容器镜像的备份及恢复方案.docx

ENVPKGRE1.EASE1-bmterRUNset-xcreatengnxusergropfirsttobeconsistentthroughoutdockervariantsH(Uddgroup-system-gid101n9inxEthadduser-system-YrsabM-IogM-ingroupnginx-no-crwtt-hofnc-home/nonexistentrecos*,nginxuser*-shdlb<nfalsc-uid101ngiu8ftat-9etupdateWtapt-getinstall-rx>"<nstall-cofnmends-no-iretall-suggcsts-ygnupglca-ctificatcsftftNGIhlX_GPGKEY«573BFD6B3D8FBC641O79A6ARABF5BD827BOW62;found*：forservetinha4>ool.sks-kcy5cfvcr5.ncthkpJZkeyKrvcrubuntuem£0hkp80.pool.sks-kcyscrvers.ftttr80p9p.mitdu：doecho"FetchingGPGkey$NGaNX_GPGKEYfromSsw"apt-keyadv-keyserver"Sserver*-keysetver-optiomtimeout*10ecvkeyseSNGINXGPGKEYwHafound三ycsHftbruk;donc:tot-zSfoufxttttecho>tt2"11x:fadtofctcGPGkeySNGlNX_GPGKErHttexit1;APtretremove-purge-XKxemovt-y9nup9lHHrm-rfvarfW¼)ttaaftdpk9Arch-vS(dpkgfictarChiteCtlXftftn9inxPdu9e5*n9inx-SNGINX.VERSION|.$!PKG_RElEASejngmx-fnodulc-xsIt-SNGINX_VERS*ON$PKGJEIEASECgmX-modulc-geoNSNGlNX.VERSION)-$PKG.RE1.EASEngnx-module-im>gc-filter三SNGlNX_VERSIoN)-$PKGRE1.EASE)ngmx-module-n>>SNGINXVERSION.$NJSVERSION)-$(PKGRE1.fAs£wHftc×"SdpkgArcbeinM11d64i386)9archesOfficialybuiMbupstreamecho"debhttpsnginx.orgkagemainiiedebiarbust。nginx"»etgpt0urmJitd119ExJist&&apt-getupdate11)we'reonMarchitectureupstreamdoesn'toffid>llbuildforfIctSbu«ldbinariesfromthepublishedsourcepackagesecho"deb-vchttpi/nginjuorg/padogn/mianline/debian/bu%ternginx-»/ctc/apt/$ourres.li$t.d/nginx.list# newdirectoryforstoringsourcesand.dcbfilesftfttempDir="S(mktemp-d)-Etachmod777"StempDir"# (777toensureAPTs"_apt"usercanaccessitt)# savelistofcurrently-installedpackagessobuilddependenciescanbedeanlyremovedlaterEtftsavedAptMark="S(apt-markShowmanual)"# build.debfilesfromupstream'ssourcepackages(whichareverifiedbyapt-get)EtEtapt-getupdateEtEtapt-getbuild-dep-ySnginxPackagesaa(cd"StempDir"EtftDEB.BUI1.DOPTIONS="nocheckparalld-$(nproc)Napt-getsource-compileSnginxPackages)UWedon'tremoveAPTlistsherebecausetheygetre-downloadedandremovedlater# resetapt-mark's"manual"listsothat"purge-auto-remove"willremoveallbuilddependencies#(whichisdoneafterWeinstallthebuiltpackagessowedon'thavetoredownloadanyoverlappingdependenn)Etftapt-m>rkshowmanualK3rg%apt-markauto>knu1lftft-z"SuvcdAptM3rk*'t-markmanualSuvedAptMark;.createatemporarylocalAPTrepotoinstallfrom(sothatdependencyresolutiononbehandledbyAPT.asitshouldbe)ftftIsMAFheStempDireftfcdwStempDir*Hftdpkg-ScanpKiuigcs.>Fck>gft)HHgrep-Pc*j9e:,StempDirPckages"ftftecho-dcbtrusted>yefileStemPOirf>etcaptSoUrCWJiSt4ftugi“workroundthefollowingAPTissuebyusing"Acquire:6ZiPlndexes*f±"(overriding7etcap<>p1.conf.(Vdodcef-ip-i(kxes*)“Couldnotopenfile/var/)it/apt/)isb/partial/.tmp_tnip.0DW1jpQfk£_._P!KUges-open(13:Rfrmissiondenied).E:F4cdtofetchStOreMm岫pt1sW叼)ODVjpQfk£_,_P»cU9«Couldnotopenfile/vM/lib/apt/lisWpertial/_tmp_tmp,00W1)pQfkE_._P»du9CS-open(13:Rwmtssiondenied)Wt叩QFet-oAcquirt:<izip*n(kxcs»fal$eupdateesacEtEtapt-getinstall-no-istall-recommcnds-no-istalI-suggests-yJnginxPackagcsgettcxt-baHEtapt-getremove-purge-auto-remove-yCa-CCrtifiCateSHHrm-rfvarlibaptlistsetcapt$ource$.list.d/nginx.listifwchav«leftoversfrombuilding,Icfspurgeth<m(includingextra,unnecessarybuildCtePS)ftftif-n"StempDir-;thenapt-getpurge-y-auto-removeftftrm-rf"StcmpDir-/ctc/apt/sources.li$t.d/temp.list;fiRforwardrequestanderrorlogstodkcrlogCoIICetOfRUNIn-sfdevstdoutvarlognginxcccslogftftIn-sfdevstckrrvaognginxcor.logEXPOSEOSTOPSIGNA1.SIGTERMCMD("ginx".-g."daemonoff："如下所示，是一个java应用构建容器樵像的Dockerfile.DodwfiiC文件：fromdaodou(IiMibfMy/tomcatMAINTAINERbcCOPYtestwarusrkaltomcatvcbaps第一个Nginx的例子中我们可以看到，其Dockerfile非常夏杂，而第二个java应用的Dockerfile很简单，基于tomcat将代码war包拷贝至潦像中即可.容器镜像Dockerfile一般可以分为两种，标准化应用的容器镜像Dockerfile,非标准化应用的容器Dockerfile.标准化应用容器的Dockerfile,变更很少，就像第二个DoCkerfiIe示例一样，只需要将不同的War包放进即可.这类的DoCkerfiIe备份一个即可.这类的容器镜像恢怎也有直接的企业流程，故而可以快速的恢复.Dockerfile本质上是一段构建拭像的脚本文件，存硫体积很小，需要迸行版本管理.Dockerfile的备份和存储，亘接使用企业现有的代码版本管理系统直接备份和保存即可.对于非标准化的镜像Dockerfile则针对不同的需求定制不同的Dockerfile,这类变更频次蛟低，构建的依赖文件或者环境往往不进行备份，此类如果病要备份和存储，需要将DockerFiIe中涉及的内容一起备份.本小节介绍了基于DoCkerfiIe的容IMlUt的备份和恢复，标准DOCkerfile,企业代码版本管理方式备份，构建环境恢复快速，容器铤像恢红.非标准Dgkerme.Dockurfile和依赖内容一起备份，也可恢史.需要注意的是根据DOCkCrfiIe备份从而实现愤像的备份,般上要用于CIZCD的场景。因为Dockerfile备份的何时,需要对其所依赖的文件以及构建环境都要进行答份,或者能实现快速创建，一旦构建环境或者依赖的uar包等无法快速创建或者恢复，是无法现在镜像的假更，3单个容器的备份和恢复容器说像是分蜃存储，从这个角度，镜像是相关文件的集合.镜像是否可以按照文件备份那样迸行备份呢？答案是肯定的。 tofcm9tt7I9rtphelk>-wfldhello-wofldIateKfce289e99ct9ISmonthsago14kB ,保存镇金至文件 dockersavehello-world>/daHhegwori&imige.ta1.JCdM3JhIgrephclk>-world-ifu9e.tar4z“期除UIB dockerrmi-fhello-worid:latntUnta99cd:helk>>wor1d:UtestUntagged:helkHwodda2S6dfddf63G36dMef479d645abS88S1SO3(X611aS6f337ac7f2fdd86d7e4eDekted:sha256