引言
日常工作场景中,可能需要将一个空的docker实例提供给其他开发同事,由其进行一些应用程序的安装。
这时如果要访问到该docker,可能要通过宿主机,但不便将宿主机账户信息透露出去。
解决办法之一:
可以在构建docker时,事先做好内外端口映射配置,将docker内部端口映射到外部宿主机端口上。
然后在docker内部安装ssh服务。
最后在docker里创建专用账户,提供给外部访问(外部可通过如下方式连接进来: “ssh -p ${HOST_MAPPING_PORT} tester@111.111.111.111”)。
1- config Dockerfile
FROM docker.io/centos
MAINTAINER tester
#设置时区
RUN cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo 'Asia/Shanghai' >/etc/timezone
2- docker-compose 服务编排
docker-compose.yml
version: '2.2'
services:
webapp:
image: docker.io/centos
container_name: webapp
volumes:
- "/opt/jdk1.8.0_181:/opt/jdk1.8"
- "/opt/dockers/docker_web_app/20190423/:/opt/web_app/20190423"
cpus: "4"
mem_limit: "24G"
command: |
bash -c '
tail -f /dev/null'
privileged: true
hostname: web-app
ports:
- "7777:22" #将docker内部的22端口,映射到宿主机的7777端口,先验步骤方便后续ssh的安装
networks:
20190307_aidata_network: # 自定义的网卡名称,实现ip端的规划使用,避免ip冲突
ipv4_address: 111.111.111.111
networks:
20190307_aidata_network:
external: true
[root@server111-112 bin]# docker network ls
NETWORK ID NAME DRIVER SCOPE
2sf3g4ef378c 20190307_aidata_network bridge local
2d3f3g5a035b bridge bridge local
6frr3da34ddb host host local
75f3rf5c78ee none null local
3- install ssh service in docker(ENV: centos7)
3.1 startup docker
docker-compose -f $dir/docker-compose.yml up -d
3.2 find app already installed
docker ps -a|grep webapp
3ae179fcc775 docker.io/centos “bash -c '\ntail -f…” 17 hours ago Up 17 hours 0.0.0.0:7777->22/tcp webapp
3.3 enter docker
docker exec -it webapp /bin/bash
[root@web-app /]#
3.4 install net-tools,then ‘ip a’, ifconfig canbe used.
yum -y install net-tools
3.5 find if ssh service exists
rpm -qa|grep ssh
如果安装过, 将显示:
openssh-cavs-7.4p1-16.el7.x86_64
openssh-clients-7.4p1-16.el7.x86_64
openssh-ldap-7.4p1-16.el7.x86_64
openssh-server-7.4p1-16.el7.x86_64
openssh-askpass-7.4p1-16.el7.x86_64
openssh-server-sysvinit-7.4p1-16.el7.x86_64
openssh-keycat-7.4p1-16.el7.x86_64
libssh2-1.4.3-10.el7_2.1.x86_64
openssh-7.4p1-16.el7.x86_64
否则:
yum -y install openssh-*
3.6 生成公钥、私钥
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_ecdsa_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_ed25519_key
3.7 config app start/stop/restart script
[注意]:
docker内,ssh daemon启动脚本位置为:/usr/sbin/sshd,此进程启动后,才能执行远程ssh连接操作。
之所以在此时执行,是因为docker启动后,必须要先安装ssh服务,否则可以将sshd的启动命令
放置在Dockerfile里执行。
deploy_comm.sh
#!/bin/bash
## for use pipework to config network
#ip=111.111.111.111
#ip_preffix=24
#net_ridge=br0
## for do some start or stop jobs when enter the container after start the container.
start_comm='/usr/sbin/sshd'
#stop_comm='xxxxxx'
dir=$(cd -P -- "$(dirname -- "$0")" && pwd -P)
. dockerutils $@
执行如下指令,将sshd服务启动起来:
sh deploy_comm.sh startapp
3.8 add tester user in docker
useradd -m tester
passwd testeruser
3.9 Login via ssh at another server then test
[xixixixi@server111-112 ~]$ ssh -p 7777 tester@111.111.111.111