002-Docker中安装Docker并脱离宿主机直接XShell通过SSH连接容器
想法
个人一直比较喜欢干净整洁的环境,所以对于开发和测试时,搞的乱糟糟的环境,总是感到很头疼。当使用Docker第一天起,就有心通过Docker来拯救这个凌乱的世界。于是终于经过一段时间的学习,初步能实现自己的想法了。
实现的思路其实很简单,就是在CentOS虚拟机上安装Docker,然后Docker运行一个CentOS容器,这个容器能实现几乎宿主机上的所有功能,同时,能通过外部直接访问,而不需要先连到宿主机,再在宿主机中访问容器;
条件
需要具备以下几个点:
1,开机启动;
其实正常服务器不会总是重启,但是用于开发的服务器,总是需要在每天下班时关机断电。那么第二天启动后,真机->虚拟机->Docker服务->CentOS容器一连串,要实现自动启动,这是必要的;
2,具备系统级的能力;
其实,主要是systemctl命令,能同宿主机一样,可以启动和关闭一些服务,从而不必受权限的限制,这样的话,在CentOS容器中,就又可以安装Docker和其它一系列软件了,这样使用起来就和一台虚拟机的效果很接近;
3,可以直接连接进入;
就是可以在真机网络环境中,通过XShell直接远程连接到CentOS容器中;
实现
# 创建具备SSH 能力的 Dockerfile
FROM centos:7
MAINTAINER tzl<451508260@qq.com>
RUN yum -y install openssh-server
RUN mkdir /var/run/sshd
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN /bin/echo 'root:123456'|chpasswd
RUN /bin/sed -i 's/.session.required.pam_loginuid.so./session optional pam_loginuid.so/g' /etc/pam.d/sshd
RUN /bin/echo -e "LANG="en_US.UTF-8"" > /etc/default/local
EXPOSE 22
CMD /usr/sbin/sshd -D
# 编译生成镜像 [root@localhost centos_ssh]# docker build -t centos-ssh:1.0 . Sending build context to Docker daemon 2.048kB Step 1/11 : FROM centos:7 ---> eeb6ee3f44bd Step 2/11 : MAINTAINER tzl<451508260@qq.com> ---> Running in bb23c2ef6941 Removing intermediate container bb23c2ef6941 ---> d1763a9be7af Step 3/11 : RUN yum -y install openssh-server ---> Running in 5864247b2412 Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: mirrors.huaweicloud.com * extras: mirrors.bfsu.edu.cn * updates: mirrors.huaweicloud.com Resolving Dependencies --> Running transaction check ---> Package openssh-server.x86_64 0:7.4p1-22.el7_9 will be installed --> Processing Dependency: openssh = 7.4p1-22.el7_9 for package: openssh-server-7.4p1-22.el7_9.x86_64 --> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-7.4p1-22.el7_9.x86_64 --> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-22.el7_9.x86_64 --> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-7.4p1-22.el7_9.x86_64 --> Running transaction check ---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed --> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64 ---> Package openssh.x86_64 0:7.4p1-22.el7_9 will be installed ---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed --> Running transaction check ---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: openssh-server x86_64 7.4p1-22.el7_9 updates 459 k Installing for dependencies: fipscheck x86_64 1.4.1-6.el7 base 21 k fipscheck-lib x86_64 1.4.1-6.el7 base 11 k openssh x86_64 7.4p1-22.el7_9 updates 510 k tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k Transaction Summary ================================================================================ Install 1 Package (+4 Dependent packages) Total download size: 1.0 M Installed size: 3.0 M Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-lib-1.4.1-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOK Public key for fipscheck-lib-1.4.1-6.el7.x86_64.rpm is not installed Public key for openssh-server-7.4p1-22.el7_9.x86_64.rpm is not installed -------------------------------------------------------------------------------- Total 1.0 MB/s | 1.0 MB 00:01 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-9.2009.0.el7.centos.x86_64 (@CentOS) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : fipscheck-lib-1.4.1-6.el7.x86_64 1/5 Installing : fipscheck-1.4.1-6.el7.x86_64 2/5 Installing : openssh-7.4p1-22.el7_9.x86_64 3/5 Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/5 Installing : openssh-server-7.4p1-22.el7_9.x86_64 5/5 Verifying : openssh-server-7.4p1-22.el7_9.x86_64 1/5 Verifying : openssh-7.4p1-22.el7_9.x86_64 2/5 Verifying : fipscheck-1.4.1-6.el7.x86_64 3/5 Verifying : fipscheck-lib-1.4.1-6.el7.x86_64 4/5 Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 5/5 Installed: openssh-server.x86_64 0:7.4p1-22.el7_9 Dependency Installed: fipscheck.x86_64 0:1.4.1-6.el7 fipscheck-lib.x86_64 0:1.4.1-6.el7 openssh.x86_64 0:7.4p1-22.el7_9 tcp_wrappers-libs.x86_64 0:7.6-77.el7 Complete! Removing intermediate container 5864247b2412 ---> fbaa79795fbd Step 4/11 : RUN mkdir /var/run/sshd ---> Running in 9d4036e09f51 Removing intermediate container 9d4036e09f51 ---> 00753a73a687 Step 5/11 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key ---> Running in e16e8cfcbf4f Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private rsa key pair. Your identification has been saved in /etc/ssh/ssh_host_rsa_key. Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: SHA256:LCOleLfdRLmWfXfty2zRP+z9KBxnSjoYa3WxC/BSTdI root@e16e8cfcbf4f The key's randomart image is: +---[RSA 2048]----+ | . | | ..E | | . o+ | | . o ....+o .| | . + + S+= .o. =| | . o =o++ =.o+o| | . .*.* *. +| | + o = o=+| | . . .+==| +----[SHA256]-----+ Removing intermediate container e16e8cfcbf4f ---> 4fc4ce473817 Step 6/11 : RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key ---> Running in bc04a9acf10a Enter passphrase (empty for no passphrase): Enter same passphrase again: Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_dsa_key. Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: SHA256:gOWyFFfv/yXaMgnExVrywyT9qtgWRzBhdO3KZgnLbcQ root@bc04a9acf10a The key's randomart image is: +---[DSA 1024]----+ | . o...++.. | | * o=.* . | | + o ..& o | | . o . .= E o | | . So.B = | | =.@ | | o O... .| | . + ++ o | | . .oo | +----[SHA256]-----+ Removing intermediate container bc04a9acf10a ---> da7e59285a4d Step 7/11 : RUN /bin/echo 'root:123456'|chpasswd ---> Running in 7b1d840be09e Removing intermediate container 7b1d840be09e ---> 08eab6b1a6f8 Step 8/11 : RUN /bin/sed -i 's/.session.required.pam_loginuid.so./session optional pam_loginuid.so/g' /etc/pam.d/sshd ---> Running in 85405acfc74d Removing intermediate container 85405acfc74d ---> 697ad3c66ef7 Step 9/11 : RUN /bin/echo -e "LANG="en_US.UTF-8"" > /etc/default/local ---> Running in 5df3be7d49d6 Removing intermediate container 5df3be7d49d6 ---> 99cece032559 Step 10/11 : EXPOSE 22 ---> Running in 27aecbf966b8 Removing intermediate container 27aecbf966b8 ---> ef6fc95c08e4 Step 11/11 : CMD /usr/sbin/sshd -D ---> Running in d438f5213a9b Removing intermediate container d438f5213a9b ---> 3878b8d14b0f Successfully built 3878b8d14b0f Successfully tagged centos-ssh:1.0
# 运行容器 [root@localhost centos_ssh]# docker run -itd --name centos7-ssh-001 -v /home/docker_data/centos7-ssh-001:/home -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 8022:22 --privileged=true --restart always centos-ssh:1.0 /usr/sbin/init 2f5516759810ac820963e109088d215dd625c1a8e154d476b424cb4ff0cb634a # 解释一下含义 -itd 启动交互式运行,不进入前台命令 --name 指定容器名称 -v 第一个是将容器中的/home目录挂载出来, 第二个是设置系统文件的挂载,这个是容器中可以使用systemctl的一个要素
-p 指定映射端口,容器中的一般都是22,外面的可以随意指定 --privileged 开启特权,systemctl要素之一
--restart 自启动 /usr/sbin/init 执行的命令行也是systemctl要素之一
# 宿主机防火墙对外开放8022端口,当然,如果防火墙已关闭,则路过此步骤 firewall-cmd --permanent --add-port=8022/tcp
# 通过XShell连接容器,根据Dockerfile文件中定义的用户名是 root 密码是 123456
验证
文件挂载没问题
开机重启没问题
验证权限
