some directories world # writeable as OpenShift default security model is to run the container under # random UID. RUN sed -i -f ${NGINX_APP_ROOT}/nginxconf.sed ${NGINX_CONF_PATH} && \chmod a+rwx ${NGINX_CONF_PATH} && \mkdir -p ${NGINX_APP_ROOT}/etc/nginx.d/ && \mkdir -p ${NGINX_APP_ROOT}/etc/nginx.default.d/ && \mkdir -p ${NGINX_APP_ROOT}/src/nginx-start/ && \mkdir -p ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \mkdir -p ${NGINX_LOG_PATH} && \ln -s ${NGINX_LOG_PATH} /var/log/nginx && \ln -s /etc/opt/rh/rh-nginx${NGINX_SHORT_VER}/nginx /etc/nginx && \ln -s /opt/rh/rh-nginx${NGINX_SHORT_VER}/root/usr/share/nginx /usr/share/nginx && \chmod -R a+rwx ${NGINX_APP_ROOT}/etc && \chmod -R a+rwx /var/opt/rh/rh-nginx${NGINX_SHORT_VER} && \chmod -R a+rwx ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \chown -R 1001:0 ${NGINX_APP_ROOT} && \chown -R 1001:0 /var/opt/rh/rh-nginx${NGINX_SHORT_VER} && \chown -R 1001:0 ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start && \chmod -R a+rwx /var/run && \chown -R 1001:0 /var/run && \rpm-file-permissionsUSER 1001# Not using VOLUME statement since it's not working in OpenShift Online: # https://github.com/sclorg/httpd-container/issues/30 # VOLUME ["/opt/rh/rh-nginx116/root/usr/share/nginx/html"] # VOLUME ["/var/opt/rh/rh-nginx116/log/nginx/"]ENV BASH_ENV=${NGINX_APP_ROOT}/etc/scl_enable \ENV=${NGINX_APP_ROOT}/etc/scl_enable \PROMPT_COMMAND=". ${NGINX_APP_ROOT}/etc/scl_enable"CMD $STI_SCRIPTS_PATH/usage #assembleset -eecho "---> Installing application source" ls -a cp -Rf /tmp/src/. ./# Fix source directory permissions fix-permissions ./if [ -f ./nginx.conf ]; thenecho "---> Copying nginx.conf configuration file..."cp -v ./nginx.conf "${NGINX_CONF_PATH}"rm -f ./nginx.conf fiif [ -d ./nginx-cfg ]; thenecho "---> Copying nginx configuration files..."if [ "$(ls -A ./nginx-cfg/*.conf)" ]; thencp -av ./nginx-cfg/*.conf "${NGINX_CONFIGURATION_PATH}"rm -rf ./nginx-cfgfichmod -Rf g+rw ${NGINX_CONFIGURATION_PATH} fiif [ -d ./nginx-default-cfg ]; thenecho "---> Copying nginx default server configuration files..."if [ "$(ls -A ./nginx-default-cfg/*.conf)" ]; thencp -av ./nginx-default-cfg/*.conf "${NGINX_DEFAULT_CONF_PATH}"rm -rf ./nginx-default-cfgfichmod -Rf g+rw ${NGINX_DEFAULT_CONF_PATH} fiif [ -d ./nginx-start ]; thenecho "---> Copying nginx start-hook scripts..."if [ "$(ls -A ./nginx-start/* 2>/dev/null)" ]; thencp -av ./nginx-start/* "${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-start/"rm -rf ./nginx-startfi fi #runsource /opt/app-root/etc/generate_container_userset -esource ${NGINX_CONTAINER_SCRIPTS_PATH}/common.shprocess_extending_files ${NGINX_APP_ROOT}/src/nginx-start ${NGINX_CONTAINER_SCRIPTS_PATH}/nginx-startif [ ! -v NGINX_LOG_TO_VOLUME -a -v NGINX_LOG_PATH ]; then/bin/ln -s /dev/stdout ${NGINX_LOG_PATH}/access.log/bin/ln -s /dev/stderr ${NGINX_LOG_PATH}/error.log fiexec nginx -g "daemon off;"

除上述內容之外，源代碼也需要一個上下文環(huán)境，這并不是必要的，但這樣做的好處是可以提供一些類似nginx及tomcat的配置文件來實現(xiàn)不同項目的定制化。這也是s2i腳本的核心能力體現(xiàn)。

由于網(wǎng)上的資料不夠充分，所以使用過程里難免碰到很多坑，也并不能對s2i充分理解物盡其用。比如在增量構建階段，目前發(fā)現(xiàn)必須是同名鏡像才能夠被識別出來，所以有時候不得不先將一個需要增量構建的鏡像tag成目標鏡像名稱再進行增量構建。

總結

以上是生活随笔為你收集整理的镜像构建工具SOURCE TO IMAGE（S2I）实践的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內容還不錯，歡迎將生活随笔推薦給好友。