• Docker实战-为镜像添加SSH服务


    1、基于docker commit命令创建

      Docker提供了docker commit命令,支持用户提交自己对定制容器的修改,并生成新的镜像。
      命令格式为:docker commit CONTAINER [REPOSITORY[:TAG]]。

    1.准备工作

    利用ubuntu:14.04镜像创建一个容器:

    [root@docker ~]# docker run -it ubuntu:14.04 /bin/bash
    root@161f67ccad50:/# 

    更新apt缓存:

    root@161f67ccad50:/# apt-get update

    2.安装和配置SSH服务

      选择主流的openssh-server作为服务端:

    root@161f67ccad50:/# apt-get install openssh-server -y
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    openssh-server is already the newest version.
    0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
    root@161f67ccad50:/# 

      如果需要正常启动SSH服务,则目录/var/run/sshd必须存在。手动创建并启动SSH服务:

    root@161f67ccad50:/# mkdir -p /var/run/sshd
    root@161f67ccad50:/# /usr/sbin/sshd -D &
    [1] 3020
    root@161f67ccad50:/#

      此时查看容器的22端口:

    root@161f67ccad50:/# netstat -lnutp|grep 22
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3020/sshd       
    tcp6       0      0 :::22                   :::*                    LISTEN      3020/sshd       
    root@161f67ccad50:/# 

      修改SSH服务的安全登录配置,取消pam登陆限制:

    root@161f67ccad50:/# sed -ri 's#session    required     pam_loginuid.so#session    required     pam_loginuid.so#g' /etc/pam.d/sshd
    root@161f67ccad50:/# 

      在root用户家目录创建.ssh目录,并复制需要登录的公钥信息到.ssh目录下的authorized_keys中:

    root@161f67ccad50:/# mkdir /root/.ssh
    root@161f67ccad50:/# cd /root/.ssh
    root@161f67ccad50:~/.ssh# ls
    root@161f67ccad50:~/.ssh# vi /root/.ssh/authorized_keys

      创建自启动的SSH服务可执行文件run.sh,并添加可执行权限:

    root@161f67ccad50:/# cat run.sh
    #!/bin/bash
    /usr/sbin/sshd -D &
    root@161f67ccad50:/# chmod +x run.sh
    root@161f67ccad50:/#

      退出容器:

    root@161f67ccad50:/# exit
    exit
    [root@docker ~]# 

    3.保存镜像

      将退出的容器用docker commit命令保存为一个新的sshd:ubuntu镜像:

    [root@docker ~]# docker commit 161f67ccad50 sshd:ubuntu
    sha256:f328073a034ae63f93114a92b62141f22a578131ecb663702ac17916bde456a2
    [root@docker ~]# 

      使用docker images查看本地生成的新镜像sshd:ubuntu:

    [root@docker ~]# docker images
    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    sshd                ubuntu              f328073a034a        2 minutes ago       284MB
    centos              7                   3fa822599e10        3 hours ago         204MB
    mariadb             latest              d29cee62e770        26 hours ago        398MB
    nginx               latest              9e7424e5dbae        7 days ago          108MB
    ubuntu              16.04               20c44cd7596f        12 days ago         123MB
    ubuntu              latest              20c44cd7596f        12 days ago         123MB
    ubuntu              14.04               d6ed29ffda6b        12 days ago         221MB
    busybox             latest              6ad733544a63        3 weeks ago         1.13MB
    centos              latest              d123f4e55e12        3 weeks ago         197MB
    alpine              latest              053cde6e8953        3 weeks ago         3.96MB
    [root@docker ~]# 

    4.使用镜像

      启动容器,并添加端口映射到容器的22端口:

    [root@docker ~]# docker run -it --name sshd_ubuntu -p 10022:22  sshd:ubuntu
    root@0f8481ffd0d0:/# netstat -lnutp|grep 22
    root@0f8481ffd0d0:/# /usr/sbin/sshd -D &
    [1] 16
    root@0f8481ffd0d0:/# netstat -lnutp|grep 22
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      16/sshd
    tcp6       0      0 :::22                   :::*                    LISTEN      16/sshd
    root@0f8481ffd0d0:/#

      在宿主机通过ssh连接10022端口:

    [root@docker ~]# ssh 10.0.0.31 -p 10022
    The authenticity of host '[10.0.0.31]:10022 ([10.0.0.31]:10022)' can't be established.
    ECDSA key fingerprint is 74:a1:80:00:85:17:d5:ec:57:7a:cb:cb:1e:7d:4a:1f.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '[10.0.0.31]:10022' (ECDSA) to the list of known hosts.
    Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)
    
     * Documentation:  https://help.ubuntu.com/
    
    The programs included with the Ubuntu system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    
    Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
    applicable law.
    
    root@0f8481ffd0d0:~# 

    2、使用Dockerfile创建

    1.创建工作目录

    [root@docker ~]# mkdir -p sshd_ubuntu
    [root@docker ~]# ls
    anaconda-ks.cfg  daemon.json  docker-pid  sshd_ubuntu
    [root@docker ~]#

      在其中创建Dockerfile和run.sh文件:

    [root@docker ~]# cd sshd_ubuntu/ && touch Dockerfile run.sh
    [root@docker sshd_ubuntu]# ls
    Dockerfile  run.sh
    [root@docker sshd_ubuntu]#

    2.编写run.sh脚本和authorized_keys文件

    [root@docker sshd_ubuntu]# vim run.sh 
    [root@docker sshd_ubuntu]# cat run.sh 
    #!/bin/bash
    /usr/sbin/sshd -D &
    [root@docker sshd_ubuntu]# cat /root/.ssh/id_rsa.pub > ./authorized_keys
    [root@docker sshd_ubuntu]#

    3.编写Dockerfile

    [root@docker sshd_ubuntu]# cat Dockerfile 
    # 基础镜像信息
    FROM ubuntu:14.04
    
    # 维护者信息
    MAINTAINER staryjie staryjie@163.com
    
    # 更新apt缓存、安装ssh服务
    RUN apt-get update && apt-get install -y openssh-server
    RUN mkdir -p /var/run/sshd /root/.ssh
    RUN sed -ri 's#session    required     pam_loginuid.so#session    required     pam_loginuid.so#g' /etc/pam.d/sshd
    
    # 配置免密要和自启动脚本
    ADD authorized_keys /root/.ssh/authorized_keys
    ADD run.sh /run.sh
    RUN chmod 755 /run.sh
    
    # 暴露22端口
    EXPOSE 22
    
    # 设置脚本自启动
    CMD ["/run.sh"]
    [root@docker sshd_ubuntu]# 

    4.创建镜像

    [root@docker ~]# cd ~/sshd_ubuntu/ && docker build -t sshd:ubuntu2 .
    Removing intermediate container e86118d7da77
    Successfully built 12abdcc3350f
    Successfully tagged sshd:ubuntu2
    [root@docker sshd_ubuntu]# docker images
    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    sshd                ubuntu2             12abdcc3350f        7 seconds ago       284MB
    sshd                ubuntu              f328073a034a        About an hour ago   284MB
    centos              7                   3fa822599e10        4 hours ago         204MB
    mariadb             latest              d29cee62e770        27 hours ago        398MB
    nginx               latest              9e7424e5dbae        7 days ago          108MB
    ubuntu              16.04               20c44cd7596f        12 days ago         123MB
    ubuntu              latest              20c44cd7596f        12 days ago         123MB
    ubuntu              14.04               d6ed29ffda6b        12 days ago         221MB
    busybox             latest              6ad733544a63        3 weeks ago         1.13MB
    centos              latest              d123f4e55e12        3 weeks ago         197MB
    alpine              latest              053cde6e8953        3 weeks ago         3.96MB
    [root@docker sshd_ubuntu]# 

    5.测试镜像,运行容器

    [root@docker sshd_ubuntu]# docker run -it --name ssh_test -p 10122:22 sshd:ubuntu2 bash
    root@c03d5c93ec84:/# netstat -lnutp|grep 22
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      17/sshd 
    tcp6       0      0 :::22                   :::*                    LISTEN      17/sshd 
    root@c03d5c93ec84:/#

    宿主机ssh连接:

    [root@docker ~]# ssh 10.0.0.31 -p 10122
    The authenticity of host '[10.0.0.31]:10122 ([10.0.0.31]:10122)' can't be established.
    ECDSA key fingerprint is 13:3a:46:78:aa:b0:ac:9b:75:1f:ba:99:82:c6:8b:76.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '[10.0.0.31]:10122' (ECDSA) to the list of known hosts.
    Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)
    
     * Documentation:  https://help.ubuntu.com/
    
    The programs included with the Ubuntu system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    
    Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
    applicable law.
    
    root@c03d5c93ec84:~# 
  • 相关阅读:
    java基础数据
    Java环境搭建
    Mysql数据库基础
    php环境搭建
    1117bootstrap组件
    1117bootstrap
    1115表单验证
    1114JS实例4
    1113JS实例3
    1111JS实例2
  • 原文地址:https://www.cnblogs.com/jie-fang/p/7928406.html
Copyright © 2020-2023  润新知