![这里写图片描述]()
打开微信扫一扫,关注微信公众号【数据与算法联盟】
转载请注明出处:
http://blog.csdn.net/gamer_gyt
博主微博:
http://weibo.com/234654758
Github:
https://github.com/thinkgamer
Docker江湖
写在前边的话
一般情况下,linux操作系统的管理员通过SSH服务来管理操作系统,但是Docker的很多镜像都是不带SSH服务的,接下来我们就来看一下如何创建一个带有SSH服务的镜像
基于Commit命令创建
1:准备一个ubuntu的镜像
sudo docker pull ubuntu
默认安装最新版,查看镜像
sudo docker images
这个时候便可以看到我们pull的ubuntu镜像了
![这里写图片描述]()
2:启动镜像,进入容器
[redhat@localhost ~]$ sudo docker run -it -d ubuntu:latest /bin/bash
[sudo] password for redhat:
e968f75ffc88881377ac0b5b74bd273c3c516544ff7d6270a1683aa676da3d6c
[redhat@localhost ~]$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e968f75ffc88 ubuntu:latest "/bin/bash" 18 seconds ago Up 16 seconds cranky_stallman
[redhat@localhost ~]$ sudo docker exec -it e9 /bin/bash
尝试使用sshd命令,会发现容器中并没有安装此命令
root@e968f75ffc88:/
bash: sshd: command not found
尝试安装openssh-server
root@e968f75ffc88:/# apt-get install openssh-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package openssh-server
更新软件源
apt-get update
3:安装和配置ssh服务
apt-get install openssh-server
要正常启动ssh服务,需要目录/var/run/sshd存在,手动创建他,并启动服务
mkdir -p /var/run/sshd
/usr/sbin/sshd -D &
此时查看容器的22端口(SSH服务默认监听的端口),已经处于监听状态
apt-get install net-tools
netstat -tunlp
root@e968f75ffc88:/
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3551/sshd
tcp6 0 0 :::22 :::* LISTEN 3551/sshd
修改SSH服务的安全登录配置,取消pam登陆限制
sed -ri ‘s/session required pam_loginuid.so/#session required pam_loginuid.so/g’ /etc/pam.d/sshd
在root用户目录下创建.ssh目录,并复制需要登录的公钥信息(一般为本地主机用户目录下的.ssh/id_rsd.pub文件,可由ssh-keygen -t rsa命令生成)到authorized_keys文件中
mkdir root/.ssh
apt-get install vim
vim /root/.ssh/authorized_keys
创建自动启动SSH服务的可执行文件run.sh,并添加可执行权限:
vim /run.sh
chmod +x run.sh
run.sh的内容如下:
#!/bin/bash
/usr/sbin/sshd -D
最后退出容器:
exit
4:保存镜像
sudo docker commit fcl sshd:ubuntu
查看本地镜像,就会看到新生成的镜像
```
[redhat@localhost ~]$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e968f75ffc88 ubuntu:latest "/bin/bash" About an hour ago Exited (0) About a minute ago cranky_stallman
[redhat@localhost ~]$ sudo docker commit e96 sshd:ubuntu
sha256:f52e07fa7accf437f52cb39cd36cdab9229ef88b2280129ff4d2c272fbb73aad
[redhat@localhost ~]$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd ubuntu f52e07fa7acc About a minute ago 255 MB
ubuntu latest f753707788c5 2 weeks ago 127.1 MB
使用镜像,并添加端口映射(10022–>22),其中10022是宿主主机的端口,22是容器SSH服务监听端口
sudo docker run -it -d -p 10022:22 sshd:ubuntu_new /run.sh
SSH测试登录
ssh you_ip -p 10022
[root@localhost .ssh]# ssh 192.168.10.179 -p 10022
The authenticity of host '[192.168.10.179]:10022 ([192.168.10.179]:10022)' can't be established.
ECDSA key fingerprint is 0b:ae:62:09:a2:18:4e:ef:16:e3:3f:b9:2d:15:fb:7a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.10.179]:10022' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 3.10.0-229.el7.x86_64 x86_64)
* Documentation: https:
* Management: https:
* Support: https:
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@e498e20668d9:~# exit
logout
Connection to 192.168.10.179 closed.
使用Dockerfile创建
1:创建工作目录
首先创建一个sshd_ubuntu目录
mkdir ssh_ubuntu
在其中,创建Dockerfile和run.sh文件
[root@localhost mydockerfile]
[root@localhost ssh_ubuntu]
[root@localhost ssh_ubuntu]
Dockerfile run.sh
[root@localhost ssh_ubuntu]
2:编写run.sh脚本和authorized_keys文件
脚本文件run.sh的内容与上面的内容一致:
#!/bin/bash
/usr/sbin/sshd -D
在宿主主机上生成SSh密钥对,并创建authorized_keys文件:
cat ~/.ssh/id_rsa.pub > authorized_keys
3:编写Dockerfile
下面是Dockerfile内容及各部分注释,和上边commit镜像的步骤操作是一致的
#设置继承镜像
FROM ubuntu:latest
#运行命令
RUN apt-get update
#安装ssh
RUN apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
#取消pam限制
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
#复制配置文件到相应位置,并赋予脚本可执行权限
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod 755 /run.sh
#开放端口
EXPOSE 22
#设置自启动命令
CMD ["/run.sh"]
4:创建镜像
在sshd_ubuntu 目录下,使用docker build 命令来创建镜像,注意一下,在最后还有一个“.” ,表示使用当前目录中的Dockerfile
cd sshd_ubuntu
sudo docker build -t sshd:dockerfile .
这里有一点需要注意的是使用Dockerfile创建自定义镜像,docker会自动删除中间临时创建的层,还需要注意每一步的操作和编写的dockerfile中命令的对应关系
执行docker build命令的输出参考结果如下:
命令执行完毕后,如果可见 “successfully build XXX”字样,则说明镜像创建成功,可以看到,以上命令生成的镜像ID是
Step 11 : CMD /run.sh
---> Running in 69e4227186fb
---> f530a7a43fd7
Removing intermediate container 69e4227186fb
Successfully built f530a7a43fd7
在本地查看sshd:dokcerfile镜像已存在:
[root@localhost ssh_ubuntu]
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd dockerfile f530a7a43fd7 About a minute ago 220.6 MB
sshd ubuntu cc0c1d242d82 38 minutes ago 255 MB
5:测试镜像,运行容器
使用刚才创建的sshd:dockerfile镜像来运行一个容器,直接启动镜像,映射容器的22端口到本地10122端口:
sudo docker run -d -p 10122:22 sshd:dockerfile
ssh 192.168.10.179 -p 10122
显示:
[root@localhost .ssh]# ssh 192.168.10.179 -p 10122
The authenticity of host '[192.168.10.179]:10122 ([192.168.10.179]:10022)' can't be established.
ECDSA key fingerprint is 0b:ae:62:09:a2:18:4e:ef:16:e3:3f:b9:2d:15:fb:7a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.10.179]:10022' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 3.10.0-229.el7.x86_64 x86_64)
* Documentation: https:
* Management: https:
* Support: https:
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@e498e20668d9:~# exit
logout
Connection to 192.168.10.179 closed.
Over!
