牛刀小试之docker容器系列(九)

使用dockerfile创建基于centos的ssh容器

牛刀小试之docker容器系列(九)

使用dockerfile创建基于centos的ssh容器

使用dockerfile创建基于centos的ssh容器:

需求:
   打包的镜像需要支持SSH key和密码登录
1.首先创建目录/home/sshd_centos
[root@test-devops sshd_centos]# pwd
/home/sshd_centos
[root@test-devops sshd_centos]#

2.查看autorized.keys,需要注意的是,需要哪个机器使用key登录就把哪个客户的pub文件进去
[root@test-devops sshd_centos]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0OaHTmgsdKIrPCgULUk1XyRGhicQbPPJgQN85QTZNfA2iuK7PmkhoPnXLaRtMZl4se6xsBEuCn0Yougx4vFRzszDv/62XxjErqqC0vQBEWL4KaGCmDgEtwaE3oOBPA+kfIU0XITZuZx7KdPsaX2pngrv+EK3urs5kYUbwfQzE8G9JcqhWmGUxNWx+SvyspH5GaEMvxdpmZtitevEDfAGTnfp0DvR/C/5EcieS9MBHOAMEwm5mzVzvTV+HEN2GMmZAuooEUGlzTVyCRzJvddzzPDsVKZzLPhA8QYWYGg/bSDkrh5IFYBc5T/yDhD6xBbbFG+R4vT98iOqB7m9vXst9 zhangkeyuan@zhangkeyuandeMacBook-Air.local
[root@test-devops sshd_centos]#
3.给文件授权
[root@test-devops sshd_centos]# ll authorized_keys
-rw------- 1 root root 424 7月   2 17:43 authorized_keys
[root@test-devops sshd_centos]#

4.查看run.sh文件,并且授权。 [root@test-devops sshd_centos]# cat run.sh #!/bin/bash /usr/sbin/sshd -D [root@test-devops sshd_centos]# ll run.sh -rwxr-xr-x 1 root root 30 7月 2 17:38 run.sh [root@test-devops sshd_centos]#

5.编写Dockerfile文件
[root@test-devops sshd_centos]# cat Dockerfile
# 继承的镜像
FROM centos:6

# 作者信息
MAINTAINER  steven <www.opsnotes.net>

# 安装SSH服务和VIM服务
RUN yum install -y openssh-server openssh-clients vim
RUN mkdir -p /root/.ssh/
ADD authorized_keys /root/.ssh/authorized_keys
RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN echo 'root:123qwer' |chpasswd

RUN sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
RUN sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config

# 取消PAM限制
RUN sed -i '/pam_loginuid.so/c session    optional     pam_loginuid.so'  /etc/pam.d/sshd

# 复制文件,给脚本可执行权限
ADD run.sh /run.sh
RUN chmod +x /run.sh

# 设置开放端口
EXPOSE 22

# 设置自动开启命令
CMD ["/run.sh"]
[root@test-devops sshd_centos]#
6.创建镜像
[root@test-devops sshd_centos]# docker build -t 'sshd/centos62' .
Sending build context to Docker daemon 4.608 kB
Sending build context to Docker daemon
Step 0 : FROM centos:6
 ---> a005304e4e74
Step 1 : MAINTAINER steven <www.opsnotes.net>
 ---> Using cache
 ---> 8ccadbb8c6f6
Step 2 : RUN yum install -y openssh-server openssh-clients vim
 ---> Using cache
 ---> 111215780c4f
Step 3 : RUN mkdir -p /root/.ssh/
 ---> Running in ea191f0909c4
 ---> 5f6ac2b38d88
Removing intermediate container ea191f0909c4
Step 4 : ADD authorized_keys /root/.ssh/authorized_keys
 ---> 741bd05637e8
Removing intermediate container 386d4b505a1d
Step 5 : RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key
 ---> Running in b7f9f3c9d4df
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
aa:ac:5b:04:c5:11:e9:39:b7:7c:62:1b:3a:15:c2:f5 root@75f92b78d2cc
The key's randomart image is:
+--[ RSA 2048]----+
|   .++           |
|   .o .          |
|  .o o .         |
|   .* o E        |
|    .= oS        |
|   .  B..        |
|    .+.=         |
|   oo..          |
|  ooo.           |
+-----------------+
 ---> b42a1ffe70f9
Removing intermediate container b7f9f3c9d4df
Step 6 : RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
 ---> Running in 8a28a1527a13
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
c2:af:40:c9:b2:b6:46:a3:30:c7:98:38:69:54:0d:07 root@75f92b78d2cc
The key's randomart image is:
+--[ DSA 1024]----+
|   E+.           |
|   ...           |
|  .              |
| . . o           |
|o=. + o S        |
|O.=+   o         |
|o*o..   .        |
|.... . .         |
| ..   .          |
+-----------------+
 ---> 2f5a07235d66
Removing intermediate container 8a28a1527a13
Step 7 : RUN echo 'root:123qwer' |chpasswd
 ---> Running in f6811daba557
 ---> f3515e28b046
Removing intermediate container f6811daba557
Step 8 : RUN sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config
 ---> Running in 0ddb9e0e52a1
 ---> 3048f905c529
Removing intermediate container 0ddb9e0e52a1
Step 9 : RUN sed -i "s/UsePAM.*/UsePAM no/g" /etc/ssh/sshd_config
 ---> Running in 4987ecf98986
 ---> 8047eacadabe
Removing intermediate container 4987ecf98986
Step 10 : RUN sed -i '/pam_loginuid.so/c session    optional     pam_loginuid.so'  /etc/pam.d/sshd
 ---> Running in 21c662ab0111
 ---> f313d66e836a
Removing intermediate container 21c662ab0111
Step 11 : ADD run.sh /run.sh
 ---> 29a4c3843361
Removing intermediate container 6b8fbc856b2d
Step 12 : RUN chmod +x /run.sh
 ---> Running in 853dfb9e0aa7
 ---> 29f4074323a8
Removing intermediate container 853dfb9e0aa7
Step 13 : EXPOSE 22
 ---> Running in 2a277d6e363b
 ---> b32ff8e94278
Removing intermediate container 2a277d6e363b
Step 14 : CMD /run.sh
 ---> Running in dea577902b02
 ---> b6eca2c06ea4
Removing intermediate container dea577902b02
Successfully built b6eca2c06ea4
[root@test-devops sshd_centos]#
7.查看镜像是否创建成功
[root@test-devops sshd_centos]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
sshd/centos62       latest              b6eca2c06ea4        24 seconds ago      313 MB
[root@test-devops sshd_centos]#
8.启动docker容器
[root@test-devops sshd_centos]# docker run -d -p 10125:22 sshd/centos62
f7572b7e1be4d6509939c12fcad0ea9cfb305d4b47a402c105a1ec0ee16098fb
[root@test-devops sshd_centos]# docker ps
CONTAINER ID        IMAGE                  COMMAND             CREATED             STATUS              PORTS                   NAMES
f7572b7e1be4        sshd/centos62:latest   "/run.sh"           5 seconds ago       Up 4 seconds        0.0.0.0:10125->22/tcp   lonely_goodall
[root@test-devops sshd_centos]#
9.测试,可以测试key登录以及密码登录
ssh -p 10125 root@121.41.118.184
zhangkeyuan@opsnotes:~ » ssh -p 10125 root@121.41.118.184
Last login: Fri Jul  3 02:33:34 2015 from 101.231.116.2
[root@6a71571acfd8 ~]#
[root@6a71571acfd8 ~]#
docker 

See also