Docker实战-为镜像添加SSH服务

1、基于docker commit命令创建

　　Docker提供了docker commit命令，支持用户提交自己对定制容器的修改，并生成新的镜像。
　　命令格式为：docker commit CONTAINER [REPOSITORY[:TAG]]。

1.准备工作

利用ubuntu:14.04镜像创建一个容器：

[root@docker ~]# docker run -it ubuntu:14.04 /bin/bash
root@161f67ccad50:/# 

更新apt缓存：

root@161f67ccad50:/# apt-get update

2.安装和配置SSH服务

　　选择主流的openssh-server作为服务端：

root@161f67ccad50:/# apt-get install openssh-server -y
Reading package lists... Done
Building dependency tree       
Reading state information... Done
openssh-server is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
root@161f67ccad50:/# 

　　如果需要正常启动SSH服务，则目录/var/run/sshd必须存在。手动创建并启动SSH服务：

root@161f67ccad50:/# mkdir -p /var/run/sshd
root@161f67ccad50:/# /usr/sbin/sshd -D &
[1] 3020
root@161f67ccad50:/#

　　此时查看容器的22端口：

root@161f67ccad50:/# netstat -lnutp|grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3020/sshd       
tcp6       0      0 :::22                   :::*                    LISTEN      3020/sshd       
root@161f67ccad50:/# 

　　修改SSH服务的安全登录配置，取消pam登陆限制：

root@161f67ccad50:/# sed -ri 's#session    required     pam_loginuid.so#session    required     pam_loginuid.so#g' /etc/pam.d/sshd
root@161f67ccad50:/# 

　　在root用户家目录创建.ssh目录，并复制需要登录的公钥信息到.ssh目录下的authorized_keys中：

root@161f67ccad50:/# mkdir /root/.ssh
root@161f67ccad50:/# cd /root/.ssh
root@161f67ccad50:~/.ssh# ls
root@161f67ccad50:~/.ssh# vi /root/.ssh/authorized_keys

　　创建自启动的SSH服务可执行文件run.sh，并添加可执行权限：

root@161f67ccad50:/# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D &
root@161f67ccad50:/# chmod +x run.sh
root@161f67ccad50:/#

　　退出容器：

root@161f67ccad50:/# exit
exit
[root@docker ~]# 

3.保存镜像

　　将退出的容器用docker commit命令保存为一个新的sshd:ubuntu镜像：

[root@docker ~]# docker commit 161f67ccad50 sshd:ubuntu
sha256:f328073a034ae63f93114a92b62141f22a578131ecb663702ac17916bde456a2
[root@docker ~]# 

　　使用docker images查看本地生成的新镜像sshd:ubuntu:

[root@docker ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                ubuntu              f328073a034a        2 minutes ago       284MB
centos              7                   3fa822599e10        3 hours ago         204MB
mariadb             latest              d29cee62e770        26 hours ago        398MB
nginx               latest              9e7424e5dbae        7 days ago          108MB
ubuntu              16.04               20c44cd7596f        12 days ago         123MB
ubuntu              latest              20c44cd7596f        12 days ago         123MB
ubuntu              14.04               d6ed29ffda6b        12 days ago         221MB
busybox             latest              6ad733544a63        3 weeks ago         1.13MB
centos              latest              d123f4e55e12        3 weeks ago         197MB
alpine              latest              053cde6e8953        3 weeks ago         3.96MB
[root@docker ~]# 

4.使用镜像

　　启动容器，并添加端口映射到容器的22端口：

[root@docker ~]# docker run -it --name sshd_ubuntu -p 10022:22  sshd:ubuntu
root@0f8481ffd0d0:/# netstat -lnutp|grep 22
root@0f8481ffd0d0:/# /usr/sbin/sshd -D &
[1] 16
root@0f8481ffd0d0:/# netstat -lnutp|grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      16/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      16/sshd
root@0f8481ffd0d0:/#

　　在宿主机通过ssh连接10022端口：

[root@docker ~]# ssh 10.0.0.31 -p 10022
The authenticity of host '[10.0.0.31]:10022 ([10.0.0.31]:10022)' can't be established.
ECDSA key fingerprint is 74:a1:80:00:85:17:d5:ec:57:7a:cb:cb:1e:7d:4a:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[10.0.0.31]:10022' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@0f8481ffd0d0:~# 

2、使用Dockerfile创建

1.创建工作目录

[root@docker ~]# mkdir -p sshd_ubuntu
[root@docker ~]# ls
anaconda-ks.cfg  daemon.json  docker-pid  sshd_ubuntu
[root@docker ~]#

　　在其中创建Dockerfile和run.sh文件：

[root@docker ~]# cd sshd_ubuntu/ && touch Dockerfile run.sh
[root@docker sshd_ubuntu]# ls
Dockerfile  run.sh
[root@docker sshd_ubuntu]#

2.编写run.sh脚本和authorized_keys文件

[root@docker sshd_ubuntu]# vim run.sh 
[root@docker sshd_ubuntu]# cat run.sh 
#!/bin/bash
/usr/sbin/sshd -D &
[root@docker sshd_ubuntu]# cat /root/.ssh/id_rsa.pub > ./authorized_keys
[root@docker sshd_ubuntu]#

3.编写Dockerfile

[root@docker sshd_ubuntu]# cat Dockerfile 
# 基础镜像信息
FROM ubuntu:14.04

# 维护者信息
MAINTAINER staryjie staryjie@163.com

# 更新apt缓存、安装ssh服务
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd /root/.ssh
RUN sed -ri 's#session    required     pam_loginuid.so#session    required     pam_loginuid.so#g' /etc/pam.d/sshd

# 配置免密要和自启动脚本
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod 755 /run.sh

# 暴露22端口
EXPOSE 22

# 设置脚本自启动
CMD ["/run.sh"]
[root@docker sshd_ubuntu]# 

4.创建镜像

[root@docker ~]# cd ~/sshd_ubuntu/ && docker build -t sshd:ubuntu2 .
Removing intermediate container e86118d7da77
Successfully built 12abdcc3350f
Successfully tagged sshd:ubuntu2
[root@docker sshd_ubuntu]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                ubuntu2             12abdcc3350f        7 seconds ago       284MB
sshd                ubuntu              f328073a034a        About an hour ago   284MB
centos              7                   3fa822599e10        4 hours ago         204MB
mariadb             latest              d29cee62e770        27 hours ago        398MB
nginx               latest              9e7424e5dbae        7 days ago          108MB
ubuntu              16.04               20c44cd7596f        12 days ago         123MB
ubuntu              latest              20c44cd7596f        12 days ago         123MB
ubuntu              14.04               d6ed29ffda6b        12 days ago         221MB
busybox             latest              6ad733544a63        3 weeks ago         1.13MB
centos              latest              d123f4e55e12        3 weeks ago         197MB
alpine              latest              053cde6e8953        3 weeks ago         3.96MB
[root@docker sshd_ubuntu]# 

5.测试镜像，运行容器

[root@docker sshd_ubuntu]# docker run -it --name ssh_test -p 10122:22 sshd:ubuntu2 bash
root@c03d5c93ec84:/# netstat -lnutp|grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      17/sshd 
tcp6       0      0 :::22                   :::*                    LISTEN      17/sshd 
root@c03d5c93ec84:/#

宿主机ssh连接：

[root@docker ~]# ssh 10.0.0.31 -p 10122
The authenticity of host '[10.0.0.31]:10122 ([10.0.0.31]:10122)' can't be established.
ECDSA key fingerprint is 13:3a:46:78:aa:b0:ac:9b:75:1f:ba:99:82:c6:8b:76.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[10.0.0.31]:10122' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@c03d5c93ec84:~#