标签:容器 docker
最近在练习写ssh镜像,具体实验步骤如下:
一、实验环境:
[root@train01 ~]# cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) [root@train01 ~]# uname -a Linux train01 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@train01 ~]# [root@train01 ~]# ifconfig docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::42:17ff:fedb:317b prefixlen 64 scopeid 0x20<link> ether 02:42:17:db:31:7b txqueuelen 0 (Ethernet) RX packets 17575 bytes 798122 (779.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 22692 bytes 64813328 (61.8 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.93 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::20c:29ff:fe79:8330 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:79:83:30 txqueuelen 1000 (Ethernet) RX packets 68889 bytes 68080237 (64.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 30175 bytes 2827670 (2.6 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno33554984: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.111.128 netmask 255.255.255.0 broadcast 192.168.111.255 inet6 fe80::20c:29ff:fe79:833a prefixlen 64 scopeid 0x20<link> ether 00:0c:29:79:83:3a txqueuelen 1000 (Ethernet) RX packets 1833 bytes 181367 (177.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 74 bytes 14172 (13.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth76606da: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::a077:7bff:fee9:7a00 prefixlen 64 scopeid 0x20<link> ether a2:77:7b:e9:7a:00 txqueuelen 0 (Ethernet) RX packets 2947 bytes 164334 (160.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3431 bytes 18567250 (17.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth8737bba: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::54f7:17ff:fed6:62aa prefixlen 64 scopeid 0x20<link> ether 56:f7:17:d6:62:aa txqueuelen 0 (Ethernet) RX packets 138 bytes 18514 (18.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 213 bytes 22376 (21.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@train01 ~]#
二、编写dockerfile:
1、创建sshd_centos目录
[root@train01 ~]# mkdir -p sshd_centos [root@train01 ~]# cd sshd_centos/ [root@train01 sshd_centos]#
2、编写Dockerfile文件
[root@train01 sshd_centos]# vim Dockerfile #指定基本镜像(根镜像) FROM centos #提供作者的信息 MAINTAINER from www.dockerpool.com by ryan #安装sshd服务以及对应的工具 RUN yum -y install openssh openssh-server openssh-clients net-tools wget RUN mkdir -p /var/run/sshd #生产公钥(私钥)对 RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key RUN ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key #修改root密码和创建访问容器的账户opuser RUN /bin/echo ‘root:123456‘|chpasswd RUN /usr/sbin/useradd opuser RUN /bin/echo ‘opuser:123456‘|chpasswd #取消pam模块对登录的限制 RUN /bin/sed -i ‘s/.*session.*required.*pam_loginuid.so.*/session optional pam_loginuid.so/g‘ /etc/pam.d/sshd #设置默认字符集 RUN /bin/echo -e "LANG=\"en_US.UTF-8\"" > /etc/default/local #开发端口 EXPOSE 22 #设置自启动命令 CMD /usr/sbin/sshd -D [root@train01 sshd_centos]#
三、利用编写好的Dockefile创建centos/sshd镜像
创建镜像命令: docker build -t centos/sshd:1.0 . [root@train01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE csphere/wordpress 4.2 3f20c05bcc52 29 hours ago 722.6 MB csphere/mysql 5.5 c00d5956e4e3 30 hours ago 725.1 MB csphere/php-fpm 5.4 e1f2c9d07535 41 hours ago 685 MB csphere/centos 7.1 f6a81781b7f2 41 hours ago 591.4 MB docker.io/centos latest 970633036444 5 days ago 196.7 MB docker.io/centos centos7.1.1503 80d283436f62 4 weeks ago 212.1 MB [root@train01 ~]# cd sshd_centos/ [root@train01 sshd_centos]# ls Dockerfile [root@train01 sshd_centos]# [root@train01 sshd_centos]# docker build -t centos/sshd:1.0 . Sending build context to Docker daemon 2.56 kB Step 1 : FROM centos ---> 970633036444 Step 2 : MAINTAINER from www.dockerpool.com by ryan ---> Running in 679d13dfbcbf ---> 73a768db58ab Removing intermediate container 679d13dfbcbf Step 3 : RUN yum -y install openssh openssh-server openssh-clients net-tools wget ---> Running in fc8a4f90adb4 Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirrors.zju.edu.cn * extras: mirrors.zju.edu.cn * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package net-tools.x86_64 0:2.0-0.17.20131004git.el7 will be installed ---> Package openssh.x86_64 0:6.6.1p1-25.el7_2 will be installed --> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-6.6.1p1-25.el7_2.x86_64 ---> Package openssh-clients.x86_64 0:6.6.1p1-25.el7_2 will be installed --> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-25.el7_2.x86_64 ---> Package openssh-server.x86_64 0:6.6.1p1-25.el7_2 will be installed --> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-25.el7_2.x86_64 ---> Package wget.x86_64 0:1.14-10.el7_0.1 will be installed --> Running transaction check ---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed --> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64 ---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed ---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed --> Running transaction check ---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: net-tools x86_64 2.0-0.17.20131004git.el7 base 304 k openssh x86_64 6.6.1p1-25.el7_2 updates 435 k openssh-clients x86_64 6.6.1p1-25.el7_2 updates 639 k openssh-server x86_64 6.6.1p1-25.el7_2 updates 436 k wget x86_64 1.14-10.el7_0.1 base 545 k Installing for dependencies: fipscheck x86_64 1.4.1-5.el7 base 21 k fipscheck-lib x86_64 1.4.1-5.el7 base 11 k libedit x86_64 3.0-12.20121213cvs.el7 base 92 k tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k Transaction Summary ================================================================================ Install 5 Packages (+4 Dependent packages) Total download size: 2.5 M Installed size: 7.7 M Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-lib-1.4.1-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY Public key for fipscheck-lib-1.4.1-5.el7.x86_64.rpm is not installed Public key for openssh-6.6.1p1-25.el7_2.x86_64.rpm is not installed http://mirrors.btte.net/centos/7.2.1511/os/x86_64/Packages/wget-1.14-10.el7_0.1.x86_64.rpm: [Errno 12] Timeout on http://mirrors.btte.net/centos/7.2.1511/os/x86_64/Packages/wget-1.14-10.el7_0.1.x86_64.rpm: (28, ‘Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds‘) Trying other mirror. -------------------------------------------------------------------------------- Total 68 kB/s | 2.5 MB 00:37 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@CentOS) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : fipscheck-1.4.1-5.el7.x86_64 1/9 Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/9 Installing : openssh-6.6.1p1-25.el7_2.x86_64 3/9 Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/9 Installing : libedit-3.0-12.20121213cvs.el7.x86_64 5/9 Installing : openssh-clients-6.6.1p1-25.el7_2.x86_64 6/9 Installing : openssh-server-6.6.1p1-25.el7_2.x86_64 7/9 Installing : wget-1.14-10.el7_0.1.x86_64 8/9 install-info: No such file or directory for /usr/share/info/wget.info.gz Installing : net-tools-2.0-0.17.20131004git.el7.x86_64 9/9 Verifying : openssh-6.6.1p1-25.el7_2.x86_64 1/9 Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 2/9 Verifying : openssh-server-6.6.1p1-25.el7_2.x86_64 3/9 Verifying : openssh-clients-6.6.1p1-25.el7_2.x86_64 4/9 Verifying : net-tools-2.0-0.17.20131004git.el7.x86_64 5/9 Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 6/9 Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 7/9 Verifying : wget-1.14-10.el7_0.1.x86_64 8/9 Verifying : fipscheck-1.4.1-5.el7.x86_64 9/9 Installed: net-tools.x86_64 0:2.0-0.17.20131004git.el7 openssh.x86_64 0:6.6.1p1-25.el7_2 openssh-clients.x86_64 0:6.6.1p1-25.el7_2 openssh-server.x86_64 0:6.6.1p1-25.el7_2 wget.x86_64 0:1.14-10.el7_0.1 Dependency Installed: fipscheck.x86_64 0:1.4.1-5.el7 fipscheck-lib.x86_64 0:1.4.1-5.el7 libedit.x86_64 0:3.0-12.20121213cvs.el7 tcp_wrappers-libs.x86_64 0:7.6-77.el7 Complete! ---> 39a7ecf690fc Removing intermediate container fc8a4f90adb4 Step 4 : RUN mkdir -p /var/run/sshd ---> Running in 93e386a7ce90 ---> b3492ced0e89 Removing intermediate container 93e386a7ce90 Step 5 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key ---> Running in e358026d166f Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private rsa key pair. Your identification has been saved in /etc/ssh/ssh_host_rsa_key. Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: f9:bb:24:77:2a:86:f7:ae:63:dc:5d:41:70:e0:b7:02 root@66388f647a9e The key‘s randomart image is: +--[ RSA 2048]----+ | oo. | | . .. | | E ... | | . . ... | | S . .. | | . .. | | o..+... | | . B+.+. | | +.**. | +-----------------+ ---> c93b54f17c04 Removing intermediate container e358026d166f Step 6 : RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key ---> Running in 2de15b3a9106 Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_dsa_key. Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: c8:2e:2f:d2:7e:55:1d:02:91:77:4d:f3:3f:54:4e:23 root@66388f647a9e The key‘s randomart image is: +--[ DSA 1024]----+ | o+ Eo.o| | . o o o=o| | . + . .o| | . . . . . .| | o S. ..| | . . .| | .. .. | | . oo. | | o.o. | +-----------------+ ---> a68e47541bff Removing intermediate container 2de15b3a9106 Step 7 : RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key ---> Running in ebc784be1e63 Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private ecdsa key pair. Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key. Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub. The key fingerprint is: e7:60:f5:64:2a:ea:ef:16:42:89:37:49:6b:ed:16:e2 root@66388f647a9e The key‘s randomart image is: +--[ECDSA 256]---+ | | | . | | o = . o | | . X o. = | | = +S.o . | | Eo+= | | .o .. | | . . | | .+o | +-----------------+ ---> bfef751fb8ae Removing intermediate container ebc784be1e63 Step 8 : RUN ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key ---> Running in 9ad76c0bcf5b Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private ed25519 key pair. Your identification has been saved in /etc/ssh/ssh_host_ed25519_key. Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub. The key fingerprint is: 61:9a:2e:db:69:c1:e7:fb:e3:bc:22:b1:5f:c7:e4:db root@66388f647a9e The key‘s randomart image is: +--[ED25519 256--+ | | | | | o | | + . | | .o S . | | .+ . + | | . .* . + | | ++.oo.. o | | ..ooo==o. E | +-----------------+ ---> dc50c5f0fa85 Removing intermediate container 9ad76c0bcf5b Step 9 : RUN /bin/echo ‘root:123456‘|chpasswd ---> Running in 77f8a4f9a816 ---> bdbf089ad0e0 Removing intermediate container 77f8a4f9a816 Step 10 : RUN /usr/sbin/useradd opuser ---> Running in 4e5012e09ed3 ---> ef7b94cf35d2 Removing intermediate container 4e5012e09ed3 Step 11 : RUN /bin/echo ‘opuser:123456‘|chpasswd ---> Running in 9511908948b1 ---> 29d062e850bf Removing intermediate container 9511908948b1 Step 12 : RUN /bin/sed -i ‘s/.*session.*required.*pam_loginuid.so.*/session optional pam_loginuid.so/g‘ /etc/pam.d/sshd ---> Running in e9f5339b6675 ---> 4bc76f89ac9c Removing intermediate container e9f5339b6675 Step 13 : RUN /bin/echo -e "LANG=\"en_US.UTF-8\"" > /etc/default/local ---> Running in cabf3ea6bbb3 ---> 002c813522d7 Removing intermediate container cabf3ea6bbb3 Step 14 : EXPOSE 22 ---> Running in 273d57515cde ---> d2c1689ac38a Removing intermediate container 273d57515cde Step 15 : CMD /usr/sbin/sshd -D ---> Running in 70a79ff2311e ---> add7b6daec76 Removing intermediate container 70a79ff2311e Successfully built add7b6daec76 [root@train01 sshd_centos]# [root@train01 sshd_centos]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos/sshd 1.0 add7b6daec76 2 minutes ago 294.7 MB csphere/wordpress 4.2 3f20c05bcc52 29 hours ago 722.6 MB csphere/mysql 5.5 c00d5956e4e3 30 hours ago 725.1 MB csphere/php-fpm 5.4 e1f2c9d07535 41 hours ago 685 MB csphere/centos 7.1 f6a81781b7f2 41 hours ago 591.4 MB docker.io/centos latest 970633036444 5 days ago 196.7 MB docker.io/centos centos7.1.1503 80d283436f62 4 weeks ago 212.1 MB
[root@train01 sshd_centos]#
从上面可以发现刚才创建的镜像已经存在,下面通过该镜像启动一个容器,测试登录是否正常
[root@train01 sshd_centos]# docker run -d -p 10022:22 --name sshd-service centos/sshd:1.0 a30ce5a097b436422bca5688c25dd01a85c19af214b6cb29eb5f008e649e016c [root@train01 sshd_centos]# docker ps -a #查看当前容器情况 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a30ce5a097b4 centos/sshd:1.0 "/bin/sh -c ‘/usr/sbi" 6 seconds ago Up 4 seconds 0.0.0.0:10022->22/tcp sshd-service 949ca4fc7979 csphere/centos:7.1 "/usr/bin/supervisord" 7 hours ago Up 7 hours 0.0.0.0:2222->22/tcp centos7 0025bbfec012 csphere/php-fpm:5.4 "/usr/bin/supervisord" 29 hours ago Exited (0) 25 hours ago website 1bfb0caf827b csphere/mysql:5.5 "/scripts/start" 29 hours ago Exited (137) 25 hours ago newdataserver [root@train01 sshd_centos]# docker exec -it sshd-service /bin/bash #登录容器sshd-service [root@a30ce5a097b4 /]# netstat -lnupt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1/sshd tcp6 0 0 :::22 :::* LISTEN 1/sshd [root@a30ce5a097b4 /]# [root@a30ce5a097b4 /]# exit exit [root@train01 sshd_centos]# netstat -lnupt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1439/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2583/master tcp6 0 0 :::10022 :::* LISTEN 15726/docker-proxy tcp6 0 0 :::2222 :::* LISTEN 2961/docker-proxy tcp6 0 0 :::22 :::* LISTEN 1439/sshd tcp6 0 0 ::1:25 :::* LISTEN 2583/master udp 0 0 0.0.0.0:3554 0.0.0.0:* 1229/dhclient udp 0 0 0.0.0.0:68 0.0.0.0:* 1224/dhclient udp 0 0 0.0.0.0:68 0.0.0.0:* 1229/dhclient udp 0 0 0.0.0.0:58630 0.0.0.0:* 1224/dhclient udp6 0 0 :::3554 :::* 1224/dhclient udp6 0 0 :::12000 :::* 1229/dhclient [root@train01 sshd_centos]# ssh 10.0.0.93 -p10022 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is e7:60:f5:64:2a:ea:ef:16:42:89:37:49:6b:ed:16:e2. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:1 ECDSA host key for [10.0.0.93]:10022 has changed and you have requested strict checking. Host key verification failed. [root@train01 sshd_centos]# cd /root/.ssh/ [root@train01 .ssh]# ls known_hosts [root@train01 .ssh]# rm known_hosts rm: remove regular file ‘known_hosts’? y [root@train01 .ssh]# cd - /root/sshd_centos [root@train01 sshd_centos]# ssh 10.0.0.93 -p10022 The authenticity of host ‘[10.0.0.93]:10022 ([10.0.0.93]:10022)‘ can‘t be established. ECDSA key fingerprint is e7:60:f5:64:2a:ea:ef:16:42:89:37:49:6b:ed:16:e2. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘[10.0.0.93]:10022‘ (ECDSA) to the list of known hosts. root@10.0.0.93‘s password: [root@a30ce5a097b4 ~]# hostname a30ce5a097b4 [root@a30ce5a097b4 ~]# netstat -lnput Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1/sshd tcp6 0 0 :::22 :::* LISTEN 1/sshd [root@a30ce5a097b4 ~]#
经过上面验证,可以正常登录到容器sshd-service
本文出自 “平平淡淡才是真” 博客,请务必保留此出处http://ucode.blog.51cto.com/10837891/1834434
标签:容器 docker
原文地址:http://ucode.blog.51cto.com/10837891/1834434
