title: Python3.11开启ssh服务的运维Docker镜像
tags:
- Python3.11
- Docker镜像
- sshd
- openEuler
date:
2023-08-02 19:00:42
一、前提:
以上一章做的镜像为基础镜像,进一步进行加工。
二、使用到的linux知识
- 创建用户:
参考centos 创建账号,启用sudo权限
# 创建用户组
groupadd developers
# 创建不需要密码的my用户
useradd -s /bin/bash -g developers -d /home/my my
# 修改密码(第二种方法)echo root | passwd --stdin root
echo "root:root" | chpasswd
echo "my:my"| chpasswd
# 添加sudo权限
echo "my all=(all) NOPASSWD: all" >> /etc/sudoers
- ssh使用证书
ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ''
cat id_rsa.pub >> ~/.ssh/authorized_keys
# 私钥登录
ssh user@host/ip[:port] -i [identity_file]
e.g. root@106.14.23.168 -i ~/.ssh/id_rsa
-i identity_file 指定私钥文件
#如果提示缺权限,给私钥600权限
chmod 600 id_rsa
/etc/ssh/sshd_config
打开文件后 在里面将添加:
RSAAuthentication yes
PubkeyAuthentication yes
添加完成保存并退出
# 启动sshd服务并且暴露22端口
run mkdir /var/run/sshd
expose 22
cmd ["/usr/sbin/sshd", "-d"]
三、形成dockerfile文件
- 文件open_euler_python_sshd.dockerfile内容如下:
# open_euler_python_sshd.dockerfile
# Version 1.0.0
# export ssl_ver=3.8.0
# wget http://ftp.jaist.ac.jp/pub/OpenBSD/LibreSSL/libressl-$ssl_ver.tar.gz
# export py_ver=3.11.4
# wget https://www.python.org/ftp/python/${py_ver}/Python-${py_ver}.tgz
# set
# build cmd: docker build --target build_image -t open-euler-py-sshd-build:22.03.3114 -f open_euler_python.dockerfile .
# build cmd: docker build -t open-euler-py-sshd:22.03.3114 -f open_euler_python_sshd.dockerfile .
# docker run --privileged -dit --name py-sshd -p 20322:22 open-euler-py-sshd:22.03.3114
ARG baseImageVer=22.03.3114
FROM open-euler-py:${baseImageVer} as build_image
LABEL MAINTAINER="zhongmb@139.com"
ARG baseImageVer=22.03.3114
ARG openEulerVer=22.03.lts.sp2
ARG pyVer=3.11.4
ARG sslVer=3.8.0
RUN yum -y install sudo && \
yum -y install passwd && \
yum -y install util-linux && \
yum -y install net-tools && \
yum -y install openssh-clients openssh-server
RUN groupadd -g 1099 developers && \
useradd -s /bin/bash -u 1098 -g 1099 -d /home/my my && \
echo root | passwd --stdin root && \
echo "my:my"| chpasswd && \
echo "my ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
RUN mkdir -p ~/.ssh && \
mkdir -p ~/shells
COPY ./ssh_host_dsa_key.pub /etc/ssh/ssh_host_dsa_key.pub
COPY ./ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key
COPY ./ssh_host_rsa_key.pub /etc/ssh/ssh_host_rsa_key.pub
COPY ./ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key
COPY ./shells /root/shells
# ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
# ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ''
RUN chmod 600 /etc/ssh/ssh_host_rsa_key &&\
chmod 644 /etc/ssh/ssh_host_rsa_key.pub &&\
chmod 600 /etc/ssh/ssh_host_dsa_key &&\
chmod 644 /etc/ssh/ssh_host_dsa_key.pub &&\
ssh-keygen -A && \
cat /etc/ssh/ssh_host_rsa_key.pub >> ~/.ssh/authorized_keys && \
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config && \
mkdir /var/run/sshd
RUN yum clean all && rm -fr /tmp/* && rm -fr /var/tmp/* && rm -fr /var/cache/*
USER my
COPY ./shells ~/shells
RUN mkdir -p ~/.ssh && \
cat /etc/ssh/ssh_host_rsa_key.pub >> ~/.ssh/authorized_keys
expose 22
CMD ["/bin/sh", "~/shells/my_sshd.sh"]
ARG baseImageVer=22.03.3114
FROM scratch as runtime_image
LABEL MAINTAINER="zhongmb@139.com"
ARG baseImageVer=22.03.3114
ARG pyVer=3.11.4
ARG sslVer=3.8.0
ENV py_ver=${pyVer}
COPY --from=build_image / /
USER my
expose 22
CMD ["/bin/sh", "~/shells/my_sshd.sh"]
- 使用到的shells\my_sshd.sh文件内容如下:
# my_sshd.sh
/usr/bin/sudo /usr/sbin/sshd
while [ "1" = "1" ]; do echo `date +"%Y-%m-%d %H:%M:%S"`; sleep 120 ;done;
- 生成镜像:
cd openeuler_python
docker build -t open-euler-py-sshd:22.03.3114 -f open_euler_python_sshd.dockerfile .
- 运行容器:
docker run --privileged -dit --name py-sshd -p 20322:22 open-euler-py-sshd:22.03.3114
四、导出含有python3.11.4运行环境的运维Docker镜像,并压缩
- 导出镜像:
docker save open-euler-py-sshd:22.03.3114 > open-euler-py-sshd-3.11.4.tar
- 拷贝到容器中
docker ps
docker cp open-euler-py-sshd-3.11.4.tar b52b8637158f:/opt/
- 在容器中使用xz压缩
yum install xz
xz open-euler-py-sshd-3.11.4.tar
- 从容器中导出
docker cp b52b8637158f:/opt/open-euler-py-sshd-3.11.4.tar.xz ./
五、测试
- 使用
docker ps
查看名字为“py-sshd”的容器 - 使用
docker inspect py-sshd
的ip地址: “IPAddress”: “172.17.0.4” - 启动一个新的容器
docker run -it open-euler-py-sshd:22.03.3114 /bin/bash
- 在新容器中使用证书登录ssh:
sudo ssh -i /etc/ssh/ssh_host_rsa_key my@172.17.0.4
python3114 --version
© 著作权归作者所有