docker--第五节课--综合实验
实验拓扑:
</a>
实验需求:
registry_server和docker宿主机均需安装docker软件包并启动docker服务。
I、搭建私有仓库服务器,为docker主机提供镜像仓库,实现镜像下载与上传功能
一、私有仓库https支持
1.安装依赖软件包
[root@repository ~]# yum -y install pcre-devel zlib-devel openssl openssl-devel
[root@docker ~]# hostname
docker.benet.com
[root@docker ~]#
2.配置SSL
(1) 编辑/etc/hosts,把docker.benet.com的ip地址添加进来
主机名、ip地址:
[root@docker ~]# ifconfig eno16777736
/etc/hosts文件内容:
[root@docker ~]# cat /etc/hosts
(2) 生成根密钥
[root@docker CA]# openssl genrsa -out private/cakey.pem 2048
(3) 生成根证书
[root@docker CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:perma
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:docker.benet.com
Email Address []:
[root@docker CA]#
(4) 为nginx web服务器生成ssl密钥
[root@docker ssl]# openssl genrsa -out nginx.key 2048
(5) 为nginx生成证书签署请求
[root@docker ssl]# openssl req -new -key nginx.key -out nginx.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:perma
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:docker.benet.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@docker ssl]#
(6) 私有CA根据请求来签发证书
[root@docker ssl]# touch /etc/pki/CA/index.txt
[root@docker ssl]# touch /etc/pki/CA/serial
[root@docker ssl]# echo 00 > /etc/pki/CA/serial
[root@docker ssl]# openssl ca -in nginx.csr -out nginx.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 0 (0x0)
Validity
Not Before: Jul 27 14:02:34 2016 GMT
Not After : Jul 27 14:02:34 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = beijing
organizationName = perma
commonName = docker.benet.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
1F:0B:12:9F:A7:E9:C2:23:ED:61:A8:94:28:82:2D:34:13:AE:F4:06
X509v3 Authority Key Identifier:
keyid:DE:3B:A6:10:A0:B7:C9:C7:3A:C4:83:2F:11:1C:89:2D:15:5C:CC:BC
Certificate is to be certified until Jul 27 14:02:34 2017 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
3.安装,配置,运行nginx
(1) 添加组和用户
[root@docker ssl]# groupadd www -g 58
[root@docker ssl]# useradd -u 58 -g www www
(2) 下载nginx源文件:
[root@docker ssl]# wget http://nginx.org/download/nginx-1.11.2.tar.gz
(3) 编译,安装nginx:
[root@docker nginx-1.11.2]# ./configure --user=www --group=www --prefix=/opt/nginx \
> --with-pcre \
> --with-http_stub_status_module \
> --with-http_ssl_module \
> --with-http_addition_module \
> --with-http_realip_module \
> --with-http_flv_module
...//省略
[root@docker nginx-1.11.2]# make && make install
(4) 编辑/opt/nginx/conf/nginx.conf文件
[root@docker ~]# cat /opt/nginx/conf/nginx.conf | grep -v "#" | grep -v "^$"
user www;
worker_processes 4;
events {
worker_connections 4096;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream registry {
server 192.168.142.163:5000;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/ssl/nginx.crt;
ssl_certificate_key /etc/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://registry;
client_max_body_size 3000m;
proxy_set_header Host $host;
proxy_set_header X-Forwad-For $remote_addr;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
(5) 验证配置
[root@docker ssl]# /opt/nginx/sbin/nginx -t
(6) 启动nginx:
[root@docker ~]# /opt/nginx/sbin/nginx
(7) 验证nginx是否启动:
[root@docker ~]# ps -ef | grep -i "nginx"
[root@docker ~]# netstat -anpt | grep nginx
二、配置,运行Docker
1.停止docker
[root@docker ~]# systemctl stop docker
2.编辑/etc/sysconfig/docker文件,加上如下一行
[root@docker ~]# vim /etc/sysconfig/docker
[root@docker ~]# cat /etc/sysconfig/docker
DOCKER_OPTS="--insecure-registry docker.benet.com --tlsverify --tlscacert /etc/pki/CA/cacert.pem"
3.把根证书复制到/etc/docker/certs.d/docker.benet.com/目录下
[root@docker ~]# mkdir -p /etc/docker/certs.d/docker.benet.com
[root@docker ~]# cp /etc/pki/CA/cacert.pem /etc/docker/certs.d/docker.benet.com/ca-certificates.crt
4.启动docker
[root@docker ~]# systemctl start docker
三、运行私有仓库容器
1.通过获取官方 registry 镜像来运行
[root@docker ~]# docker search registry
[root@docker ~]# docker pull registry
[root@docker ~]# docker images
2.将目录/opt/data/registry作为私有仓库的位置
[root@docker ~]# mkdir -pv /opt/data/registry
mkdir: created directory ‘/opt/data’
mkdir: created directory ‘/opt/data/registry’
3.运行私有仓库容器
[root@docker ~]# docker run -d -p 5000:5000 -v /opt/data/registry:/tmp/registry registry
[root@docker ~]# docker ps
四、验证registry
1.用浏览器输入: https://docker.benet.com
或者:curl -i -k https://docker.benet.com
[root@docker ~]# curl -i -k https://docker.benet.com
五、Docker客户端配置
1.编辑/etc/hosts,把docker.benet.com的ip地址添加进来
[root@client-2 ~]# cat /etc/hosts
192.168.142.163 docker.benet.com
2.把docker registry服务器端的根证书追加到ca-certificates.crt文件里
[root@docker ~]# scp /etc/pki/CA/cacert.pem [email protected]:/root
[root@client-2 ~]# cat cacert.pem >> /etc/pki/tls/certs/ca-certificates.crt
3.验证docker.benet.com下的registry: 用浏览器输入: https://docker.benet.com
或者:curl -i -k https://docker.benet.com
[root@client-2 ~]# curl -i -k https://docker.benet.com
4.使用私有registry步骤
[root@client-2 ~]# docker login https://docker.benet.com
Username: testuser
Password:
Email: test@benet.com
WARNING: login credentials saved in /root/.docker/config.json
Account created. Please see the documentation of the registry https://docker.benet.com/v1/ for instructions how to activate it.
从docker hub上拉取一个镜像测试,为基础镜像打个标签
docker tag centos:centos6 docker.benet.com/centos:centos6
[root@client ~]# docker tag docker.io/centos:centos6 docker.benet.com/centos:centos6
[root@client ~]# docker images
发布:上传到本地私有仓库
[root@client ~]# docker push docker.benet.com/centos:centos6
查看私有仓库是否有对应的镜像
[root@client ~]# curl 192.168.142.163:5000/v1/search
{"num_results": 1, "query": "", "results": [{"description": "", "name": "library/centos"}]}[root@client ~]#
查看镜像的存储目录和文件(在镜像服务器)
[root@docker ~]# tree /opt/data/registry/repositories/
从私有仓库pull下来image,查看image
docker pull
查看私有仓库是否有对应的镜像
[root@client ~]# curl -k https://docker.benet.com/v1/search
{"num_results": 1, "query": "", "results": [{"description": "", "name": "library/centos"}]}
II、在docker宿主机上将下载下来的基础镜像生成提供http和ssh服务的新镜像,可以使用docker commit或docker build命令生成新镜像
现在无法实现在服务器端登录
创建dockerfile
[root@localhost ~]# mkdir sshd_dockerfile
[root@localhost ~]# cd sshd_dockerfile/
[root@localhost sshd_dockerfile]# touch Dockerfile run.sh
[root@localhost sshd_dockerfile]# ls
Dockerfile run.sh
编辑run.sh文件
[root@localhost sshd_dockerfile]# vi run.sh
[root@localhost sshd_dockerfile]# cat run.sh
#!/bin/bash
/usr/sbin/sshd
/usr/sbin/httpd -D FOREGROUND
在主机上生成ssh密钥对,并创建authorized_keys文件
[root@localhost sshd_dockerfile]# ssh-keygen -t rsa
[root@localhost sshd_dockerfile]# cat ~/.ssh/id_rsa.pub > /root/sshd_dockerfile/authorized_keys
编写dockerfile
[root@localhost sshd_dockerfile]# vi Dockerfile
[root@localhost sshd_dockerfile]# cat Dockerfile
FROM docker.io/centos:centos6
MAINTAINER from [email protected]
RUN yum -y install openssh-server sudo httpd
RUN useradd admin
RUN echo "admin:admin" | chpasswd
RUN echo "admin ALL=(ALL) ALL" >> /etc/sudoers
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN mkdir -p /var/run/sshd
RUN mkdir -p /home/admin/.ssh
RUN sed -ri 's/sesseion required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
ADD authorized_keys /home/admin/.ssh/authorized_keys
RUN sed -ri 's/#ServerName www.example.com:80/ServerName www.benet.com/g' /etc/httpd/conf/httpd.conf
ADD run.sh /run.sh
RUN chmod 775 /run.sh
EXPOSE 22 80
CMD ["/bin/bash","/run.sh"]
在sshd_config目录下,使用docker build命令创建镜像
[root@localhost sshd_dockerfile]# docker build -t "centos:ssh" .
查看新生成的镜像
[root@localhost sshd_dockerfile]# docker images
可以看出来 centos ssh 295662378a51 就是新创建的build
使用新创建的images运行一个容器,将容器端口映射到主机的10122
[root@localhost sshd_dockerfile]# docker run -d -p 10122:22 centos:ssh
52c3321d3cb6514cc76e9bebbaedc30887bcb206a072082bbd3b3b1c5fd45008
[root@localhost sshd_dockerfile]# docker ps
在宿主机连接到刚刚创建的容器
[root@client http]# docker run -d -P httpssh:centos6
d745766ba3cbf748457f4fc030ca8e53fc0720cee785f40d3f567e5489ca307e
[root@client http]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d745766ba3cb httpssh:centos6 "/bin/bash /run.sh" 6 seconds ago Up 4 seconds 0.0.0.0:32775->22/tcp, 0.0.0.0:32774->80/tcp angry_austin
ssh测试
[root@client http]# ssh [email protected] -p 32775
[admin@d745766ba3cb ~]$
测试http
[root@client http]# curl 127.0.0.1:32774
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<head>
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
body {
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
margin: 0;
padding: 0;
}
:link {
color: #0000FF;
}
:visited {
...//省略
III、将docker宿主机生成的镜像上传到registry _server。
先打标签,然后上传
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpssh centos6 fed7c9e4079a 11 minutes ago 291.9 MB
<none> <none> 2e132d420102 15 minutes ago 194.8 MB
docker.io/centos centos6 cf2c3ece5e41 4 weeks ago 194.6 MB
[root@client ~]# docker tag httpssh:centos6 docker.benet.com/devilmaycry:twostepsfromhell //给httpssh:centos6 打新标签
[root@client ~]# docker push docker.benet.com/devilmaycry:twostepsfromhell //上传到私有仓库
The push refers to a repository [docker.benet.com/devilmaycry]
f622a019173e: Image successfully pushed
91919091cb5f: Image successfully pushed
1702ec981162: Image successfully pushed
590774fed4c3: Image successfully pushed
3b2ac848d170: Image successfully pushed
b5d4b74ef161: Image successfully pushed
23918d47cf2f: Image successfully pushed
31af4f6d1b1b: Image successfully pushed
13913b7e7767: Image successfully pushed
e1ffb0ff85cf: Image successfully pushed
d42e14b56ac3: Image successfully pushed
14bca7568482: Image successfully pushed
f24ceaa795db: Image successfully pushed
2714f4a6cdee: Image successfully pushed
Pushing tag for rev [fed7c9e4079a] on {https://docker.benet.com/v1/repositories/devilmaycry/tags/twostepsfromhell}
去registry server 查看
[root@docker ~]# tree /opt/data/registry/repositories/
/opt/data/registry/repositories/
└── library
├── centos
│ ├── _index_images
│ ├── tag_fromclient
│ └── tagfromclient_json
├── devilmaycry
│ ├── _index_images
│ ├── tag_twostepsfromhell
│ └── tagtwostepsfromhell_json
└── perma
├── _index_images
├── tag_ubuntu
└── tagubuntu_json
4 directories, 9 files
[root@docker ~]#
devilmaycry是新上传的
IV、在docker宿主机所有镜像删除,从registry_server服务器下载镜像
查看当前镜像
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.benet.com/devilmaycry twostepsfromhell fed7c9e4079a 18 minutes ago 291.9 MB
httpssh centos6 fed7c9e4079a 18 minutes ago 291.9 MB
jasonperma/c101 httpssh fed7c9e4079a 18 minutes ago 291.9 MB
<none> <none> 2e132d420102 23 minutes ago 194.8 MB
docker.io/centos centos6 cf2c3ece5e41 4 weeks ago 194.6 MB
查看当前docker 进程
[root@client ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d745766ba3cb httpssh:centos6 "/bin/bash /run.sh" 18 minutes ago Up 18 minutes 0.0.0.0:32775->22/tcp, 0.0.0.0:32774->80/tcp angry_austin
停止并删除进程
[root@client ~]# docker stop angry_austin
angry_austin
[root@client ~]# docker rm angry_austin
angry_austin
删除所有镜像
[root@client ~]# docker rmi $(docker images -q)
Failed to remove image (fed7c9e4079a): Error response from daemon: conflict: unable to delete fed7c9e4079a (must be forced) - image is referenced in one or more repositories
Failed to remove image (fed7c9e4079a): Error response from daemon: conflict: unable to delete fed7c9e4079a (must be forced) - image is referenced in one or more repositories
Failed to remove image (fed7c9e4079a): Error response from daemon: conflict: unable to delete fed7c9e4079a (must be forced) - image is referenced in one or more repositories
Failed to remove image (2e132d420102): Error response from daemon: conflict: unable to delete 2e132d420102 (must be forced) - image is being used by stopped container 7aab10f7902e
Failed to remove image (cf2c3ece5e41): Error response from daemon: conflict: unable to delete cf2c3ece5e41 (cannot be forced) - image has dependent child images
上面提示有的镜像无法前置删除
删除后查看镜像
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.benet.com/devilmaycry twostepsfromhell fed7c9e4079a 19 minutes ago 291.9 MB
httpssh centos6 fed7c9e4079a 19 minutes ago 291.9 MB
jasonperma/c101 httpssh fed7c9e4079a 19 minutes ago 291.9 MB
<none> <none> 2e132d420102 23 minutes ago 194.8 MB
docker.io/centos centos6 cf2c3ece5e41 4 weeks ago 194.6 MB
再次执行强制删除所有镜像
[root@client ~]# docker rmi -f $(docker images -q)
Untagged: docker.benet.com/devilmaycry:twostepsfromhell
Untagged: httpssh:centos6
Untagged: jasonperma/c101:httpssh
Deleted: sha256:fed7c9e4079a7cd0b56eb73b824c4673a420dcf9c1c6029399805242897ccfb0
Deleted: sha256:13463847ee9de967605ecd6e5f839316eb63c9b065b769ce83689257104f1ddc
Deleted: sha256:5dc1aa1b530daf65e40e70d57f30baab4b287e5873a89d2a1c42cb7ea8abe50e
Deleted: sha256:b0c1956f7802176687ea51d816531e29fb780fbfaa4e9c07c92e01958a46d5a4
Deleted: sha256:f62f01be59e8b2c9b4c2a32c47a485905013d1e94f31bd3d84d90d62e65a27fe
Deleted: sha256:0a064a8033c0f8830d0e183861a5d5d08fe464d21fa854c7819c0fb07fc5acba
Deleted: sha256:d0b2e81ffebd01f1152164eba86f37214a976c398009ff3245558369f17384a8
Deleted: sha256:5c7cbde6ee1635995ebf95153dfe093698d2d8c84f51b7c435ac9aa170f28af9
Deleted: sha256:a3a6f81fc0ea08022f1fb7402c2d6965509dbde9bdab850d1c559aca9775696d
Deleted: sha256:e515457d5f92c64b3aa4732b6bb82363d16f733e3d711bb7812f9a4ab3756e92
Deleted: sha256:a8ef65eaa487feffc37c8e0129792705df6f1861a04122cb8c953cde9888e6c1
Deleted: sha256:e655352739e7bc041d2d7d6ba67a81334d157905086a2a13223305b2b2376178
Deleted: sha256:84ab2296d858a15b92ecf1baf23299f6306d371baced6a0268b4d950ca8a7886
Deleted: sha256:eba433bb4683a67a89d7916a36f7d53d46bc3d16744058ffea112f80907f8aab
Deleted: sha256:8436b29ba0edd11f084562f3c491e66e9ffe6a11bdd4b3f562ad12965c6208a0
Deleted: sha256:4fc378e72da15594dfd28cd61895abd704d09e5f71232d445b63fb87e8e75a1a
Deleted: sha256:1d50973c2e646debfdc3cdbaa1c1d6f565ff1ca87f7971d2451b2ddef08a9a39
Deleted: sha256:1951b4e62a8482e66414bb33ca5e5ce2fb6ccf6d37ff190e54dae3bdf6aa5d75
Deleted: sha256:0e7ea338fd306683587136a8db1507a598a157a1d5706cf1c5bd231cd9ded5d3
Deleted: sha256:120a678a385127b173d6239e6545d8dcef7f421beea1f2de8f02b854cc16dfad
Deleted: sha256:eb51c1cacfd4e435a276a94d59ad41884faac4636cd049276d0fd978e7247679
Deleted: sha256:d737bd340506f2166b51c78d414659b2682441c4ba1522ce43ec604a4d4e3052
Deleted: sha256:c9d9ec48f3ffa65f089493c0f100f66be7edcb36d33eddf4620f02f50c3ccb9a
Deleted: sha256:9d773fec37a99adda012aa1d1f31bd28920d702756a135d33c3f3d978484e119
Deleted: sha256:e8043b09f23c574adff12bc2c3a5f0cbe4a61d9886dba51c7410d5aee8197d2d
Deleted: sha256:023ff4cb8aa84b0a06167aecc8d615166abb025832b12cf23f8c061d2a41e61f
Deleted: sha256:31ef3434d59fd6b2cb1f4956846d8e96a21d0634bd27ee413f09f8bae0c0ae62
Deleted: sha256:c3215131d5baec0e724937d62f24d3767d4bc729fbcaeac7c3dde3052ef57128
Deleted: sha256:2e132d420102e474f65ef73c670c0439d474b63fea2009a300d047fc7bb5d306
Deleted: sha256:5734b80d3b5262067bd9996998eaa94e8ec9720764c38d3d6a070d356c03683b
Untagged: docker.io/centos:centos6
Deleted: sha256:cf2c3ece5e418fd063bfad5e7e8d083182195152f90aac3a5ca4dbfbf6a1fc2a
Failed to remove image (fed7c9e4079a): Error response from daemon: No such image: fed7c9e4079a:latest
Failed to remove image (fed7c9e4079a): Error response from daemon: No such image: fed7c9e4079a:latest
查看当前镜像
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
已经删除所有镜像
V、使用下载的镜像运行一个容器运行在后台,并能访问容器所提供的http和ssh服务。
docker 配置文件
[root@docker ~]# cat /etc/sysconfig/docker | grep -v "#" | grep -v "^$"
OPTIONS='--selinux-enabled --log-driver=journald'
DOCKER_CERT_PATH=/etc/docker
DOCKER_OPTS="--insecure-registry docker.benet.com --tlsverify --tlscacert /etc/pki/CA/cacert.pem"
ADD_REGISTRY='--add-registry registry.docker.benet.com'
INSECURE_REGISTRY='--insecure-registry docker.benet.com '
在docker配置文件中加入这一行ADD_REGISTRY='--add-registry registry.docker.benet.com'就可以实现docker search
用docker search搜索自己的私有仓库
[root@client ~]# docker search docker.benet.com/
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
benet.com docker.benet.com/library/centos 0
benet.com docker.benet.com/library/devilmaycry 0
benet.com docker.benet.com/library/perma 0
从私有仓库下载镜像
[root@client ~]# docker pull docker.benet.com/library/devilmaycry:twostepsfromhell
Trying to pull repository docker.benet.com/library/devilmaycry ...
Pulling repository docker.benet.com/library/devilmaycry
fed7c9e4079a: Pulling image (twostepsfromhell) from docker.benet.com/library/devilmaycry, endpoint: http
fed7c9e4079a: Pull complete
2714f4a6cdee: Pull complete
c3215131d5ba: Pull complete
023ff4cb8aa8: Pull complete
9d773fec37a9: Pull complete
d737bd340506: Pull complete
120a678a3851: Pull complete
1951b4e62a84: Pull complete
4fc378e72da1: Pull complete
eba433bb4683: Pull complete
e655352739e7: Pull complete
e515457d5f92: Pull complete
5c7cbde6ee16: Pull complete
0a064a8033c0: Pull complete
Status: Downloaded newer image for docker.benet.com/library/devilmaycry:twostepsfromhell
docker.benet.com/library/devilmaycry: this image was pulled from a legacy registry. Important: This registry version will not be supported in future versions of docker.
查看下载后的images
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.benet.com/library/devilmaycry twostepsfromhell b2e652ec9b32 39 minutes ago 291.9 MB
运行新容器
[root@client ~]# docker run -d -P docker.benet.com/library/devilmaycry:twostepsfromhell
5ea59844d3c9790d2883b239029a810a24e8662fd36d28457749266e904b4d0e
查看正在运行的容器
[root@client ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ea59844d3c9 docker.benet.com/library/devilmaycry:twostepsfromhell "/bin/bash /run.sh" 4 seconds ago Up 2 seconds 0.0.0.0:32777->22/tcp, 0.0.0.0:32776->80/tcp elated_bardeen
测试ssh
[root@client ~]# ssh [email protected] -p 32777
The authenticity of host '[192.168.142.166]:32777 ([192.168.142.166]:32777)' can't be established.
RSA key fingerprint is 85:89:1b:f8:59:67:8e:f6:71:53:dc:7f:31:2f:14:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.142.166]:32777' (RSA) to the list of known hosts.
测试sudo
[admin@5ea59844d3c9 ~]$ sudo useradd jason
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for admin:
[admin@5ea59844d3c9 ~]$ cat /etc/passwd | grep jason
jason:x:501:501::/home/jason:/bin/bash
[admin@5ea59844d3c9 ~]$ exit
logout
Connection to 192.168.142.166 closed.
测试http
[root@client ~]# curl 127.0.0.1:32776
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<head>
<title>Apache HTTP Server Test Page powered by CentOS</title>
...//省略
