一、需求
由于在测试环境中使用了 docker 官网的 centos 镜像,但是该镜像里面默认没有安装 ssh 服务,在做测试时又需要开启 ssh。所以上网也查了查资料。下面详细的纪录下。在 centos 容器内安装 ssh 后,转成新的镜像用于后期测试使用。
二、镜像定制
第一种方式(手动修改容器镜像)
1. 先下载 centos 镜像
- [root@docker~]#docker pull centos
2. 启动容器并进行配置
启动容器,
- [root@docker~]#docker run - it - d--name test - centos1 centos d72250ecaa5e3e36226a1edd749f494d9f00eddc4143c81ac3565aa4e551791a
命令注释:-it : 进行交互式操作
-d : 等同于 -d=true, 容器将会在后台运行,不然执行一次命令后,退出后,便是 exit 状态了。
--name : 容器启动后的名字,默认不指定,将会随机产生一个名字。或者使用 -name="containers_name"
centos:使用的镜像名称
进入容器,安装 ssh server,以及配置开机启动
- [root@docker~]#docker exec - it test - centos1 / bin / bash[root@d72250ecaa5e / ]#ifconfig bash: ifconfig: command not found
我们检查了下容器,暂时安装以下必用的软件吧 net-tools,openssh-server
- [root@d72250ecaa5e / ]#yum install openssh - server net - tools - y
创建 ssh 所需的目录,并在根目录创建 sshd 启动脚本
- [root@d72250ecaa5e / ]#mkdir - pv /
- var / run / sshd mkdir: created directory '/var/run/sshd'
- [root@d72250ecaa5e / ]#cat / auto_sshd.sh# ! /bin/bash / usr / sbin / sshd - D[root@d72250ecaa5e / ]#chmod + x / auto_sshd.sh
修改容器内 root 的账户密码
- [root@d72250ecaa5e / ]#echo "root:iloveworld" | chpasswd
生成 ssh 主机 dsa 密钥(不然 ssh 该容器时,会出现错误。)
- [root@d72250ecaa5e / ]#ssh - keygen - t dsa - f / etc / ssh / ssh_host_dsa_key[root@d72250ecaa5e / ]#ssh - keygen - t rsa - f / etc / ssh / ssh_host_rsa_key
我们加一个 history 记录的时间功能吧,这样方便后期查看
- echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile
OK,配置基本完毕咯。清理命令历史纪录,之后退出容器。现在可以生成一个新的 docker 镜像了。
3. 配置完成后,进行打包成新的镜像
- [root@docker~]#docker commit test - centos1 centos_sshd: 7.0 sha256: 6e3330b30dfff5f029f102874e54cfffffbc37dcf2a4eb7304c817148fbc944d
- [root@docker~]#docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos_sshd 7.0 6e3330b30dff 8 seconds ago 310.1 MB docker.io / ubuntu latest e4415b714b62 12 days ago 128.1 MB
命令注释:commit: 提交一个具有新配置的容器成为镜像,后面跟容器的 name 或者容器 Id ,最后是生成新镜像的名字
更新:这条命令更方便以后启动,如下:
- [root@docker~]#docker commit--change = 'CMD ["/auto_sshd.sh"]' - c "EXPOSE 22"test - centos1 centos_sshd: 7.0 sha256: 7bb4efd82c4ff1f241cbc57ee45aab1b05d214b1e9fcd51196696c67d480e70b
命令注释: --change : 将后期使用此镜像运行容器时的命令参数、开放的容器端口提前设置好。
4. 验证
查看镜像,并启动新的容器
- [root@docker~]#docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos_sshd 7.0 7bb4efd82c4f 4 minutes ago 310.1 MB docker.io / ubuntu latest e4415b714b62 12 days ago 128.1 MB[root@docker~]#docker run - d - it--name centos_7.0 - 1 centos_sshd: 7.0 ec17e553d5c4c60865afeb99df8dfd1f4e7d4ba6e1b0d5516f9127f09d1d6356[root@docker~]#docker ps - a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ec17e553d5c4 centos_sshd: 7.0 "/auto_sshd.sh"6 seconds ago Up 5 seconds 22 / tcp centos_7.0 - 1
进行 ssh 测试,先查看一下该容器的 ip,之后 ssh。ok
- [root@docker~]#docker exec centos_7.0 - 1 hostname - i 172.17.0.4[root@docker~]#ssh root@172.17.0.4 The authenticity of host '172.17.0.4 (172.17.0.4)'can 't be established.
- RSA key fingerprint is 87:88:07:12:ac:0a:90:28:10:e1:9e:eb:1f:d6:c9:9d.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '172.17.0.4 ' (RSA) to the list of known hosts.
- root@172.17.0.4's password: Last login: Tue Nov 29 16 : 00 : 49 2016 from gateway[root@ec17e553d5c4~]#w 16 : 34 : 17 up 63 days,
- 7 : 49,
- 1 user,
- load average: 0.00,
- 0.02,
- 0.05 USER TTY FROM LOGIN@IDLE JCPU PCPU WHAT root pts / 0 gateway 16 : 34 1.00s 0.00s 0.00s w[root@ec17e553d5c4~]#ping gateway PING gateway(172.17.0.1) 56(84) bytes of data.64 bytes from gateway(172.17.0.1) : icmp_seq = 1 ttl = 64 time = 0.048 ms
第二种方式(推荐:利用 Dockerfile 文件)
我的认为它就像 ansible 的 playbook 一样。Dockerfile 包含创建镜像所需要的全部指令。基于在 Dockerfile 中的指令,我们可以使用
命令来创建镜像。通过减少镜像和容器的创建过程来简化部署。
- Docker build
1. 创建 Dockerfile 文件
新建一个目录,在里面新建一个 dockerfile 文件(新建一个的目录,主要是为了和以防和其它 dockerfile 混乱 )
- [root@docker~]#mkdir centos7 - dockerfile[root@docker centos7 - dockerfile]#cat Dockerfile#The dockerfile has Change add sshd services on Centos7.0#centos7: latest image FROM centos: latest MAINTAINER Yifeng,
- http: //www.cnblogs.com/hanyifeng
- #Install sshd net - tools RUN yum install openssh - server net - tools - y RUN mkdir /
- var / run / sshd#Set password
- for root RUN echo 'root:iloveworld' | chpasswd RUN sed - i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' / etc / ssh / sshd_config#Set history record ENV HISTTIMEFORMAT "%F %T "#Fix sshd service: Read from socket failed: Connection reset by peer ? RUN ssh - keygen - A#Change timezone CST RUN\cp / usr / share / zoneinfo / Asia / Shanghai / etc / localtime#Open 22 port EXPOSE 22#Auto running sshd service CMD["/usr/sbin/sshd", "-D"]
上述文件内容就是一个 dockerfile 常见的命令组合。开头带#号的为注释
文件解释:
FROM: 必不可少的命令,从某个镜像作为基。如 FROM <image_name> ,或者 FROM <image_name>:<tag>. 如果不加 tag,默认为 latest。先从本地镜像仓库去搜索基镜像,如过本地没有,在去网上 docker registry 去寻找。
MAINTAINER:标明该 Dockerfile 作者及联系方式,可忽略不写
RUN:建立新的镜像时,可以执行在系统里的命令,如安装特定的软件以及设置环境变量。
ENV:设置系统环境变量(注意:写在 / etc/profile 里的命令在 dockerfile 这里会不生效,所以为改成 ENV 的方式)
EXPOSE:开放容器内的端口,但不和宿主机进行映射。方便在宿主机上进行开发测试。(如需映射到宿主机端口,可在运行容器时使用 -p host_port:container_port)
CMD:设置执行的命令,经常用于容器启动时指定的某个操作。如执行自定义脚本服务,或者是执行系统命令。CMD 只能存在一条,如在 Dockerfile 中有多条 CMD 的话,只有最后一条 CMD 生效!
2. 执行 build 创建镜像
使用 docker build 命令来创建镜像
- [root@docker centos7 - dockerfile]#docker build - t centos_sshd_1.
-t 选项来 docker build 新的镜像以便于标记构建的镜像,. 表示当前目录,也可以指定 dockerfile 文件所在目录。
下面缩略的内容是构建镜像时的输出,可以看下。
docker build stdout
- [root@docker centos7 - dockerfile]#docker build - t centos_sshd_1.Sending build context to Docker daemon 4.096 kB Step 1 : FROM centos: latest--->0584b3d2cf6d Step 2 : MAINTAINER Yifeng,
- http: //www.cnblogs.com/hanyifeng
- --->Running in da643b55dc77--->1087074d44e4 Removing intermediate container da643b55dc77 Step 3 : RUN yum install openssh - server net - tools - y--->Running in 5626d8f0f892 Loaded plugins: fastestmirror,
- ovl Determining fastest mirrors * base: mirrors.btte.net * extras: mirrors.tuna.tsinghua.edu.cn * updates: mirrors.btte.net Resolving Dependencies-->Running transaction check--->Package net - tools.x86_64 0 : 2.0 - 0.17.20131004git.el7 will be installed--->Package openssh - server.x86_64 0 : 6.6.1p1 - 25.el7_2 will be installed-->Processing Dependency: openssh = 6.6.1p1 - 25.el7_2
- for package: openssh - server - 6.6.1p1 - 25.el7_2.x86_64-->Processing Dependency: fipscheck - lib(x86 - 64) >= 1.3.0
- for package: openssh - server - 6.6.1p1 - 25.el7_2.x86_64-->Processing Dependency: libwrap.so.0()(64bit) for package: openssh - server - 6.6.1p1 - 25.el7_2.x86_64-->Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh - server - 6.6.1p1 - 25.el7_2.x86_64-->Running transaction check--->Package fipscheck - lib.x86_64 0 : 1.4.1 - 5.el7 will be installed-->Processing Dependency: /usr/bin / fipscheck
- for package: fipscheck - lib - 1.4.1 - 5.el7.x86_64--->Package openssh.x86_64 0 : 6.6.1p1 - 25.el7_2 will be installed--->Package tcp_wrappers - libs.x86_64 0 : 7.6 - 77.el7 will be installed-->Running transaction check--->Package fipscheck.x86_64 0 : 1.4.1 - 5.el7 will be installed-->Finished Dependency Resolution Dependencies Resolved === =============================================================================Package Arch Version Repository Size === =============================================================================Installing: net - tools x86_64 2.0 - 0.17.20131004git.el7 base 304 k openssh - server x86_64 6.6.1p1 - 25.el7_2 updates 436 k Installing
- for dependencies: fipscheck x86_64 1.4.1 - 5.el7 base 21 k fipscheck - lib x86_64 1.4.1 - 5.el7 base 11 k openssh x86_64 6.6.1p1 - 25.el7_2 updates 435 k tcp_wrappers - libs x86_64 7.6 - 77.el7 base 66 k Transaction Summary === =============================================================================Install 2 Packages( + 4 Dependent packages) Total download size: 1.2 M Installed size: 3.4 M Downloading packages: Public key
- for fipscheck - lib - 1.4.1 - 5.el7.x86_64.rpm is not installed warning: /var/cache / yum / x86_64 / 7 / base / packages / fipscheck - lib - 1.4.1 - 5.el7.x86_64.rpm: Header V3 RSA / SHA256 Signature,
- key ID f4a80eb5: NOKEY Public key
- for openssh - 6.6.1p1 - 25.el7_2.x86_64.rpm is not installed--------------------------------------------------------------------------------Total 593 kB / s | 1.2 MB 00 : 02 Retrieving key from file: ///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- Importing GPG key 0xF4A80EB5: Userid: "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package: centos - release - 7 - 2.1511.el7.centos.2.10.x86_64(@CentOS) From: /etc/pki / rpm - gpg / RPM - GPG - KEY - CentOS - 7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing: fipscheck - 1.4.1 - 5.el7.x86_64 1 / 6 Installing: fipscheck - lib - 1.4.1 - 5.el7.x86_64 2 / 6 Installing: openssh - 6.6.1p1 - 25.el7_2.x86_64 3 / 6 Installing: tcp_wrappers - libs - 7.6 - 77.el7.x86_64 4 / 6 Installing: openssh - server - 6.6.1p1 - 25.el7_2.x86_64 5 / 6 Installing: net - tools - 2.0 - 0.17.20131004git.el7.x86_64 6 / 6 Verifying: openssh - 6.6.1p1 - 25.el7_2.x86_64 1 / 6 Verifying: openssh - server - 6.6.1p1 - 25.el7_2.x86_64 2 / 6 Verifying: net - tools - 2.0 - 0.17.20131004git.el7.x86_64 3 / 6 Verifying: tcp_wrappers - libs - 7.6 - 77.el7.x86_64 4 / 6 Verifying: fipscheck - lib - 1.4.1 - 5.el7.x86_64 5 / 6 Verifying: fipscheck - 1.4.1 - 5.el7.x86_64 6 / 6 Installed: net - tools.x86_64 0 : 2.0 - 0.17.20131004git.el7 openssh - server.x86_64 0 : 6.6.1p1 - 25.el7_2 Dependency Installed: fipscheck.x86_64 0 : 1.4.1 - 5.el7 fipscheck - lib.x86_64 0 : 1.4.1 - 5.el7 openssh.x86_64 0 : 6.6.1p1 - 25.el7_2 tcp_wrappers - libs.x86_64 0 : 7.6 - 77.el7 Complete ! --->7b249ed8cb54 Removing intermediate container 5626d8f0f892 Step 4 : RUN mkdir /
- var / run / sshd--->Running in fc94a139d438--->ea2826eccc91 Removing intermediate container fc94a139d438 Step 5 : RUN echo 'root:iloveworld' | chpasswd--->Running in ba53283081a7--->7ce1ddb5d9c0 Removing intermediate container ba53283081a7 Step 6 : RUN sed - i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' / etc / ssh / sshd_config--->Running in 4112281a5bf0--->be21fb6b5b1e Removing intermediate container 4112281a5bf0 Step 7 : ENV HISTTIMEFORMAT "%F %T "--->Running in f2081726e403--->f3fafca42170 Removing intermediate container f2081726e403 Step 8 : RUN ssh - keygen - A--->Running in 2ca9e743dee7 ssh - keygen: generating new host keys: RSA1 RSA DSA ECDSA ED25519--->1a927943bee7 Removing intermediate container 2ca9e743dee7 Step 9 : RUN\cp / usr / share / zoneinfo / Asia / Shanghai / etc / localtime--->Running in afd43cc6d4d6--->4a0cacf6cd72 Removing intermediate container afd43cc6d4d6 Step 10 : EXPOSE 22--->Running in a03551bc3bcb--->3af544106bf4 Removing intermediate container a03551bc3bcb Step 11 : CMD / usr / sbin / sshd - D--->Running in f45fe5eb5561--->d4620c9949b8 Removing intermediate container f45fe5eb5561 Successfully built d4620c9949b8
3. 查看镜像列表,并创建容器
- [root@docker centos7 - dockerfile]#docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos_sshd_1 latest d4620c9949b8 4 minutes ago 308.4 MB centos_sshd 7.0 7bb4efd82c4f 2 days ago 310.1 MB
我们刚刚新建的容器已经存在了,现在用它来创建容器
- [root@docker centos7 - dockerfile]#docker run - d - it--name centos - two centos_sshd_1 7ae51091c138d249b5e97f6957073e748db278c0f1cf856e968ca78a4aec1a5b
- 查看容器 [root@docker centos7 - dockerfile]#docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7ae51091c138 centos_sshd_1 "/usr/sbin/sshd -D"16 seconds ago Up 15 seconds 22 / tcp centos - two
来源: http://www.cnblogs.com/hanyifeng/p/6116067.html