Docker 定制ssh、java等基础服务镜像

来源：互联网发布：黄帝大战蚩尤电影知乎编辑：程序博客网时间：2024/06/03 22:25

1、启动一个基于centos镜像的容器

# docker run –p 10022:22  -ti centos bash[root@f743588bbeef /]#

-p是为了等会启动ssh后测试能否正常登陆

2、在容器中安装openssh-server、java等

[root@f743588bbeef /]# yum install -y -q openssh-server java-1.7.0-openjdk net-tools

3、修改sshd_config配置文件

[root@f743588bbeef /]# ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' [root@f743588bbeef /]# ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' [root@f743588bbeef /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key  -N ''  [root@f743588bbeef /]# sed -i "s/UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config [root@f743588bbeef /]# sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config

4、修改root密码

[root@f743588bbeef /]# echo 'root:root' |chpasswd

5、启动openssh服务

[root@f743588bbeef /]# /usr/sbin/sshd[root@f743588bbeef /]# netstat -ntlpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1/sshd              tcp6       0      0 :::22

6、测试是否能登陆容器

# ssh -p 10022 192.168.62.200The authenticity of host '[192.168.62.200]:10022 ([192.168.62.200]:10022)' can't be established.ECDSA key fingerprint is 7d:d5:8a:ea:5a:92:9e:3d:92:fe:dd:78:56:c2:d9:0e.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '[192.168.62.200]:10022' (ECDSA) to the list of known hosts.root@192.168.62.200's password: [root@f743588bbeef ~]#

7、使用commit提交刚刚在容器内的所有操作

# docker commit f743588bbeef docker-sshsha256:4d8d27a47d3fd2750cde8f5d0ead3af6f90dd972969a3dca369b52d1e6130085# docker imagesREPOSITORY                          TAG                 IMAGE ID            CREATED             SIZEdocker-ssh                          latest              4d8d27a47d3f        7 seconds ago       192 MB

8、可以看到镜像列表中存在一个docker-ssh的镜像

# docker run -d --name docker-ssh -p 10022:22 docker-sshd986e0bdc2b1072b39248a691ba73f6b297842373ca7a55457f3cd8d7fa5c435# docker ps -aCONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS                      PORTS                                            NAMESd986e0bdc2b1        docker-ssh                 "/usr/sbin/sshd -D"      3 seconds ago       Up 3 seconds                0.0.0.0:10022->22/tcp                            docker-ssh# ssh -p 10022 192.168.62.200The authenticity of host '[192.168.62.200]:10022 ([192.168.62.200]:10022)' can't be established.ECDSA key fingerprint is 7d:d5:8a:ea:5a:92:9e:3d:92:fe:dd:78:56:c2:d9:0e.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '[192.168.62.200]:10022' (ECDSA) to the list of known hosts.root@192.168.62.200's password: [root@d986e0bdc2b1 ~]#

二、用Dockerfile来定制

mkdir ssh-java ##创建一个空目录

cd ssh-java && vim Dockerfile

FROM centosMAINTAINER <Email:kbsonlong@gmail.com Blog:www.along.party>RUN yum install -y -q openssh-server java-1.7.0-openjdk net-tools RUN ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' RUN ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key  -N ''  RUN sed -i "s/UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config RUN sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config  RUN echo 'root:change' |chpasswd EXPOSE 22CMD ["/usr/sbin/sshd", "-D"]

FROM、RUN、EXPOSE、CMD、MAINTAINER 都是Dockerfile的指令，Dockerfile指令更多详细介绍

FROM：指定基于哪个基础镜像

MAINTAINER ：维护者的信息

RUN：在shell终端执行的命令

EXPOSE：对外提供的端口

CMD：启动容器是执行的命令，每个Dockerfile只能有一条CMD指令，如果存在多条，则执行最后一条。

构建镜像

#docker build -t ssh-java:1.7.1  .

查看构建的镜像

docker images|grep ssh-javassh-java                            1.7.1               71fc498380f5        25 minutes ago      282 MB

使用镜像启动

# docker ps -aCONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS                      PORTS                                            NAMES26b4dcc00246        ssh-java:1.7.1                 "/usr/sbin/sshd -D"      3 seconds ago       Up 2 seconds                0.0.0.0:32778->22/tcp                            ssh-java

# ssh -p 32778 192.168.62.200The authenticity of host '[192.168.62.200]:32778 ([192.168.62.200]:32778)' can't be established.ECDSA key fingerprint is 7d:d5:8a:ea:5a:92:9e:3d:92:fe:dd:78:56:c2:d9:0e.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '[192.168.62.200]:32778' (ECDSA) to the list of known hosts.root@192.168.62.200's password: [root@26b4dcc00246 ~]#

0 0