Docker實戰-爲鏡像添加SSH服務

一、基於docker commit命令建立

　　Docker提供了docker commit命令，支持用戶提交本身對定製容器的修改，並生成新的鏡像。
　　命令格式爲：docker commit CONTAINER [REPOSITORY[:TAG]]。

1.準備工做

利用ubuntu:14.04鏡像建立一個容器：

[root@docker ~]# docker run -it ubuntu:14.04 /bin/bash
root@161f67ccad50:/# 

更新apt緩存：

root@161f67ccad50:/# apt-get update

2.安裝和配置SSH服務

　　選擇主流的openssh-server做爲服務端：

root@161f67ccad50:/# apt-get install openssh-server -y
Reading package lists... Done
Building dependency tree       
Reading state information... Done
openssh-server is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
root@161f67ccad50:/# 

　　若是須要正常啓動SSH服務，則目錄/var/run/sshd必須存在。手動建立並啓動SSH服務：

root@161f67ccad50:/# mkdir -p /var/run/sshd
root@161f67ccad50:/# /usr/sbin/sshd -D &
[1] 3020
root@161f67ccad50:/#

　　此時查看容器的22端口：

root@161f67ccad50:/# netstat -lnutp|grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3020/sshd       
tcp6       0      0 :::22                   :::*                    LISTEN      3020/sshd       
root@161f67ccad50:/# 

　　修改SSH服務的安全登陸配置，取消pam登錄限制：

root@161f67ccad50:/# sed -ri 's#session    required     pam_loginuid.so#session    required     pam_loginuid.so#g' /etc/pam.d/sshd
root@161f67ccad50:/# 

　　在root用戶家目錄建立.ssh目錄，並複製須要登陸的公鑰信息到.ssh目錄下的authorized_keys中：

root@161f67ccad50:/# mkdir /root/.ssh
root@161f67ccad50:/# cd /root/.ssh
root@161f67ccad50:~/.ssh# ls
root@161f67ccad50:~/.ssh# vi /root/.ssh/authorized_keys

　　建立自啓動的SSH服務可執行文件run.sh，並添加可執行權限：

root@161f67ccad50:/# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D &
root@161f67ccad50:/# chmod +x run.sh
root@161f67ccad50:/#

　　退出容器：

root@161f67ccad50:/# exit
exit
[root@docker ~]# 

3.保存鏡像

　　將退出的容器用docker commit命令保存爲一個新的sshd:ubuntu鏡像：

[root@docker ~]# docker commit 161f67ccad50 sshd:ubuntu
sha256:f328073a034ae63f93114a92b62141f22a578131ecb663702ac17916bde456a2
[root@docker ~]# 

　　使用docker images查看本地生成的新鏡像sshd:ubuntu:

[root@docker ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                ubuntu              f328073a034a        2 minutes ago       284MB
centos              7                   3fa822599e10        3 hours ago         204MB
mariadb             latest              d29cee62e770        26 hours ago        398MB
nginx               latest              9e7424e5dbae        7 days ago          108MB
ubuntu              16.04               20c44cd7596f        12 days ago         123MB
ubuntu              latest              20c44cd7596f        12 days ago         123MB
ubuntu              14.04               d6ed29ffda6b        12 days ago         221MB
busybox             latest              6ad733544a63        3 weeks ago         1.13MB
centos              latest              d123f4e55e12        3 weeks ago         197MB
alpine              latest              053cde6e8953        3 weeks ago         3.96MB
[root@docker ~]# 

4.使用鏡像

　　啓動容器，並添加端口映射到容器的22端口：

[root@docker ~]# docker run -it --name sshd_ubuntu -p 10022:22  sshd:ubuntu
root@0f8481ffd0d0:/# netstat -lnutp|grep 22
root@0f8481ffd0d0:/# /usr/sbin/sshd -D &
[1] 16
root@0f8481ffd0d0:/# netstat -lnutp|grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      16/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      16/sshd
root@0f8481ffd0d0:/#

　　在宿主機經過ssh鏈接10022端口：

[root@docker ~]# ssh 10.0.0.31 -p 10022
The authenticity of host '[10.0.0.31]:10022 ([10.0.0.31]:10022)' can't be established.
ECDSA key fingerprint is 74:a1:80:00:85:17:d5:ec:57:7a:cb:cb:1e:7d:4a:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[10.0.0.31]:10022' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@0f8481ffd0d0:~# 

二、使用Dockerfile建立

1.建立工做目錄

[root@docker ~]# mkdir -p sshd_ubuntu
[root@docker ~]# ls
anaconda-ks.cfg  daemon.json  docker-pid  sshd_ubuntu
[root@docker ~]#

　　在其中建立Dockerfile和run.sh文件：

[root@docker ~]# cd sshd_ubuntu/ && touch Dockerfile run.sh
[root@docker sshd_ubuntu]# ls
Dockerfile  run.sh
[root@docker sshd_ubuntu]#

2.編寫run.sh腳本和authorized_keys文件

[root@docker sshd_ubuntu]# vim run.sh 
[root@docker sshd_ubuntu]# cat run.sh 
#!/bin/bash
/usr/sbin/sshd -D &
[root@docker sshd_ubuntu]# cat /root/.ssh/id_rsa.pub > ./authorized_keys
[root@docker sshd_ubuntu]#

3.編寫Dockerfile

[root@docker sshd_ubuntu]# cat Dockerfile 
# 基礎鏡像信息
FROM ubuntu:14.04

# 維護者信息
MAINTAINER staryjie staryjie@163.com

# 更新apt緩存、安裝ssh服務
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd /root/.ssh
RUN sed -ri 's#session    required     pam_loginuid.so#session    required     pam_loginuid.so#g' /etc/pam.d/sshd

# 配置免密要和自啓動腳本
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod 755 /run.sh

# 暴露22端口
EXPOSE 22

# 設置腳本自啓動
CMD ["/run.sh"]
[root@docker sshd_ubuntu]# 

4.建立鏡像

[root@docker ~]# cd ~/sshd_ubuntu/ && docker build -t sshd:ubuntu2 .
Removing intermediate container e86118d7da77
Successfully built 12abdcc3350f
Successfully tagged sshd:ubuntu2
[root@docker sshd_ubuntu]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                ubuntu2             12abdcc3350f        7 seconds ago       284MB
sshd                ubuntu              f328073a034a        About an hour ago   284MB
centos              7                   3fa822599e10        4 hours ago         204MB
mariadb             latest              d29cee62e770        27 hours ago        398MB
nginx               latest              9e7424e5dbae        7 days ago          108MB
ubuntu              16.04               20c44cd7596f        12 days ago         123MB
ubuntu              latest              20c44cd7596f        12 days ago         123MB
ubuntu              14.04               d6ed29ffda6b        12 days ago         221MB
busybox             latest              6ad733544a63        3 weeks ago         1.13MB
centos              latest              d123f4e55e12        3 weeks ago         197MB
alpine              latest              053cde6e8953        3 weeks ago         3.96MB
[root@docker sshd_ubuntu]# 

5.測試鏡像，運行容器

[root@docker sshd_ubuntu]# docker run -it --name ssh_test -p 10122:22 sshd:ubuntu2 bash
root@c03d5c93ec84:/# netstat -lnutp|grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      17/sshd 
tcp6       0      0 :::22                   :::*                    LISTEN      17/sshd 
root@c03d5c93ec84:/#

宿主機ssh鏈接：

[root@docker ~]# ssh 10.0.0.31 -p 10122
The authenticity of host '[10.0.0.31]:10122 ([10.0.0.31]:10122)' can't be established.
ECDSA key fingerprint is 13:3a:46:78:aa:b0:ac:9b:75:1f:ba:99:82:c6:8b:76.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[10.0.0.31]:10122' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@c03d5c93ec84:~#