创建基于CentOS下sshd和httpd服务的Docker image

一直在按照传统的观念想像如何更方便的使用Docker,如新建一个Docker容器(CONTAINER),通过ssh登录上去然后搭建上各种应用服务。但貌似Docker的理念就不是这样的,每一个单一应用作为一个独立的服务来使用,可规划到SaaS上来,不必追求大而全。不过我还是比较倾向于至少一个服务要有主应用如:apache,然后有sshd,这样可以登录上去进行各种配置,而不是每次都在Docker上创建新的容器,并把配置add进去。。。

下面是呕心沥血的一些测试总结,网上的各种资料都是Ubuntu居多,CentOS的相对较少,在一个周末的google与测试中,原来docker build之后中ssh无法登录的错误“debug1: Exit status 254”终于解决了,同样解决了之前文章《Docker运行在CentOS6.5下的初体验》中遇到的问题。

Dockerfile文件

# cat Dockerfile
# fisher/centos:sshd
#
# VERSION               0.0.1

FROM        centos:6.4
MAINTAINER  Fisher “fisher@sudops.com"

RUN         yum install -y openssh openssh-server openssh-clients httpd
RUN         mkdir /var/run/sshd
#RUN          ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_rsa_key
RUN          ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN         ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN         /bin/echo 'root:mypwd' |chpasswd
RUN         useradd fisher
RUN         /bin/echo 'fisher:mypwd' |chpasswd
RUN         /bin/sed -i 's/.*session.*required.*pam_loginuid.so.*/session optional pam_loginuid.so/g' /etc/pam.d/sshd
RUN         /bin/echo -e "LANG=\"en_US.UTF-8\"" > /etc/default/local
EXPOSE      22
EXPOSE      80
CMD         /usr/sbin/sshd -D

创建新的docker images
# docker build -rm -t fisher/centos:ssh .

Uploading context 6.656 kB
Uploading context 
Step 0 : FROM        centos:6.4
 ---> 539c0211cd76
Step 1 : MAINTAINER  Fisher "fisher@sudops.com"
 ---> Using cache
 ---> 490cb10579ca
Step 2 : RUN         yum install -y openssh openssh-server openssh-clients httpd
 ---> Using cache
 ---> 3d4d9ccbd3cd
Step 3 : RUN         mkdir /var/run/sshd
 ---> Using cache
 ---> 5e0b448e2530
Step 4 : RUN      ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
 ---> Running in 656f5aa5e1ac
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
84:28:29:2b:13:6f:d9:07:95:44:4e:cb:26:47:eb:42 root@656f5aa5e1ac
The key's randomart image is:
+--[ RSA 2048]----+
|     o*.         |
|   . B.+         |
|o o E O .        |
| = = * .         |
|+ + o o S        |
|.o   o           |
|                 |
|                 |
|                 |
+-----------------+
 ---> 40421b090390
Step 5 : RUN         ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
 ---> Running in 1829dc0e6a46
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
3d:d0:95:b7:43:b9:99:df:ba:3b:e8:ad:3b:d4:2e:83 root@656f5aa5e1ac
The key's randomart image is:
+--[ DSA 1024]----+
|            .. . |
|         . .. +  |
|        . .  o = |
|         o    *  |
|        S o  . o.|
|           .. . o|
|           o o . |
|          E =.+  |
|           .+*++ |
+-----------------+
 ---> 633af93f6e0c
Step 6 : RUN         /bin/echo 'root:mypwd' |chpasswd
 ---> Running in 8417fa1a7922
 ---> 310eafbe7318
Step 7 : RUN         useradd fisher
 ---> Running in 641965474f8b
 ---> 3e21e1b2819c
Step 8 : RUN         /bin/echo 'fisher:mypwd' |chpasswd
 ---> Running in f93ba97f99ac
 ---> 9cf5c042e391
Step 9 : RUN         /bin/sed -i 's/.*session.*required.*pam_loginuid.so.*/session optional pam_loginuid.so/g' /etc/pam.d/sshd
 ---> Running in 39de493f9cee
 ---> 909c3e844453
Step 10 : RUN         /bin/echo -e "LANG=\"en_US.UTF-8\"" > /etc/default/local
 ---> Running in 35c1972b7bec
 ---> b38f36752245
Step 11 : EXPOSE      22
 ---> Running in 854c7c5fe7f4
 ---> 73b6d090d40a
Step 12 : EXPOSE      80
 ---> Running in 29d0d1ca9112
 ---> 056b4be65fe2
Step 13 : CMD         /usr/sbin/sshd -D
 ---> Running in 2882924c7358
 ---> c4e075623d64
Successfully built c4e075623d64
Removing intermediate container 656f5aa5e1ac
Removing intermediate container 1829dc0e6a46
Removing intermediate container 8417fa1a7922
Removing intermediate container 39de493f9cee
Removing intermediate container 35c1972b7bec
Removing intermediate container 641965474f8b
Removing intermediate container f93ba97f99ac
Removing intermediate container 854c7c5fe7f4
Removing intermediate container 29d0d1ca9112
Removing intermediate container 2882924c7358

看看这次新生成的images

# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
fisher/centos       ssh                 c4e075623d64        37 minutes ago      369.7 MB
ubuntu              13.10               9f676bd305a4        5 weeks ago         182.1 MB
ubuntu              saucy               9f676bd305a4        5 weeks ago         182.1 MB
ubuntu              raring              eb601b8965b8        5 weeks ago         170.2 MB
ubuntu              13.04               eb601b8965b8        5 weeks ago         170.2 MB
ubuntu              12.10               5ac751e8d623        5 weeks ago         161.4 MB
ubuntu              quantal             5ac751e8d623        5 weeks ago         161.4 MB
ubuntu              10.04               9cc9ea5ea540        5 weeks ago         183 MB
ubuntu              lucid               9cc9ea5ea540        5 weeks ago         183 MB
ubuntu              12.04               9cd978db300e        5 weeks ago         204.7 MB
ubuntu              latest              9cd978db300e        5 weeks ago         204.7 MB
ubuntu              precise             9cd978db300e        5 weeks ago         204.7 MB
centos              6.4                 539c0211cd76        11 months ago       300.6 MB
centos              latest              539c0211cd76        11 months ago       300.6 MB

运行Docker及一些基本操作:

# docker run -d -p 192.168.2.166:2222:22 -p 8000:80 fisher/centos:ssh
a33f56ffbe79e660c48632ce683f900aca895fc2db115b3eb615a1b8ae7726f4
# docker ps
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                                              NAMES
a33f56ffbe79        fisher/centos:ssh   /bin/sh -c /usr/sbin   3 seconds ago       Up 1 seconds        192.168.2.166:2222->22/tcp, 0.0.0.0:8000->80/tcp   jovial_archimedes  

# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 192.168.2.166:2222          0.0.0.0:*                   LISTEN      1076/docker        
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      961/sshd           
tcp        0      0 :::22                       :::*                        LISTEN      961/sshd           
tcp        0      0 :::8000                     :::*                        LISTEN      1076/docker

从Docker宿主上登录

# ssh -vv 192.168.2.166 -p 2222
-bash-4.1#

使用普通账户登录

# ssh fisher@172.17.0.2
fisher@172.17.0.2's password:
[fisher@a33f56ffbe79 ~]$

ssh登录Docker之后的操作

-bash-4.1#
-bash-4.1# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1/sshd             
tcp        0      0 :::22                       :::*                        LISTEN      1/sshd             
-bash-4.1# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2 for ServerName
                                                           [  OK  ]
-bash-4.1# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1/sshd             
tcp        0      0 :::80                       :::*                        LISTEN      25/httpd           
tcp        0      0 :::22                       :::*                        LISTEN      1/sshd           

-bash-4.1# echo “live” > /var/www/html/index.html

apache服务测试:

-bash-4.1# curl -v http://127.0.0.1
* About to connect() to 127.0.0.1 port 80 (#0)
*   Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.6.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 127.0.0.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sun, 16 Mar 2014 10:42:27 GMT
< Server: Apache/2.2.15 (CentOS)
< Last-Modified: Sun, 16 Mar 2014 10:42:02 GMT
< ETag: "603eb-5-4f4b6f40be1a1"
< Accept-Ranges: bytes
< Content-Length: 5
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
live
* Closing connection #0

从其他的服务器上测试httpd服务

# curl -v http://192.168.2.166:8000
* About to connect() to 192.168.2.166 port 8000 (#0)
*   Trying 192.168.2.166... connected
* Connected to 192.168.2.166 (192.168.2.166) port 8000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 192.168.2.166:8000
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sun, 16 Mar 2014 10:43:32 GMT
< Server: Apache/2.2.15 (CentOS)
< Last-Modified: Sun, 16 Mar 2014 10:42:02 GMT
< ETag: "603eb-5-4f4b6f40be1a1"
< Accept-Ranges: bytes
< Content-Length: 5
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
live
* Closing connection #0

总结,现在终于搭建好了一个可以ssh登录进行配置的docker image,并对httpd服务进行了端口映射,如果需要其他服务可以基于这个image再进行创建。

3 Comments

  1. homerl

    多谢你,节约了我宝贵时间。

    • Fisher

      客气,共同学习 😛

Comments are closed