docker实践之创建支持ssh服务的镜像

一、创建支持ssh服务的镜像

此文章绝对干货，以下操作运行在centos 6。

1、基于commit命令创建

1)、首先，使用ubuntu:14.04 镜像来创建一个容器
docker run -ti ubuntu:14.04 /bin/bash

2)、安装和配置ssh服务
#配置软件源
apt-get update

#安装sshd
apt-get install openssh-server

#启动sshd服务
mkdir -p /var/run/sshd
/usr/sbin/sshd -D &

#检查是否启动22端口
netstat -ntlp 

#修改ssh服务的安全登录配置，取消pam登录限制
sed -ri 's/session required pan_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd

#在root用户目录下创建.ssh目录，并复制需要登录的公钥信息(一般为本地主机用户目录下的.ssh/id_rsa.pub ,文件) ,到/root/.ssh/authorized_keys 文件中
mkdir /root/.ssh
echo "xxxx" >> /root/.ssh/authorized_keys 

#创建自动启动ssh服务的可执行文件run.sh,并添加可执行权限
root@f0bc7fa7aeb0:/# cat /run.sh
#!/bin/bash
/usr/sbin/sshd -D

root@f0bc7fa7aeb0:/#  chmod +x run.sh

最后，退出容器

3)、保存镜像
将所退出的容器用docker commit 命令保存为一个新的sshd:ubuntu镜像
[root@localhost ~]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
sshd                        ubuntu              8c866267f9b1        16 minutes ago      296.9 MB
centos                      centos6             4d1ef3af92e1        10 days ago         193.9 MB
busybox                     latest              68fa51fae498        2 weeks ago         1.163 MB
nginx                       latest              7b2ec12a5042        3 weeks ago         109 MB
rethinkdb                   latest              cfb4b2f7eb7d        4 weeks ago         182.1 MB
ubuntu                      14.04               daacb541d219        4 weeks ago         188 MB

#commit 后面跟着容器id
docker commit f0bc7fa7aeb0 sshd:ubuntu

4)、使用镜像
docker run -p 10022:22 -d sshd:ubuntu /run.sh
启动成功后，查看容器运行的详细信息
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                     NAMES
84262296b599        sshd:ubuntu         "/run.sh"              17 minutes ago      Up 17 minutes       0.0.0.0:10022->22/tcp     desperate_yalow     
f0bc7fa7aeb0        ubuntu:14.04        "/bin/bash"            49 minutes ago      Up 8 minutes                                  silly_sinoussi      

5)、测试，在宿主机或者其他主机上，可以通过ssh访问10022端口来登录容器

[root@localhost ~]# ssh 192.168.1.189 -p 10022
The authenticity of host '[192.168.1.189]:10022 ([192.168.1.189]:10022)' can't be established.
RSA key fingerprint is 2e:f9:28:74:92:88:84:14:00:fd:a2:dc:37:e3:33:fe.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.1.189]:10022' (RSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-128-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@84262296b599:~# ls

 

2、基于dockerfile创建。当其他镜像的创建依赖这个镜像。需要在脚本里面再次写入启动ssh命令。

1)、创建工作目录
mkdir sshd_ubuntu
cd sshd_ubuntu
touch Dockerfile  run.sh

[root@localhost sshd_ubuntu]# cat run.sh 
#!/bin/bash
/usr/sbin/sshd -D

cat /root/.ssh/id_rsa.pub >authorized_keys

2)、编写Dockerfile (由于版本问题，中途update会报错，这里选择忽略继续)
FROM ubuntu:14.04
MAINTAINER zengxy 1264983873@qq.com
RUN apt-get update || apt-get install -y openssh-server || echo 'have igone'
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
RUN sed -ri 's/session required pan_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
ADD authorized_keys /root/.ssh/authorized_keys 
ADD run.sh /run.sh
RUN chmod +x /run.sh
EXPOSE 22
CMD ["/run.sh"]

3)、创建镜像
docker build -t sshd:dockerfile .

4)、创建容器，映射端口
docker run -p 10023:22 -d sshd:dockerfile /run.sh
[root@localhost sshd_ubuntu]# docker ps -l
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                   NAMES
4dd5aebdc12a        sshd:dockerfile     "/run.sh"           6 minutes ago       Up 6 minutes        0.0.0.0:10023->22/tcp   stupefied_goodall

5)、连接容器测试
ssh 192.168.1.189 -p 10023