前面使用 commit 的方式, 制作一个 docker 镜像, 本次介绍使用 Dockerfile 制作一个 dockers 镜像
- [[email protected] ~]# mkdir /openssh
- [[email protected] ~]# cd /openssh
- [[email protected] openssh]# cp /etc/SSH/ssh_host_ecdsa_key /etc/SSH/ssh_host_ed25519_key /etc/SSH/ssh_host_rsa_key .
- [[email protected] openssh]# ll
- -rw-r----- 1 root root 227 Dec 31 13:13 ssh_host_ecdsa_key
- -rw-r----- 1 root root 387 Dec 31 13:13 ssh_host_ed25519_key
- -rw-r----- 1 root root 1679 Dec 31 13:13 ssh_host_rsa_key
1 编辑 Dockerfile 文件
- [[email protected] openssh]# VIM Dockerfile
- FROM CentOS:7
- LABEL darren [email protected]
- RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && SSH-keygen -q -t rsa -b 2048 -f /etc/SSH/ssh_host_rsa_key -N ''&& SSH-keygen -q -t ecdsa -f /etc/SSH/ssh_host_ecdsa_key -N'' && SSH-keygen -t dsa -f /etc/SSH/ssh_host_ed25519_key -N ''
- ADD ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key
- ADD ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
- ADD ssh_host_rsa_key /tmp/ssh_host_rsa_key
- CMD ["/usr/sbin/sshd", "-D"]
FROM 表示下载基本镜像
RUN 表示要执行的动作, 相当于执行脚本, 执行的是 / bin/sh -c *** 的动作
ADD 表示复制文件
CMD 表示执行一个命令
2 使用 docker build 构建镜像
- [[email protected] openssh]# docker build -t openssh:v1.3 .
- Sending build context to Docker daemon 7.168kB
- Step 1/7 : FROM CentOS:7
- ---> 5e35e350aded
- Step 2/7 : LABEL darren [email protected]
- ---> Running in e4326a6f6000
- Removing intermediate container e4326a6f6000
- ---> eb19f72c1afd
- Step 3/7 : RUN yum -y install openssh-server && useradd natash && echo "redhat"|passwd --stdin natash && echo "redhat"|passwd --stdin root && SSH-keygen -q -t rsa -b 2048 -f /etc/SSH/ssh_host_rsa_key -N ''&& SSH-keygen -q -t ecdsa -f /etc/SSH/ssh_host_ecdsa_key -N'' && SSH-keygen -t dsa -f /etc/SSH/ssh_host_ed25519_key -N ''
- ---> Running in 41b40d14da2d
- Loaded plugins: fastestmirror, ovl
- Determining fastest mirrors
- * base: mirror.pregi.NET
- * extras: mirror.pregi.NET
- * updates: mirror.pregi.NET
- Resolving Dependencies
- --> Running transaction check
- ---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be installed
- --> Processing Dependency: openssh = 7.4p1-21.el7 for package: openssh-server-7.4p1-21.el7.x86_64
- --> Processing Dependency: fipscheck-lib(x86-64)>= 1.3.0 for package: openssh-server-7.4p1-21.el7.x86_64
- --> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64
- --> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64
- --> Running transaction check
- ---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed
- --> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64
- ---> Package openssh.x86_64 0:7.4p1-21.el7 will be installed
- ---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
- --> Running transaction check
- ---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed
- --> Finished Dependency Resolution
- Dependencies Resolved
- ================================================================================
- Package Arch Version Repository Size
- ================================================================================
- Installing:
- openssh-server x86_64 7.4p1-21.el7 base 459 k
- Installing for dependencies:
- fipscheck x86_64 1.4.1-6.el7 base 21 k
- fipscheck-lib x86_64 1.4.1-6.el7 base 11 k
- openssh x86_64 7.4p1-21.el7 base 510 k
- tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k
- Transaction Summary
- ================================================================================
- Install 1 Package (+4 Dependent packages)
- Total download size: 1.0 M
- Installed size: 3.0 M
- Downloading packages:
- warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-1.4.1-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
- Public key for fipscheck-1.4.1-6.el7.x86_64.rpm is not installed
- --------------------------------------------------------------------------------
- Total 446 kB/s | 1.0 MB 00:02
- Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- Importing GPG key 0xF4A80EB5:
- Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>"
- Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
- Package : CentOS-release-7-7.1908.0.el7.CentOS.x86_64 (@CentOS)
- From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
- Running transaction check
- Running transaction test
- Transaction test succeeded
- Running transaction
- Installing : fipscheck-1.4.1-6.el7.x86_64 1/5
- Installing : fipscheck-lib-1.4.1-6.el7.x86_64 2/5
- Installing : openssh-7.4p1-21.el7.x86_64 3/5
- Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/5
- Installing : openssh-server-7.4p1-21.el7.x86_64 5/5
- Verifying : fipscheck-lib-1.4.1-6.el7.x86_64 1/5
- Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 2/5
- Verifying : fipscheck-1.4.1-6.el7.x86_64 3/5
- Verifying : openssh-7.4p1-21.el7.x86_64 4/5
- Verifying : openssh-server-7.4p1-21.el7.x86_64 5/5
- Installed:
- openssh-server.x86_64 0:7.4p1-21.el7
- Dependency Installed:
- fipscheck.x86_64 0:1.4.1-6.el7 fipscheck-lib.x86_64 0:1.4.1-6.el7
- openssh.x86_64 0:7.4p1-21.el7 tcp_wrappers-libs.x86_64 0:7.6-77.el7
- Complete!
- Changing password for user natash.
- passwd: all authentication tokens updated successfully.
- Changing password for user root.
- passwd: all authentication tokens updated successfully.
- Generating public/private dsa key pair.
- Your identification has been saved in /etc/SSH/ssh_host_ed25519_key.
- Your public key has been saved in /etc/SSH/ssh_host_ed25519_key.pub.
- The key fingerprint is:
- SHA256:7LIsGt0osRc9JoEYjake8YD1pTcynqoUbep/IK7T2Xs [email protected]
- The key's randomart image is:
- +---[DSA 1024]----+
- |o=. . |
- |+=.o o |
- |o = * o |
- |...o B o |
- |..oo= + S |
- | o+* * o |
- |.+*o= o . |
- |+oo+ooEo |
- |+oooo+o |
- +----[SHA256]-----+
- Removing intermediate container 41b40d14da2d
- ---> 2be613021085
- Step 4/7 : ADD ssh_host_ecdsa_key /tmp/ssh_host_ecdsa_key
- ---> c64f7dcda4c1
- Step 5/7 : ADD ssh_host_ed25519_key /tmp/ssh_host_ed25519_key
- ---> 86e57a7a4313
- Step 6/7 : ADD ssh_host_rsa_key /tmp/ssh_host_rsa_key
- ---> 2412a6e26b9c
- Step 7/7 : CMD ["/usr/sbin/sshd", "-D"]
- ---> Running in e3e2df3ee1c8
- Removing intermediate container e3e2df3ee1c8
- ---> 0244c59bf444
- Successfully built 0244c59bf444
- Successfully tagged openssh:v1.3
每一个 step 都会生成一个镜像层
在生成镜像层后, docker 会自动识别, 看是否有必要存在这个镜像层, 如果没有必要, 就会删除这个镜像层, 如第二步:
- Step 2/7 : LABEL darren [email protected]
- ---> Running in e4326a6f6000
- Removing intermediate container e4326a6f6000
3 查看镜像
发现新的镜像 openssh:v1.3
- [[email protected] openssh]# docker image ls
- REPOSITORY TAG IMAGE ID CREATED SIZE
- openssh v1.3 0244c59bf444 42 seconds ago 306MB
- openssh v1.2 c399a750ed03 2 hours ago 361MB
- openssh v1.0 d98ba06569f3 2 hours ago 361MB
- nginx latest f7bb5701a33c 3 days ago 126MB
- busybox latest 6d5fcfe5ff17 4 days ago 1.22MB
- hub.darren.com/library/alpine 3.7 cc0abc535e36 7 days ago 5.59MB
- CentOS 7 5e35e350aded 7 weeks ago 203MB
4 运行一个容器
- [[email protected] openssh]# docker run -d openssh:v1.3
- fd2c629a2b3c067ecfa6ff601bf5a158f16087d40b16487e514688a125ab8f70
- [[email protected] openssh]# docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- fd2c629a2b3c openssh:v1.3 "/usr/sbin/sshd -D" 13 seconds ago Up 13 seconds
5 测试容器, 检查镜像是否达到要求
- [[email protected] openssh]# docker inspect fd2c629a2b3c |grep IP
- "LinkLocalIPv6Address": "",
- "LinkLocalIPv6PrefixLen": 0,
- "SecondaryIPAddresses": null,
- "SecondaryIPv6Addresses": null,
- "GlobalIPv6Address": "",
- "GlobalIPv6PrefixLen": 0,
- "IPAddress": "192.168.0.2",
- "IPPrefixLen": 24,
- "IPv6Gateway": "",
- "IPAMConfig": null,
- "IPAddress": "192.168.0.2",
- "IPPrefixLen": 24,
- "IPv6Gateway": "",
- "GlobalIPv6Address": "",
- "GlobalIPv6PrefixLen": 0,
SSH 连接, 测试 openssh, 并查看 copy 的文件
- [[email protected] openssh]# SSH [email protected]
- The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.
- ECDSA key fingerprint is SHA256:j3tvwS9TpQzJVj3QN+SLescO3vpSiiT18bA1e12ZR+M.
- ECDSA key fingerprint is MD5:5c:cc:e9:cf:3d:b7:9c:d3:fe:93:50:b6:0f:f6:27:40.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '192.168.0.2' (ECDSA) to the list of known hosts.
- [email protected]192.168.0.2's password:
- [[email protected] ~]# ll /tmp/SSH*
- -rw-r----- 1 root root 227 Dec 31 18:13 /tmp/ssh_host_ecdsa_key
- -rw-r----- 1 root root 387 Dec 31 18:13 /tmp/ssh_host_ed25519_key
- -rw-r----- 1 root root 1679 Dec 31 18:13 /tmp/ssh_host_rsa_key
- [[email protected] ~]# exit
- logout
- Connection to 192.168.0.2 closed.
- [[email protected] openssh]# SSH [email protected]
- [email protected]192.168.0.2's password:
- [[email protected] ~]$ exit
- logout
- Connection to 192.168.0.2 closed.
说明镜像制作完成, 后续在研究学习关于 Dockerfile 的语法
博主声明: 本文的内容来源主要来自誉天教育晏威老师, 由本人实验完成操作验证, 需要的博友请联系誉天教育 (http://www.yutianedu.com/), 获得官方同意或者晏老师(https://www.cnblogs.com/breezey/) 本人同意即可转载, 谢谢!
来源: http://www.bubuko.com/infodetail-3362895.html