【云计算】实现私有云（使用commit自制自己需要的镜像）

基础配置

操作系统：CentOS 7
docker-ce版本：18.09.0

步骤

（1）启动Docker

打开一个已安装Docker的虚拟机或云主机的终端，输入以下命令启动Docker服务：

# service docker start

（2）获取镜像

可以直接从镜像仓库获取镜像，也可以通过下载后使用import的方式导入镜像。
下面以下载并import一个Ubuntu镜像为例演示使用import方式导入镜像的过程：

# wget https://download.openvz.org/template/precreated/ubuntu-14.04-x86_64-minimal.tar.gz
--2018-11-23 12:46:04--  https://download.openvz.org/template/precreated/ubuntu-14.04-x86_64-minimal.tar.gz
Resolving download.openvz.org (download.openvz.org)... 185.231.241.69
Connecting to download.openvz.org (download.openvz.org)|185.231.241.69|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 78421150 (75M) [application/x-gzip]
Saving to: ‘ubuntu-14.04-x86_64-minimal.tar.gz’

100%[===================================================================================>] 78,421,150  5.69MB/s   in 27s    

2018-11-23 12:46:33 (2.73 MB/s) - ‘ubuntu-14.04-x86_64-minimal.tar.gz’ saved [78421150/78421150]


# docker import ubuntu-14.04-x86_64-minimal.tar.gz ubuntu:14.04
sha256:6a3d39fa5b768e4f4a9f144a61fc457de691d759277e4419e71b10e52a0e0815

# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ubuntu              14.04               6a3d39fa5b76        15 seconds ago      215MB

（3）实现sshd，在base镜像的基础上生成一个新的镜像

创建一个基于ubuntu:14.04的容器：
# docker run -it ubuntu:14.04 /bin/bash
修改ubuntu的软件源为163镜像站（也可使用其他国内知名镜像站）：

# vim /etc/apt/sources.list
deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse

更新软件源：
# apt-get update

安装supervisor服务：
# apt-get install supervisor
配置supervisor（添加nodaemon=true和[program:sshd]配置）：

# cd /etc/supervisor
# cp supervisord.conf ./conf.d/
# cd conf.d/
# vim supervisord.conf

; supervisor config file

[unix_http_server]
file=/var/run/supervisor.sock   ; (the path to the socket file)
chmod=0700                       ; sockef file mode (default 0700)

[supervisord]
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
nodaemon=true ;

; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL  for a unix socket

; The [include] section can just contain the "files" setting.  This
; setting can list multiple files (separated by whitespace or
; newlines).  It can also contain wildcards.  The filenames are
; interpreted as relative to this file.  Included files *cannot*
; include files themselves.

[include]
files = /etc/supervisor/conf.d/*.conf

[program:sshd]
command=/usr/sbin/sshd -D ;

退出容器
# exit

退出后将该容器commit生成封装了sshd的镜像：
先查看并记下容器的ID（只用记下前4位就行了）：
# docker ps -a
然后使用commit命令打包容器：
# docker commit <容器ID> ubuntu:sshd

查看镜像：

# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ubuntu              sshd                3c3be5304fbb        46 seconds ago      546MB
ubuntu              14.04               6a3d39fa5b76        25 minutes ago      215MB

（4）分配容器

容器打包完成后，就可以通过以下命令向主机部署自己的容器了：

# docker run -p 301:22 -d --name test ubuntu:sshd /usr/bin/supervisord
# docker run -p 302:22 -d --name dev ubuntu:sshd /usr/bin/supervisord
# docker run -p 303:22 -d --name client ubuntu:sshd /usr/bin/supervisord
...
# docker run -p xxxx:22 -d --name clientN ubuntu:sshd /usr/bin/supervisord

这样就顺利隔离了N个容器，且每一个都是以CentOS为中心的纯净的Ubuntu系统，按这种分配方式，所有容器性能将和宿主机一样。

（5）搭建自己的私有仓库

我们可以搭建自己的私有的仓库，然后使用类似GitHub的方式，将封装好的镜像push到仓库，其他主机装好docker后，pull下来即可。
Docker Hub容器仓库：https://hub.docker.com/
阿里云容器镜像服务：https://www.aliyun.com/product/acr?spm=5176.54417.developerService.13.2ce324592PbWQs
网易云镜像仓库：https://www.163yun.com/product/repo