1、基于docker commit命令创建
Docker提供了docker commit命令,支持用户提交自己对定制容器的修改,并生成新的镜像。
命令格式为:docker commit CONTAINER [REPOSITORY[:TAG]]。
1.准备工作
利用ubuntu:14.04镜像创建一个容器:
[root@docker ~]# docker run -it ubuntu:14.04 /bin/bash root@161f67ccad50:/#
更新apt缓存:
root@161f67ccad50:/# apt-get update
2.安装和配置SSH服务
选择主流的openssh-server作为服务端:
root@161f67ccad50:/# apt-get install openssh-server -y Reading package lists... Done Building dependency tree Reading state information... Done openssh-server is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded. root@161f67ccad50:/#
如果需要正常启动SSH服务,则目录/var/run/sshd必须存在。手动创建并启动SSH服务:
root@161f67ccad50:/# mkdir -p /var/run/sshd root@161f67ccad50:/# /usr/sbin/sshd -D & [1] 3020 root@161f67ccad50:/#
此时查看容器的22端口:
root@161f67ccad50:/# netstat -lnutp|grep 22 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3020/sshd tcp6 0 0 :::22 :::* LISTEN 3020/sshd root@161f67ccad50:/#
修改SSH服务的安全登录配置,取消pam登陆限制:
root@161f67ccad50:/# sed -ri 's#session required pam_loginuid.so#session required pam_loginuid.so#g' /etc/pam.d/sshd root@161f67ccad50:/#
在root用户家目录创建.ssh目录,并复制需要登录的公钥信息到.ssh目录下的authorized_keys中:
root@161f67ccad50:/# mkdir /root/.ssh root@161f67ccad50:/# cd /root/.ssh root@161f67ccad50:~/.ssh# ls root@161f67ccad50:~/.ssh# vi /root/.ssh/authorized_keys
创建自启动的SSH服务可执行文件run.sh,并添加可执行权限:
root@161f67ccad50:/# cat run.sh #!/bin/bash /usr/sbin/sshd -D & root@161f67ccad50:/# chmod +x run.sh root@161f67ccad50:/#
退出容器:
root@161f67ccad50:/# exit exit [root@docker ~]#
3.保存镜像
将退出的容器用docker commit命令保存为一个新的sshd:ubuntu镜像:
[root@docker ~]# docker commit 161f67ccad50 sshd:ubuntu sha256:f328073a034ae63f93114a92b62141f22a578131ecb663702ac17916bde456a2 [root@docker ~]#
使用docker images查看本地生成的新镜像sshd:ubuntu:
[root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE sshd ubuntu f328073a034a 2 minutes ago 284MB centos 7 3fa822599e10 3 hours ago 204MB mariadb latest d29cee62e770 26 hours ago 398MB nginx latest 9e7424e5dbae 7 days ago 108MB ubuntu 16.04 20c44cd7596f 12 days ago 123MB ubuntu latest 20c44cd7596f 12 days ago 123MB ubuntu 14.04 d6ed29ffda6b 12 days ago 221MB busybox latest 6ad733544a63 3 weeks ago 1.13MB centos latest d123f4e55e12 3 weeks ago 197MB alpine latest 053cde6e8953 3 weeks ago 3.96MB [root@docker ~]#
4.使用镜像
启动容器,并添加端口映射到容器的22端口:
[root@docker ~]# docker run -it --name sshd_ubuntu -p 10022:22 sshd:ubuntu root@0f8481ffd0d0:/# netstat -lnutp|grep 22 root@0f8481ffd0d0:/# /usr/sbin/sshd -D & [1] 16 root@0f8481ffd0d0:/# netstat -lnutp|grep 22 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 16/sshd tcp6 0 0 :::22 :::* LISTEN 16/sshd root@0f8481ffd0d0:/#
在宿主机通过ssh连接10022端口:
[root@docker ~]# ssh 10.0.0.31 -p 10022 The authenticity of host '[10.0.0.31]:10022 ([10.0.0.31]:10022)' can't be established. ECDSA key fingerprint is 74:a1:80:00:85:17:d5:ec:57:7a:cb:cb:1e:7d:4a:1f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[10.0.0.31]:10022' (ECDSA) to the list of known hosts. Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64) * Documentation: https://help.ubuntu.com/ The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@0f8481ffd0d0:~#
2、使用Dockerfile创建
1.创建工作目录
[root@docker ~]# mkdir -p sshd_ubuntu [root@docker ~]# ls anaconda-ks.cfg daemon.json docker-pid sshd_ubuntu [root@docker ~]#
在其中创建Dockerfile和run.sh文件:
[root@docker ~]# cd sshd_ubuntu/ && touch Dockerfile run.sh [root@docker sshd_ubuntu]# ls Dockerfile run.sh [root@docker sshd_ubuntu]#
2.编写run.sh脚本和authorized_keys文件
[root@docker sshd_ubuntu]# vim run.sh [root@docker sshd_ubuntu]# cat run.sh #!/bin/bash /usr/sbin/sshd -D & [root@docker sshd_ubuntu]# cat /root/.ssh/id_rsa.pub > ./authorized_keys [root@docker sshd_ubuntu]#
3.编写Dockerfile
[root@docker sshd_ubuntu]# cat Dockerfile # 基础镜像信息 FROM ubuntu:14.04 # 维护者信息 MAINTAINER staryjie staryjie@163.com # 更新apt缓存、安装ssh服务 RUN apt-get update && apt-get install -y openssh-server RUN mkdir -p /var/run/sshd /root/.ssh RUN sed -ri 's#session required pam_loginuid.so#session required pam_loginuid.so#g' /etc/pam.d/sshd # 配置免密要和自启动脚本 ADD authorized_keys /root/.ssh/authorized_keys ADD run.sh /run.sh RUN chmod 755 /run.sh # 暴露22端口 EXPOSE 22 # 设置脚本自启动 CMD ["/run.sh"] [root@docker sshd_ubuntu]#
4.创建镜像
[root@docker ~]# cd ~/sshd_ubuntu/ && docker build -t sshd:ubuntu2 . Removing intermediate container e86118d7da77 Successfully built 12abdcc3350f Successfully tagged sshd:ubuntu2 [root@docker sshd_ubuntu]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE sshd ubuntu2 12abdcc3350f 7 seconds ago 284MB sshd ubuntu f328073a034a About an hour ago 284MB centos 7 3fa822599e10 4 hours ago 204MB mariadb latest d29cee62e770 27 hours ago 398MB nginx latest 9e7424e5dbae 7 days ago 108MB ubuntu 16.04 20c44cd7596f 12 days ago 123MB ubuntu latest 20c44cd7596f 12 days ago 123MB ubuntu 14.04 d6ed29ffda6b 12 days ago 221MB busybox latest 6ad733544a63 3 weeks ago 1.13MB centos latest d123f4e55e12 3 weeks ago 197MB alpine latest 053cde6e8953 3 weeks ago 3.96MB [root@docker sshd_ubuntu]#
5.测试镜像,运行容器
[root@docker sshd_ubuntu]# docker run -it --name ssh_test -p 10122:22 sshd:ubuntu2 bash root@c03d5c93ec84:/# netstat -lnutp|grep 22 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 17/sshd tcp6 0 0 :::22 :::* LISTEN 17/sshd root@c03d5c93ec84:/#
宿主机ssh连接:
[root@docker ~]# ssh 10.0.0.31 -p 10122 The authenticity of host '[10.0.0.31]:10122 ([10.0.0.31]:10122)' can't be established. ECDSA key fingerprint is 13:3a:46:78:aa:b0:ac:9b:75:1f:ba:99:82:c6:8b:76. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[10.0.0.31]:10122' (ECDSA) to the list of known hosts. Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64) * Documentation: https://help.ubuntu.com/ The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@c03d5c93ec84:~#