手把手教你Dockerfile创建容器服务——sshd+systemctl+nginx+tomcat

一、 在容器搭建sshd服务

创建sshd目录，并编辑Dockerfile

[root@server1 ~]# cd sshd/
[root@server1 sshd]# vi Dockerfile 
FROM centos:7 #基于centos：7镜像
MAINTAINER hello
RUN yum -y update
RUN yum -y install openssh* net-tools lsof telnet passwd   #安装所需服务和工具
RUN echo "123123" | passwd --stdin root  #设置容器内的root用户密码
RUN sed -i 's/UsePAM yes/UsePAM no/g'   /etc/ssh/sshd_config  #关闭PAM认证
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key  #生成密钥
RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd  #注释pam登录功能
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]  #启动容器时，启动服务

创建镜像，运行容器

[root@server1 sshd]# docker build -t sshd:new .
[root@server1 sshd]# docker run -d -P sshd:new
[root@server1 sshd]# docker ps -a   #查看容器状态，随机指定的端口为32768
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                           NAMES
2a5fa58480fd        sshd:new            "/usr/sbin/sshd -D"      4 hours ago         Up 4 hours          0.0.0.0:32768->22/tcp                           eager_lichterman

在宿主机测试容器的sshd服务，ssh登录容器

[root@server1 sshd]# ssh localhost -p 32768
root@localhost's password:   #输入容器root用户密码
Last login: Fri Nov 27 01:59:11 2020 from gateway
[root@2a5fa58480fd ~]# 
#查看容器IP，net-tools工具提供ifconfig
[root@2a5fa58480fd ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.4  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:04  txqueuelen 0  (Ethernet)
        RX packets 125  bytes 14164 (13.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 80  bytes 13058 (12.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

二、systemctl服务

在sshd服务的基础上搭建，使其能再sshd服务里使用systemctl指令
创建systemctl目录，编辑Dockerfile

[root@server1 sshd]# cd /root/systemctl/
[root@server1 systemctl]# vi Dockerfile 
FROM sshd:new  #基于ssh容器
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [$i == \
systemd-tmpfiles-setup.service] || rm -f $i; done);\
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*;\
rm -f /lib/systemd/system/sockets.target.wants/*udev*;\
rm -f /lib/systemd/system/sockets.target.wants/*initctl*;\
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME ["/sys/fs/cgroup"]
CMD ["/usr/sbin/init"]
                     

创建镜像，运行容器

[root@server1 systemctl]# docker build -t ssytemd:new .
[root@server1 systemctl]# docker run --privileged -it -v /sys/fs/cgroup:/sys/fs/cgroup:ro ssytemd:new /sbin/init &  
#创建数据卷，应用宿主机的工具目录
#privileged 使container内的root拥有真正的root权限。否则，container内的root只是外部的一个普通用户权限。
[root@server1 systemctl]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                           NAMES
bd2fcd9dbe3b        ssytemd:new         "/sbin/init"             4 hours ago         Up 4 hours          22/tcp                                          relaxed_davinci

验证，进入容器

[root@server1 ~]# docker exec -it bd2fcd9dbe3b bash
[root@bd2fcd9dbe3b /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-11-27 02:42:13 UTC; 4h 17min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 50 (sshd)
   CGroup: /docker/bd2fcd9dbe3b341d87ffbc006270ec8230528a99d198484e2d5b266de04cf2b2/system.slice/sshd.service
           └─50 /usr/sbin/sshd -D

Nov 27 02:42:13 bd2fcd9dbe3b systemd[1]: Starting OpenSSH server daemon...
Nov 27 02:42:13 bd2fcd9dbe3b sshd[50]: WARNING: 'UsePAM no' is not supported in Red Hat Enter...ms.
Nov 27 02:42:13 bd2fcd9dbe3b sshd[50]: Server listening on 0.0.0.0 port 22.
Nov 27 02:42:13 bd2fcd9dbe3b sshd[50]: Server listening on :: port 22.
Nov 27 02:42:13 bd2fcd9dbe3b systemd[1]: Started OpenSSH server daemon.
Hint: Some lines were ellipsized, use -l to show in full.

三、nginx服务搭建

创建nginx目录，并上传nginx压缩包，创建Dockerfile

[root@server1 ~]# cd nginx/
[root@server1 nginx]# vi Dockerfile 
FROM centos:7
MAINTAINER zf
RUN yum -y install pcre-devel zlib-devel gcc gcc-c++ make  #安装依赖包
RUN useradd -M -s /sbin/nologin nginx
ADD nginx-1.12.2.tar.gz /usr/local/src  #添加并解压安装包
WORKDIR /usr/local/src/nginx-1.12.2  #进入目录编译安装
RUN ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module && make && make install
ENV PATH /usr/local/nginx/sbin:$PATH  #设置环境变量
EXPOSE 80  #暴露端口 http服务
EXPOSE 443   #https加密服务端口
RUN echo "daemon off;" >>  /usr/local/nginx/conf/nginx.conf  #关闭系统守护进程，需要容器的进程启动服务，否则会冲突
ADD run.sh /run.sh  #添加启动脚本
RUN chmod 755 /run.sh  
CMD ["/run.sh"]  #启动容器时，开启服务

创建启动脚本

[root@server1 nginx]# vi run.sh 
#!/bin/bash
/usr/local/nginx/sbin/nginx
[root@server1 nginx]# ll
总用量 968
-rw-r--r--. 1 root root    505 11月 27 11:12 Dockerfile
-rw-r--r--. 1 root root 981687 11月 27 11:12 nginx-1.12.2.tar.gz
-rw-r--r--. 1 root root     40 11月 27 11:27 run.sh

创建镜像，运行容器，查看容器状态，随机指定端口为32776

[root@server1 nginx]# docker build -t nginx:new2 .
[root@server1 nginx]# docker run -d -P nginx:new2
[root@server1 nginx]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                           NAMES
c35b9a6fcf68        nginx:new2          "/run.sh"                4 hours ago         Up 4 hours          0.0.0.0:32776->80/tcp, 0.0.0.0:32775->443/tcp   elastic_buck

测试容器nginx服务状态，客户机访问192.168.247.130:32776

四、tomcat服务搭建

创建tomcat目录，导入jdk包和tomcat安装包，创建Dockerfile

[root@server1 tomcat]# ll
总用量 186328
-rw-r--r--. 1 root root   9417469 11月 27 11:49 apache-tomcat-8.5.16.tar.gz
-rw-r--r--. 1 root root       534 11月 27 13:29 Dockerfile
-rw-r--r--. 1 root root 181367942 11月 27 11:49 jdk-8u91-linux-x64.tar.gz
FROM centos:7
MAINTAINER ZF
ADD jdk-8u91-linux-x64.tar.gz /usr/local/
ADD apache-tomcat-8.5.16.tar.gz /usr/local/
RUN mv /usr/local/jdk1.8.0_91 /usr/local/java
ENV JAVA_HOME /usr/local/java
ENV JAVA_BIN /usr/local/java/bin
ENV JRE_HOME /usr/local/java/jre
ENV PATH $PATH:/usr/local/java/jre/bin:/usr/local/java/bin
ENV CLASSPATH /usr/local/java/jre/bin:/usr/local/java/lib:/usr/local/java/jre/lib/charsets.jar
RUN mv /usr/local/apache-tomcat-8.5.16 /usr/local/tomcat
EXPOSE 8080
#启动容器时，启动服务，用ENTRTPOINT，不使用CMD
#外部CMD 可以覆盖dokerfile中的cmd 而不会覆盖ENTRTPOINT
ENTRYPOINT ["/usr/local/tomcat/bin/catalina.sh","run"]                                                      

创建镜像，运行容器，指定映射端口为1212，容器名为tomcat01

[root@server1 tomcat]# docker build -t tomcat:new .
[root@server1 tomcat]# docker run -d --name tomcat01 -p 1212:8080 tomcat:new
[root@server1 tomcat]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                           NAMES
357006dd6f10        tomcat:new          "/usr/local/tomcat/b…"   2 hours ago         Up 2 hours          0.0.0.0:1212->8080/tcp                          tomcat01

测试tomcat服务，客户机访问192.168.247.130:1212