兩種方式建立支援SSH服務的docker映象

Federico發表於2017-05-26

方法一:基於commit命令建立

1.首先,從docker的源中檢視我們需要的映象,本案例中使用Ubuntu作為基礎映象。

# federico @ linux in ~ [16:57:38]
$ sudo docker search ubuntu
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
ubuntu Ubuntu is a Debian-based Linux operating s... 6044 [OK]
rastasheep/ubuntu-sshd Dockerized SSH service, built on top of of... 87 [OK]
ubuntu-upstart Upstart is an event-based replacement for ... 73 [OK]
ubuntu-debootstrap debootstrap --variant=minbase --components... 30 [OK]
torusware/speedus-ubuntu Always updated official Ubuntu docker imag... 27 [OK]
nuagebec/ubuntu Simple always updated Ubuntu docker images... 20 [OK]
nickistre/ubuntu-lamp LAMP server on Ubuntu 17 [OK]
solita/ubuntu-systemd Ubuntu + systemd 8 [OK]
nimmis/ubuntu This is a docker images different LTS vers... 7 [OK]
darksheer/ubuntu Base Ubuntu Image -- Updated hourly 2 [OK]
vcatechnology/ubuntu A Ubuntu image that is updated daily 1 [OK]
webhippie/ubuntu Docker images for ubuntu 1 [OK]
jordi/ubuntu Ubuntu Base Image 1 [OK]
admiringworm/ubuntu Base ubuntu images based on the official u... 1 [OK]
vcatechnology/ubuntu-ci An Ubuntu image that is used in the VCA Te... 1 [OK]
forumi0721ubuntuarmhf/ubuntu-armhf-dev ubuntu-armhf-dev 0 [OK]
forumi0721ubuntuaarch64/ubuntu-aarch64-dev ubuntu-aarch64-dev 0 [OK]
forumi0721ubuntux64/ubuntu-x64-dev ubuntu-x64-dev 0 [OK]
forumi0721ubuntux64/ubuntu-x64-dev-armbian ubuntu-x64-dev-armbian 0 [OK]
teamrock/ubuntu TeamRock's Ubuntu image configured with AW... 0 [OK]
labengine/ubuntu Images base ubuntu 0 [OK]
datenbetrieb/ubuntu custom flavor of the official ubuntu base ... 0 [OK]
lynxtp/ubuntu https://github.com/lynxtp/docker-ubuntu 0 [OK]
konstruktoid/ubuntu Ubuntu base image 0 [OK]
forumi0721ubuntux64/ubuntu-x64-dev-android ubuntu-x64-dev-android 0 [OK]

2.下載我們所需的基礎映象

# federico @ linux in ~ [17:02:18]
$ sudo docker pull ubuntu

檢視當前已有映象

# federico @ linux in ~ [17:05:16] C:1
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest c75bebcdd211 10 days ago 1.106 MB
ubuntu latest ebcd9d4fca80 10 days ago 117.9 MB
centos latest 8140d0c64310 2 weeks ago 192.6 MB
debian latest 3e83c23dba6a 2 weeks ago 123.5 MB
sebp/elk latest b2ead07ab3f2 2 weeks ago 1.028 GB
imagine10255/centos6-lnmp-php56 latest ecc74d703eca 6 months ago 1.314 GB

3.使用ubuntu映象建立一個容器

# federico @ linux in ~ [17:05:20]
$ sudo docker run -it ubuntu /bin/bash
root@abd203cd27ba:/#

更新apt-get的源

root@abd203cd27ba:/# apt-get update

root@abd203cd27ba:/# apt-get update
Get:1 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
Get:2 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Get:3 http://security.ubuntu.com/ubuntu xenial-security/universe Sources [31.7 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]
Get:5 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [334 kB]
Get:6 http://security.ubuntu.com/ubuntu xenial-security/restricted amd64 Packages [12.8 kB]
Get:7 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [142 kB]
Get:8 http://security.ubuntu.com/ubuntu xenial-security/multiverse amd64 Packages [2932 B]
Get:9 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB]
Get:10 http://archive.ubuntu.com/ubuntu xenial/universe Sources [9802 kB]
Get:11 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages [1558 kB]
Get:12 http://archive.ubuntu.com/ubuntu xenial/restricted amd64 Packages [14.1 kB]
Get:13 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages [9827 kB]
Get:14 http://archive.ubuntu.com/ubuntu xenial/multiverse amd64 Packages [176 kB]
Get:15 http://archive.ubuntu.com/ubuntu xenial-updates/universe Sources [193 kB]
Get:16 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [693 kB]
Get:17 http://archive.ubuntu.com/ubuntu xenial-updates/restricted amd64 Packages [13.2 kB]
Get:18 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [593 kB]
Get:19 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [9810 B]
Get:20 http://archive.ubuntu.com/ubuntu xenial-backports/main amd64 Packages [4927 B]
Get:21 http://archive.ubuntu.com/ubuntu xenial-backports/universe amd64 Packages [4801 B]
Fetched 24.0 MB in 15min 6s (26.4 kB/s)
Reading package lists... Done

因為使用預設的官方源速度很慢,所以這裡我們使用163的映象源。

root@abd203cd27ba:/# vi /etc/apt/sources.list

deb http://mirrors.163.com/ubuntu/ jaunty main restricted 
deb-src http://mirrors.163.com/ubuntu/ jaunty main restricted 
deb http://mirrors.163.com/ubuntu/ jaunty-updates main restricted 
deb-src http://mirrors.163.com/ubuntu/ jaunty-updates main restricted 
deb http://mirrors.163.com/ubuntu/ jaunty universe 
deb-src http://mirrors.163.com/ubuntu/ jaunty universe 
deb http://mirrors.163.com/ubuntu/ jaunty-updates universe 
deb-src http://mirrors.163.com/ubuntu/ jaunty-updates universe 
deb http://mirrors.163.com/ubuntu/ jaunty multiverse 
deb-src http://mirrors.163.com/ubuntu/ jaunty multiverse 
deb http://mirrors.163.com/ubuntu/ jaunty-updates multiverse 
deb-src http://mirrors.163.com/ubuntu/ jaunty-updates multiverse

修改完成後重新執行命令更新映象源

root@abd203cd27ba:/# apt-get update

root@abd203cd27ba:/# apt-get -y install openssh-server net-tools

root@abd203cd27ba:/# /etc/init.d/ssh start
* Starting OpenBSD Secure Shell server sshd [ OK ]
root@abd203cd27ba:/# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4107/sshd
tcp 0 0 172.18.0.2:39694 112.124.140.210:80 TIME_WAIT -
tcp6 0 0 :::22 :::* LISTEN 4107/sshd

root@abd203cd27ba:/# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:H1pAsUEB8MBt6IR/cW74rtA+YOlAfcXCHD9Qh8D7ZIU root@abd203cd27ba
The key's randomart image is:
+---[RSA 2048]----+
| ooB=BB=. |
| . +oO+E+. |
| = ..O=. |
| . + = =o |
| . + *S o |
| . +. o+ . |
| +..... . |
| .o. . |
| oo |
+----[SHA256]-----+

執行此命令最主要的原因是獲得/root/.ssh/目錄,並將宿主機目錄的公鑰拷貝至docker容器中

 

root@abd203cd27ba:/# passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

為容器的root使用者設定一個密碼,以便後續將公鑰傳送至容器中

# federico @ linux in ~ [18:54:57]
$ sudo ssh-copy-id -i .ssh/id_rsa.pub 'root@172.18.0.2'

# federico @ linux in ~ [18:55:00] C:1
$ ssh root@172.18.0.2
The authenticity of host '172.18.0.2 (172.18.0.2)' can't be established.
ECDSA key fingerprint is SHA256:w5oT7ToJ13bcE9Aw4vvTk+8luy0xwjKJSaWhxSoHpdg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.18.0.2' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-77-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@abd203cd27ba:~# exit
logout
Connection to 172.18.0.2 closed.

檢視現在全部的容器有哪些

# federico @ linux in ~ [19:10:59]

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
abd203cd27ba ubuntu "/bin/bash" 2 hours ago Exited (0) 16 seconds ago zen_newton

# federico @ linux in ~ [19:11:01]
$ sudo docker commit abd203cd27ba sshd:ubuntu
sha256:9fba48176caa67ca518471adc42bd5a81c197fe1935d2d5e9f87ee4c93e7a42b

# federico @ linux in ~ [19:13:22]
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd ubuntu 9fba48176caa 10 seconds ago 237.7 MB
busybox latest c75bebcdd211 10 days ago 1.106 MB
ubuntu latest ebcd9d4fca80 10 days ago 117.9 MB
centos latest 8140d0c64310 2 weeks ago 192.6 MB
debian latest 3e83c23dba6a 2 weeks ago 123.5 MB
sebp/elk latest b2ead07ab3f2 2 weeks ago 1.028 GB
imagine10255/centos6-lnmp-php56 latest ecc74d703eca 6 months ago 1.314 GB

 

方法二:使用Dockerfile建立

1.建立一個用於存放檔案的目錄

# federico @ linux in ~ [19:13:32]
$ mkdir /docker

2.建立祕鑰認證檔案

/etc/init.d/sshd start

3.編寫Dockerfile檔案

# federico @ linux in /docker [19:21:28]
$ vim Dockerfile

#設定繼承者映象
FROM ubuntu

#提供作者資訊
MAINTAINER power by federico alias Cherry-Linux

#安裝ssh服務,建立家目錄下的.ssh/目錄

RUN apt-get update
RUN apt-get install -y openssh*

RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh

#複製認證檔案到相應位置
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod +x /run.sh

#開放埠
EXPOSE 22

#設定自啟動命令
CMD ["/run.sh"]

4.使用docker build命令建立映象

# federico @ linux in /docker [19:33:24]
$ sudo docker build -t sshd2:Dockerfile .
Sending build context to Docker daemon 4.096 kB
Step 1 : FROM ubuntu
---> ebcd9d4fca80
Step 2 : MAINTAINER power by federico alias Cherry-Linux
---> Using cache
---> 2243dba5ba70
Step 3 : RUN apt-get update
---> Running in 6385736ad1c2

Step 4 : RUN apt-get install -y openssh*

---> c5b63d986111
Removing intermediate container b88f987e6fde
Step 5 : RUN mkdir -p /root/.ssh
---> Running in 16ed5ee43a7c
---> 66636edc4fb4
Removing intermediate container 16ed5ee43a7c
Step 6 : ADD authorized_keys /root/.ssh/authorized_keys
---> 681bf8375628
Removing intermediate container 21dd4d37eee0
Step 7 : ADD run.sh /run.sh
---> 42c23400c4a5
Removing intermediate container 09b3bb6c8e9f
Step 8 : RUN chmod +x /run.sh
---> Running in 2cb780d1f14e
---> 21e21eb246cf
Removing intermediate container 2cb780d1f14e
Step 9 : EXPOSE 22
---> Running in 3b32b675a200
---> 1bb5c27e816f
Removing intermediate container 3b32b675a200
Step 10 : CMD /run.sh
---> Running in e44cf1820460
---> fc6b80bd42a6
Removing intermediate container e44cf1820460
Successfully built fc6b80bd42a6

至此我們可以發現映象建立完成,進入最後測試階段。

# federico @ linux in /docker [19:39:20]
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sshd2 Dockerfile fc6b80bd42a6 2 minutes ago 220.7 MB
sshd ubuntu 9fba48176caa 28 minutes ago 237.7 MB
busybox latest c75bebcdd211 10 days ago 1.106 MB
ubuntu latest ebcd9d4fca80 10 days ago 117.9 MB
centos latest 8140d0c64310 2 weeks ago 192.6 MB
debian latest 3e83c23dba6a 2 weeks ago 123.5 MB
sebp/elk latest b2ead07ab3f2 2 weeks ago 1.028 GB
imagine10255/centos6-lnmp-php56 latest ecc74d703eca 6 months ago 1.314 GB

# federico @ linux in /docker [19:42:04] C:125
$ sudo docker run -it fc6b80bd42a6 /bin/bash
root@e588e3b7e945:/#

# federico @ linux in ~ [19:48:47]
$ ssh root@172.18.0.2
The authenticity of host '172.18.0.2 (172.18.0.2)' can't be established.
ECDSA key fingerprint is SHA256:RBYwayfq9WxEGLfOAwS/ze5Gw+4qk6NWQLOjo25jKgc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.18.0.2' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-77-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@e588e3b7e945:~#

測試成功

注意:在使用dockerfile建立映象時,我將第一個docker容器關閉了,致使我的第二個docker容器的ip佔用了第一個容器的ip也就是172.18.0.2,但是因為我設定過172.18.0.2的ssh祕鑰登入所以會出現另一種報警,報警的原因和解決措施請看筆者的另外一篇部落格http://www.cnblogs.com/Cherry-Linux/p/6910081.html

結束語:背景顏色為紅色的字型是輸入命令,背景顏色為藍色的字型為輸出資訊,背景顏色為橘黃色的字型為指令碼命令

               本人新手,對技術時刻保持著敬畏之心,如有錯誤望有志之士告知,不勝感激!!!

 

相關文章