• 欢迎访问蜷缩的蜗牛博客 蜷缩的蜗牛
  • 微信搜索: 蜷缩的蜗牛 | 联系站长 kbsonlong@qq.com
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏吧

Docker 定制ssh、java、supervisor等基础服务镜像

Docker 蜷缩的蜗牛 2年前 (2017-04-17) 103次浏览 已收录 0个评论

1、启动一个基于 centos 镜像的容器

# docker run –p 10022:22  -ti centos bash
[root@f743588bbeef /]#

-p 是为了等会启动 ssh 后测试能否正常登陆

 

2、在容器中安装 openssh-server、java 等

[root@f743588bbeef /]# yum install -y -q openssh-server java-1.7.0-openjdk net-tools

 

3、修改 sshd_config 配置文件

[root@f743588bbeef /]# ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' 
[root@f743588bbeef /]# ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' 
[root@f743588bbeef /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key  -N ''  
[root@f743588bbeef /]# sed -i "s/UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config 
[root@f743588bbeef /]# sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config

 

4、修改 root 密码

[root@f743588bbeef /]# echo 'root:root' |chpasswd

 

5、启动 openssh 服务

[root@f743588bbeef /]# /usr/sbin/sshd
[root@f743588bbeef /]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1/sshd              
tcp6       0      0 :::22

 

6、测试是否能登陆容器

# ssh -p 10022 192.168.62.200
The authenticity of host '[192.168.62.200]:10022 ([192.168.62.200]:10022)' can't be established.
ECDSA key fingerprint is 7d:d5:8a:ea:5a:92:9e:3d:92:fe:dd:78:56:c2:d9:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.62.200]:10022' (ECDSA) to the list of known hosts.
root@192.168.62.200's password: 
[root@f743588bbeef ~]#

 

7、使用 commit 提交刚刚在容器内的所有操作

# docker commit f743588bbeef docker-ssh
sha256:4d8d27a47d3fd2750cde8f5d0ead3af6f90dd972969a3dca369b52d1e6130085
# docker images
REPOSITORY                          TAG                 IMAGE ID            CREATED             SIZE
docker-ssh                          latest              4d8d27a47d3f        7 seconds ago       192 MB

 

8、可以看到镜像列表中存在一个 docker-ssh 的镜像

# docker run -d --name docker-ssh -p 10022:22 docker-ssh
d986e0bdc2b1072b39248a691ba73f6b297842373ca7a55457f3cd8d7fa5c435

# docker ps -a
CONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS                      PORTS                                            NAMES
d986e0bdc2b1        docker-ssh                 "/usr/sbin/sshd -D"      3 seconds ago       Up 3 seconds                0.0.0.0:10022->22/tcp                            docker-ssh

# ssh -p 10022 192.168.62.200
The authenticity of host '[192.168.62.200]:10022 ([192.168.62.200]:10022)' can't be established.
ECDSA key fingerprint is 7d:d5:8a:ea:5a:92:9e:3d:92:fe:dd:78:56:c2:d9:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.62.200]:10022' (ECDSA) to the list of known hosts.
root@192.168.62.200's password: 
[root@d986e0bdc2b1 ~]#

 

二、用 Dockerfile 来定制

mkdir supervisor-ssh   ##创建一个空目录

cd supervisor-ssh && vim Dockerfile

FROM centos
MAINTAINER <Email:kbsonlong@gmail.com Blog:www.along.party>
RUN yum install -y -q openssh-server net-tools python-setuptools && easy_install supervisor 
RUN ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' 
RUN ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' 
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key  -N ''  
RUN sed -i "s/UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config 
RUN sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config  
RUN echo 'root:along.party' |chpasswd 
RUN echo_supervisord_conf |grep -v '^;' | sed -e '/^$/d' | sed  's/nodaemon=false/nodaemon=true/g'  > /etc/supervisord.conf
RUN echo -e "\n[program:sshd]\ncommand=/usr/sbin/sshd -D" >>/etc/supervisord.conf
EXPOSE 22
CMD ["/usr/bin/supervisord"]

 

FROM、RUN、EXPOSE、CMD、MAINTAINER 都是 Dockerfile 的指令,Dockerfile 指令更多详细介绍

FROM:指定基于哪个基础镜像

MAINTAINER : 维护者的信息

RUN: 在 shell 终端执行的命令

EXPOSE: 对外提供的端口

CMD: 启动容器是执行的命令,每个 Dockerfile 只能有一条 CMD 指令,如果存在多条,则执行最后一条。

 

构建镜像

#docker build -t supervisor-ssh  .

 

查看构建的镜像

docker images|grep supervisor-ssh
supervisor-ssh                            latest               71fc498380f5        25 minutes ago      282 MB

 

使用镜像启动

# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
811d3416bfd8        supervisor-ssh      "/usr/bin/supervisord"   8 minutes ago       Up 8 minutes        0.0.0.0:10022->22/tcp    ssh
# ssh -p 32778 192.168.62.200
The authenticity of host '[192.168.62.200]:32778 ([192.168.62.200]:32778)' can't be established.
ECDSA key fingerprint is 7d:d5:8a:ea:5a:92:9e:3d:92:fe:dd:78:56:c2:d9:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.62.200]:32778' (ECDSA) to the list of known hosts.
root@192.168.62.200's password: 
[root@811d3416bfd8 ~]#

蜷缩的蜗牛 , 版权所有丨如未注明 , 均为原创丨 转载请注明Docker 定制 ssh、java、supervisor 等基础服务镜像
喜欢 (0)
[]
分享 (0)

您必须 登录 才能发表评论!