如何打包Docker Clamav?

Docker

1 基础知识

本章节需要你先掌握Linux系统的Clamav编译部署,如你尚未具备此知识,烦请参阅如下章节熟悉,

如何编译安装clamav?

2 最佳实践

2.1 部署前的准备

2.1.1 部署Docker环境

本章使用如下Docker环境部署,参阅本章建议你先搭建以下Docker集群环境并熟悉,

如何部署Docker生产环境?

2.1.2 准备系统镜像

In docker01

cd /data/docker/images/
docker load -i centos_centos7.3.1611.tar
docker tag centos:centos7.3.1611 docker01.cmdschool.org:5000/centos:centos7.3.1611
docker push docker01.cmdschool.org:5000/centos:centos7.3.1611
docker image rm centos:centos7.3.1611

另外,安装包的离线下载请在能上网的docker环境的机器上使用如下命令,

docker pull centos:centos7.3.1611
docker save centos:centos7.3.1611 -o centos_centos7.3.1611.tar

另外,其他版本请从以下链接下载,
https://hub.docker.com/_/centos

2.1.3 下载Clamav源码包

cd ~
wget http://www.clamav.net/downloads/production/clamav-0.102.3.tar.gz

注,另外其他版本请从以下链接下载(含二进制安装包,如rpm包),
http://www.clamav.net/download/

2.1.4 下载curl源码包

cd ~
wget https://curl.haxx.se/download/curl-7.65.3.tar.gz

注意:其他版本请从以下目录下载,
https://curl.haxx.se/download/

2.2 创建Clamav镜像

2.2.1 创建镜像项目文件夹

cd ~
mkdir ~/imageProject-clamav-0.102.3

2.2.2 创建Dockerfile

vim ~/imageProject-clamav-0.102.3/Dockerfile

加入如下配置,

FROM docker01.cmdschool.org:5000/centos:centos7.3.1611
MAINTAINER will@cmdschool.org

# Install Tools
RUN yum -y install net-tools telnet crontabs
RUN yum -y install gcc gcc-c++ make expat-devel

# Make Before
COPY clamav-0.102.3.tar.gz /root
COPY curl-7.65.3.tar.gz /root

WORKDIR /root
RUN tar -xf clamav-0.102.3.tar.gz
RUN tar -xf curl-7.65.3.tar.gz


RUN yum install -y libnghttp2-devel openssl-devel
WORKDIR /root/curl-7.65.3
RUN ./configure --prefix=/usr/local/curl-7.65.3 \
                --with-nghttp2 \
                --with-ssl
RUN make
RUN make install

# Install the required packages for make
RUN yum install -y check-devel sendmail-devel libcurl-devel 
RUN rm -rf /var/cache/yum/*


# Make Clamav
WORKDIR /root/clamav-0.102.3
RUN ./configure '--build=x86_64-redhat-linux-gnu' \
                '--host=x86_64-redhat-linux-gnu' \
                '--target=x86_64-redhat-linux-gnu' \
                '--prefix=/usr' \
                '--bindir=/usr/bin' \
                '--sbindir=/usr/sbin' \
                '--libexecdir=/usr/libexec' \
                '--sysconfdir=/etc' \
                '--localstatedir=/var' \
                '--libdir=/usr/lib64' \
                '--includedir=/usr/include' \
                '--datadir=/usr/share' \
                '--infodir=/usr/share/info' \
                '--localedir=/usr/share/locale' \
                '--mandir=/usr/share/man' \
                '--docdir=/usr/share/doc/clamav-0.102.3' \
                '--exec-prefix=/usr' \
                '--sharedstatedir=/var/lib' \
                '--program-prefix=' \
                '--enable-milter' \
                '--disable-clamav' \
                '--disable-static' \
                '--disable-zlib-vcheck' \
                '--disable-unrar' \
                '--enable-id-check' \
                '--enable-dns' \
                '--with-dbdir=/var/lib/clamav' \
                '--with-group=clamav' \
                '--with-user=clamav' \
                '--with-zlib=/usr' \
                '--enable-ltdl-convenience' \
                '--enable-check' \
                '--with-systemdsystemunitdir=no' \
                'build_alias=x86_64-redhat-linux-gnu' \
                'host_alias=x86_64-redhat-linux-gnu' \
                'target_alias=x86_64-redhat-linux-gnu' \
                'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
                'LDFLAGS= -Wl,-z,relro' \
                'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' \
                'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' \
                '--with-libcurl=/usr/local/curl-7.65.3'
RUN make
RUN make install
RUN rm -rf /root/clamav-0.102.3*
RUN rm -rf /root/curl-7.65.3*

COPY clamd.conf /etc/clamd.conf
COPY freshclam.conf /etc/freshclam.conf

RUN groupadd  -g 498 clamav
RUN useradd -u 498 -g 498 -d /var/lib/clamav -s /sbin/nologin -c "Clam Anti Virus Checker" clamav
RUN mkdir -p /var/log/clamav /var/run/clamav
RUN chown clamav:clamav /var/lib/clamav /var/log/clamav /var/run/clamav
RUN chmod 775 -R /var/lib/clamav/ /var/log/clamav
RUN /usr/bin/freshclam --quiet
RUN echo '47  *  *   *    *  /usr/bin/freshclam --quiet' >> /var/spool/cron/root

RUN echo '#!/bin/bash' > /root/start.sh
RUN echo 'echo "Starting Clamav Server...";' >> /root/start.sh
RUN echo '/usr/sbin/clamd -F -c /etc/clamd.conf' >> /root/start.sh
RUN chmod +x /root/start.sh
EXPOSE 3310

WORKDIR /root
CMD ["/bin/bash","./start.sh"]

“FROM”指令声明基于“centos7.3.1611”镜像打包
“COPY”指令声明复制当前目录的具体文件到打包的镜像
“ENV”指令声明JAVA JDK或Tigase所需的环境变量
“RUN”指令声明容器环境执行的命令
“EXPOSE ”指令声明容器使用的端口
“WORKDIR”指令声明切换容器内部的某个目录
“CMD”指令声明启动容器执行的启动服务命令
所以我们需要根据定义的文件准备需要复制的文件,

cd ~
cp curl-7.65.3.tar.gz imageProject-clamav-0.102.3/
cp clamav-0.102.3.tar.gz ~/imageProject-clamav-0.102.3/

然后,我们需要预先准备clamav的数据库更新工具配置,

vim ~/imageProject-clamav-0.102.3/freshclam.conf

加入如下配置,

# Example
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog yes
DatabaseOwner clamav
DatabaseMirror database.clamav.net

然后,我们需要预先准备clamav的配置文件,

vim ~/imageProject-clamav-0.102.3/clamd.conf

加入如下配置,

# Example
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime yes
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
TCPAddr 0.0.0.0
MaxConnectionQueueLength 30
MaxThreads 50
ReadTimeout 300
User clamav
ScanPE yes
ScanELF yes
ScanOLE2 yes
ScanMail yes
ScanArchive yes
ArchiveBlockEncrypted no

确认所需的文件存在,

ls ~/imageProject-clamav-0.102.3

可见如下显示,

clamav-0.102.3.tar.gz  clamd.conf  curl-7.65.3.tar.gz  Dockerfile  freshclam.conf

2.2.3 执行打包操作

cd ~/imageProject-clamav-0.102.3
docker build -t clamav:0.102.3 .

以上“.”指当前目录为编译目录,编译程序会自动加载“Dockerfile”文件定义,可见如下显示,

Sending build context to Docker daemon  382.2MB
Step 1/31 : FROM docker01.cmdschool.org:5000/centos:centos7.3.1611
 ---> c5d48e81b986
[...]
Successfully built 81175d1c3e79
Successfully tagged clamav:0.102.3

如果镜像集群公用,还需要执行以下命令,

docker tag clamav:0.102.3 docker01.cmdschool.org:5000/clamav:0.102.3
docker push docker01.cmdschool.org:5000/clamav:0.102.3
docker image rm clamav:0.102.3

完成后,可使用如下命令查看镜像,

docker images

可见如下显示,

REPOSITORY                                        TAG                        IMAGE ID            CREATED             SIZE
docker01.cmdschool.org:5000/clamav                0.102.3                    0f81aac745b6        25 minutes ago      1.24GB

2.2.4 测试软件运行

 docker run -d --name clamav -p 3310:3310 docker01.cmdschool.org:5000/clamav:0.102.3

以上运行容器环境后,我们使用以下命令登录容器虚拟机,

docker exec -it `docker container ls | grep 'clamav' | cut -d" " -f1 ` /bin/bash

可使用如下命令查看软件倾听的端口,

netstat -antp

可见如下显示,

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:3310            0.0.0.0:*               LISTEN      -

测试完成后可使用如下命令退出容器虚拟机,

exit

另外,你可以使用如下命令查询当前运行的container,

docker ps -a

可见如下显示,

CONTAINER ID        IMAGE                                                                  COMMAND                  CREATED             STATUS              PORTS                    NAMES
62b7a201dc4d        docker01.cmdschool.org:5000/clamav:0.102.3                             "/bin/bash ./start.sh"   5 minutes ago       Up 5 minutes        0.0.0.0:3310->3310/tcp   clamav
[...]

然后可以使用如下命令停止并删除,

docker container stop 62b7a201dc4d
docker container rm 62b7a201dc4d

参阅文档
====================

https://docs.docker.com/engine/reference/builder/

没有评论

发表回复

Docker
如何自定义Docker Registry的地址?

1 前言 一个问题,一篇文章,一出故事。 由于公司内部服务器由于不允许直接连接Internet,因此 …

Docker
如何代理Docker Registry?

1 前言 一个问题,一篇文章,一出故事。 由于公司内部服务器由于不允许直接连接Internet,因此 …

Docker
如何部署Oracle 9.x Docker 环境?

1 基础知识 1.1 基本概念 1.1.1 Docker的基本概念 – Docker是开 …