「两」创建一个带 ssh 镜座服务(修订版)--采用 Dockerfile 创
创建目录
首先,创建一个叫做 sshd_ubuntu 的目录,用于存放我们的 Dockerfile 、脚本文件、以及其它文件。
$ mkdir sshd_ubuntu
$ ls
sshd_ubuntu
$ cd sshd_ubuntu/
$ touch Dockerfile run.sh
$ ls
Dockerfile run.sh
编写 shell 脚本和 authorized_keys 文件
当中脚本文件 run.sh 的内容与上一小节一致
#!/bin/bash
/usr/sbin/sshd -D
创建 authorized_keys 文件
$ ssh-keygen
#依据提示生成訪问密钥
$ cat ~/.ssh/id_rsa.pub >authorized_keys
#复制公钥到 authorized_keys 文件里
以下是 Dockerfile 的内容及解释
#设置继承镜像
FROM ubuntu:14.04
#提供一些作者的信息
MAINTAINER dwj_zz@163.com
#以下開始执行命令,此处更改ubuntu的源为国内163的源
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse" > /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN apt-get update
#安装 ssh 服务
RUN apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
#取消pam限制
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
#复制配置文件到对应位置,并赋予脚本可执行权限
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod 755 /run.sh
#开放端口
EXPOSE 22
#设置自启动命令
CMD ["/run.sh"]
创建镜像
$ sudo docker build -t sshd:dockerfile .
Sending build context to Docker daemon 5.632 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu:14.04
^Z
[1]+ Stopped sudo docker build -t sshd:dockerfile .
#这里我发现创建的速度好慢,于是暂停创建过程,先查看下本地 images
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
sshd ubuntu 7aef2cd95fd0 12 hours ago 255.2 MB
busybox latest e72ac664f4f0 3 weeks ago 2.433 MB
ubuntu latest ba5877dc9bec 3 months ago 192.7 MB
#原来我们的 ubuntu 镜像是使用默认的 latest 标签,而我们在 Dockerfile 中一般都是指定版本号标签。
$ sudo docker tag ba5 ubuntu:14.04
$ pwd
/home/xxx/sshd_ubuntu
$ sudo docker build -t sshd:dockerfile .
#这里注意一下,在最后另一个 “.” ,表示使用当前目录的 Dockerfile
Sending build context to Docker daemon 5.632 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu:14.04
---> ba5877dc9bec
Step 1 : MAINTAINER dwj_zz@163.com
---> Running in 188d74d02d35
---> 473eb019b331
Removing intermediate container 188d74d02d35
#使用 Dockerfile 创建,他会帮你删除中间没用的文件层
Step 2 : RUN echo "deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse" > /etc/apt/sources.list
---> Running in f52e2a583db5
---> bd4ceef2ee19
Removing intermediate container f52e2a583db5
Step 3 : RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list
---> Running in 897d65dfe9be
---> 9cd736f11928
Removing intermediate container 897d65dfe9be
Step 4 : RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list
---> Running in ec3433db813e
---> 3fca0b605de4
Removing intermediate container ec3433db813e
Step 5 : RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list
---> Running in 4a0fe165598f
---> f6d1c7af36c8
Removing intermediate container 4a0fe165598f
Step 6 : RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list
---> Running in 209179c21053
---> 0cda758c9f3c
Removing intermediate container 209179c21053
Step 7 : RUN apt-get update
---> Running in 1fd40eb66f7b
Ign http://archive.ubuntu.com trusty-proposed InRelease
Get:1 http://archive.ubuntu.com trusty-proposed Release.gpg [933 B]
Get:2 http://archive.ubuntu.com trusty-proposed Release [110 kB]
Get:3 http://archive.ubuntu.com trusty-proposed/main amd64 Packages [160 kB]
...
#为了节约篇幅,删去一些无关紧要的内容
Fetched 11.3 MB in 1min 37s (116 kB/s)
Reading package lists...
---> 0f132591eddc
Removing intermediate container 1fd40eb66f7b
Step 8 : RUN apt-get install -y openssh-server
---> Running in 399e4ea726d2
Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
ca-certificates krb5-locales libck-connector0 libedit2 libgssapi-krb5-2
libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0
libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libwrap0 libx11-6
libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 ncurses-term
openssh-client openssh-sftp-server openssl python python-chardet
python-minimal python-requests python-six python-urllib3 python2.7
python2.7-minimal ssh-import-id tcpd wget xauth
Suggested packages:
krb5-doc krb5-user ssh-askpass libpam-ssh keychain monkeysphere rssh
molly-guard ufw python-doc python-tk python2.7-doc binutils binfmt-support
The following NEW packages will be installed:
ca-certificates krb5-locales libck-connector0 libedit2 libgssapi-krb5-2
libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0
libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libwrap0 libx11-6
libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 ncurses-term
openssh-client openssh-server openssh-sftp-server openssl python
python-chardet python-minimal python-requests python-six python-urllib3
python2.7 python2.7-minimal ssh-import-id tcpd wget xauth
0 upgraded, 38 newly installed, 0 to remove and 29 not upgraded.
Need to get 7599 kB of archives.
After this operation, 35.3 MB of additional disk space will be used.
Get:1 http://mirrors.163.com/ubuntu/ trusty/main libedit2 amd64 3.1-20130712-2 [86.7 kB]
...
Running hooks in /etc/ca-certificates/update.d....done.
Processing triggers for ureadahead (0.100.0-16) ...
---> 62f952643e33
Removing intermediate container 399e4ea726d2
Step 9 : RUN mkdir -p /var/run/sshd
---> Running in aa1c4d469284
---> e81557dd4887
Removing intermediate container aa1c4d469284
Step 10 : RUN mkdir -p /root/.ssh
---> Running in 0626987081d0
---> 23882ee06756
Removing intermediate container 0626987081d0
Step 11 : RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
---> Running in 3808c650bf85
---> 6c0ca1d20d7f
Removing intermediate container 3808c650bf85
Step 12 : ADD authorized_keys /root/.ssh/authorized_keys
---> a64bbd8ae617
Removing intermediate container 16e2d93d6ef0
Step 13 : ADD run.sh /run.sh
---> 230711022f7d
Removing intermediate container 137e56188d7b
Step 14 : RUN chmod 755 /run.sh
---> Running in a876e4ea378e
---> 32d74bbb7406
Removing intermediate container a876e4ea378e
Step 15 : EXPOSE 22
---> Running in eeaf9352ca11
---> 901e3fa9f596
Removing intermediate container eeaf9352ca11
Step 16 : CMD /run.sh
---> Running in 48c37db83ffb
---> 570c26a9de68
Removing intermediate container 48c37db83ffb
Successfully built 570c26a9de68
#最后,返回告诉我们创建成功,镜像 id 号是570c26a9de68,让我们来查看下
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
sshd dockerfile 570c26a9de68 4 minutes ago 246.5 MB
sshd ubuntu 7aef2cd95fd0 12 hours ago 255.2 MB
busybox latest e72ac664f4f0 3 weeks ago 2.433 MB
ubuntu 14.04 ba5877dc9bec 3 months ago 192.7 MB
ubuntu latest ba5877dc9bec 3 months ago 192.7 MB
測试镜像,执行容器
我们使用刚才我们创建的 sshd:dockerfile 来执行一个容器,看看时候达到我们的要求。
$ sudo docker ps
#这是上一小节,我们用 ”commit“ 方式建立的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3ad7182aa47f sshd:ubuntu "/run.sh" 12 hours ago Up 3 seconds 0.0.0.0:100->22/tcp focused_ptolemy
$ sudo docker run -d -p 101:22 sshd:dockerfile
#注意到,跟上一小节执行的容器的命令不一样。不须要在输入命令‘/run.sh’了。由于已经在 Dockerfile 中定义了自启动命令。
890c04ff8d769b604386ba4475253ae8c21fc92d60083759afa77573bf4e8af1
$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
890c04ff8d76 sshd:dockerfile "/run.sh" 4 seconds ago Up 3 seconds 0.0.0.0:101->22/tcp high_albattani
3ad7182aa47f sshd:ubuntu "/run.sh" 12 hours ago Up 28 seconds 0.0.0.0:100->22/tcp focused_ptolemy
在本地新开一个终端,连接到新建的容器
> ssh 192.168.1.200 -p 101
The authenticity of host '[192.168.1.200]:101 ([192.168.1.200]:101)' can't be established.
ECDSA key fingerprint is d1:59:f1:09:3b:09:79:6d:19:16:f4:fd:39:1b:be:27.
Are you sure you want to continue connecting (yes/no)?
yes
Warning: Permanently added '[192.168.1.200]:101' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.2.0-37-generic x86_64)
* Documentation: https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@890c04ff8d76:~#
测试成功
版权声明:本文博主原创文章,博客,未经同意不得转载。
「两」创建一个带 ssh 镜座服务(修订版)--采用 Dockerfile 创的更多相关文章
- 「六」创建一个带 weblogic 服务的基础镜像
Weblogic Weblogic 简单介绍以及其在 Docker 环境下的特殊应用 WebLogic是美国Oracle公司出品的一个application server确切的说是一个基于JAVAEE ...
- 「五」创建一个带 tomcat 服务的基础镜像(修订版)
Tomcat Tomcat 简单介绍 Tomcat server是一个免费的开放源码的Web 应用server,属于轻量级应用server.在中小型系统和并发訪问用户不是非常多的场合下被普遍使用,是开 ...
- 创建一个带模版的用户控件 V.3
再重构此篇<创建一个带模版的用户控件 V.2>http://www.cnblogs.com/insus/p/4164149.html 让其它动态实现header,Item和Footer. ...
- 创建一个带模版的用户控件 V.2
前面有做练习<创建一个带模版的用户控件>http://www.cnblogs.com/insus/p/4161544.html .过于简化.通常使用数据控件Repeater会有网页写好He ...
- 「Linux」制作一个Linux系统
一.前言 Linux操作系统至1991年10月5日诞生以来,就其开源性和自由性得到了很多技术大牛的青睐,每个Linux爱好者都为其贡献了自己的一份力,不管是在Linux内核还是开源软件等方面,都为我们 ...
- java多线程学习(两)——创建一个线程
一个.java创建两个线程的方法 1.从java.lang.Thread派生一个新类线程类,其覆盖run()方法 2.实现Runnable接口.重载Runnable接口中的run()方法. 使用Thr ...
- 如何创建一个带诊断工具的.NET镜像
现阶段的问题 现在是云原生和容器化时代,.NET Core对于云原生来说有非常好的兼容和亲和性,dotnet社区以及微软为.NET Core提供了非常方便的镜像容器化方案.所以现在大多数的dotnet ...
- 「期末」一文带你系统回顾C 语言
超详细 c 语言回顾 前言 c 语言是一种底层语言,是一种系统底层级的语言,例如Windows.Linux.Unix等操作系统就是使用c语言编写的.所以由此看来,不论是火爆了25年的Java,还是近年 ...
- 为docker创建ubuntu带SSH的基础镜像
安装Debootstrap ubuntu操作系统:apt install debootstrap centos操作系统:yum install debootstrap 构建基础Ubuntu的rootf ...
随机推荐
- 常用MVC框架
J2EE开常用的SSH或SSI框架,对应解决表示层.业务逻辑层.持久化层的问题,其中对表示层的解决方案最多,常见的有Struts1/2,Spring MVC等,实际上都是在最底层的Servlet规范中 ...
- MySQL数据导出导入任务脚本
#!/usr/bin/env python#-*- encoding: utf8 -*- import timeimport osimport mysql.connector #定义一些全局变量 w ...
- 1 Spring Cloud Eureka服务治理(上)
注:此随笔为读书笔记.<Spring Cloud微服务实战>,想学习Spring Cloud的同伴们可以去看看此书,里面对源码有详细的解读. 什么是微服务? 微服务是将一个原本独立的系统拆 ...
- matplotlib学习之散点图与条形图
# coding:utf-8 from matplotlib import pyplot as plt import numpy as np plt.style.use('ggplot') x = n ...
- [Webpack] Configure Prepack with Webpack
Great improvements and optimizations can be made to the output of bundled code. Prepack provides the ...
- TF-IDF模型
TF-IDF模型 1. 理论基础 由于数据挖掘所有数据都要以数字形式存在,而文本是以字符串形式存在.所以进行文本挖掘时需要先对字符串进行数字化,从而能够进行计算.TF-IDF就是这样一种技术,能够将字 ...
- [Node.js] Create a model to persist data in a Node.js LoopBack API
In this lesson you will learn what a LoopBack model is, you will create a Product model using the Lo ...
- js进阶正则表达式11RegExp的属性和方法(RegExp的属性和方法,就是RegExp对象.(点)什么的形式)(正则表达式执行之前会被编译)
js进阶正则表达式11RegExp的属性和方法(RegExp的属性和方法,就是RegExp对象.(点)什么的形式)(正则表达式执行之前会被编译) 一.总结 1. RegExp的属性和方法,就是RegE ...
- ajax传递list集合
原文链接:https://blog.csdn.net/qq_37936542/article/details/79277495 一:ajax传递List<String>类型的数据 js代码 ...
- Android 设置图片 Bitmap任意透明度
两种思路,第一种思路是通过对Bitmap进行操作,将Bitmap的像素值get到一个int[]数组里,因为在android里Bitmap通常是ARGB8888格式,所以最高位就是A通道的值,对齐进行改 ...