docker深入1-使用supervisor来管理服务
目的:
a) 提供ssh登录;
b) 提供supervisor来管理其他服务;
一、制作一个基础镜像 [Jack@test101 base]$ pwd /home/Jack/base [Jack@test101 base]$ ls bin conf Dockerfile README 1)【Dockerfile】 [Jack@test101 base]$ cat Dockerfile FROM centos MAINTAINER pcnk # yum RUN yum -y update; yum clean all # epel & supervisor & sshd RUN rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm \ && yum -y install openssh-server passwd python-pip \ && yum clean all \ && /usr/bin/pip install supervisor # update config ADD ./bin/start.sh /root/start.sh RUN set -x \ && /bin/sed -i 's/.*session.*required.*pam_loginuid.so.*/session optional pam_loginuid.so/g' /etc/pam.d/sshd \ && ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' \ && mkdir /var/run/sshd /etc/supervisor.d \ && /usr/bin/echo_supervisord_conf >/etc/supervisord.conf \ && sed -i 's/nodaemon=false/nodaemon=true/' /etc/supervisord.conf \ && echo -e '[include]\nfiles=/etc/supervisor.d/*.ini' >>/etc/supervisord.conf \ && grep ^[^\;] /etc/supervisord.conf \ && chmod 755 /root/start.sh \ && ./root/start.sh COPY ./conf/supervisor.d/sshd.ini /etc/supervisor.d/sshd.ini # EXPOSE 22 ENTRYPOINT ["/usr/bin/supervisord"] 2)【启动脚本】 [Jack@test101 base]$ cat bin/start.sh #!/bin/bash # # 2015/5/5 # Update public key for root __update_root() { SSH_USERPASS=toortoor echo -e "$SSH_USERPASS\n$SSH_USERPASS" | (passwd --stdin root) echo ssh user password: $SSH_USERPASS d_root='/root/.ssh' [ -d ${d_root} ] || mkdir ${d_root} cat <<_PUBKEY > /${d_root}/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA+kdRTFU8zzzypY7BF1vfjk00ECGruUTWVILVcAVKX2FlUa0MVgXuX8auaqcl7mU3jq8DCKXUpJE4zywDQh0v6+b7/x3K+LTascPLRrdoZRMyc3B9F8F6buJWUjkvcosvRRp4rtymngLHczOeH9v9yK+xIc32xJiQv0apjyUA8ZXqNx8QAOlZYoGTi8AISzcf+lMgWUcbm8Y7cjZSOG3GjzGuJWWjBUnLGxgIZXDLF/qXYHxqYzac9uHRjG8gXrO2zawNKlq18m50pKF12P5eYlvGoYqYDwVR+mk9wte4+MPgiUi/nA43FHTp57LToUc0AE64fQelsyh2fCOU50Jgkw== Jack@test _PUBKEY chmod 700 ${d_root} chmod 600 ${d_root}/authorized_keys } # Call all functions __update_root 3)【supervisor配置】 [Jack@test101 base]$ cat conf/supervisor.d/sshd.ini [program:sshd] command=/usr/sbin/sshd -D 4)【build一个p_w_picpath】 [Jack@test101 base]$ docker build --rm -t pcnk/base:v2 . 二、启动一个container来验证 【查看p_w_picpaths】 [Jack@test101 base]$ docker p_w_picpaths REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE pcnk/base v2 064aa35dfcef 2 minutes ago 251.3 MB 5)【启动一个container】 [Jack@test101 base]$ docker run -d --name app_test -p 10022:22 pcnk/base:v2 85df9a7ce698f69f5e14bb0bfdda5f8e16baf215315d7b2254bb86b52bc91f32 [Jack@test101 base]$ docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 85df9a7ce698 pcnk/base:v2 "/usr/bin/supervisor 5 seconds ago Up 4 seconds 0.0.0.0:10022->22/tcp app_test 登录测试: [Jack@test101 base]$ echo> /home/Jack/.ssh/known_hosts 上边先清理一下,因为之前的测试有保留其他的key的信息。 先测试用passwd方式登录: [Jack@test101 base]$ ssh -p 10022 root@127.0.0.1 The authenticity of host '[127.0.0.1]:10022 ([127.0.0.1]:10022)' can't be established. RSA key fingerprint is 15:18:db:44:ed:03:ca:ac:15:a3:d0:ea:ac:01:7e:27. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[127.0.0.1]:10022' (RSA) to the list of known hosts. root@127.0.0.1's password: [root@85df9a7ce698 ~]# exit logout Connection to 127.0.0.1 closed. 在测试用public key方式登录: [Jack@test101 base]$ ssh -p 10022 root@127.0.0.1 -i /home/Jack/.ssh/Jack Last login: Wed May 6 01:37:11 2015 from 172.17.42.1 [root@85df9a7ce698 ~]# exit logout Connection to 127.0.0.1 closed. 6)【删除镜像的方式】 先停止用到这个p_w_picpath的container: [Jack@test101 base]$ docker stop app_test [Jack@test101 base]$ docker rm app_test 再删掉p_w_picpath: [Jack@test101 base]$ docker rmi `docker p_w_picpaths |grep 'pcnk/base' |awk '{print $3}'`
转载于:https://blog.51cto.com/nosmoking/1642169