Как повторно использовать образ Docker, установленный другим файлом Docker? - PullRequest
Новая
       20

Как повторно использовать образ Docker, установленный другим файлом Docker?

0 голосов
/ 04 октября 2018

У меня следующая проблема (не уверен, что это правильный шаблон для реализации, но я так далеко до этой темы):

Ситуация:

  • У меня есть решение ASP.NET core 2.1 с несколькими проектами (некоторые библиотеки классов и две службы)
  • Я хочу создать два Docker-контейнера на основе Linux: по одному для каждой службы
  • Я хочу, чтобы двое из них использовали один и тот же (самоподписанный) SSL-сертификаты (не уверен, что это хороший шаблон, но они будут жить в одном домене, и оба будут общаться с пользователями)
  • Я планирую создать базовый образ докера с помощью docker compose, затем повторно использовать эту базу в обоих сервисных докерах
  • У меня есть решение, которое работает только с одним докерным контейнером, но оба контейнера вв то же время не работает

Вопросы:

  • Как я могу повторно использовать образ докера в моем Dockerfile, если он был создан другим Dockerfileи определить это поведениеили в файле docker-compose.yml?Как я могу создать образ докера с сертификатом, который будет служить основой для обоих образов сервис-докера?
  • Является ли приведенный выше рисунок правильным, правильным / хорошо спроектированным?Есть ли возможные улучшения в дизайне?

Это работает для одного контейнера:

docker-compose.yml: 

version: '3.4'
services:
  afr_webapi:
    image: afr/webapi:latest
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
    ports:
      - "53538:80"
      - "44376:443"
    build:
      context: .
      dockerfile: AFRWebAPI/Dockerfile
  #afr_webui: ... (an another service)

AFRWebAPI / Dockerfile: 

FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
# Set password for the certificate as 1234
ENV certPassword 1234
# Use opnssl to generate a self signed certificate cert.pfx with password $env:certPassword
RUN openssl genrsa -des3 -passout pass:${certPassword} -out server.key 2048 \
    && openssl rsa -passin pass:${certPassword} -in server.key -out server.key \
    && openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost' \
    && openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt \
    && openssl pkcs12 -export -out cert.pfx -inkey server.key -in server.crt -certfile server.crt -passout pass:${certPassword}
# Expose port 443 for the application.
EXPOSE 443
EXPOSE 53538
EXPOSE 44376

FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY . .
WORKDIR "/src"
RUN dir \
    && dotnet build "AFRCore/AFRCore.csproj" -c Release -o /app \
    && dotnet build "AFRCoreWorkflow/AFRCoreWorkflow.csproj" -c Release -o /app \
    && dotnet build "DBFHandler/DBFHandler.csproj" -c Release -o /app \
    && dotnet build "AFRInfrastructure/AFRInfrastructure.csproj" -c Release -o /app \
    && dotnet build "AFRWebAPI/AFRWebAPI.csproj" -c Release -o /app

FROM build AS publish
WORKDIR "/src/AFRWebAPI"
RUN dotnet publish "AFRWebAPI.csproj" -c Release -o /app

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "AFRWebAPI.dll"]

Результат: 

afr_webapi_1  | Hosting environment: Development
afr_webapi_1  | Content root path: /app
afr_webapi_1  | Now listening on: https://0.0.0.0:443
afr_webapi_1  | Application started. Press Ctrl+C to shut down.

Приведенный выше шаблон не работает, когда я хочу перенести часть создания сертификата на другой докеризображение для последующего повторного использования двумя сервисными контейнерами:

(обратите внимание, что в этом примере для иллюстрации проблемы достаточно только одного сервисного контейнера)

docker-compose.yml: 

version: '3.4'
services:
  afr_certbase:
    image: afr/certbase:latest                      # <------ This image I want to reuse ...
    build:
      context: .
      dockerfile: Certificate/Dockerfile
  afr_webapi:                                       # <------ ... during composing this image
    image: afr/webapi:latest
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
    ports:
      - "53538:80"
      - "44376:443"
    build:
      context: .
      dockerfile: AFRWebAPI/Dockerfile
    depends_on:
      - afr_certbase
  #afr_webui: ... (an another service)

Сертификат / Dockerfile: 

FROM microsoft/dotnet:2.1-aspnetcore-runtime AS cert_base   # <------- This should be an image used by the two services
# Set password for the certificate as 1234
ENV certPassword 1234
# Use opnssl to generate a self signed certificate cert.pfx with password $env:certPassword
RUN openssl genrsa -des3 -passout pass:${certPassword} -out server.key 2048 \
    && openssl rsa -passin pass:${certPassword} -in server.key -out server.key \
    && openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost' \
    && openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt \
    && openssl pkcs12 -export -out cert.pfx -inkey server.key -in server.crt -certfile server.crt -passout pass:${certPassword}
# Expose port 443 for the application.
EXPOSE 443

AFRWebAPI / Dockerfile: 

FROM afr/certbase:latest AS base            # <------- This is were I want to reuse the afr/certbase
WORKDIR /app
EXPOSE 53538
EXPOSE 44376

FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY . .
WORKDIR "/src"
RUN dir \
    && dotnet build "AFRCore/AFRCore.csproj" -c Release -o /app \
    && dotnet build "AFRCoreWorkflow/AFRCoreWorkflow.csproj" -c Release -o /app \
    && dotnet build "DBFHandler/DBFHandler.csproj" -c Release -o /app \
    && dotnet build "AFRInfrastructure/AFRInfrastructure.csproj" -c Release -o /app \
    && dotnet build "AFRWebAPI/AFRWebAPI.csproj" -c Release -o /app

FROM build AS publish
WORKDIR "/src/AFRWebAPI"
RUN dir
RUN dotnet publish "AFRWebAPI.csproj" -c Release -o /app

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "AFRWebAPI.dll"]

Результат:

afr_webapi_1    | Application startup exception: Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
afr_webapi_1    |    at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
afr_webapi_1    |    at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
afr_webapi_1    |    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
afr_webapi_1    |    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, String fileName, String password)
afr_webapi_1    |    at AFRWebAPI.Program.<>c__DisplayClass2_0.<BuildWebHost>b__1(ListenOptions listenOptions) in /src/AFRWebAPI/Program.cs:line 30
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerOptions.Listen(IPEndPoint endPoint, Action`1 configure)
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerOptions.Listen(IPAddress address, Int32 port, Action`1 configure)
afr_webapi_1    |    at Microsoft.Extensions.Options.ConfigureNamedOptions`1.Configure(String name, TOptions options)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsManager`1.<>c__DisplayClass5_0.<Get>b__0()
afr_webapi_1    |    at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
afr_webapi_1    |    at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
afr_webapi_1    |    at System.Lazy`1.CreateValue()
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsManager`1.Get(String name)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsManager`1.get_Value()
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.CreateServiceContext(IOptions`1 options, ILoggerFactory loggerFactory)
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer..ctor(IOptions`1 options, ITransportFactory transportFactory, ILoggerFactory loggerFactory)
afr_webapi_1    | --- End of stack trace from previous location where exception was thrown ---
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(IServiceCallSite callSite, TArgument argument)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitScoped(ScopedCallSite scopedCallSite, ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitSingleton(SingletonCallSite singletonCallSite, ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(IServiceCallSite callSite, TArgument argument)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.DynamicServiceProviderEngine.<>c__DisplayClass1_0.<RealizeService>b__0(ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider)
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureServer()
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
afr_webapi_1    | crit: Microsoft.AspNetCore.Hosting.Internal.WebHost[6]
afr_webapi_1    |       Application startup exception
afr_webapi_1    | Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
afr_webapi_1    |    at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
afr_webapi_1    |    at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
afr_webapi_1    |    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
afr_webapi_1    |    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, String fileName, String password)
afr_webapi_1    |    at AFRWebAPI.Program.<>c__DisplayClass2_0.<BuildWebHost>b__1(ListenOptions listenOptions) in /src/AFRWebAPI/Program.cs:line 30
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerOptions.Listen(IPEndPoint endPoint, Action`1 configure)
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerOptions.Listen(IPAddress address, Int32 port, Action`1 configure)
afr_webapi_1    |    at Microsoft.Extensions.Options.ConfigureNamedOptions`1.Configure(String name, TOptions options)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsManager`1.<>c__DisplayClass5_0.<Get>b__0()
afr_webapi_1    |    at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
afr_webapi_1    |    at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
afr_webapi_1    |    at System.Lazy`1.CreateValue()
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsManager`1.Get(String name)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsManager`1.get_Value()
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.CreateServiceContext(IOptions`1 options, ILoggerFactory loggerFactory)
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer..ctor(IOptions`1 options, ITransportFactory transportFactory, ILoggerFactory loggerFactory)
afr_webapi_1    | --- End of stack trace from previous location where exception was thrown ---
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(IServiceCallSite callSite, TArgument argument)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitScoped(ScopedCallSite scopedCallSite, ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitSingleton(SingletonCallSite singletonCallSite, ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(IServiceCallSite callSite, TArgument argument)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.DynamicServiceProviderEngine.<>c__DisplayClass1_0.<RealizeService>b__0(ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider)
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureServer()
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
afr_webapi_1    |
afr_webapi_1    | Unhandled Exception: Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
afr_webapi_1    |    at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
afr_webapi_1    |    at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
afr_webapi_1    |    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
afr_webapi_1    |    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, String fileName, String password)
afr_webapi_1    |    at AFRWebAPI.Program.<>c__DisplayClass2_0.<BuildWebHost>b__1(ListenOptions listenOptions) in /src/AFRWebAPI/Program.cs:line 30
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerOptions.Listen(IPEndPoint endPoint, Action`1 configure)
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerOptions.Listen(IPAddress address, Int32 port, Action`1 configure)
afr_webapi_1    |    at Microsoft.Extensions.Options.ConfigureNamedOptions`1.Configure(String name, TOptions options)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsManager`1.<>c__DisplayClass5_0.<Get>b__0()
afr_webapi_1    |    at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
afr_webapi_1    |    at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
afr_webapi_1    |    at System.Lazy`1.CreateValue()
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsManager`1.Get(String name)
afr_webapi_1    |    at Microsoft.Extensions.Options.OptionsManager`1.get_Value()
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.CreateServiceContext(IOptions`1 options, ILoggerFactory loggerFactory)
afr_webapi_1    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer..ctor(IOptions`1 options, ITransportFactory transportFactory, ILoggerFactory loggerFactory)
afr_webapi_1    | --- End of stack trace from previous location where exception was thrown ---
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(IServiceCallSite callSite, TArgument argument)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitScoped(ScopedCallSite scopedCallSite, ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitSingleton(SingletonCallSite singletonCallSite, ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(IServiceCallSite callSite, TArgument argument)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.DynamicServiceProviderEngine.<>c__DisplayClass1_0.<RealizeService>b__0(ServiceProviderEngineScope scope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(Type serviceType)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType)
afr_webapi_1    |    at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider)
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureServer()
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String shutdownMessage)
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
afr_webapi_1    |    at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
afr_webapi_1    |    at AFRWebAPI.Program.Main(String[] args) in /src/AFRWebAPI/Program.cs:line 14
aruforgalmirendszer_afr_webapi_1 exited with code 139
...