docker 第二部分
一.网络管理
1.原理
docker在被安装以后,默认使用桥接模式,会自动建立一个网桥docker0。当有容器被创建是宿主机会自动会给容器分配一个ip。
[root@foundation36 Desktop]# systemctl start docker
[root@foundation16 Desktop]# docker network ls
NETWORK ID NAME DRIVER
3096ad1fa304 bridge bridge
e6ce344d189e none null
746cb529d779 host host
[root@foundation16 Desktop]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc6e30bc no enp0s25
vnet0
docker0 8000.0242fbd3ee8e no
virbr0 8000.525400042554 yes virbr0-nic
virbr1 8000.52540022d3ff yes virbr1-nic
[root@foundation16 Desktop]# docker run -it --name vm1 ubuntu ##默认为桥接模式
root@583fbcf8968e:ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link
valid_lft forever preferred_lft forever
[root@foundation16 Desktop]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc6e30bc no enp0s25
vnet0
docker0 8000.0242fbd3ee8e no vethf499102
virbr0 8000.525400042554 yes virbr0-nic
virbr1 8000.52540022d3ff yes virbr1-nic
root@6077aa512556:/#
2.修改docker的默认网络配置
[root@foundation16 Desktop]# cp /usr/lib/systemd/system/docker.service /etc/systemd/system
cp: overwrite ‘/etc/systemd/system/docker.service’? y
[root@foundation16 Desktop]# vim /etc/systemd/system
[root@foundation16 Desktop]# cd /etc/systemd/system
[root@foundation16 system]# ls
basic.target.wants getty.target.wants
bluetooth.target.wants graphical.target.wants
dbus-org.bluez.service multi-user.target.wants
dbus-org.freedesktop.Avahi.service nfs.target.wants
dbus-org.freedesktop.NetworkManager.service remote-fs.target.wants
dbus-org.freedesktop.nm-dispatcher.service sockets.target.wants
default.target spice-vdagentd.target.wants
default.target.wants sysinit.target.wants
display-manager.service system-update.target.wants
docker.service
[root@foundation16 system]# vim docker.service ##修改默认配置文件
[root@foundation36 system]# cat docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/docker daemon -H fd://--bip 192.168.10.16/24
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
[root@foundation16 system]# systemctl daemon-reload ##刷新
[root@foundation16 system]# systemctl restart docker
[root@foundation16 system]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
link/ether 00:21:cc:6e:30:bc brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 08:11:96:ca:91:d8 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 00:21:cc:6e:30:bc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.16/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.16.250/24 brd 172.25.16.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::221:ccff:fe6e:30bc/64 scope link
valid_lft forever preferred_lft forever
5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:22:d3:ff brd ff:ff:ff:ff:ff:ff
6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:22:d3:ff brd ff:ff:ff:ff:ff:ff
7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:04:25:54 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:04:25:54 brd ff:ff:ff:ff:ff:ff
9: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 500
link/ether fe:54:00:00:10:0a brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe00:100a/64 scope link
valid_lft forever preferred_lft forever
10: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:fb:d3:ee:8e brd ff:ff:ff:ff:ff:ff
inet 192.168.10.16/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:fbff:fed3:ee8e/64 scope link
valid_lft forever preferred_lft forever
使用命令行模式修改默认配置
[root@foundation16 system]# ip addr del 192.168.10.16/24 dev docker0
[root@foundation16 system]# ip addr add 192.168.10.26/24 dev docker0
[root@foundation16 system]# ip link set up dev docker0
3.docker网络初始化过程
加载驱动驱动-->网桥桥接-->启动防火墙--> ip初始化-->注册网络函数
4.四种网络模式
(1)桥接模式
原理:docker Daemon 利用 veth pair 技术,在宿主机上创建两个虚拟网络接口设备,假设为veth0 和 veth1--->将veth0附加到docker daemon创建的docker
0----->docker daemon将veth1 添加到docker container所属的namespace下,并且更名为eth0.
缺点:不能和宿主机以外的世界进行通信。容器会和宿主机竞争端口。传输速率慢。
[root@foundation16 system]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
link/ether 00:21:cc:6e:30:bc brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 08:11:96:ca:91:d8 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 00:21:cc:6e:30:bc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.16/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.16.250/24 brd 172.25.16.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::221:ccff:fe6e:30bc/64 scope link
valid_lft forever preferred_lft forever
5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:22:d3:ff brd ff:ff:ff:ff:ff:ff
6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:22:d3:ff brd ff:ff:ff:ff:ff:ff
7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:04:25:54 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:04:25:54 brd ff:ff:ff:ff:ff:ff
9: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 500
link/ether fe:54:00:00:10:0a brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe00:100a/64 scope link
valid_lft forever preferred_lft forever
10: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:fb:d3:ee:8e brd ff:ff:ff:ff:ff:ff
inet 192.168.10.16/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:fbff:fed3:ee8e/64 scope link
valid_lft forever preferred_lft forever
[root@foundation16 system]# cd
[root@foundation16 ~]# docker rm `docker ps -aq`
583fbcf8968e
[root@foundation16 ~]# docker run -it --name vm1 ubuntu
root@938c6d5f6b25:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:0a:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea8:a01/64 scope link
valid_lft forever preferred_lft forever
(2)host模式
原理:host 模式是 bridge 桥接模式很好的补充。采用 host 模式下,容器和宿主机共用一个ip,容器可以使用这个ip进行与外部通信。。当然,有这样的方便,肯定会损失部分其他的特性,最明显的是 Docker Container 网络环境隔离性的弱化,即容器不再拥有隔离、独立的网络栈。另外,使用 host 模式的 Docker Container,该容器会与宿主机共享竞争网络栈的使用;此外,容器和宿主机还会竞争网络端口。
[root@foundation16 ~]# docker run -it --name vm2 --net host ubuntu ##--net host 表示设定网络模式
root@foundation16:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 00:21:cc:6e:30:bc brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 08:11:96:ca:91:d8 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 00:21:cc:6e:30:bc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.16/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.16.250/24 brd 172.25.16.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::221:ccff:fe6e:30bc/64 scope link
valid_lft forever preferred_lft forever
5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 52:54:00:22:d3:ff brd ff:ff:ff:ff:ff:ff
6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN group default qlen 500
link/ether 52:54:00:22:d3:ff brd ff:ff:ff:ff:ff:ff
7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 52:54:00:04:25:54 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 500
link/ether 52:54:00:04:25:54 brd ff:ff:ff:ff:ff:ff
9: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 500
link/ether fe:54:00:00:10:0a brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe00:100a/64 scope link
valid_lft forever preferred_lft forever
10: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:fb:d3:ee:8e brd ff:ff:ff:ff:ff:ff
inet 192.168.10.16/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:fbff:fed3:ee8e/64 scope link
valid_lft forever preferred_lft forever
11: vethe212555@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 9a:08:d6:88:80:85 brd ff:ff:ff:ff:ff:ff
inet6 fe80::9808:d6ff:fe88:8085/64 scope link
valid_lft forever preferred_lft forever
root@foundation16:/# [root@foundation16 ~]#
[root@foundation16 ~]# docker run -it --name web --net host nginx
2017/05/10 02:06:06 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2017/05/10 02:06:06 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2017/05/10 02:06:06 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2017/05/10 02:06:06 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2017/05/10 02:06:06 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2017/05/10 02:06:06 [emerg] 1#1: still could not bind()
nginx: [emerg] still could not bind()
[root@foundation16 ~]# ^C
[root@foundation16 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
be0668620466 ubuntu "/bin/bash" 2 minutes ago Up 2 minutes vm2
938c6d5f6b25 ubuntu "/bin/bash" 3 minutes ago Up 3 minutes vm1
[root@foundation16 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
710b2a01d440 nginx "nginx -g 'daemon off" 46 seconds ago Exited (1) 40 seconds ago web
be0668620466 ubuntu "/bin/bash" 2 minutes ago Up 2 minutes vm2
938c6d5f6b25 ubuntu "/bin/bash" 3 minutes ago Up 3 minutes vm1
[root@foundation16 ~]# systemctl stop httpd
[root@foundation16 ~]# docker start web
web
[root@foundation16 ~]# docker attach web
[root@foundation16 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
710b2a01d440 nginx "nginx -g 'daemon off" 2 minutes ago Up About a minute web
be0668620466 ubuntu "/bin/bash" 4 minutes ago Up 3 minutes vm2
938c6d5f6b25 ubuntu "/bin/bash" 5 minutes ago Up 5 minutes vm1
[root@foundation16 ~]# netstat -antlp | grep :80 ##容器占用80端口
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8436/nginx: master
[root@foundation16 ~]# docker stop web
web
[root@foundation16 ~]# netstat -antlp | grep :80
[root@foundation16 ~]# systemctl stop httpd
[root@foundation16 ~]# netstat -antlp | grep :80
[root@foundation16 ~]# systemctl start httpd
[root@foundation16 ~]# netstat -antlp | grep :80 ##apache占用80端口
tcp6 0 0 :::80 :::* LISTEN 8651/httpd
[root@foundation16 ~]# curl 172.25.254.250
curl: (7) Failed connect to 172.25.254.250:80; Connection refused
[root@foundation16 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
be0668620466 ubuntu "/bin/bash" 6 minutes ago Up 6 minutes vm2
938c6d5f6b25 ubuntu "/bin/bash" 7 minutes ago Up 7 minutes vm1
[root@foundation16 ~]# docker start vm2
vm2
[root@foundation16 ~]# docker rm vm2
Failed to remove container (vm2): Error response from daemon: Conflict, You cannot remove a running container. Stop the container before attempting removal or use -f
[root@foundation16 ~]# docker stop vm2
vm2
[root@foundation16 ~]# docker rm vm2
vm2
(3)容器模式
原理:新创建的容器依靠之前建立的容器的网络模式。之前网络为host模式,则大家共用主机io。之前网络为桥接,则使用之前网络的模式。
优点:通过本地来访问namespace下其他容器,传输速率快,节约网络资源。缺点:仍然存在端口竞争,不能改善通信隔离。
[root@foundation16 ~]# docker run -it --name vm2 --net container:vm1 ubuntu ##设定为容器模式
root@938c6d5f6b25:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:0a:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea8:a01/64 scope link
valid_lft forever preferred_lft forever
root@938c6d5f6b25:/# [root@foundation16 ~]#
[root@foundation16 ~]# docker stop vm1
vm1
[root@foundation16 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc6e30bc no enp0s25
vnet0
docker0 8000.0242fbd3ee8e no
virbr0 8000.525400042554 yes virbr0-nic
virbr1 8000.52540022d3ff yes virbr1-nic
[root@foundation16 ~]# docker start vm1
vm1
[root@foundation16 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc6e30bc no enp0s25
vnet0
docker0 8000.0242fbd3ee8e no vethcffa9af
virbr0 8000.525400042554 yes virbr0-nic
virbr1 8000.52540022d3ff yes virbr1-nic
(3)none模式。
原理:不为docker container 创建任何的网络环境,给禁用网络。优点,可为设计者提供无限的发展空间
[root@foundation16 ~]# docker run -it --name vm3 --net none ubuntu ##设定为none模式
root@7bdf54b8b9cd:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
root@7bdf54b8b9cd:/#
none模式下给容器分配ip
[root@foundation16 ~]# docker attach vm3
root@7bdf54b8b9cd:/#
root@7bdf54b8b9cd:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
root@7bdf54b8b9cd:/#
[root@foundation16 ~]# docker inspect vm3 |grep Pid ##过滤vm3的Pid
"Pid": 9498,
"PidMode": "",
"PidsLimit": 0,
[root@foundation16 ~]# cd /proc/9498 ##/proc有关的内核的信息
[root@foundation16 9498]# ls
attr environ mem pagemap statm
autogroup exe mountinfo personality status
auxv fd mounts projid_map syscall
cgroup fdinfo mountstats root task
clear_refs gid_map net sched timers
cmdline io ns sessionid uid_map
comm limits numa_maps setgroups wchan
coredump_filter loginuid oom_adj smaps
cpuset map_files oom_score stack
cwd maps oom_score_adj stat
[root@foundation16 9498]# ln -s /proc/9498/ns/net /var/run/netns/9498 ##硬链接
[root@foundation16 9498]# cd /var/run/netns
[root@foundation16 netns]# ls
9498
[root@foundation16 netns]# ll
total 0
lrwxrwxrwx 1 root root 17 May 10 10:49 9498 -> /proc/9498/ns/net
[root@foundation16 netns]# ip link add name veth0 type veth peer name veth1
[root@foundation16 netns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc6e30bc no enp0s25
vnet0
docker0 8000.0242fbd3ee8e no vethcffa9af
virbr0 8000.000000000000 yes
virbr1 8000.52540022d3ff yes virbr1-nic
[root@foundation16 netns]# ip link set up dev veth0
[root@foundation16 netns]# ip link set up dev veth1
[root@foundation16 netns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc6e30bc no enp0s25
vnet0
docker0 8000.0242fbd3ee8e no vethcffa9af
virbr0 8000.000000000000 yes
virbr1 8000.52540022d3ff yes virbr1-nic
[root@foundation16 netns]# brctl addif docker0 veth0
[root@foundation16 netns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc6e30bc no enp0s25
vnet0
docker0 8000.0242fbd3ee8e no veth0
vethcffa9af
virbr0 8000.000000000000 yes
virbr1 8000.52540022d3ff yes virbr1-nic
[root@foundation16 netns]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
link/ether 00:21:cc:6e:30:bc brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 08:11:96:ca:91:d8 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 00:21:cc:6e:30:bc brd ff:ff:ff:ff:ff:ff
inet 172.25.254.16/24 brd 172.25.254.255 scope global br0
valid_lft forever preferred_lft forever
inet 172.25.16.250/24 brd 172.25.16.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::221:ccff:fe6e:30bc/64 scope link
valid_lft forever preferred_lft forever
5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:22:d3:ff brd ff:ff:ff:ff:ff:ff
6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
link/ether 52:54:00:22:d3:ff brd ff:ff:ff:ff:ff:ff
7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
8: virbr0-nic: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 500
link/ether 52:54:00:04:25:54 brd ff:ff:ff:ff:ff:ff
9: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 500
link/ether fe:54:00:00:10:0a brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe00:100a/64 scope link
valid_lft forever preferred_lft forever
10: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:fb:d3:ee:8e brd ff:ff:ff:ff:ff:ff
inet 192.168.10.16/24 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:fbff:fed3:ee8e/64 scope link
valid_lft forever preferred_lft forever
20: vethcffa9af@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 82:ae:9f:a0:76:18 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::80ae:9fff:fea0:7618/64 scope link
valid_lft forever preferred_lft forever
21: veth1@veth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 76:b8:1b:54:e2:94 brd ff:ff:ff:ff:ff:ff
inet6 fe80::74b8:1bff:fe54:e294/64 scope link
valid_lft forever preferred_lft forever
22: veth0@veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master docker0 state UP qlen 1000
link/ether 4a:55:d4:48:1b:f7 brd ff:ff:ff:ff:ff:ff
inet6 fe80::4855:d4ff:fe48:1bf7/64 scope link
valid_lft forever preferred_lft forever
[root@foundation16 netns]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0021cc6e30bc no enp0s25
vnet0
docker0 8000.0242fbd3ee8e no veth0
virbr0 8000.000000000000 yes
virbr1 8000.52540022d3ff yes virbr1-nic
[root@foundation16 netns]# ip link set veth1 netns 9498
[root@foundation16 netns]# docker attach vm3
root@7bdf54b8b9cd:/# [root@foundation16 netns]#
[root@foundation16 netns]# ip netns exec 9498 ip link set veth1 name eth0 ##将veth1改名为eth0
[root@foundation16 netns]# ip netns exec 9498 ip link set eth0 up ##容器内启用eth0
[root@foundation16 netns]# ip netns exec 9498 ip addr add 192.168.10.35/24 dev eth0 ##容器内设定ip
[root@foundation16 netns]# ip netns exec 9498 ip route add default via 192.168.10.1 ##路由功能
[root@foundation16 netns]# docker attach vm3
root@7bdf54b8b9cd:/# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
21: eth0@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 76:b8:1b:54:e2:94 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.35/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::74b8:1bff:fe54:e294/64 scope link
valid_lft forever preferred_lft forever
root@7bdf54b8b9cd:/# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.10.1 0.0.0.0 UG 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
root@7bdf54b8b9cd:/#
(5)docerfile编写
# vim Dcokerfile
FROM rhel7:1 ##指定基础镜像
MAINTAINER bobo@qq.com ##owner
ENV HOSTNAME server1 ##设置容器主机名
EXPOSE 80 ##暴露容器端口,可用docker inspect rhel7:v1来查看
RUN yum install -y httpd && yum clean all ##镜像操作命令
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"] ##镜像启动命令,默认只能启动一条。
[root@foundation16 tmp]# cd docker/
bash: cd: docker/: No such file or directory
[root@foundation16 tmp]# mkdir /tmp/docker/
[root@foundation16 tmp]# cd docker/
[root@foundation16 tmp]# ls
docker
systemd-private-edeae6b623a249a2b4d28feeafaef55a-httpd.service-gcruUT
systemd-private-edeae6b623a249a2b4d28feeafaef55a-systemd-hostnamed.service-haH6Rd
systemd-private-edeae6b623a249a2b4d28feeafaef55a-systemd-machined.service-gHb3Ky
[root@foundation16 docker]# docker stop `docker ps -aq`
714242a9aafe
173931bc1645
5538879ec991
7bdf54b8b9cd
a2f791944acc
710b2a01d440
938c6d5f6b25
[root@foundation16 docker]# docker rm `docker ps -aq`
714242a9aafe
173931bc1645
5538879ec991
7bdf54b8b9cd
a2f791944acc
710b2a01d440
938c6d5f6b25
[root@foundation16 docker]# docker run -it --name vm1 rhel7 bash
bash-4.2#
bash-4.2# ls
bin dev home lib64 mnt proc run srv tmp var
boot etc lib media opt root sbin sys usr
bash-4.2# mkdir apache/
bash-4.2# cd apache/
bash-4.2# exit
[root@foundation16 docker]# mkdir apache/
[root@foundation16 docker]# cd apache/
[root@foundation16 apache]# vim Dockerfile
[root@foundation16 apache]# ls
Dockerfile
[root@foundation16 apache]# docker start vm1
vm1
[root@foundation16 apache]# docker attach vm1
bash-4.2# cd /etc/yum.repos.d/
bash-4.2# vi dvd.repo
[westos]
name=rhel7.2
baseurl=http://172.25.254.250/rhel7.2
bash-4.2# yum repolist
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
westos | 4.1 kB 00:00
(1/2): westos/group_gz | 136 kB 00:00
(2/2): westos/primary_db | 3.6 MB 00:00
repo id repo name status
westos rhel7.2 4620
repolist: 4620
bash-4.2# yum install net-tools
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.17.20131004git.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================
Package Arch Version Repository Size
==========================================================================
Installing:
net-tools x86_64 2.0-0.17.20131004git.el7 westos 304 k
Transaction Summary
==========================================================================
Install 1 Package
Total download size: 304 k
Installed size: 917 k
Is this ok [y/d/N]: y
Downloading packages:
net-tools-2.0-0.17.20131004git.el7.x86_64.rpm | 304 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : net-tools-2.0-0.17.20131004git.el7.x86_64 1/1
Verifying : net-tools-2.0-0.17.20131004git.el7.x86_64 1/1
Installed:
net-tools.x86_64 0:2.0-0.17.20131004git.el7
Complete!
bash-4.2# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.10.1:59688 172.25.254.250:80 TIME_WAIT -
bash-4.2# yum install iproute
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package iproute.x86_64 0:3.10.0-54.el7 will be installed
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-3.10.0-54.el7.x86_64
--> Running transaction check
---> Package iptables.x86_64 0:1.4.21-16.el7 will be installed
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-16.el7.x86_64
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-16.el7.x86_64
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.4-2.el7 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: libnetfilter_conntrack-1.0.4-2.el7.x86_64
--> Processing Dependency: libmnl.so.0(LIBMNL_1.1)(64bit) for package: libnetfilter_conntrack-1.0.4-2.el7.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: libnetfilter_conntrack-1.0.4-2.el7.x86_64
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
--> Running transaction check
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================
Package Arch Version Repository Size
==========================================================================
Installing:
iproute x86_64 3.10.0-54.el7 westos 527 k
Installing for dependencies:
iptables x86_64 1.4.21-16.el7 westos 424 k
libmnl x86_64 1.0.3-7.el7 westos 23 k
libnetfilter_conntrack x86_64 1.0.4-2.el7 westos 53 k
libnfnetlink x86_64 1.0.1-4.el7 westos 26 k
Transaction Summary
==========================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 1.0 M
Installed size: 3.0 M
Is this ok [y/d/N]: y
Downloading packages:
(1/5): iproute-3.10.0-54.el7.x86_64.rpm | 527 kB 00:00
(2/5): iptables-1.4.21-16.el7.x86_64.rpm | 424 kB 00:00
(3/5): libmnl-1.0.3-7.el7.x86_64.rpm | 23 kB 00:00
(4/5): libnetfilter_conntrack-1.0.4-2.el7.x86_64.rpm | 53 kB 00:00
(5/5): libnfnetlink-1.0.1-4.el7.x86_64.rpm | 26 kB 00:00
--------------------------------------------------------------------------
Total 4.4 MB/s | 1.0 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libnfnetlink-1.0.1-4.el7.x86_64 1/5
Installing : libmnl-1.0.3-7.el7.x86_64 2/5
Installing : libnetfilter_conntrack-1.0.4-2.el7.x86_64 3/5
Installing : iptables-1.4.21-16.el7.x86_64 4/5
Installing : iproute-3.10.0-54.el7.x86_64 5/5
Verifying : iptables-1.4.21-16.el7.x86_64 1/5
Verifying : libnetfilter_conntrack-1.0.4-2.el7.x86_64 2/5
Verifying : libnfnetlink-1.0.1-4.el7.x86_64 3/5
Verifying : iproute-3.10.0-54.el7.x86_64 4/5
Verifying : libmnl-1.0.3-7.el7.x86_64 5/5
Installed:
iproute.x86_64 0:3.10.0-54.el7
Dependency Installed:
iptables.x86_64 0:1.4.21-16.el7
libmnl.x86_64 0:1.0.3-7.el7
libnetfilter_conntrack.x86_64 0:1.0.4-2.el7
libnfnetlink.x86_64 0:1.0.1-4.el7
Complete!
bash-4.2# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
31: eth0@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:c0:a8:0a:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.10.1/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:c0ff:fea8:a01/64 scope link
valid_lft forever preferred_lft forever
bash-4.2# exit
[root@foundation16 apache]# docker commit vm1 rhel7:v1
sha256:793a29a641578c628f9c29962c3f3e375eb161c32ee0d7114aa9e66975e08b5e
[root@foundation16 apache]#
[root@foundation16 apache]# ls
Dockerfile
[root@foundation16 apache]# vim Dockerfile
[root@foundation16 apache]# vim Dockerfile
[root@foundation16 apache]# cat Dockerfile
FROM rhel7:v1
MAINTAINER BOBO@163.com
ENV HOSTNAME server1
EXPOSE 80
RUN yum install -y httpd &&yum clean all
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
[root@foundation16 apache]# docker commit vm1 rhel7:v1
sha256:6a14b1004d6a7d8b76b203d3c8984ba6621e9395772c13d51894d17bdbab7382
[root@foundation16 apache]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v1 6a14b1004d6a 13 seconds ago 174.4 MB
rhel7 apache aa5dcb12c80b 10 days ago 201 MB
rhel7 yum 892cfe370f35 10 days ago 173 MB
rhel7 latest 0a3eb3fde7fd 2 years ago 140.2 MB
[root@foundation16 apache]# docker build -t rhel7:v2 .
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM rhel7:v1
---> 6a14b1004d6a
Step 2 : MAINTAINER BOBO@163.com
---> Running in 2b92e41b5245
---> 55e9f6884b08
Removing intermediate container 2b92e41b5245
Step 3 : ENV HOSTNAME server1
---> Running in c0e3dae2ac59
---> ce6298b3d25a
Removing intermediate container c0e3dae2ac59
Step 4 : EXPOSE 80
---> Running in 41ff1183b044
---> 7419f08d2b7b
Removing intermediate container 41ff1183b044
Step 5 : RUN yum install -y httpd &&yum clean all
---> Running in 174249ecd7a7
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-40.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-40.el7 for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libsystemd-daemon.so.0(LIBSYSTEMD_DAEMON_31)(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Processing Dependency: libsystemd-daemon.so.0()(64bit) for package: httpd-2.4.6-40.el7.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-40.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
---> Package redhat-logos.noarch 0:70.0.3-4.el7 will be installed
---> Package systemd-libs.x86_64 0:219-19.el7 will be installed
--> Processing Dependency: libdw.so.1()(64bit) for package: systemd-libs-219-19.el7.x86_64
--> Running transaction check
---> Package elfutils-libs.x86_64 0:0.163-3.el7 will be installed
--> Processing Dependency: elfutils-libelf(x86-64) = 0.163-3.el7 for package: elfutils-libs-0.163-3.el7.x86_64
--> Running transaction check
---> Package elfutils-libelf.x86_64 0:0.158-3.el7 will be updated
---> Package elfutils-libelf.x86_64 0:0.163-3.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd x86_64 2.4.6-40.el7 westos 1.2 M
Installing for dependencies:
apr x86_64 1.4.8-3.el7 westos 103 k
apr-util x86_64 1.5.2-6.el7 westos 92 k
elfutils-libs x86_64 0.163-3.el7 westos 260 k
httpd-tools x86_64 2.4.6-40.el7 westos 82 k
mailcap noarch 2.1.41-2.el7 westos 31 k
redhat-logos noarch 70.0.3-4.el7 westos 13 M
systemd-libs x86_64 219-19.el7 westos 356 k
Updating for dependencies:
elfutils-libelf x86_64 0.163-3.el7 westos 200 k
Transaction Summary
================================================================================
Install 1 Package (+7 Dependent packages)
Upgrade ( 1 Dependent package)
Total download size: 15 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
--------------------------------------------------------------------------------
Total 20 MB/s | 15 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-3.el7.x86_64 1/10
Installing : apr-util-1.5.2-6.el7.x86_64 2/10
Installing : httpd-tools-2.4.6-40.el7.x86_64 3/10
Updating : elfutils-libelf-0.163-3.el7.x86_64 4/10
Installing : elfutils-libs-0.163-3.el7.x86_64 5/10
Installing : systemd-libs-219-19.el7.x86_64 6/10
Installing : mailcap-2.1.41-2.el7.noarch 7/10
Installing : redhat-logos-70.0.3-4.el7.noarch 8/10
Installing : httpd-2.4.6-40.el7.x86_64 9/10
Cleanup : elfutils-libelf-0.158-3.el7.x86_64 10/10
Verifying : elfutils-libs-0.163-3.el7.x86_64 1/10
Verifying : redhat-logos-70.0.3-4.el7.noarch 2/10
Verifying : apr-1.4.8-3.el7.x86_64 3/10
Verifying : mailcap-2.1.41-2.el7.noarch 4/10
Verifying : httpd-tools-2.4.6-40.el7.x86_64 5/10
Verifying : apr-util-1.5.2-6.el7.x86_64 6/10
Verifying : httpd-2.4.6-40.el7.x86_64 7/10
Verifying : elfutils-libelf-0.163-3.el7.x86_64 8/10
Verifying : systemd-libs-219-19.el7.x86_64 9/10
Verifying : elfutils-libelf-0.158-3.el7.x86_64 10/10
Installed:
httpd.x86_64 0:2.4.6-40.el7
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7
elfutils-libs.x86_64 0:0.163-3.el7 httpd-tools.x86_64 0:2.4.6-40.el7
mailcap.noarch 0:2.1.41-2.el7 redhat-logos.noarch 0:70.0.3-4.el7
systemd-libs.x86_64 0:219-19.el7
Dependency Updated:
elfutils-libelf.x86_64 0:0.163-3.el7
Complete!
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Cleaning repos: westos
Cleaning up everything
---> eaf5e4ecd116
Removing intermediate container 174249ecd7a7
Step 6 : CMD /usr/sbin/httpd -D FOREGROUND
---> Running in 067526bc3758
---> 8954447a7830
Removing intermediate container 067526bc3758
Successfully built 8954447a7830
[root@foundation16 apache]# docker run -d -p 8000:80 --name apache rhel7:v2
afd21514abfb033c0b11eb68380b2e250c64ea61e9dcc52504375c6c1ba0a479
[root@foundation16 apache]# vim index.html
[root@foundation16 apache]# mv index.html /var/www/html
[root@foundation16 apache]# systemctl restart httpd
[root@foundation16 apache]# docker kill apache
apache
[root@foundation16 apache]# docker rm apache
apache
[root@foundation16 apache]# vim Dockerfile
[root@foundation16 apache]# docker run -d -p 8000:80 --name apache -v /tmp/docker/apache:/var/www/html rhel7:v1
2b1bfd1b9970337c25d145c2158cea5d9c9517534c17225e5f654e85e313eb28
# vim Dcokerfile
6.Dockerfile 自启动 SSH 服务
[root@foundation16 docker]# cp apache/Dockerfile ssh/
[root@foundation16 docker]# cd ssh/
[root@foundation16 ssh]# ls
Dockerfile
[root@foundation16 ssh]# vim Dockerfile
[root@foundation16 ssh]# docker run -it --name vm2 rhel7:v1 bash
bash-4.2# yum install -y openssh-server openssh-clients
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
westos | 4.1 kB 00:00
(1/2): westos/group_gz | 136 kB 00:00
(2/2): westos/primary_db | 3.6 MB 00:00
Resolving Dependencies
--> Running transaction check
---> Package openssh-clients.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: openssh = 6.6.1p1-22.el7 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
---> Package openssh-server.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-22.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
---> Package openssh.x86_64 0:6.6.1p1-22.el7 will be installed
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================
Package Arch Version Repository
Size
==========================================================================
Installing:
openssh-clients x86_64 6.6.1p1-22.el7 westos 638 k
openssh-server x86_64 6.6.1p1-22.el7 westos 436 k
Installing for dependencies:
fipscheck x86_64 1.4.1-5.el7 westos 21 k
fipscheck-lib x86_64 1.4.1-5.el7 westos 11 k
libedit x86_64 3.0-12.20121213cvs.el7 westos 92 k
openssh x86_64 6.6.1p1-22.el7 westos 435 k
tcp_wrappers-libs x86_64 7.6-77.el7 westos 66 k
Transaction Summary
==========================================================================
Install 2 Packages (+5 Dependent packages)
Total download size: 1.7 M
Installed size: 4.9 M
Downloading packages:
(1/7): fipscheck-1.4.1-5.el7.x86_64.rpm | 21 kB 00:00
(2/7): fipscheck-lib-1.4.1-5.el7.x86_64.rpm | 11 kB 00:00
(3/7): libedit-3.0-12.20121213cvs.el7.x86_64.rpm | 92 kB 00:00
(4/7): openssh-6.6.1p1-22.el7.x86_64.rpm | 435 kB 00:00
(5/7): openssh-clients-6.6.1p1-22.el7.x86_64.rpm | 638 kB 00:00
(6/7): openssh-server-6.6.1p1-22.el7.x86_64.rpm | 436 kB 00:00
(7/7): tcp_wrappers-libs-7.6-77.el7.x86_64.rpm | 66 kB 00:00
--------------------------------------------------------------------------
Total 6.3 MB/s | 1.7 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-5.el7.x86_64 1/7
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/7
Installing : openssh-6.6.1p1-22.el7.x86_64 3/7
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/7
Installing : libedit-3.0-12.20121213cvs.el7.x86_64 5/7
Installing : openssh-clients-6.6.1p1-22.el7.x86_64 6/7
Installing : openssh-server-6.6.1p1-22.el7.x86_64 7/7
Verifying : openssh-clients-6.6.1p1-22.el7.x86_64 1/7
Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 2/7
Verifying : openssh-6.6.1p1-22.el7.x86_64 3/7
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 4/7
Verifying : openssh-server-6.6.1p1-22.el7.x86_64 5/7
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 6/7
Verifying : fipscheck-1.4.1-5.el7.x86_64 7/7
Installed:
openssh-clients.x86_64 0:6.6.1p1-22.el7
openssh-server.x86_64 0:6.6.1p1-22.el7
Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7
fipscheck-lib.x86_64 0:1.4.1-5.el7
libedit.x86_64 0:3.0-12.20121213cvs.el7
openssh.x86_64 0:6.6.1p1-22.el7
tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
bash-4.2# rpm -ql openssh-server
/etc/pam.d/sshd
/etc/ssh/sshd_config
/etc/sysconfig/sshd
/usr/lib/systemd/system/sshd-keygen.service
/usr/lib/systemd/system/sshd.service
/usr/lib/systemd/system/sshd.socket
/usr/lib/systemd/system/sshd@.service
/usr/lib64/fipscheck/sshd.hmac
/usr/libexec/openssh/sftp-server
/usr/sbin/sshd
/usr/sbin/sshd-keygen
/usr/share/man/man5/moduli.5.gz
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/empty/sshd
bash-4.2# /usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
bash-4.2# cd /etc/ssh/
bash-4.2# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""
bash-4.2# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key.pub -q -N ""
bash-4.2# ls
moduli ssh_host_ecdsa_key.pub ssh_host_rsa_key
ssh_config ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
ssh_host_ecdsa_key ssh_host_ed25519_key.pub.pub sshd_config
bash-4.2# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""bash-4.2# /usr/sbin/sshd
bash-4.2# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 38/sshd
tcp6 0 0 :::22 :::* LISTEN 38/sshd
bash-4.2# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 8d:1e:df:6c:b4:15:2b:a4:39:69:4f:b1:a4:a5:d5:d4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password:
bash-4.2# echo root:westos | chpasswd
bash-4.2# /usr/sbin/sshd
bash-4.2# ssh localhost
root@localhost's password:
-bash-4.2# logout
Connection to localhost closed.
bash-4.2# history
17 ssh-keygen -t idrsa -f /etc/ssh/ssh_host_idrsa_key -q -N ""
18 ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""
21 ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""
22 /usr/sbin/sshd
23 netstat -antlp
24 ssh localhost
25 echo root:westos | chpasswd
26 /usr/sbin/sshd
27 ssh localhost
28 history
bash-4.2# [root@foundation16 ssh]#
[root@foundation16 ssh]# vim Dockerfile
FROM rhel7:v1
MAINTAINER bobo@qq.com
EXPOSE 22
RUN yum install -y openssh-server openssh-clients && yum clean all
RUN echo root:westos | chpasswd
ssh-keygen -t idrsa -f /etc/ssh/ssh_host_idrsa_key -q -N ""
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""
CMD ["/usr/sbin/sshd", "-D"]
[root@foundation16 ssh]# docker build -t rhel7:v4 .
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM rhel7:v1
---> 8954447a7830
Step 2 : MAINTAINER BOBO@163.com
---> Using cache
---> 84b8227a22bc
Step 3 : ENV HOSTNAME server2
---> Running in 407d25ec7050
---> 1cd168277de4
Removing intermediate container 407d25ec7050
Step 4 : EXPOSE 22
---> Running in 2d1cb50a6e92
---> 72231199ea80
Removing intermediate container 2d1cb50a6e92
Step 5 : RUN yum install -y openssh-server openssh-clients && yum clean all
---> Running in 1d41e78321f6
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Resolving Dependencies
--> Running transaction check
---> Package openssh-clients.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: openssh = 6.6.1p1-22.el7 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
---> Package openssh-server.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-22.el7.x86_64
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
---> Package openssh.x86_64 0:6.6.1p1-22.el7 will be installed
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
openssh-clients x86_64 6.6.1p1-22.el7 westos 638 k
openssh-server x86_64 6.6.1p1-22.el7 westos 436 k
Installing for dependencies:
fipscheck x86_64 1.4.1-5.el7 westos 21 k
fipscheck-lib x86_64 1.4.1-5.el7 westos 11 k
libedit x86_64 3.0-12.20121213cvs.el7 westos 92 k
openssh x86_64 6.6.1p1-22.el7 westos 435 k
tcp_wrappers-libs x86_64 7.6-77.el7 westos 66 k
Transaction Summary
================================================================================
Install 2 Packages (+5 Dependent packages)
Total download size: 1.7 M
Installed size: 4.9 M
Downloading packages:
--------------------------------------------------------------------------------
Total 6.5 MB/s | 1.7 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-5.el7.x86_64 1/7
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/7
Installing : openssh-6.6.1p1-22.el7.x86_64 3/7
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/7
Installing : libedit-3.0-12.20121213cvs.el7.x86_64 5/7
Installing : openssh-clients-6.6.1p1-22.el7.x86_64 6/7
Installing : openssh-server-6.6.1p1-22.el7.x86_64 7/7
Verifying : openssh-clients-6.6.1p1-22.el7.x86_64 1/7
Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 2/7
Verifying : openssh-6.6.1p1-22.el7.x86_64 3/7
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 4/7
Verifying : openssh-server-6.6.1p1-22.el7.x86_64 5/7
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 6/7
Verifying : fipscheck-1.4.1-5.el7.x86_64 7/7
Installed:
openssh-clients.x86_64 0:6.6.1p1-22.el7
openssh-server.x86_64 0:6.6.1p1-22.el7
Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7 fipscheck-lib.x86_64 0:1.4.1-5.el7
libedit.x86_64 0:3.0-12.20121213cvs.el7 openssh.x86_64 0:6.6.1p1-22.el7
tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Cleaning repos: westos
Cleaning up everything
---> 07c1dfd5153d
Removing intermediate container 1d41e78321f6
Step 6 : RUN ssh-keygen -trsa -f /etc/ssh/ssh_host_rsa_key -q -N ""&&ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""&&ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""
---> Running in 9a1f3c418aea
---> 30f3f388dea2
Removing intermediate container 9a1f3c418aea
Step 7 : CMD /usr/sbin/sshd -D
---> Running in c2cf5d1791aa
---> 923854ed560d
Removing intermediate container c2cf5d1791aa
Successfully built 923854ed560d
[root@foundation16 ssh]# docker images rhel7:v4
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v4 923854ed560d 41 seconds ago 217.8 MB 140.2 MB Imported from -
[root@foundation16 ssh]# docker run -d --name ssh -p 2222:22 rhel7:v4
cff3ac17ecfac15f3d089ad1fa210e2199b80a0e3efa420c587ce454b6101b61
[root@foundation16 ssh]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cff3ac17ecfa rhel7:v4 "/usr/sbin/sshd -D" 12 seconds ago Up 9 seconds 80/tcp, 0.0.0.0:2222->22/tcp ssh
05e9fed20ee2 rhel7:v1 "bash" 19 minutes ago Up 19 minutes 80/tcp vm2
2b1bfd1b9970 rhel7:v1 "/usr/sbin/httpd -D F" 54 minutes ago Up 54 minutes 0.0.0.0:8000->80/tcp apache
[root@foundation16 ssh]# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is d2:72:79:89:2c:5a:2e:9c:c5:1e:b9:63:5f:0a:19:24.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password:
Last login: Wed May 10 08:44:21 2017
[root@foundation16 ssh]# ssh localhost -p 2222
The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established.
ECDSA key fingerprint is 7d:4b:d0:3e:50:74:c6:d9:11:eb:8c:0c:e3:1c:ff:03.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (ECDSA) to the list of known hosts.
root@localhost's password:
-bash-4.2#
7.Dockerfile 多服务启动
lftp 172.25.254.250:/pub/docker> get supervisor-3.1.3-3.el7.noarch.rpm
455308 bytes transferred
lftp 172.25.254.250:/pub/docker> quit
You have new mail in /var/spool/mail/root
[root@foundation16 ssh]# cd ..
[root@foundation16 docker]# mkdir super/
[root@foundation16 docker]# cd super/
[root@foundation16 super]# ls
[root@foundation16 super]# cp /tmp/docker/ssh/Dockerfile .
[root@foundation16 super]# ls
Dockerfile
[root@foundation16 super]# vim update.repo
[update]
name=update
baseurl=ftp:172.25.254.250/pub
gpgcheck=0
[root@foundation16 super]# vim Dockerfile
FROM rhel7:v1
MAINTAINER bobo@qq.com
EXPOSE 22 80
RUN yum install -y openssh-server openssh-clients supervisor redis httpd && yum clean all
RUN echo root:westos | chpasswd
ssh-keygen -t idrsa -f /etc/ssh/ssh_host_idrsa_key -q -N ""
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N ""
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N ""
COPY supervisord.conf /etc/supervisord.conf
CMD ["/usr/bin/supervisord"]
[root@foundation16 super]# vim supervisord.conf
[supervisord]
nodaemon=true
[program:httpd]
command=/usr/bin/httpd
[program:ssh]
command=/usr/sbin/sshd -D
[root@foundation16 super]# vim Dockerfile
[root@foundation16 super]# docker stop `docker ps -aq`
cb34b9d04c49
[root@foundation16 super]# docker rm `docker ps -aq`
cb34b9d04c49
[root@foundation16 super]# docker build -t rhel7:v5 .
Sending build context to Docker daemon 4.096 kB
Step 1 : FROM rhel7:v1
---> 8954447a7830
Step 2 : MAINTAINER BOBO@163.com
---> Using cache
---> 84b8227a22bc
Step 3 : ENV HOSTNAME server2
---> Using cache
---> 1cd168277de4
Step 4 : EXPOSE 22 80
---> Running in 9d9aab6b906c
---> 4dce920a63c6
Removing intermediate container 9d9aab6b906c
Step 5 : COPY update.repo /etc/yum.repos.d
---> 540eada0a50f
Removing intermediate container 86e0786521d5
Step 6 : RUN yum install -y openssh-server openssh-clients httpd supervisor && yum clean all
---> Running in 1e227bb18a06
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Package httpd-2.4.6-40.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package openssh-clients.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: openssh = 6.6.1p1-22.el7 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-clients-6.6.1p1-22.el7.x86_64
---> Package openssh-server.x86_64 0:6.6.1p1-22.el7 will be installed
--> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-22.el7.x86_64
---> Package supervisor.noarch 0:3.1.3-3.el7 will be installed
--> Processing Dependency: python-meld3 >= 0.6.5 for package: supervisor-3.1.3-3.el7.noarch
--> Processing Dependency: python-setuptools for package: supervisor-3.1.3-3.el7.noarch
--> Running transaction check
---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
--> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
---> Package libedit.x86_64 0:3.0-12.20121213cvs.el7 will be installed
---> Package openssh.x86_64 0:6.6.1p1-22.el7 will be installed
---> Package python-meld3.x86_64 0:0.6.10-1.el7 will be installed
---> Package python-setuptools.noarch 0:0.9.8-4.el7 will be installed
--> Processing Dependency: python-backports-ssl_match_hostname for package: python-setuptools-0.9.8-4.el7.noarch
---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
--> Running transaction check
---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
---> Package python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7 will be installed
--> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch
--> Running transaction check
---> Package python-backports.x86_64 0:1.0-8.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository
Size
================================================================================
Installing:
openssh-clients x86_64 6.6.1p1-22.el7 dvd 638 k
openssh-server x86_64 6.6.1p1-22.el7 dvd 436 k
supervisor noarch 3.1.3-3.el7 update 445 k
Installing for dependencies:
fipscheck x86_64 1.4.1-5.el7 dvd 21 k
fipscheck-lib x86_64 1.4.1-5.el7 dvd 11 k
libedit x86_64 3.0-12.20121213cvs.el7 dvd 92 k
openssh x86_64 6.6.1p1-22.el7 dvd 435 k
python-backports x86_64 1.0-8.el7 dvd 5.8 k
python-backports-ssl_match_hostname noarch 3.4.0.2-4.el7 dvd 12 k
python-meld3 x86_64 0.6.10-1.el7 update 73 k
python-setuptools noarch 0.9.8-4.el7 dvd 397 k
tcp_wrappers-libs x86_64 7.6-77.el7 dvd 66 k
Transaction Summary
================================================================================
Install 3 Packages (+9 Dependent packages)
Total download size: 2.6 M
Installed size: 9.3 M
Downloading packages:
--------------------------------------------------------------------------------
Total 1.7 MB/s | 2.6 MB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-5.el7.x86_64 1/12
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/12
Installing : openssh-6.6.1p1-22.el7.x86_64 3/12
Installing : python-meld3-0.6.10-1.el7.x86_64 4/12
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 5/12
Installing : python-backports-1.0-8.el7.x86_64 6/12
Installing : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch 7/12
Installing : python-setuptools-0.9.8-4.el7.noarch 8/12
Installing : libedit-3.0-12.20121213cvs.el7.x86_64 9/12
Installing : openssh-clients-6.6.1p1-22.el7.x86_64 10/12
Installing : supervisor-3.1.3-3.el7.noarch 11/12
Installing : openssh-server-6.6.1p1-22.el7.x86_64 12/12
Verifying : openssh-clients-6.6.1p1-22.el7.x86_64 1/12
Verifying : python-setuptools-0.9.8-4.el7.noarch 2/12
Verifying : python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch 3/12
Verifying : libedit-3.0-12.20121213cvs.el7.x86_64 4/12
Verifying : openssh-6.6.1p1-22.el7.x86_64 5/12
Verifying : python-backports-1.0-8.el7.x86_64 6/12
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 7/12
Verifying : python-meld3-0.6.10-1.el7.x86_64 8/12
Verifying : openssh-server-6.6.1p1-22.el7.x86_64 9/12
Verifying : supervisor-3.1.3-3.el7.noarch 10/12
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 11/12
Verifying : fipscheck-1.4.1-5.el7.x86_64 12/12
Installed:
openssh-clients.x86_64 0:6.6.1p1-22.el7
openssh-server.x86_64 0:6.6.1p1-22.el7
supervisor.noarch 0:3.1.3-3.el7
Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7
fipscheck-lib.x86_64 0:1.4.1-5.el7
libedit.x86_64 0:3.0-12.20121213cvs.el7
openssh.x86_64 0:6.6.1p1-22.el7
python-backports.x86_64 0:1.0-8.el7
python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el7
python-meld3.x86_64 0:0.6.10-1.el7
python-setuptools.noarch 0:0.9.8-4.el7
tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
Skipping unreadable repository '///etc/yum.repos.d/rhel7.repo'
Cleaning repos: dvd update westos
Cleaning up everything
---> e8c94da88743
Removing intermediate container 1e227bb18a06
Step 7 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -q -N "" && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -q -N "" && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -q -N "" && echo root:hahaha | chpasswd
---> Running in 2880ad28d7bb
---> adba630fb85c
Removing intermediate container 2880ad28d7bb
Step 8 : CMD /usr/bin/supervisord
---> Running in fa315bf36bdc
---> 002946b572e7
Removing intermediate container fa315bf36bdc
Successfully built 002946b572e7
[root@foundation16 super]# docker run -d --name super -p 2222:22 -p 8000:80 rhel7:v5
a350e66234c28c52341d1c6645a3ff49c9be4f69eb47903a171fd77f8488ac40
[root@foundation16 super]# docker inspect rhel7:v5
[
{
"Id": "sha256:002946b572e7ef3b85b57980a5b6182aff83fa6aaa080f60dc6059efcaa8e153",
"RepoTags": [
"rhel7:v5"
],
"RepoDigests": [],
"Parent": "sha256:adba630fb85c04ca8e87be1caa174fcf89d1923024981fbf98339bc12ddf31f9",
"Comment": "",
"Created": "2017-05-10T08:01:22.829654528Z",
"Container": "fa315bf36bdc8a4c19c4a68a1e4fd77101461fd827b95a48f476950ff146e029",
"ContainerConfig": {
"Hostname": "2b92e41b5245",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"22/tcp": {},
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"HOSTNAME=server2"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) CMD [\"/usr/bin/supervisord\"]"
],
"ArgsEscaped": true,
"Image": "sha256:adba630fb85c04ca8e87be1caa174fcf89d1923024981fbf98339bc12ddf31f9",
"Volumes": {},
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": [],
"Labels": {}
},
"DockerVersion": "1.10.3",
"Author": "BOBO@163.com",
"Config": {
"Hostname": "2b92e41b5245",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"22/tcp": {},
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"HOSTNAME=server2"
],
"Cmd": [
"/usr/bin/supervisord"
],
"ArgsEscaped": true,
"Image": "sha256:adba630fb85c04ca8e87be1caa174fcf89d1923024981fbf98339bc12ddf31f9",
"Volumes": {},
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": [],
"Labels": {}
},
"Architecture": "amd64",
"Os": "linux",
"Size": 221617803,
"VirtualSize": 221617803,
"GraphDriver": {
"Name": "devicemapper",
"Data": {
"DeviceId": "268",
"DeviceName": "docker-253:1-538695038-bb199625895b5b7ed72df0d7e44a76765cd5e7b895621e62080b3057f56bd030",
"DeviceSize": "10737418240"
}
}
}
]
[root@foundation16 super]# docker run -d --name super -p 2222:22 -p 8000:80 -v /tmp/docker/apache:/var/www/html rhel7:v5
6d83112bed2dcb1731c89746bcdd14601a36ee285e02ea4a58f13d00c2da1957
[root@foundation16 super]# ssh localhost -p 2222
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
5b:63:4c:33:b8:be:52:b8:8d:00:8c:2c:71:bb:83:46.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
ECDSA host key for [localhost]:2222 has changed and you have requested strict checking.
Host key verification failed.
[root@foundation16 super]# cd /root/.ssh/
[root@foundation16 .ssh]# ls
authorized_keys id_rsa known_hosts
[root@foundation16 .ssh]# rm -f known_hosts
[root@foundation16 .ssh]# cd ..
[root@foundation16 ~]# ssh localhost -p 2222
The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established.
ECDSA key fingerprint is 5b:63:4c:33:b8:be:52:b8:8d:00:8c:2c:71:bb:83:46.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (ECDSA) to the list of known hosts.
root@localhost's password:
-bash-4.2# curl 172.25.254.250
www.westos.org
-bash-4.2#