问题描述
我正在创建一个Docker映像,在其中我使用sed修改了两个参数,但是当我创建映像并检查要修改的文件时,reman相同。如果我以交互方式运行sed命令,则无法正常工作。为什么? sombebody可以帮助我使ma图像工作而不必修改每个容器。
I'm creating a Docker image where I use sed to modify two parameters, but when i create the images and check the file I wanted to modify it remanis the same. If i run the very sed command interactively, i t works. Why? Could sombebody help me make ma image work without having to modify every container.
Dockerfile
Dockerfile
FROM python:slim-buster
WORKDIR /home/scr_dca
COPY . .
ENV FLASK_APP Screenly.py
RUN apt-get update && \
apt install curl gnupg -y && \
curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - && \
curl https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list && \
apt-get update && ACCEPT_EULA=Y apt-get install msodbcsql17 unixodbc-dev -y && \
apt-get install libgssapi-krb5-2 g++ gcc && \
pip3 install -r requirements.txt --trusted-host pypi.python.org
RUN sed -i "s/\(MinProtocol *= *\).*/\1TLSv1.0 /" "/etc/ssl/openssl.cnf" && \
sed -i "s/\(CipherString *= *\).*/\1DEFAULT@SECLEVEL=1 /" "/etc/ssl/openssl.cnf"
CMD ["gunicorn", "-b", ":8000", "scr_dca:app"]
我在做
docker run --name mycontainer -d -p 5050:8000 src_dca_v1.0
docker container exec -it mycontainer bash
:/home/myapp# cat /etc/ssl/openssl.cnf
我在图像创建过程中检查并无法执行sed,所以我运行了以下命令:
I checked and sed didnt work during the image creation so I ran the following commands:
sed -i "s/\(MinProtocol *= *\).*/\1TLSv1.0 /" "/etc/ssl/openssl.cnf"
sed -i "s/\(CipherString *= *\).*/\1DEFAULT@SECLEVEL=1 /" "/etc/ssl/openssl.cnf"
我要修改的文件的
原始部分:
original part of the file I want to modify:
[system_default_sect]
MinProtocol = TLSv1.2
CipherString = @SECLEVEL=1
sed预期结果
sed expected result
[system_default_sect]
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=1
推荐答案
我怀疑您没有看到某些内容,或者您没有在问题中进行解释/描述。照原样,我无法重现您的问题。
I suspect there is something you are not seeing or that you did not explain/describe in your question. As is, I cannot reproduce your problem.
我的MCVE受您当前问题的启发进行测试:
My MCVE, inspired by your current question to test:
FROM python:slim-buster
RUN cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.ORI && \
sed -i "s/\(MinProtocol *= *\).*/\1TLSv1.0 /" "/etc/ssl/openssl.cnf" && \
sed -i "s/\(CipherString *= *\).*/\1DEFAULT@SECLEVEL=1 /" "/etc/ssl/openssl.cnf" && \
(diff -u /etc/ssl/openssl.cnf.ORI /etc/ssl/openssl.cnf || exit 0)
注意:我忽略了diff退出状态并将其强制为0,因为当文件之间存在差异而将使构建失败时,它将以状态1退出。
Note: I ignored diff exit status and force it to 0, as it will exit with status 1 when there is a difference between the files which would fail the build.
结果是:
$ docker build --no-cache -t test:test .
Sending build context to Docker daemon 4.096kB
Step 1/2 : FROM python:slim-buster
---> 3d8f801fc3db
Step 2/2 : RUN cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.ORI && sed -i "s/\(MinProtocol *= *\).*/\1TLSv1.0 /" "/etc/ssl/openssl.cnf" && sed -i "s/\(CipherString *= *\).*/\1DEFAULT@SECLEVEL=1 /" "/etc/ssl/openssl.cnf" && (diff -u /etc/ssl/openssl.cnf.ORI /etc/ssl/openssl.cnf || exit 0)
---> Running in 523ddc0f4025
--- /etc/ssl/openssl.cnf.ORI 2020-01-09 16:21:44.667348574 +0000
+++ /etc/ssl/openssl.cnf 2020-01-09 16:21:44.675348574 +0000
@@ -358,5 +358,5 @@
system_default = system_default_sect
[system_default_sect]
-MinProtocol = TLSv1.2
-CipherString = DEFAULT@SECLEVEL=2
+MinProtocol = TLSv1.0
+CipherString = DEFAULT@SECLEVEL=1
Removing intermediate container 523ddc0f4025
---> 88c28529ceb5
Successfully built 88c28529ceb5
Successfully tagged test:test
如您所见, diff 显示了运行sed之前/之后的差异以及您期望的修改。
As you can see, diff is showing the differences before/after running sed and the modifications you are expecting are there.
我们可以还应确保从该映像启动容器时这些修改仍然存在:
We can also make sure those modifications persist when starting a container from this image:
$ docker run -it --rm --name testcmd test:test bash -c "grep -A 2 '\[system_default_sect\]' /etc/ssl/openssl.cnf"
[system_default_sect]
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=1
这篇关于sed在dockerfile中不起作用,但在容器bash中起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!