Docker實戰筆記:Docker簡介(二)
Docker實戰筆記
[TOC]python
提綱
此Docker系列學習筆記,根據Reboot教育的運維自動化部分課程整理而成,補充少許我的理解以及練習日誌(部分日誌有刪減)。linux
- Docker簡介(一)
- Docker簡介(二)
- Docker管理系統(一)
- Docker管理系統(二)
- Docker管理系統(三)
- Docker原理-namespace和文件系統
- Docker原理-徒手建立一個docker容器
- Docker、etcd構建服務自發現體系
- Docker生態系統:k8s、etcd等
- etcd分佈式一致性算法paxos、raft
Docker簡介(二)
盜夢空間
使用docker時,應時刻注意本身在哪兒,防止誤操做。docker容器通常都是root全新,這個時候每每是宿主機、各容器相互交錯,甚至有時候還有本身的筆記本遠程登陸維護的場景;一個不慎,就是生產事故。git
解決辦法:設置PS1變量,每一個用戶下顏色不同,提示符不同。同時增強用戶權限的管理和落地,賦予運維人員崗位角色最小的權限,嚴格控制特殊權限如root的申請流程和雙人複覈制度;算法
參考bashrc
將如下代碼保存爲 bashrcdocker
#!/bin/bash
#export DYLD_FALLBACK_LIBRARY_PATH="${HOME}/wine/wine-1.2/lib:/usr/X11/lib:/usr/
lib"
export TERM=xterm-color
export CLICOLOR=1
export LSCOLORS=ExFxCxDxBxegedabagacad
export EDITOR=vi
#export CDPATH=$CDPATH:/Users/auxten/Documents/Codes/
use_color=false
# Set colorful PS1 only on colorful terminals.
# dircolors --print-database uses its own built-in database
# instead of using /etc/DIR_COLORS. Try to use the external file
# first to take advantage of user additions. Use internal bash
# globbing instead of external grep binary.
safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM
match_lhs=""
[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
[[ -z ${match_lhs} ]] \
&& type -P dircolors >/dev/null \
&& match_lhs=$(dircolors --print-database)
[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true
if ${use_color} ; then
# Enable colors for ls, etc. Prefer ~/.dir_colors #64489
if type -P dircolors >/dev/null ; then
if [[ -f ~/.dir_colors ]] ; then
eval $(dircolors -b ~/.dir_colors)
elif [[ -f /etc/DIR_COLORS ]] ; then
eval $(dircolors -b /etc/DIR_COLORS)
fi
fi
if [[ ${EUID} == 0 ]] ; then
PS1='\[\033[01;31m\]\h\[\033[01;34m\] \w \$\[\033[00m\] '
else
PS1='\[\033[01;33m\]\u.\[\033[01;34m\]\[\033[01;32m\]\h\[\033[01;34m\] \
w \$\[\033[00m\] '
#PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
fi
alias ls='ls -G'
alias grep='grep --colour=auto'
else
if [[ ${EUID} == 0 ]] ; then
# show root@ when we don't have colors
PS1='\u@\h \W \$ '
else
PS1='\u@\h \w \$ '
fi
fi
# Try to keep environment pollution down, EPA loves us.
unset use_color safe_term match_lhs
設置命令
cp bashrc ~/.bashrc . ~/.bashrc
贈與root
sudo cp ~/.bashrc /root/ sudo su -
效果展現
基本操做
docker stop
中止docker容器。ubuntu
建議不使用,直接使用docker rm -f 中止並刪除容器:乾淨整潔不留垃圾;stop命令略慢,rm命令毫秒級別。如下是演示,vim
中止,清理容器
AnInputForce.teach ~ $ docker run --name="centos_kch" -itd centos tail -f /etc/hosts 608ca094cbf836087a749f464e4e1175502cd0e0d184e174b99bfe59b4a18015 AnInputForce.teach ~ $ docker ps | grep kch 608ca094cbf8 centos "tail -f /etc/hosts" 28 seconds ago Up 26 seconds centos_kch AnInputForce.teach ~ $ docker stop centos_kch centos_kch AnInputForce.teach ~ $ docker ps | grep kch AnInputForce.teach ~ $ docker ps -a | grep kch 608ca094cbf8 centos "tail -f /etc/hosts" About a minute ago Exited (137) 16 seconds ago centos_kch AnInputForce.teach ~ $ docker rm centos_kch centos_kch AnInputForce.teach ~ $ docker ps -a | grep kch
直接中止並刪除容器
AnInputForce.teach ~ $ docker run --name="centos_kch" -itd centos tail -f /etc/hosts e916042b88f1fe5829d400188c7cb806d7075751a9142c5fb9935a81b7924f56 AnInputForce.teach ~ $ docker ps | grep kch e916042b88f1 centos "tail -f /etc/hosts" 18 seconds ago Up 17 seconds centos_kch AnInputForce.teach ~ $ docker rm -f centos_kch centos_kch AnInputForce.teach ~ $ docker ps | grep kch AnInputForce.teach ~ $ docker ps -a | grep kch AnInputForce.teach ~ $
docker exec 進入容器簡化
咱們常常要寫這條命令,進入容器交互bash:segmentfault
docker exec -it centos_kch bash
有網友寫了個腳本簡化這件事:帖子看這裏,看3樓的回覆。centos
#!/bin/bash -xe
# docker id might be given as a parameter
DID=$1
if [[ "$DID" == "" ]]; then
# if no id given simply just connect to the first running instance
DID=$(docker ps | grep -Eo "^[0-9a-z]{8,}\b")
fi
docker exec -i -t $DID bash
修訂一下:若是不帶參數,默認進入第一個運行的容器,可是過濾出來的是全部運行的容器。此處修訂:瀏覽器
保存腳本爲dgo
#!/bin/bash -xe
# docker id might be given as a parameter
DID=$1
if [[ "$DID" == "" ]]; then
# if no id given simply just connect to the first running instance
DID=$(docker ps | grep -Eo "^[0-9a-z]{8,}\b" | head -n 1)
fi
docker exec -i -t $DID bash
設置Setup
Put docker-ssh file in your $PATH with the following contents
有root權限的話,咱們直接copy到bin目錄
sudo cp dgo /usr/local/bin/
演示Usage
If you have one running instance simply run
- dgo
Otherwise provide it with a docker id parmeter that you get from docker ps (first col)
- dgo $docker-id,# dgo 3ccdb6bcf75a
- dgo $container-name,# dgo centos_kch
AnInputForce.teach ~ $ docker run --name="centos_kch" -itd centos tail -f /etc/hosts 3ccdb6bcf75a197b4cfbeec3d6754d3d55630e11544f396e5cd942064dae220e AnInputForce.teach ~ $ dgo centos_kch + DID=centos_kch + [[ centos_kch == '' ]] + docker exec -i -t centos_kch bash [root@3ccdb6bcf75a /]#
腳本參數
- bash -xe
- -x 顯示執行日誌
- 把它執行的每條命令都打到console上,有助於讓你們瞭解都執行的什麼,有助於提醒這個腳本是個自定義命令;這是一個很是好的習慣;
- -e 執行完退出;
docker run -v -p
- -v 映射目錄
- -p 映射端口
**Tips:**端口映射docker是用iptable實現的,CentOS7引入了firewalld,本質上比iptable好用一些,若是docker用到端口映射,firewalld服務就不能聽。內網使用,能夠一上來用firewalld把全部端口都打開,這樣比較方便docker管理端口映射。
驗證思路
篩選端口有沒有佔用,沒有輸出則可用
sudo netstat -nltp | grep 8084
將宿主機home目錄的data文件夾映射到容器的/data目錄,同時將宿主機的8084端口映射到宿主機的80端口
docker run --name"kch-centos" -v ~/data:/data -p 8084:80 -itd centos tail -f /etc/hosts
映射目錄驗證
AnInputForce.teach ~ $ docker run --name "kch-centos" -v ~/data:/data -p 8084:80 -itd centos tail -f /etc/hosts 9bae287a1df72f557a218044e58dc61c473b8d746f9f4e02c801cf58e014385f AnInputForce.teach ~ $ ll 總用量 16 -rw-r--r-- 1 AnInputForce 231 11月 15 09:15 20161115.bashrc drwxr-xr-x 2 root 4096 11月 15 19:42 data drwxr-xr-x 6 root 4096 10月 16 10:41 open-falcon -rwxr-xr-x 1 AnInputForce 377 10月 16 11:42 runof.sh AnInputForce.teach ~ $ docker exec -it kch-centos /bin/bash [root@9bae287a1df7 /]# ll | grep data drwxr-xr-x 2 root root 4096 Nov 15 11:42 data [root@9bae287a1df7 /]# echo xxxyyy > data/xxx [root@9bae287a1df7 /]# exit exit AnInputForce.teach ~ $ cat data/xxx xxxxyyy AnInputForce.teach ~ $
端口映射驗證
進入容器,啓動一個python的SimpleHTTPServer,綁定80端口;
在瀏覽器中輸入http://localhost:8084,成功訪問;
演示使用的是教學機http://reboot.linrc.com:8084
AnInputForce.teach ~ $ docker exec -it kch-centos /bin/bash [root@9bae287a1df7 /]# python -m SimpleHTTPServer 80 Serving HTTP on 0.0.0.0 port 80 ... 219.142.60.11 - - [15/Nov/2016 12:03:14] "GET / HTTP/1.1" 200 - 219.142.60.11 - - [15/Nov/2016 12:03:14] code 404, message File not found 219.142.60.11 - - [15/Nov/2016 12:03:14] "GET /favicon.ico HTTP/1.1" 404 -
docker inspect
$docker id | $docker name
docker inspect centos_kch
咱們在使用docker過程當中,若是碰上莫名其妙的問題,好比沒寫絕對路徑時,不知道目錄映射到哪兒了,就能夠運行此命令,看"Mounts"屬性;
docker 建立鏡像
推薦用dockerfile來構建鏡像,由於能夠提交git版本控制:清楚展示了所經歷的過程。不推薦在現有容器中yum安裝配置後,再commit建立鏡像。後者參考:Docker學習之路(六)用commit命令建立鏡像
-
commit
-
docker commit -m "Added something" -a "Docker Newbee" centos centos:v2
-
docker rmi
-
-a 就是author,做者
-
-
dockerfile
-
FROM ubuntu:14.04 MAINTAINER Docker Newbee newbee@docker.com RUN apt-get -qq update RUN apt-get -qqy install ruby ruby-dev RUN gem install sinatra
-
科普:bash黑科技
- ctrl + u:#移到行尾,按快捷鍵暫存,當前命令行清空
- ctrl + y:# 恢復剛暫存的目錄
- Ctrl + r:# 輸入字符查找上一條命令
- sudo !! :執行上一條因權限不足而未能執行的命令
演示:徒手寫Dockerfile
咱們寫個dockerfile,給鏡像安裝一個vim
查看centos有哪些版本:dockerhub
保存腳本爲centos-vim/Dockerfile
FROM centos:7 MAINTAINER mdr<kang.cunhua@qq.com> RUN yum install -y vim
AnInputForce.teach ~ $ mkdir experment AnInputForce.teach ~ $ cd experment/ AnInputForce.teach ~/experment $ mkdir centos-vim AnInputForce.teach ~/experment $ cd centos-vim/ AnInputForce.teach ~/experment $ vi Dockerfile
構建鏡像 docker build centos-vim/
AnInputForce.teach ~/experment $ cd centos-vim/ AnInputForce.teach ~/experment/centos-vim $ ll 總用量 4 -rw-rw-r-- 1 root 72 11月 15 20:34 Dockerfile AnInputForce.teach ~/experment/centos-vim $ cd .. AnInputForce.teach ~/experment $ pwd /home/AnInputForce/experment AnInputForce.teach ~/experment $ ll 總用量 4 drwxrwxr-x 2 AnInputForce 4096 11月 15 20:36 centos-vim AnInputForce.teach ~/experment $ docker build centos-vim/ Sending build context to Docker daemon 2.048 kB Step 1 : FROM centos:7 ---> 0584b3d2cf6d Step 2 : MAINTAINER mdr<kang.cunhua@qq.com> ---> Running in ec9eae8742d8 ---> 9153702517b5 Removing intermediate container ec9eae8742d8 Step 3 : RUN yum install -y vim ---> Running in 4e3ec7cee383 Loaded plugins: fastestmirror, ovl ...... Complete! ---> 5c72d36ad69e Removing intermediate container 4e3ec7cee383 Successfully built 5c72d36ad69e
查看鏡像
AnInputForce.teach ~/experment $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE <none> <none> 5c72d36ad69e 2 minutes ago 361.1 MB centos-vim latest 37e42772dafe 11 days ago 361.1 MB centos 7 0584b3d2cf6d 12 days ago 196.5 MB centos latest 0584b3d2cf6d 12 days ago 196.5 MB
給鏡像美容
docker tag $dockerid $imagename #默認不寫,tag是latest
docker tag $dockerid $image-name:$tag #也能夠指定tag
默認
AnInputForce.teach ~ $ docker tag 5c72d36ad69e centos-vim AnInputForce.teach ~ $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos-vim latest 5c72d36ad69e 10 minutes ago 361.1 MB
寫$tag
AnInputForce.teach ~ $ docker tag 5c72d36ad69e centos-vim:mdr AnInputForce.teach ~ $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos-vim latest 5c72d36ad69e 13 minutes ago 361.1 MB centos-vim mdr 5c72d36ad69e 13 minutes ago 361.1 MB <none> <none> 37e42772dafe 11 days ago 361.1 MB
注意
能夠給一個鏡像打多個tag,他們能夠共存。
可是$image-name需全局惟一,若是你使用了已有的名字,原來叫這個名字的就會變成<none> <none> ,請注意上文日誌中docker id爲「37e42772dafe」的先後變化;
測試新鏡像
docker rm -f kch-centos刪除以前的容器,
AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8084:80 -itd centos-vim tail -f /etc/hosts 7ce8203e0431a7571df28e51fe7bb2152093fa49ebb8495516342046af23e953 AnInputForce.teach ~ $ dgo mdr-centos + DID=mdr-centos + [[ mdr-centos == '' ]] + docker exec -i -t mdr-centos bash [root@7ce8203e0431 /]# vim
能夠看到,成功進入vim;
小練習:新增帳號後打包鏡像
基於centos鏡像,加一個帳號,而後build鏡像,鏡像名字本身起。同時安裝SSH服務,這個後續有用。
Dockerfile參考
FROM centos:7 MAINTAINER mdr<kang.cunhua@qq.com> RUN useradd mdr RUN yum install -y openssh-server
構建演示
AnInputForce.teach ~ $ cd experment/ AnInputForce.teach ~/experment $ mkdir centos-dev AnInputForce.teach ~/experment $ cd centos-dev/ AnInputForce.teach ~/experment/centos-dev $ vi Dockerfile AnInputForce.teach ~/experment/centos-dev $ cd .. AnInputForce.teach ~/experment $ docker build centos-dev/ Sending build context to Docker daemon 2.048 kB Step 1 : FROM centos:7 ---> 0584b3d2cf6d ...... Complete! ---> 7677fcb139ca Removing intermediate container 9bb12e1ee067 Successfully built 7677fcb139ca AnInputForce.teach ~/experment $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE <none> <none> 7677fcb139ca 44 seconds ago 307.8 MB centos-vim latest 5c72d36ad69e 24 hours ago 361.1 MB centos-vim mdr 5c72d36ad69e 24 hours ago 361.1 MB AnInputForce.teach ~/experment $ docker tag 7677fcb139ca centos-dev:mdr AnInputForce.teach ~/experment $ docker images | grep mdr centos-dev mdr 7677fcb139ca 3 minutes ago 307.8 MB centos-vim mdr 5c72d36ad69e 24 hours ago 361.1 MB AnInputForce.teach ~/experment $
小技巧
在Dockerfile中設置用戶密碼
來自kongsys童鞋;
Run echo "yourpasswd666"|passwd kongsys --stdin
在構建鏡像時指定標籤
這樣的話,就不用構建後在給鏡像命名和打tag了--來自Roven童鞋;
docker build -t test-centos|centos7.2 centos-vim
如何拿Docker撘開發機
搭建開發機,讓各位同窗能自動登陸。以前咱們是經過Dockerfile構建的,此處演示咱們用commit來構建。
不須要輸密碼,只要我在wheel組裏
sudoedit /etc/sudoers編輯
找到
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL
改成
## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL ## Same thing without a password %wheel ALL=(ALL) NOPASSWD: ALL
演示日誌
AnInputForce.teach ~ $ dgo mdr-centos + DID=mdr-centos + [[ mdr-centos == '' ]] + docker exec -i -t mdr-centos bash [root@7ce8203e0431 /]# useradd mdr [root@7ce8203e0431 /]# passwd mdr Changing password for user mdr. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@7ce8203e0431 /]# yum install -y openssh-server .... Dependency Installed: fipscheck.x86_64 0:1.4.1-5.el7 fipscheck-lib.x86_64 0:1.4.1-5.el7 openssh.x86_64 0:6.6.1p1-25.el7_2 tcp_wrappers-libs.x86_64 0:7.6-77.el7 Complete! [root@7ce8203e0431 /]# usermod -aG wheel mdr [root@7ce8203e0431 /]# yum install -y sudo Loaded plugins: fastestmirror, ovl ...... Installed: sudo.x86_64 0:1.8.6p7-17.el7_2 Complete! [root@7ce8203e0431 /]# sudoedit /etc/sudoers [root@7ce8203e0431 /]# exit exit AnInputForce.teach ~ $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7ce8203e0431 centos-vim "tail -f /etc/hosts" 24 hours ago Up 24 hours 0.0.0.0:8084->80/tcp mdr-centos ...... AnInputForce.teach ~ $ docker commit mdr-centos centos-dev:7 sha256:f331bbce086b75f00133b8fc3385f03d1bb3c5274e7c279e69ab06a2192f63ae AnInputForce.teach ~ $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos-dev 7 f331bbce086b 11 seconds ago 473.3 MB centos-dev mdr 7677fcb139ca 44 minutes ago 307.8 MB centos-vim latest 5c72d36ad69e 25 hours ago 361.1 MB centos-vim mdr 5c72d36ad69e 25 hours ago 361.1 MB ...... AnInputForce.teach ~ $ docker rm -f mdr-centos mdr-centos AnInputForce.teach ~ $ docker run --name="mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 /usr/sbin/sshd -D af94c0ffe40432112a4d5b7c38a2b66f2244b7baf941995c2e6b5ef95384ee76 AnInputForce.teach ~ $
登陸開發機,報錯
咱們來嘗試登陸一下開發機,發現報錯,docker logs $container-id查日誌排錯
ssh -P 8088 mdr@127.0.0.1 ssh: connect to host 8088 port 22: Invalid argument AnInputForce.teach ~ $ docker logs mdr-centos Could not load host key: /etc/ssh/ssh_host_rsa_key Could not load host key: /etc/ssh/ssh_host_ecdsa_key Could not load host key: /etc/ssh/ssh_host_ed25519_key
**tips:**ssh-keygen如何不輸入-y,搜索關鍵詞:ssh-kengen no interactive
回到簡單模式,啓動container
報錯:/etc/hosts: no such file or directory
AnInputForce.teach ~ $ docker run --name="mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 "tail -f /etc/hosts" 2fafa8f4c7fd503cd62cb083ffa0135a2f20eff7d3d7e75b421fb61e2b13e358 docker: Error response from daemon: invalid header field value "oci runtime error: container_linux.go:247: starting container process caused \"exec: \\\"tail -f /etc/hosts\\\": stat tail -f /etc/hosts: no such file or directory\"\n".
緣由 :command多加了引號
AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 tail -f /etc/hosts f47f6e673f49154c261355039da9f45bb50777106917752d17aee96a3135421c
再回到container安裝ssh
同時,根據日誌提示安裝對應加密算法
Welcome to aliyun Elastic Compute Service! -bash: /home/AnInputForce: 是一個目錄 AnInputForce.teach ~ $ dgo mdr-centos + DID=mdr-centos + [[ mdr-centos == '' ]] + docker exec -i -t mdr-centos bash [root@f47f6e673f49 /]# ssh-keygen ...... +--[ RSA 2048]----+ ...... +-----------------+ [root@f47f6e673f49 /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key ...... +--[ DSA 1024]----+ ...... +-----------------+ [root@f47f6e673f49 /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key ...... +--[ RSA 2048]----+ ...... +-----------------+
測試下:提示缺兩種非對稱加密算法
[root@f47f6e673f49 /]# /usr/sbin/sshd -D Could not load host key: /etc/ssh/ssh_host_ecdsa_key Could not load host key: /etc/ssh/ssh_host_ed25519_key
繼續安裝非對稱加密算法
[root@f47f6e673f49 /]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key +--[ECDSA 256]---+ ...... +-----------------+ [root@f47f6e673f49 /]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key ...... +--[ED25519 256--+ ...... +-----------------+
SSH服務成功啓動
[root@f47f6e673f49 /]# /usr/sbin/sshd -D ^C [root@f47f6e673f49 /]#
提交打包鏡像
[root@f47f6e673f49 /]# exit exit AnInputForce.teach ~ $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos-dev 7 f331bbce086b 11 hours ago 473.3 MB centos-dev mdr 7677fcb139ca 12 hours ago 307.8 MB centos-vim latest 5c72d36ad69e 37 hours ago 361.1 MB AnInputForce.teach ~ $ docker commit mdr-centos centos-dev:7 sha256:90fc2a3fa895faa4611731b442b7e17fcdfab2084cc488378a48d54a44e59490 AnInputForce.teach ~ $ docker commit mdr-centos centos-dev sha256:a7d3dc16d111e7ab50fd0d8b2a5aabe8c5c4213ffdc8d7b4a2e32a7ba09f096c AnInputForce.teach ~ $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos-dev latest a7d3dc16d111 4 seconds ago 473.3 MB centos-dev 7 90fc2a3fa895 19 seconds ago 473.3 MB centos-dev mdr 7677fcb139ca 12 hours ago 307.8 MB centos-vim latest 5c72d36ad69e 37 hours ago 361.1 MB
測試進入開發機
AnInputForce.teach ~ $ docker rm -f mdr-centos mdr-centos AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 tail -f /usr/sbin/sshd -D 6d0bae922b6e380adb93ceea88b6ba230b3b578d93744e2dcc0d524080f95356 AnInputForce.teach ~ $ ssh -P 8088 mdr@reboot.linrc.com ssh: connect to host 8088 port 22: Invalid argument AnInputForce.teach ~ $ docker logs "docker logs" requires exactly 1 argument(s). See 'docker logs --help'. Usage: docker logs [OPTIONS] CONTAINER Fetch the logs of a container AnInputForce.teach ~ $ docker logs mdr-centos tail: invalid option -- 'D' Try 'tail --help' for more information. AnInputForce.teach ~ $ docker rm -f mdr-centos mdr-centos AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev /usr/sbin/sshd -D b996a0f5c858ea59dae380960274371ff45c2fba4ee2b307b9eea241e0ea6e2d AnInputForce.teach ~ $ ssh -P 8088 mdr@reboot.linrc.com ssh: connect to host 8088 port 22: Invalid argument AnInputForce.teach ~ $ docker logs mdr-centos AnInputForce.teach ~ $ ssh -p 8088 mdr@reboot.linrc.com The authenticity of host '[reboot.linrc.com]:8088 ([59.110.12.72]:8088)' can't be established. ECDSA key fingerprint is 2e:c3:ac:e6:86:99:98:65:c8:4b:44:67:f3:84:2e:45. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[reboot.linrc.com]:8088,[59.110.12.72]:8088' (ECDSA) to the list of known hosts. mdr@reboot.linrc.com's password: [mdr@b996a0f5c858 ~]$
成功進入。**Tips:**咱們在使用docker時,碰上報錯能夠,使用docker logs $container-id 來查看日誌。以上日誌對應包含了對應排錯過程,請參考。
讓咱們作得更好:免密碼登陸
咱們在平常使用開發機的時候,不能每一個容器都這兒操做一遍:加入id_rsa.pub 內容到.ssh/authorized_keys。能不能批量實現這個效果?能夠的,用到了目錄映射:^演示帳號權限不足提示
思路
把本身目錄下的id_rsa.pub內容加入/root/.ssh/authorized_keys
演示
AnInputForce.teach ~/.ssh $ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLqCVUrRiiGCuK3lAa3kIrk1rSU0WuzpOZT9LctQE1m0TOrAGDC/C0USp6AOTQ90V+JdaRFC6hvjmI5AVrZIbnhHFbhlJpqPegnC7pZiMLFIt8Pcdi9aCZGAqvj6ALfMOsXRgM4H5vgwAKg1YAihnse4A2rLmS237UK43/Yk1E6fn/0wILzdy1gPjIuQbHbKUuJV/VAhP8655xRDLGjOj7rmfR0rm+qukyOrgfW4kCtuGSQfC0qykTHmS25pNnByWaS1tzxspgL0XWRcHIKCxzFSDgzdLgtIOvrlDR46pZFJ8lShQKaMhu/eDj4ZC4VN7QHulZNP/rjiWlB1pafkw5 AnInputForce@teach [mdr@b996a0f5c858 log]$ sudo su - teach ~ # vi .ssh/authorized_keys
讓全部人均可以避免密碼登陸
把宿主機的ssh目錄映射到容器裏,全部人均可以避免密碼登陸了。只要用戶能免密碼登陸宿主機,就能免密碼登陸容器;
docker rm -f mdr-centos sudo docker run --name='mdr-centos' -v ~/data:/data -v /root/.ssh:/root/.ssh -p 8088:22 -itd centos-dev /usr/sbin/sshd -D
也能夠把本身目錄的映射到容器中。
**Tips:**風險--目錄映射以後,在容器中修改對應目錄或文件,也會同步到本地。須要特別注意。若是有童鞋知道如何映射本地目錄到容器中爲只讀權限,麻煩您給我留言,我會更新本文。
Docker簡介總結:咱們作了什麼
- 爲何是docker:秒級啓動,化複雜安裝配置爲簡潔
- docker基本概念:倉庫、鏡像、容器
- docker基本操做:ps、port、pull、images、run、stop、rm、exec、inspect、logs、commit
- 徒手寫Dockerfile構建鏡像
- 一個小練習:新增帳號後,打包鏡像
- 用Docker來搭建開發機:快速批量提供開發環境,讓全部人免密登陸
相關文章
- 1. docker 入門到實戰(一)docker 簡介
- 2. docker進階與實戰 1 docker簡介
- 3. docker學習筆記1——Docker簡介
- 4. Docker學習筆記——Docker簡介
- 5. Docker學習筆記1-Docker簡介
- 6. Docker學習筆記01-Docker簡介
- 7. Docker基礎篇筆記 (一) docker簡介
- 8. Docker學習筆記(一)——Docker簡介
- 9. Docker學習筆記——簡介
- 10. [docker] - Docker簡介
- 更多相關文章...
- • Docker Dockerfile - Docker教程
- • Docker Machine - Docker教程
- • Tomcat學習筆記(史上最全tomcat學習筆記)
- • Docker容器實戰(一) - 封神Server端技術
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 「插件」Runner更新Pro版,幫助設計師遠離996
- 2. 錯誤 707 Could not load file or assembly ‘Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKe
- 3. Jenkins 2018 報告速覽,Kubernetes使用率躍升235%!
- 4. TVI-Android技術篇之註解Annotation
- 5. android studio啓動項目
- 6. Android的ADIL
- 7. Android卡頓的檢測及優化方法彙總(線下+線上)
- 8. 登錄註冊的業務邏輯流程梳理
- 9. NDK(1)創建自己的C/C++文件
- 10. 小菜的系統框架界面設計-你的評估是我的決策
歡迎關注本站公眾號,獲取更多信息
