dockerfile实验文档
创建dockerfile
[root@localhost ~]#
[root@localhost ~]# mkdir sshd_dockerfile
[root@localhost ~]# cd sshd_dockerfile/
[root@localhost sshd_dockerfile]# touch Dockerfile run.sh
[root@localhost sshd_dockerfile]# ls
Dockerfile run.sh
编辑run.sh文件
[root@localhost sshd_dockerfile]# vi run.sh
[root@localhost sshd_dockerfile]# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D
[root@localhost sshd_dockerfile]#
在主机上生成ssh密钥对,并创建authorized_keys文件
[root@localhost sshd_dockerfile]# ssh-keygen -t rsaGenerating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
22:42:81:33:ef:57:25:8d:24:92:4a:87:46:7d:b9:32 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|.o=...oo |
|++.= +o o |
|o=o . .o |
|...E .. |
| .. +.. S |
| .... . |
| . |
| |
| |
+-----------------+
[root@localhost sshd_dockerfile]# cat ~/.ssh/id_rsa.pub > /root/sshd_dockerfile/authorized_keys
编写dockerfile
[root@localhost sshd_dockerfile]# vi Dockerfile
[root@localhost sshd_dockerfile]# cat Dockerfile
FROM centos6:import
MAINTAINER from [email protected]
RUN yum install -q -y openssh-server sudo
RUN useradd admin
RUN echo "admin:admin" | chpasswd
RUN echo "admin ALL=(ALL) ALL" >> /etc/sudoers
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN mkdir -p /var/run/sshd
RUN mkdir -p /home/admin/.ssh
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
ADD authorized_keys /home/admin/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod 775 /run.sh
EXPOSE 22
CMD ["/run.sh"]
[root@localhost sshd_dockerfile]#
在sshd_config目录下,使用docker build命令创建镜像
[root@localhost sshd_dockerfile]# docker build -t "centos:ssh" .
Sending build context to Docker daemon 4.608 kB
Step 1 : FROM centos6:import
---> 1c57411c9e2c
Step 2 : MAINTAINER from [email protected]
---> Using cache
---> 3f15c02ad503
Step 3 : RUN yum install -q -y openssh-server sudo
---> Using cache
---> 4ac15aadf560
Step 4 : RUN useradd admin
---> Using cache
---> 2c1c1f3cba5f
Step 5 : RUN echo "admin:admin" | chpasswd
---> Using cache
---> 00cc0e46e4a6
Step 6 : RUN echo "admin ALL=(ALL) ALL" >> /etc/sudoers
---> Using cache
---> 9d8e2e50ad6c
Step 7 : RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
---> Using cache
---> a9c018877cf2
Step 8 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
---> Using cache
---> 93e146052613
Step 9 : RUN mkdir -p /var/run/sshd
---> Using cache
---> 29b45962fbed
Step 10 : RUN mkdir -p /home/admin/.ssh
---> Using cache
---> 00fe20518eed
Step 11 : RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
---> Using cache
---> 2d961ed81f70
Step 12 : ADD authorized_keys /home/admin/.ssh/authorized_keys
---> Using cache
---> 50bd56dcba73
Step 13 : ADD run.sh /run.sh
---> 7a584e29e798
Removing intermediate container 790db819fe1e
Step 14 : RUN chmod 775 /run.sh
---> Running in cb7a5fee1b3f
---> 0eff730828b1
Removing intermediate container cb7a5fee1b3f
Step 15 : EXPOSE 22
---> Running in 50765418f184
---> 319ec91295fc
Removing intermediate container 50765418f184
Step 16 : CMD /run.sh
---> Running in b424f747fba2
---> 295662378a51
Removing intermediate container b424f747fba2
Successfully built 295662378a51
查看新生成的镜像
[root@localhost sshd_dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos ssh 295662378a51 16 minutes ago 664.7 MB
<none> <none> 25cbc0a76930 23 minutes ago 664.7 MB
test commit bccf75ecf2f4 3 days ago 671.5 MB
centos6 import 1c57411c9e2c 3 days ago 613.9 MB
python latest 9152ad50a7f9 6 days ago 694.2 MB
centos centos6 cf2c3ece5e41 3 weeks ago 194.6 MB
hello-world latest c54a2cc56cbb 3 weeks ago 1.848 kB
[root@localhost sshd_dockerfile]#
可以看出来 centos ssh 295662378a51 就是新创建的build
使用新创建的images运行一个容器,将容器端口映射到主机的10122
[root@localhost sshd_dockerfile]# docker run -d -p 10122:22 centos:ssh
52c3321d3cb6514cc76e9bebbaedc30887bcb206a072082bbd3b3b1c5fd45008
[root@localhost sshd_dockerfile]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
52c3321d3cb6 centos:ssh "/run.sh" 18 minutes ago Up 18 minutes 0.0.0.0:10122->22/tcp silly_shirley
42248df62245 centos6:import "/bin/bash" 45 hours ago Up 45 hours admiring_kalam
[root@localhost sshd_dockerfile]#
在宿主机连接到刚刚创建的容器
[root@localhost sshd_dockerfile]# ssh [email protected] -p 10122
The authenticity of host '[192.168.142.163]:10122 ([192.168.142.163]:10122)' can't be established.
RSA key fingerprint is f0:77:d4:89:b5:af:b1:7c:32:b1:be:ff:44:97:5e:ca.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.142.163]:10122' (RSA) to the list of known hosts.
测试sudo执行授权命令
[admin@52c3321d3cb6 ~]$ ls
[admin@52c3321d3cb6 ~]$ pwd
/home/admin
[admin@52c3321d3cb6 ~]$ sudo ifconfig
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for admin:
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:94 errors:0 dropped:0 overruns:0 frame:0
TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11884 (11.6 KiB) TX bytes:9333 (9.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[admin@52c3321d3cb6 ~]$
使用docker inspect查看容器的IP地址
[root@localhost ~]# docker inspect -f "{{.NetworkSettings.IPAddress}}" 52c3321d3cb6514cc76e9bebbaedc30887bcb206a072082bbd3b3b1c5fd45008
172.17.0.3
[root@localhost ~]#
[root@localhost ~]# ssh [email protected]
The authenticity of host '172.17.0.3 (172.17.0.3)' can't be established.
RSA key fingerprint is f0:77:d4:89:b5:af:b1:7c:32:b1:be:ff:44:97:5e:ca.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.3' (RSA) to the list of known hosts.
Last login: Mon Jul 25 23:52:00 2016 from 192.168.142.163
[admin@52c3321d3cb6 ~]$