• Docker使用(三)使用Dockerfile创建镜像以及为镜像添加SSH服务


    Dockerfile 是一个文本格式的配置文件, 可以使用Dockerfile 来快速创建自定义的镜像。Dockerfile有典型的基本结构及其支持的众多指令,具体可以参照Docker技术入门与实践,这篇博客(Docker基础-使用Dockerfile创建镜像)整理了出来,也可以拿来参考。这里主要总结为镜像添加SSH服务 。

    一些进入容器的办法, 比如用attach 、exec 等命令,但是这些命令都无法解决远程管理容器的问题。因此,当需要远程登录到容器内进行一些操作的时候,就需要SSH 的支持。介绍如何自行创建一个带有SSH 服务的镜像,并介绍两种创建容器的方法:基于docker commit 命令创建和基于Dockerfile 创建。

    1 基于docker commit命令创建

    1.1 获取镜像并创建一个容器

    root@slave1:/home/xxx/Documents# docker pull ubuntu:16.04
    16.04: Pulling from library/ubuntu
    Digest: sha256:97b54e5692c27072234ff958a7442dde4266af21e7b688e7fca5dc5acc8ed7d9
    Status: Image is up to date for ubuntu:16.04
    root@slave1:/home/xxx/Documents# docker run -it ubuntu:16.04 bash
    root@185a722ee292:/#
    

    1.2 配置软件源

    检查软件源,并使用apt-get update 命令来更新软件源信息:

    root@185a722ee292:/# apt-get update
    Get:1 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB]            
    Get:2 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]  
    Get:3 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [940 kB]
    Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]       
    Get:5 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]     
    Get:6 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages [1558 kB]    
    Get:7 http://security.ubuntu.com/ubuntu xenial-security/restricted amd64 Packages [12.7 kB]
    Get:8 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [582 kB]
    Get:9 http://security.ubuntu.com/ubuntu xenial-security/multiverse amd64 Packages [6114 B]
    Get:10 http://archive.ubuntu.com/ubuntu xenial/restricted amd64 Packages [14.1 kB]
    Get:11 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages [9827 kB]
    Get:12 http://archive.ubuntu.com/ubuntu xenial/multiverse amd64 Packages [176 kB]
    Get:13 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [1322 kB]
    Get:14 http://archive.ubuntu.com/ubuntu xenial-updates/restricted amd64 Packages [13.1 kB]
    Get:15 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [986 kB]
    Get:16 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [19.1 kB]
    Get:17 http://archive.ubuntu.com/ubuntu xenial-backports/main amd64 Packages [7942 B]
    Get:18 http://archive.ubuntu.com/ubuntu xenial-backports/universe amd64 Packages [8807 B]
    Fetched 16.0 MB in 1min 39s (161 kB/s)                                         
    Reading package lists... Done
    

    1.3 安装和配置SSH服务

    更新软件包缓存后可以安装SSH 服务了,选择主流的opens sh-server 作为服务端

    root@185a722ee292:/# apt-get install openssh-server
    

    如果需要正常启动SSH 服务, 则目录/var/run/sshd 必须存在。下面手动创建它,并启动SSH 服务:

    root@185a722ee292:/# mkdir -p /var/run/sshd
    root@185a722ee292:/# /usr/sbin/sshd -D &
    [1] 3243
    

    查看容器的22 端口( SSH 服务默认监昕的端口),可见此端口已经处于监听状态:

    root@185a722ee292:/# netstat -tunlp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3243/sshd       
    tcp6       0      0 :::22                   :::*                    LISTEN      3243/sshd       
    

    如果bash: vi: command not found apt-get install net-tools安装net工具包:
    修改SSH服务的安全登录配置,取消pam登陆限制

    root@185a722ee292:/# sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
    

    在root 用户目录下创建.ssh 目录,并复制需要登录的公钥信息(一般为本地主机用户目录下的.ssh/id_rsa.pub 文件,可由ssh-keygen -t rsa 命令生成)到authorized_keys 文件中:

    root@185a722ee292:/# mkdir root/.ssh
    root@185a722ee292:/# vi /root/.ssh/authorized_keys
    bash: vi: command not found
    root@185a722ee292:/# apt-get install vim
    root@185a722ee292:/# vi /root/.ssh/authorized_keys
    

    创建自动启动SSH 服务的可执行文件run . sh ,并添加可执行权限:

    root@185a722ee292:/# vi /run.sh
    root@185a722ee292:/# chmod +x run.sh
    root@185a722ee292:/#
    root@185a722ee292:/# exit
    exit
    

    run.sh 脚本内容如下:

    #!/bin/bash
    /usr/sbin/sshd -D
    

    1.4 保存镜像

    将退出的容器用docker commit命令保存为一个新的sshd:ubuntu镜像:

    root@slave1:/home/xxx/Documents# docker commit 185a722ee292 sshd:ubuntu
    sha256:4a1f2846a21fee31106ec6d86ad9ea8cc96295f59ca7a533a8d5195446cebcae
    

    使用docker images 查看本地生成的新镜像sshd:ubuntu ,目前拥有的镜像如下:

    root@slave1:/home/xxx/Documents# docker images
    REPOSITORY           TAG                 IMAGE ID            CREATED              SIZE
    sshd                 ubuntu              4a1f2846a21f        About a minute ago   235MB
    

    1.5 使用镜像

    启动容器,并添加端口映射10022 >22 。其中100 22 是宿主主机的端口, 22 是容器的SSH 服务监昕端口:

    root@slave1:/home/xxx/Documents# docker run -p 10022:22 -d sshd:ubuntu /run.sh
    cdedf8932122f63b6165c744e9e10c1a453b19986332c6f6f5a84a6c61ab1bbe
    

    启动成功后,可以在宿主主机上看到容器运行的详细信息。

    root@slave1:/home/xxx/Documents# docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
    cdedf8932122        sshd:ubuntu         "/run.sh"           23 seconds ago      Up 21 seconds       0.0.0.0:10022->22/tcp   youthful_wing
    

    在宿主主机( 192.168.220.128 )或其他主机上,可以通过SSH 访问10022 端口来登录容器:

    
    root@slave1:/home/xxx/Documents# ssh 192.168.220.128 -p 10022
    The authenticity of host '[192.168.220.128]:10022 ([192.168.220.128]:10022)' can't be established.
    ECDSA key fingerprint is SHA256:PIe3rPCEmGvRA/zljQcz8OZzELeZvWnDtd2CXkqmfSk.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '[192.168.220.128]:10022' (ECDSA) to the list of known hosts.
    Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)
    
    * Documentation:  https://help.ubuntu.com/
    
    The programs included with the Ubuntu system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    
    Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
    applicable law.
    

    2 基于Dockerfile 创建

    使用Dockerfile 来创建一个支持SSH 服务的镜像。

    2.1 创建工作目录

    创建一个sshd_ubuntu 工作目录:

    root@slave1:/home/xxx/Documents# mkdir sshd_ubuntu
    root@slave1:/home/xxx/Documents# ls
    sshd_ubuntu  
    

    创建Dockerfilerun.sh 文件:

    root@slave1:/home/xxx/Documents# cd sshd_ubuntu
    root@slave1:/home/xxx/Documents/sshd_ubuntu# touch Dockerfile run.sh
    root@slave1:/home/xxx/Documents/sshd_ubuntu# ls
    Dockerfile  run.sh
    

    2.2 编写run.sh脚本和authorized_keys文件 vi run.sh

    #!/bin/bash
    /usr/sbin/sshd -D
    
    root@slave1:/home/xxx/Documents/sshd_ubuntu# ssh-keygen -t rsa
    root@slave1:/home/xxx/Documents/sshd_ubuntu# cat ~/.ssh/id_rsa.pub >authorized_keys
    

    2.3 编写Dockerfile

    root@slave1:/home/xxx/Documents/sshd_ubuntu# vi Dockerfile
    
    
    # 基础镜像信息
    FROM ubuntu:16.04
    
    # 维护者信息
    MAINTAINER zzz xxxxxxxx@qq.com
    
    # 更新apt缓存、安装ssh服务
    RUN apt-get update && apt-get install -y openssh-server
    RUN mkdir -p /var/run/sshd 
    RUN mkdir -p /root/.ssh
    #取消pam限制
    RUN sed -ri 's/session requireD pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
    
    # 配置免密和自启动脚本
    ADD authorized_keys /root/.ssh/authorized_keys
    ADD run.sh /run.sh
    RUN chmod 755 /run.sh
    
    # 开放22端口
    EXPOSE 22
    
    # 设置脚本自启动
    CMD ["/run.sh"]
    

    2.4 创建镜像

    sshd_ubuntu 目录下,使用docker build 命令来创建镜像。表示使用当前目录中的Dockerfile

    root@slave1:/home/xxx/Documents# cd sshd_ubuntu
    root@slave1:/home/xxx/Documents/sshd_ubuntu# docker build -t sshd:dockerfile .
    Sending build context to Docker daemon  4.608kB
    Step 1/11 : FROM ubuntu:16.04
    ---> 5e13f8dd4c1a
    Step 2/11 : MAINTAINER zzz 473612131@qq.com
    ---> Using cache
    ---> 0748b6027d39
    Step 3/11 : RUN apt-get update && apt-get install -y openssh-server
    ---> Using cache
    ---> a251326511ad
    Step 4/11 : RUN mkdir -p /var/run/sshd
    ---> Using cache
    ---> 7f7223f9ca3f
    Step 5/11 : RUN mkdir -p /root/.ssh
    ---> Using cache
    ---> ef9f018d909c
    Step 6/11 : RUN sed -ri 's/session requireD pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
    ---> Running in 94c11b0c54ec
    Removing intermediate container 94c11b0c54ec
    ---> cea047a4b34f
    Step 7/11 : ADD authorized_keys /root/.ssh/authorized_keys
    ---> 8312e768de97
    Step 8/11 : ADD run.sh /run.sh
    ---> f5c23bd379b2
    Step 9/11 : RUN chmod 755 /run.sh
    ---> Running in 8f95705b05b4
    Removing intermediate container 8f95705b05b4
    ---> 03eb32be673e
    Step 10/11 : EXPOSE 22
    ---> Running in ef4439caf998
    Removing intermediate container ef4439caf998
    ---> 3ac6903206c9
    Step 11/11 : CMD ["/run.sh"]
    ---> Running in 8271fe311161
    Removing intermediate container 8271fe311161
    ---> 10ba2747ab4a
    Successfully built 10ba2747ab4a
    Successfully tagged sshd:dockerfile
    root@slave1:/home/xxx/Documents/sshd_ubuntu# docker images   #本地查看sshd :dockerfile 镜像己存在
    REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
    sshd                 dockerfile          10ba2747ab4a        2 minutes ago       200MB
    

    2.5 测试镜像,运行容器

    使用刚才创建的sshd:dockerfile 镜像来运行一个容器。直接启动镜像,映射容器的22 端口到本地的10122 端口:

    
    root@slave1:/home/xxx/Documents/sshd_ubuntu# docker run -d -p 10122:22 sshd:dockerfile
    7cd646779554e185a34d0f775ad8bb81cef4af8547df5ba7ac79d8eed0571d48
    root@slave1:/home/xxx/Documents/sshd_ubuntu# docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
    7cd646779554        sshd:dockerfile     "/run.sh"           40 seconds ago      Up 39 seconds       0.0.0.0:10122->22/tcp   loving_pike
    

    在宿主主机新打开一个终端,连接到新建的容器:

    
    root@slave1:/home/xxx/Documents/sshd_ubuntu# ssh 192.168.220.128 -p 10122
    The authenticity of host '[192.168.220.128]:10122 ([192.168.220.128]:10122)' can't be established.
    ECDSA key fingerprint is SHA256:MTblEFxBW0AGUzlvSzc5ouq1xM01jcykUFCzwW91Khc.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '[192.168.220.128]:10122' (ECDSA) to the list of known hosts.
    Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.10.0-28-generic x86_64)
    
    * Documentation:  https://help.ubuntu.com
    * Management:     https://landscape.canonical.com
    * Support:        https://ubuntu.com/advantage
    
    The programs included with the Ubuntu system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    
    Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
    applicable law.
    root@7cd646779554:~#
    

    ***参考:
    Docker技术入门与实战链接:https://pan.baidu.com/s/1r_TfonbXxPk6ogKvNxGp3g
    提取码:c5i2


  • 相关阅读:
    《动手学深度学习》系列笔记—— 1.3 多层感知机
    angular 9.1.0发布,下一个版本:angular10
    postgresql 两行数据时间之差
    abp zero bug
    docker nginx angular 刷新错误,404错误
    EF Core 新特性——Owned Entity Types
    identityServer4 中的概念(Scope,claim)
    程序员工作时间简单分析
    吐槽下阿里云栖大会购票系统
    打造适合你的ABP(1)---- 完善日志系统
  • 原文地址:https://www.cnblogs.com/eugene0/p/11509060.html
Copyright © 2020-2023  润新知