docker安装ssh服务

风向决定发型丶

已于 2023-11-09 10:44:34 修改

阅读量615

点赞数

于 2023-11-07 16:19:53 首次发布

本文链接：https://blog.csdn.net/weixin_43866248/article/details/134267659

版权

kubernetes 同时被 2 个专栏收录

14 篇文章 1 订阅

订阅专栏

docker

6 篇文章 0 订阅

订阅专栏

一、制作可ssh登录的centos镜像

1.准备Dockerfile

[root@k8s-master base]# vim Dockerfile
FROM centos:centos7.9.2009

LABEL maintainer="OPS_MX"

RUN yum -y install wget && rm -f /etc/yum.repos.d/* && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo \
    && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo \
    && yum -y install passwd openssh-server vim-enhanced tcpdump lrzsz tree telnet bash-completion net-tools wget bzip2 lsof  zip unzip nfs-utils gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl  openssl-devel systemd-devel zlib-devel \
    && ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key  -N '' \
    && echo "123456" | passwd --stdin root \	##密码可以自行修改
    && yum clean all \
    && rm -f /etc/localtime  \
    && ln -s ../usr/share/zoneinfo/Asia/Shanghai /etc/localtime
CMD ["/usr/sbin/sshd", "-D"]
[root@k8s-master base]# ls
build.sh  Dockerfile
[root@k8s-master base]# cat build.sh
#!/bin/bash
#
docker build -t centos7-base:v4  .

2.构建镜像

[root@k8s-master base]# sh build.sh
Sending build context to Docker daemon  3.584kB
Step 1/4 : FROM centos:centos7.9.2009
 ---> eeb6ee3f44bd
Step 2/4 : LABEL maintainer="OPS_MX"
 ---> Using cache
 ---> 07fe586ba410
Step 3/4 : RUN yum -y install wget && rm -f /etc/yum.repos.d/* && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo     && wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo     && yum -y install passwd openssh-server vim-enhanced tcpdump lrzsz tree telnet bash-completion net-tools wget bzip2 lsof  zip unzip nfs-utils gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl  openssl-devel systemd-devel zlib-devel     && ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' && ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' && ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key  -N ''     && echo "123456" | passwd --stdin root     && yum clean all     && rm -f /etc/localtime      && ln -s ../usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 ---> Using cache
 ---> 9f0cd67d4e2b
Step 4/4 : CMD ["/usr/sbin/sshd", "-D"]
 ---> Using cache
 ---> 2be7b57a0e54
Successfully built 2be7b57a0e54
Successfully tagged centos7-base:v4

构建过程输出很少，因为centos7-base:v4之前已经构建过一次了，所以没有安装依赖包的过程

3.创建测试pod

[root@k8s-master test]# cat test-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: centos
  namespace: test
spec:
  containers:
  - name: centos
    image: centos7-base:v4
[root@k8s-master test]# kubectl apply -f test-pod.yaml
pod/centos created
[root@k8s-master test]# kubectl get pod -n test -o wide
NAME        READY   STATUS    RESTARTS   AGE   IP               NODE                      NOMINATED NODE   READINESS GATES
centos      1/1     Running   0          29s   100.64.168.155   k8s-master  			   <none>           <none>
nginx-app   1/1     Running   0          14m   100.64.168.167   k8s-master   			   <none>           <none>

4.ssh 登录测试

[root@k8s-master test]# ssh 100.64.168.155
The authenticity of host '100.64.168.155 (100.64.168.155)' can't be established.
ECDSA key fingerprint is SHA256:QPjTcPVWAkjyLQpD0pnfxFuCWX+AMon+9nv41jYoraw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '100.64.168.155' (ECDSA) to the list of known hosts.
root@100.64.168.155's password:
[root@centos ~]#

二、制作可ssh登录的应用镜像

1.以nginx为例，准备Dockerfile

[root@k8s-master nginx]# vim Dockerfile-v4
FROM centos7-base:v4
MAINTAINER OPS_MX
ENV NGINX_VERSION 1.16.1
ENV BUILD_TOOLS gcc pcre-devel openssl-devel make
ADD nginx-${NGINX_VERSION}.tar.gz /opt
RUN mkdir -p /opt/web_app/nginx-${NGINX_VERSION} \
        && useradd nginx && yum -y install ${BUILD_TOOLS} && cd /opt/nginx-${NGINX_VERSION} \
        && ./configure --user=nginx --group=nginx --with-http_ssl_module \
        --prefix=/opt/web_app/nginx-${NGINX_VERSION} \
        --sbin-path=/opt/web_app/nginx-${NGINX_VERSION}/sbin/nginx \
        --conf-path=/opt/web_app/nginx-${NGINX_VERSION}/conf/nginx.conf \
        --http-log-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/access.log \
        --error-log-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/error.log \
        --pid-path=/opt/web_app/nginx-${NGINX_VERSION}/logs/nginx.pid \
        --lock-path=/opt/web_app/nginx-${NGINX_VERSION}/lock/subsys/nginx \
        --with-http_stub_status_module && make && make install  \
        && rm -rf /opt/nginx-${NGINX_VERSION}  \
        && yum clean all
WORKDIR /opt/web_app/nginx-${NGINX_VERSION}
EXPOSE 80 443
RUN echo "daemon off;" >> /opt/web_app/nginx-${NGINX_VERSION}/nginx.conf \
        && ln -sf /dev/stdout /opt/web_app/nginx-${NGINX_VERSION}/logs/access.log \
        && ln -sf /dev/stderr /opt/web_app/nginx-${NGINX_VERSION}/logs/error.log
CMD /usr/sbin/sshd && echo `ifconfig eth0 | awk 'NR==2{print $2}'` > /opt/web_app/nginx-1.16.1/html/index.html && /opt/web_app/nginx-1.16.1/sbin/nginx -g 'daemon off;'

最后的CMD需要注意，虽然centos基础镜像里面有CMD的指令，但是nginx Dockerfile里的CMD指令会覆盖centos的CMD，因为CMD只有最后一个生效，所以sshd的启动命令又写了一遍

2.构建镜像

[root@k8s-master nginx]# docker build -f Dockerfile-v4 -t nginx-1.16.1:v4 .
Sending build context to Docker daemon  1.954GB
Step 1/10 : FROM centos7-base:v4
 ---> 2be7b57a0e54
Step 2/10 : MAINTAINER OPS_MX
 ---> Running in 5efe8d1dfb52
Removing intermediate container 5efe8d1dfb52
 ---> 44022ef3db4e
Step 3/10 : ENV NGINX_VERSION 1.16.1
 ---> Running in 8bd181d73813
Removing intermediate container 8bd181d73813
 ---> 8d59afb9f99b
Step 4/10 : ENV BUILD_TOOLS gcc pcre-devel openssl-devel make
 ---> Running in ba1c9d46eb3a
Removing intermediate container ba1c9d46eb3a
。。。。。。

3.创建测试应用pod

[root@k8s-master test]# vim app-nginx.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx-app
  namespace: test
spec:
  containers:
  - name: nginx
    image: nginx-1.16.1:v4.
[root@k8s-master test]# kubectl get pod -n test -o wide
NAME        READY   STATUS    RESTARTS   AGE   IP               NODE                      NOMINATED NODE   READINESS GATES
centos      1/1     Running   0          62m   100.64.168.155   k8s-master  <none>           <none>
nginx-app   1/1     Running   0          8s    100.64.168.144   k8s-master  <none>           <none>

4.ssh连接应用pod测试

[root@k8s-master test]# ssh 100.64.168.144
The authenticity of host '100.64.168.144 (100.64.168.144)' can't be established.
ECDSA key fingerprint is SHA256:QPjTcPVWAkjyLQpD0pnfxFuCWX+AMon+9nv41jYoraw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '100.64.168.144' (ECDSA) to the list of known hosts.
root@100.64.168.144's password:
[root@nginx-app ~]# ps -ef
UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  0 16:09 ?        00:00:00 /bin/sh -c /usr/sbin/sshd && echo `ifconfig eth0 | awk 'NR==2{print $2}'` > /opt/web_app/nginx-1.16.1/html/index.html && /opt/web_app/nginx-1.16.1/sbin/ngi
root           7       1  0 16:09 ?        00:00:00 /usr/sbin/sshd
root          11       1  0 16:09 ?        00:00:00 nginx: master process /opt/web_app/nginx-1.16.1/sbin/nginx -g daemon off;
nginx         12      11  0 16:09 ?        00:00:00 nginx: worker process
root          34       7  0 16:11 ?        00:00:00 sshd: root@pts/0
root          36      34  0 16:11 pts/0    00:00:00 -bash
root          55      36  0 16:11 pts/0    00:00:00 ps -ef
[root@nginx-app ~]# curl 127.0.0.1  ## nginx访问测试正常
100.64.168.144

风向决定发型丶

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
docker安装ssh服务

最后的CMD需要注意，虽然centos基础镜像里面有CMD的指令，但是nginx Dockerfile里的CMD指令会覆盖centos的CMD，因为CMD只有最后一个生效，所以sshd的启动命令又写了一遍。构建过程输出很少，因为centos7-base:v4之前已经构建过一次了，所以没有安装依赖包的过程。
复制链接

扫一扫

专栏目录