1.为镜像添加ssh服务
我们在这里是以centos7为例子
1.1 基于commit命令创建
1.1.1 拉取centos:7的镜像,并创建名为sshd的容器
docker pull centos:7
docker run -it --name sshd --privileged=true --restart=always -p 10722:22 centos:7
[root@k8s-master docker]# docker pull centos:7
7: Pulling from library/centos
2d473b07cdd5: Already exists
Digest: sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
Status: Downloaded newer image for centos:7
docker.io/library/centos:7
[root@k8s-master docker]# docker image ls |grep centos
centos 7 eeb6ee3f44bd 2 years ago 204MB
[root@k8s-master docker]# docker run -it --name sshd --privileged=true --restart=always -p 10722:22 centos:7
[root@edc288d9323b /]#
1.1.2 配置软件源
更新yum包:yum update -y
[root@edc288d9323b /]# yum update -y
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirrors.ustc.edu.cn
* extras: mirrors.ustc.edu.cn
* updates: ftp.sjtu.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package bash.x86_64 0:4.2.46-34.el7 will be updated
---> Package bash.x86_64 0:4.2.46-35.el7_9 will be an update
---> Package bind-license.noarch 32:9.11.4-26.P2.el7 will be updated
---> Package bind-license.noarch 32:9.11.4-26.P2.el7_9.14 will be an update
---> Package binutils.x86_64 0:2.27-44.base.el7 will be updated
---> Package binutils.x86_64 0:2.27-44.base.el7_9.1 will be an update
---> Package ca-certificates.noarch 0:2020.2.41-70.0.el7_8 will be updated
---> Package ca-certificates.noarch 0:2022.2.54-74.el7_9 will be an update
---> Package centos-release.x86_64 0:7-9.2009.0.el7.centos will be updated
......
Verifying : libmount-2.23.2-65.el7.x86_64 100/100
Updated:
bash.x86_64 0:4.2.46-35.el7_9 bind-license.noarch 32:9.11.4-26.P2.el7_9.14 binutils.x86_64 0:2.27-44.base.el7_9.1 ca-certificates.noarch 0:2022.2.54-74.el7_9 centos-release.x86_64 0:7-9.2009.1.el7.centos
coreutils.x86_64 0:8.22-24.el7_9.2 curl.x86_64 0:7.29.0-59.el7_9.1 cyrus-sasl-lib.x86_64 0:2.1.26-24.el7_9 device-mapper.x86_64 7:1.02.170-6.el7_9.5 device-mapper-libs.x86_64 7:1.02.170-6.el7_9.5
diffutils.x86_64 0:3.3-6.el7_9 expat.x86_64 0:2.1.0-15.el7_9 geoipupdate.x86_64 0:2.5.0-2.el7 glib2.x86_64 0:2.56.1-9.el7_9 glibc.x86_64 0:2.17-326.el7_9
glibc-common.x86_64 0:2.17-326.el7_9 gzip.x86_64 0:1.5-11.el7_9 kpartx.x86_64 0:0.4.9-136.el7_9 krb5-libs.x86_64 0:1.15.1-55.el7_9 libblkid.x86_64 0:2.23.2-65.el7_9.1
libcurl.x86_64 0:7.29.0-59.el7_9.1 libmount.x86_64 0:2.23.2-65.el7_9.1 libsmartcols.x86_64 0:2.23.2-65.el7_9.1 libuuid.x86_64 0:2.23.2-65.el7_9.1 libxml2.x86_64 0:2.9.1-6.el7_9.6
libxml2-python.x86_64 0:2.9.1-6.el7_9.6 nspr.x86_64 0:4.34.0-3.1.el7_9 nss.x86_64 0:3.79.0-5.el7_9 nss-pem.x86_64 0:1.0.3-7.el7_9.1 nss-softokn.x86_64 0:3.79.0-4.el7_9
nss-softokn-freebl.x86_64 0:3.79.0-4.el7_9 nss-sysinit.x86_64 0:3.79.0-5.el7_9 nss-tools.x86_64 0:3.79.0-5.el7_9 nss-util.x86_64 0:3.79.0-1.el7_9 openldap.x86_64 0:2.4.44-25.el7_9
openssl-libs.x86_64 1:1.0.2k-26.el7_9 python.x86_64 0:2.7.5-93.el7_9 python-libs.x86_64 0:2.7.5-93.el7_9 rpm.x86_64 0:4.11.3-48.el7_9 rpm-build-libs.x86_64 0:4.11.3-48.el7_9
rpm-libs.x86_64 0:4.11.3-48.el7_9 rpm-python.x86_64 0:4.11.3-48.el7_9 systemd.x86_64 0:219-78.el7_9.7 systemd-libs.x86_64 0:219-78.el7_9.7 tzdata.noarch 0:2023c-1.el7
util-linux.x86_64 0:2.23.2-65.el7_9.1 vim-minimal.x86_64 2:7.4.629-8.el7_9 xz.x86_64 0:5.2.2-2.el7_9 xz-libs.x86_64 0:5.2.2-2.el7_9 zlib.x86_64 0:1.2.7-21.el7_9
Complete!
1.1.3 安装openssh并启动sshd
yum -y install openssh* net-tools lsof telnet passwd
[root@edc288d9323b /]# yum -y install openssh* net-tools lsof telnet passwd initscripts
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
* base: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.ustc.edu.cn
* updates: mirrors.ustc.edu.cn
Package passwd-0.79-6.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package lsof.x86_64 0:4.87-6.el7 will be installed
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
---> Package openssh.x86_64 0:7.4p1-23.el7_9 will be installed
--> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-7.4p1-23.el7_9.x86_64
---> Package openssh-askpass.x86_64 0:7.4p1-23.el7_9 will be installed
--> Processing Dependency: libpangoft2-1.0.so.0()(64bit) for package: openssh-askpass-7.4p1-23.el7_9.x86_64
--> Processing Dependency: libpangocairo-1.0.so.0()(64bit) for package: openssh-askpass-7.4p1-23.el7_9.x86_64
--> Processing Dependency: libpango-1.0.so.0()(64bit) for package: openssh-askpass-7.4p1-23.el7_9.x86_64
--> Processing Dependency: libgtk-x11-2.0.so.0()(64bit) for package: openssh-askpass-7.4p1-23.el7_9.x86_64
--> Processing Dependency: libgdk_pixbuf-2.0.so.0()(64bit) for package: openssh-askpass-7.4p1-23.el7_9.x86_64
--> Processing Dependency: libgdk-x11-2.0.so.0()(64bit) for package: openssh-askpass-7.4p1-23.el7_9.x86_64
--> Processing Dependency: libfreetype.so.6()(64bit) for package: openssh-askpass-7.4p1-23.el7_9.x86_64
.........
Verifying : 4:perl-libs-5.16.3-299.el7_9.x86_64 94/95
Verifying : libX11-common-1.6.7-4.el7_9.noarch 95/95
Installed:
lsof.x86_64 0:4.87-6.el7 net-tools.x86_64 0:2.0-0.25.20131004git.el7 openssh.x86_64 0:7.4p1-23.el7_9 openssh-askpass.x86_64 0:7.4p1-23.el7_9 openssh-cavs.x86_64 0:7.4p1-23.el7_9
openssh-clients.x86_64 0:7.4p1-23.el7_9 openssh-keycat.x86_64 0:7.4p1-23.el7_9 openssh-ldap.x86_64 0:7.4p1-23.el7_9 openssh-server.x86_64 0:7.4p1-23.el7_9 openssh-server-sysvinit.x86_64 0:7.4p1-23.el7_9
telnet.x86_64 1:0.17-66.el7
Dependency Installed:
atk.x86_64 0:2.28.1-2.el7 avahi-libs.x86_64 0:0.6.31-20.el7 cairo.x86_64 0:1.15.12-4.el7 cups-libs.x86_64 1:1.6.3-52.el7_9 dejavu-fonts-common.noarch 0:2.33-6.el7
dejavu-sans-fonts.noarch 0:2.33-6.el7 fipscheck.x86_64 0:1.4.1-6.el7 fipscheck-lib.x86_64 0:1.4.1-6.el7 fontconfig.x86_64 0:2.13.0-4.3.el7 fontpackages-filesystem.noarch 0:1.44-8.el7
freetype.x86_64 0:2.8-14.el7_9.1 fribidi.x86_64 0:1.0.2-1.el7_7.1 gdk-pixbuf2.x86_64 0:2.36.12-3.el7 graphite2.x86_64 0:1.3.10-1.el7_3 groff-base.x86_64 0:1.22.2-8.el7
gtk-update-icon-cache.x86_64 0:3.22.30-8.el7_9 gtk2.x86_64 0:2.24.31-1.el7 harfbuzz.x86_64 0:1.7.5-2.el7 hicolor-icon-theme.noarch 0:0.12-7.el7 hwdata.x86_64 0:0.252-9.7.el7
jasper-libs.x86_64 0:1.900.1-33.el7 jbigkit-libs.x86_64 0:2.0-11.el7 libX11.x86_64 0:1.6.7-4.el7_9 libX11-common.noarch 0:1.6.7-4.el7_9 libXau.x86_64 0:1.0.8-2.1.el7
libXcomposite.x86_64 0:0.4.4-4.1.el7 libXcursor.x86_64 0:1.1.15-1.el7 libXdamage.x86_64 0:1.1.4-4.1.el7 libXext.x86_64 0:1.3.3-3.el7 libXfixes.x86_64 0:5.0.3-1.el7
libXft.x86_64 0:2.3.2-2.el7 libXi.x86_64 0:1.7.9-1.el7 libXinerama.x86_64 0:1.1.3-2.1.el7 libXrandr.x86_64 0:1.5.1-2.el7 libXrender.x86_64 0:0.9.10-1.el7
libXxf86vm.x86_64 0:1.1.4-1.el7 libdrm.x86_64 0:2.4.97-2.el7 libedit.x86_64 0:3.0-12.20121213cvs.el7 libglvnd.x86_64 1:1.0.1-0.8.git5baa1e5.el7 libglvnd-egl.x86_64 1:1.0.1-0.8.git5baa1e5.el7
libglvnd-glx.x86_64 1:1.0.1-0.8.git5baa1e5.el7 libjpeg-turbo.x86_64 0:1.2.90-8.el7 libpciaccess.x86_64 0:0.14-1.el7 libpng.x86_64 2:1.5.13-8.el7 libthai.x86_64 0:0.1.14-9.el7
libtiff.x86_64 0:4.0.3-35.el7 libwayland-client.x86_64 0:1.15.0-1.el7 libwayland-server.x86_64 0:1.15.0-1.el7 libxcb.x86_64 0:1.13-1.el7 libxshmfence.x86_64 0:1.2-1.el7
mesa-libEGL.x86_64 0:18.3.4-12.el7_9 mesa-libGL.x86_64 0:18.3.4-12.el7_9 mesa-libgbm.x86_64 0:18.3.4-12.el7_9 mesa-libglapi.x86_64 0:18.3.4-12.el7_9 pango.x86_64 0:1.42.4-4.el7_7
perl.x86_64 4:5.16.3-299.el7_9 perl-Carp.noarch 0:1.26-244.el7 perl-Encode.x86_64 0:2.51-7.el7 perl-Exporter.noarch 0:5.68-3.el7 perl-File-Path.noarch 0:2.09-2.el7
perl-File-Temp.noarch 0:0.23.01-3.el7 perl-Filter.x86_64 0:1.49-3.el7 perl-Getopt-Long.noarch 0:2.40-3.el7 perl-HTTP-Tiny.noarch 0:0.033-3.el7 perl-PathTools.x86_64 0:3.40-5.el7
perl-Pod-Escapes.noarch 1:1.04-299.el7_9 perl-Pod-Perldoc.noarch 0:3.20-4.el7 perl-Pod-Simple.noarch 1:3.28-4.el7 perl-Pod-Usage.noarch 0:1.63-3.el7 perl-Scalar-List-Utils.x86_64 0:1.27-248.el7
perl-Socket.x86_64 0:2.010-5.el7 perl-Storable.x86_64 0:2.45-3.el7 perl-Text-ParseWords.noarch 0:3.29-4.el7 perl-Time-HiRes.x86_64 4:1.9725-3.el7 perl-Time-Local.noarch 0:1.2300-2.el7
perl-constant.noarch 0:1.27-2.el7 perl-libs.x86_64 4:5.16.3-299.el7_9 perl-macros.x86_64 4:5.16.3-299.el7_9 perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7
perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7 pixman.x86_64 0:0.34.0-1.el7 tcp_wrappers-libs.x86_64 0:7.6-77.el7
Complete!
启动sshd服务:service sshd start
设置开机自启动:systemctl enable sshd
[root@edc288d9323b /]# service sshd start
Failed to get D-Bus connection: Operation not permitted
Generating SSH2 RSA host key: [ OK ]
Generating SSH2 ECDSA host key: [ OK ]
Generating SSH2 ED25519 host key: [ OK ]
Starting sshd: [ OK ]
[root@edc288d9323b /]# systemctl enable sshd
1.1.4 修改sshd配置文件
允许root登录:
sed -i "s/'#PermitRootLogin yes'/'PermitRootLogin yes'/g" /etc/ssh/sshd_config
设置root的用户密码:
echo 123456 | passwd --stdin root
[root@edc288d9323b /]# sed -i "s/'#PermitRootLogin yes'/'PermitRootLogin yes'/g" /etc/ssh/sshd_config
[root@edc288d9323b /]# echo 123456 | passwd --stdin root
Changing password for user root.
passwd: all authentication tokens updated successfully.
1.1.5 用连接工具测试能否登录
输入root的密码后登录成功
1.1.6 保存镜像
docker commit sshd sshd-centos7:0.1
[root@k8s-master docker]# docker commit sshd sshd-centos7:0.1
sha256:bcf0c9b75829a276432c86a4158282591d806ccdb6d7017aad742f54f4a95938
[root@k8s-master docker]# docker images |grep sshd
sshd-centos7 0.1 bcf0c9b75829 6 seconds ago 660MB
1.1.7 使用镜像并测试
docker run -d --name sshd-test --privileged=true -p 18822:22 sshd-centos7:0.1 /usr/sbin/sshd -D
[root@k8s-master docker]# docker run -d --name sshd-test --privileged=true -p 18822:22 sshd-centos7:0.1 /usr/sbin/sshd -D
362c5d82b18c54d3926be70566c4e5f30ff1f659c4613eb53927d213284e44ca
[root@k8s-master docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
362c5d82b18c sshd-centos7:0.1 "/usr/sbin/sshd -D" 2 seconds ago Up 2 seconds 0.0.0.0:18822->22/tcp, :::18822->22/tcp sshd-test
测试登录成功
1.2 基于Dockfile创建
1.2.1 创建工作目录,编写Dockerfile文件和run.sh文件
mkdir -p /data/Dockerfile/ssh_centos7
[root@k8s-master docker]# mkdir -p /data/Dockerfile/ssh_centos7
[root@k8s-master docker]# cd /data/Dockerfile/ssh_centos7/
[root@k8s-master ssh_centos7]# ls
[root@k8s-master ssh_centos7]# touch Dockerfile run.sh
[root@k8s-master ssh_centos7]# vim run.sh
[root@k8s-master ssh_centos7]# vim Dockerfile
[root@k8s-master ssh_centos7]# cat run.sh
#!/bin/bash
/usr/sbin/sshd -D
[root@k8s-master ssh_centos7]# cat Dockerfile
FROM centos:7
MAINTAINER this is sshd <wyx>
RUN yum -y update
RUN yum -y install openssh* net-tools lsof telnet passwd
RUN echo '123456' | passwd --stdin root
RUN sed -i "s/'#PermitRootLogin yes'/'PermitRootLogin yes'/g" /etc/ssh/sshd_config
ADD run.sh /run.sh
RUN chmod 755 /run.sh
EXPOSE 22
CMD ["./run.sh"]
1.2.2 创建镜像
docker build -t sshd_centos:0.2 .
[root@k8s-master ssh_centos7]# docker build -t sshd_centos:0.2 .
[+] Building 422.9s (12/12) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 409B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/centos:7 0.0s
=> CACHED [1/7] FROM docker.io/library/centos:7 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 84B 0.0s
=> [2/7] RUN yum update -y 256.4s
=> [3/7] RUN yum -y install openssh* net-tools lsof telnet passwd 160.9s
=> [4/7] RUN echo '123456' | passwd --stdin root 0.4s
=> [5/7] RUN sed -i "s/'#PermitRootLogin yes'/'PermitRootLogin yes'/g" /etc/ssh/sshd_config 0.6s
=> [6/7] ADD run.sh /run.sh 0.1s
=> [7/7] RUN chmod 755 /run.sh 0.3s
=> exporting to image 4.1s
=> => exporting layers 4.0s
=> => writing image sha256:5c4c58a3fd2ec923ff7919de70a45012352374ec54967ac744e8ce3202dda285 0.0s
=> => naming to docker.io/library/sshd_centos:0.2
[root@k8s-master ssh_centos7]# docker images |grep sshd_centos
sshd_centos 0.2 5c4c58a3fd2e 3 minutes ago 856MB
1.2.3 启动测试容器测试
docker run -it --name sshd_test --privileged=true -p 10222:22 sshd_centos:0.2
打开xshell登录验证即可,后面我们就只讲用dockerfile来制作镜像
2.为镜像添加nginx服务
2.1 创建前端文件index.html
mkdir -p /data/Dockerfile/nginx_centos7/nginx
echo "<h1> docker nginx build successful</h1>"
[root@k8s-master nginx_centos7]# tree ../nginx_centos7/
../nginx_centos7/
├── Dockerfile
└── nginx
└── index.html
1 directory, 2 files
[root@k8s-master nginx_centos7]# cat nginx/index.html
<h1> docker nginx build successful</h1>
2.2 编写Dockerfile
[root@k8s-master nginx_centos7]# cat Dockerfile
FROM centos:7
MAINTAINER "nginx_centos7"<wyx>
WORKDIR /usr/local/src/
ENV NG_VERSION nginx-1.21.0
RUN yum -y install epel-release
RUN yum -y install wget
RUN wget http://nginx.org/download/$NG_VERSION.tar.gz && tar xzvf $NG_VERSION.tar.gz
RUN yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel && yum install -y pcre-devel libxslt-devel gd-devel GeoIP GeoIP-devel GeoIP-data
RUN yum clean all
RUN useradd -M -s /sbin/nologin nginx
WORKDIR /usr/local/src/$NG_VERSION
RUN ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module && make && make install
ADD nginx/index.html /usr/local/nginx/html
VOLUME /usr/local/nginx/html
ENV PATH /usr/local/nginx/sbin:$PATH
EXPOSE 80/tcp
ENTRYPOINT ["nginx"]
CMD ["-g","daemon off;"]
2.3 生成镜像并运行测试
docker build -t nginx_centos7:0.1 .
docker run -d --name nginx_test -p 8080:80 nginx_centos7:0.1
[root@k8s-master nginx_centos7]# docker build -t nginx_centos7:0.1 .
[+] Building 412.9s (16/16) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 1.32kB 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/centos:7 0.0s
=> [ 1/11] FROM docker.io/library/centos:7 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 226B 0.0s
=> CACHED [ 2/11] WORKDIR /usr/local/src/ 0.0s
=> [ 3/11] RUN yum -y install epel-release 38.5s
=> [ 4/11] RUN yum -y install wget 31.9s
=> [ 5/11] RUN wget http://nginx.org/download/nginx-1.21.0.tar.gz && tar xzvf nginx-1.21.0.tar.gz 3.9s
=> [ 6/11] RUN yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel && yum install -y pcre-devel libxslt-devel gd-devel GeoIP GeoIP-devel GeoIP-data 280.6s
=> [ 7/11] RUN yum clean all 0.9s
=> [ 8/11] RUN useradd -M -s /sbin/nologin nginx 0.4s
=> [ 9/11] WORKDIR /usr/local/src/nginx-1.21.0 0.0s
=> [10/11] RUN ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_ 51.6s
=> [11/11] ADD nginx/index.html /usr/local/nginx/html 0.1s
=> exporting to image 4.9s
=> => exporting layers 4.9s
=> => writing image sha256:e77b7b324fa097496a146c92311589602484c2630cdf32056b495ece61f38c1a 0.0s
=> => naming to docker.io/library/nginx_centos7:0.1
[root@k8s-master nginx_centos7]# docker run -d --name nginx_test -p 8080:80 nginx_centos7:0.1
f4ce17d683fc7bd7e12c6f08bf1fa430475f009ce589623363870260dba1d4b1
在宿主机打开http://192.168.200.141:8080
后续有其他服务的Dockerfile也会陆陆续续添加进来