最基础的环境是要安装docker
SSH镜像制作
[root@docker ~]# mkdir /opt/sshd/
[root@docker ~]# cd /opt/sshd/
[root@docker sshd]# vim Dockerfile
FROM centos:7
MAINTAINER wu
RUN yum -y update
RUN yum -y install openssh* net-tools lsof telnet passwd
RUN echo '123456' |passwd --stdin root
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh
EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]
生成镜像
[root@docker sshd]# docker build -t ssd:new .
启动
[root@docker sshd]# docker run -d -P ssd:new
08e815e9281de42ed08fa3312a6b8f037266d252c982c9b7eeecced80c8f43e6
[root@docker sshd]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
08e815e9281d ssd:new "/usr/sbin/sshd -D" 23 seconds ago Up 22 seconds 0.0.0.0:32768->22/tcp amazing_moser
验证ssh连接
[root@docker sshd]# ssh localhost -p 32768
The authenticity of host '[localhost]:32768 ([::1]:32768)' can't be established.
RSA key fingerprint is SHA256:RuCP0dpLuRyT87HxPSUTAAXuDSyrMo2B1kFqyQVzenw.
RSA key fingerprint is MD5:0a:cc:7a:4e:33:53:d5:8d:fa:2e:67:8c:c6:4a:04:e1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:32768' (RSA) to the list of known hosts.
root@localhost's password:
[root@08e815e9281d ~]#
systemctl镜像制作
用刚刚制作好的SSH镜像作为基础镜像
[root@docker ~]#mkdir /opt/systemctl
[root@docker ~]#cd /opt/systemctl
[root@docker systemctl]# vim Dockerfile
FROM ssd:new
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/;for i in *;do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i;done); \
#删除原有的文件,后面会用到挂载目录中的配置文件
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /lib/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
[root@docker systemctl]# docker build -t systemd:new .
//privileged是保持权限,到容器中依然有root的权限
[root@docker systemctl]# docker run --privileged -it -v /sys/fs/cgroup:/sys/fs/cgroup:ro systemd:new /sbin/init &
[root@docker systemctl]# docker ps -a
CONTAINER ID