MySQL的Docker镜像制作详解

一、环境描述

1. 宿主机

  • CPU:双核
  • 内存:4 GB
  • 硬盘:120 GB
  • IP地址:192.168.190.128
  • 操作系统:CentOS 7.4 x86_64 Minimal

2. Docker

3. 基础镜像

4. MySQL

  • 版本:5.7.21
  • 安装方式:YUM Repo

二、创建必要的文件

1. 创建服务启动脚本

当MySQL容器启动时,便会运行该脚本,启动MySQL服务。在shell中运行以下命令,创建start.sh脚本:

cat > /root/Downloads/start.sh << "EOF"
#! /bin/bash

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

exec="/usr/bin/mysqld_safe"
prog="mysqld"

# Set timeouts here so they can be overridden from /etc/sysconfig/mysqld
STARTTIMEOUT=120

# Set in /etc/sysconfig/mysqld, will be passed to mysqld_safe
MYSQLD_OPTS=

[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog

lockfile=/var/lock/subsys/$prog

# Support for extra options passed to mysqld
command=$1 && shift
extra_opts="$@"

# Extract value of a MySQL option from config files
# Usage: get_mysql_option OPTION DEFAULT SECTION1 SECTION2 SECTIONN
# Result is returned in $result
# We use my_print_defaults which prints all options from multiple files,
# with the more specific ones later; hence take the last match.
get_mysql_option () {
    option=$1
    default=$2
    shift 2
    result=$(/usr/bin/my_print_defaults "$@" | sed -n "s/^--${option}=//p" | tail -n 1)
    if [ -z "$result" ]; then
    # not found, use default
    result="${default}"
    fi
}

get_mysql_option datadir "/var/lib/mysql" mysqld
datadir="$result"
get_mysql_option socket "$datadir/mysql.sock" mysqld
socketfile="$result"
get_mysql_option log-error "/var/log/mysqld.log" mysqld mysqld_safe
errlogfile="$result"
get_mysql_option pid-file "/var/run/mysqld/mysqld.pid" mysqld mysqld_safe
mypidfile="$result"

case $socketfile in
    /*) adminsocket="$socketfile" ;;
     *) adminsocket="$datadir/$socketfile" ;;
esac

install_validate_password_sql_file () {
    local initfile
    initfile="$(mktemp /var/lib/mysql-files/install-validate-password-plugin.XXXXXX.sql)"
    chmod a+r "$initfile"
    echo "SET @@SESSION.SQL_LOG_BIN=0;" > "$initfile"
    echo "INSERT INTO mysql.plugin (name, dl) VALUES ('validate_password', 'validate_password.so');" >> "$initfile"
    echo "$initfile"
}

start(){
    [ -x $exec ] || exit 5
    # check to see if it's already running
    RESPONSE=$(/usr/bin/mysqladmin --no-defaults --socket="$adminsocket" --user=UNKNOWN_MYSQL_USER ping 2>&1)
    if [ $? = 0 ]; then
    # already running, do nothing
    action $"Starting $prog: " /bin/true
    ret=0
    elif echo "$RESPONSE" | grep -q "Access denied for user"
    then
    # already running, do nothing
    action $"Starting $prog: " /bin/true
    ret=0
    else
    # prepare for start
    if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a "x$(dirname "$errlogfile")" = "x/var/log" ]; then
        install /dev/null -m0640 -omysql -gmysql "$errlogfile"
    fi
    [ -x /sbin/restorecon ] && /sbin/restorecon "$errlogfile"
    if [ ! -d "$datadir/mysql" ] ; then
        # First, make sure $datadir is there with correct permissions
        if [ ! -d "$datadir" -a ! -h "$datadir" -a "x$(dirname "$datadir")" = "x/var/lib" ]; then
        install -d -m0751 -omysql -gmysql "$datadir" || exit 1
        fi
        if [ ! -h "$datadir" -a "x$(dirname "$datadir")" = "x/var/lib" ]; then
        chown mysql:mysql "$datadir"
        chmod 0751 "$datadir"
        fi
        if [ -x /sbin/restorecon ]; then
        /sbin/restorecon "$datadir"
        for dir in /var/lib/mysql-files /var/lib/mysql-keyring ; do
            if [ -x /usr/sbin/semanage -a -d /var/lib/mysql -a -d $dir ] ; then
            /usr/sbin/semanage fcontext -a -e /var/lib/mysql $dir >/dev/null 2>&1
            /sbin/restorecon -r $dir
            fi
        done
        fi
        # Now create the database
        initfile="$(install_validate_password_sql_file)"
        action $"Initializing MySQL database: " /usr/sbin/mysqld --initialize --datadir="$datadir" --user=mysql --init-file="$initfile"
        ret=$?
        rm -f "$initfile"
        [ $ret -ne 0 ] && return $ret
        # Generate certs if needed
        if [ -x /usr/bin/mysql_ssl_rsa_setup -a ! -e "${datadir}/server-key.pem" ] ; then
        /usr/bin/mysql_ssl_rsa_setup --datadir="$datadir" --uid=mysql >/dev/null 2>&1
        fi
    fi
    if [ ! -h "$datadir" -a "x$(dirname "$datadir")" = "x/var/lib" ]; then
        chown mysql:mysql "$datadir"
        chmod 0751 "$datadir"
    fi
    # Pass all the options determined above, to ensure consistent behavior.
    # In many cases mysqld_safe would arrive at the same conclusions anyway
    # but we need to be sure.  (An exception is that we don't force the
    # log-error setting, since this script doesn't really depend on that,
    # and some users might prefer to configure logging to syslog.)
    # Note: set --basedir to prevent probes that might trigger SELinux
    # alarms, per bug #547485
    $exec $MYSQLD_OPTS --datadir="$datadir" --socket="$socketfile" \
        --pid-file="$mypidfile" \
        --basedir=/usr --user=mysql $extra_opts >/dev/null &
    safe_pid=$!
    # Spin for a maximum of N seconds waiting for the server to come up;
    # exit the loop immediately if mysqld_safe process disappears.
    # Rather than assuming we know a valid username, accept an "access
    # denied" response as meaning the server is functioning.
    ret=0
    TIMEOUT="$STARTTIMEOUT"
    while [ $TIMEOUT -gt 0 ]; do
        RESPONSE=$(/usr/bin/mysqladmin --no-defaults --socket="$adminsocket" --user=UNKNOWN_MYSQL_USER ping 2>&1) && break
        echo "$RESPONSE" | grep -q "Access denied for user" && break
        if ! /bin/kill -0 $safe_pid 2>/dev/null; then
        echo "MySQL Daemon failed to start."
        ret=1
        break
        fi
        sleep 1
        let TIMEOUT=${TIMEOUT}-1
    done
    if [ $TIMEOUT -eq 0 ]; then
        echo "Timeout error occurred trying to start MySQL Daemon."
        ret=1
    fi
    if [ $ret -eq 0 ]; then
        action $"Starting $prog: " /bin/true
        touch $lockfile
    else
        action $"Starting $prog: " /bin/false
    fi
    fi
    return $ret
}

start
EOF

2. 创建MySQL配置文件

MySQL容器的配置文件存放在宿主机中,便于调整MySQL服务的配置项。在shell中运行以下命令,创建my.cnf文件:

cat > /root/Downloads/my.cnf << "EOF"
# For advice on how to change settings please see
# http://dev.mysql.com/doc/refman/5.7/en/server-configuration-defaults.html

[mysqld]
#
# Remove leading # and set to the amount of RAM for the most important data
# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
# innodb_buffer_pool_size = 128M
#
# Remove leading # to turn on a very important data integrity option: logging
# changes to the binary log between backups.
# log_bin
#
# Remove leading # to set options mainly useful for reporting servers.
# The server defaults are faster for transactions and fast SELECTs.
# Adjust sizes as needed, experiment to find the optimal values.
# join_buffer_size = 128M
# sort_buffer_size = 2M
# read_rnd_buffer_size = 2M
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock

# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0

log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EOF

3. 创建supervisor配置文件

supervisor是一种Linux的进程管理工具,MySQL容器会用其管理自身的后台服务。在shell中运行以下命令,创建supervisord.conf文件:

cat > /root/Downloads/supervisord.conf << "EOF"
[supervisord]
nodaemon=true

[program:mysql]
command=/bin/bash start.sh
EOF

三、制作MySQL镜像

1. 创建Dockerfile文件

在shell中运行以下命令,创建Dockerfile文件:

cat > /root/Downloads/Dockerfile << "EOF"
# 使用自建的CentOS 6.9基础镜像
FROM registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos:6.9

# 镜像维护者
MAINTAINER ghoulich@aliyun.com

# 安装MySQL
RUN rpm -ivh https://repo.mysql.com//mysql57-community-release-el6-11.noarch.rpm
RUN yum install -y mysql-community-server
COPY start.sh /

# 安装supervisor
RUN yum install -y epel-release
RUN rpm --rebuilddb && yum install -y supervisor

# 复制supervisor配置文件
RUN rm -rf /etc/supervisord.conf
COPY supervisord.conf /etc/supervisord.conf

# 清理系统
RUN yum clean all

# 开放3306端口
EXPOSE 3306

# 挂载数据、配置和日志目录
RUN rm -rf /etc/my.cnf /var/log/mysqld.log
VOLUME ["/var/lib/mysql", "/etc/my.cnf", "/var/log/mysqld.log"]

# 自启动supervisor
CMD ["/usr/bin/supervisord"]
EOF

上述文件有两点需要注意:

  • 公开3306端口,这是MySQL的默认服务端口。
  • 创建数据、配置和日志目录的挂载点,这样便可以通过宿主机直接编辑和查看MySQL容器的数据、配置和日志,即使删除容器,这些数据也不会丢失。

2. 创建MySQL镜像

在shell中执行以下命令,创建镜像(耗时较长):

cd /root/Downloads
docker build -t mysql:latest .

3. 查看镜像

在shell中查看镜像信息,若如下图所示,则表示镜像创建成功:

查看MySQL镜像的状态

四、上传镜像

1. 登录阿里云镜像库

在shell中运行以下命令:

docker login --username=ghoulich@aliyun.com registry.cn-hangzhou.aliyuncs.com

请根据实际情况,使用真实的用户名和密码。

2. 创建镜像标签

在shell中运行以下命令:

docker tag mysql:latest registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos-6.9-mysql:5.7.21

3. 推送镜像

在shell中运行以下命令:

docker push registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos-6.9-mysql:5.7.21

五、使用方法

1. 创建目录和文件

在shell中运行以下命令,在宿主机上创建MySQL的数据、配置和日志目录,并且修改访问权限:

mkdir -p /usr/local/mysql/{data,log,config}
touch /usr/local/mysql/log/mysqld.log
cp /root/Downloads/my.cnf /usr/local/mysql/config/
chown -R 27:27 /usr/local/mysql

注意,27:27是MySQL容器中的mysql用户的UID和GID,宿主机中没有这个用户。

2. 启动容器

在shell中运行以下命令,启动MySQL容器:

docker run --detach \
    --name mysql \
    --hostname mysql \
    --volume /usr/local/mysql/log/mysqld.log:/var/log/mysqld.log \
    --volume /usr/local/mysql/config/my.cnf:/etc/my.cnf \
    --volume /usr/local/mysql/data:/var/lib/mysql \
    --publish 3306:3306 \
    registry.cn-hangzhou.aliyuncs.com/ghoulich-centos/centos-6.9-mysql:5.7.21

有几个选项需要说明:

  • --volume:将MySQL容器的数据、配置和日志目录映射至宿主机的相应目录;
  • --publish:将MySQL容器的3306端口映射至宿主机的3306端口。

3. 修改初始密码

MySQL服务初次启动时,会自动生成一个随机密码,存放在mysqld.log日志文件中。在shell中运行以下命令,首先提取初始密码,其次修改root密码,然后启用远程连接权限,最后刷新权限:

init_passwd=$(sed -rn 's/^(.*)(root@localhost: )(.*)$/\3/p' /usr/local/mysql/log/mysqld.log)
docker exec -it mysql mysql --user=root --password=${init_passwd} --connect-expired-password --execute="ALTER USER 'root'@'localhost' IDENTIFIED BY '123.Org$%^';"
docker exec -it mysql mysql --user=root --password=123.Org$%^ --execute="GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123.Org$%^' WITH GRANT OPTION;"
docker exec -it mysql mysql --user=root --password=123.Org$%^ --execute="FLUSH PRIVILEGES;"

4. 验证测试

通过telnet验证宿主机的3306端口,若结果如下图所示,则表示MySQL容器启动成功:

验证MySQL端口

5. 常用命令

在修改配置文件之后,需要重启MySQL服务才能生效,可以通过以下命令启动、停止和重启容器,也能达到同样的效果:

# 启动容器
docker start mysql
# 停止容器
docker stop mysql
# 重启容器
docker restart mysql