一、使用Dockerfile部署ssh,以及在ssh中使用systemctl命令
1.部署ssh
[root@server1 ~]# mkdir sshd
[root@server1 ~]# cd sshd/
[root@server1 sshd]# vim Dockerfile
FROM centos:7
MAINTAINER this is sshd <ycx>
RUN yum -y update
RUN yum -y install openssh* net-tools lsof telnet passwd
RUN echo '123456' | passwd --stdin root #修改容器内的root密码
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config #修改配置文件,将UsePAM yes改为no
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key #使用rsa类型密钥,后面是验证文件
RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd #将pam_loginuid这行注释掉
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh #递归创建文件,并修改属主属组,给root读写执行的权限
EXPOSE 22 #暴露端口号
CMD ["/usr/sbin/sshd","-D"]
[root@server1 sshd]# docker build -t sshd:new . #生成镜像
[root@server1 sshd]# docker run -d -P sshd:new #启动容器
183354346cd781b125484f35c99491e7c590e69fc77e3621736a56513dc6913a
[root@server1 sshd]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
183354346cd7 sshd:new "/usr/sbin/sshd -D" 25 seconds ago Up 23 seconds 0.0.0.0:32771->22/tcp cool_wu
[root@server1 sshd]# ssh localhost -p 32771 #验证
The authenticity of host '[localhost]:32771 ([::1]:32771)' can't be established.
RSA key fingerprint is SHA256:0RuYPQKtN7rorIw2DzqwghmrXPjqwtIqexnr3fxs9EU.
RSA key fingerprint is MD5:88:8e:8b:77:89:ea:18:4b:f4:9f:df:11:fa:e4:5f:bd.
Are you sure you want to continue connecting (yes/no)? yes #确认
Warning: Permanently added '[localhost]:32771' (RSA) to the list of known hosts.
root@localhost's password: #输入密码
[root@183354346cd7 ~]# #成功远程登录容器
2.如何在ssh中使用systemctl命令
[root@183354346cd7 ~]# systemctl status ssh
Failed to get D-Bus connection: Operation not permitted
#这时候在ssh中是无法使用systemctl服务的,我们需要
[root@server1 ~]# mkdir systemctl
[root@server1 ~]# cd systemctl/
[root@server1 systemctl]# vim Dockerfile
FROM sshd:new
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME ["/sys/fs/cgroup"] #创建数据卷,为了挂载宿主系统指定目录共享内容
CMD ["/usr/sbin/init"] #进行初始化
[root@server1 systemctl]# docker build -t systemd:new .
[root@server1 systemctl]# docker run --privileged -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro systemd:new /sbin/init & #--privileged代表在容器内拥有真正的root权限,不然会被降权。挂载之后给只读权限
[5] 119361
[root@server1 systemctl]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0caa26309cb7 systemd:new "/sbin/init" About a minute ago Up About a minute 22/tcp optimistic_hamilton
183354346cd7 sshd:new "/usr/sbin/sshd -D" 13 minutes ago Up 13 minutes 0.0.0.0:32771->22/tcp cool_wu
[root@server1 systemctl]# docker exec -it 0caa26309cb7 bash
[root@0caa26309cb7 /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:sshd(8)
man:sshd_config(5)
[root@0caa26309cb7 /]# systemctl start sshd
[root@0caa26309cb7 /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)
Active: active (running) since Fri 2020-11-27 06:30:37 UTC; 7s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 51 (sshd)
CGroup: /docker/0caa26309cb78efc03597996f804332eea3ac8f9d967351feb89e14924cac5af/system.slice/sshd.service
└─51 /usr/sbin/sshd -D
Nov 27 06:30:37 0caa26309cb7 systemd[1]: Starting OpenSSH server daemon...
Nov 27 06:30:37 0caa26309cb7 sshd[51]: WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several problems.
Nov 27 06:30:37 0caa26309cb7 sshd[51]: Server listening on 0.0.0.0 port 22.
Nov 27 06:30:37 0caa26309cb7 systemd[1]: Started OpenSSH server daemon.
Nov 27 06:30:37 0caa26309cb7 sshd[51]: Server listening on :: port 22.
#这时候就可以执行systemctl命令了
二、使用Dockerfile部署nginx和tomcat
1.nginx
[root@server1 ~]# mkdir nginx/
[root@server1 ~]# cd nginx/
[root@server1 nginx]# vim Dockerfile
FROM centos:7
MAINTAINER this is nginx <ycx>
RUN yum -y install pcre-devel zlib-devel gcc gcc-c++ make
RUN useradd -M -s /sbin/nologin nginx
ADD nginx-1.12.2.tar.gz /usr/local/src
WORKDIR /usr/local/src
WORKDIR nginx-1.12.2
RUN ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module && make && make install
ENV PATH /usr/local/nginx/sbin:$PATH
EXPOSE 80
EXPOSE 443
RUN echo "daemon off;">>/usr/local/nginx/conf/nginx.conf
ADD run.sh /run.sh
RUN chmod 755 /run.sh
CMD ["/run.sh"]
[root@server1 nginx]# vim run.sh
#!/bin/bash
/usr/local/nginx/sbin/nginx
[root@server1 nginx]# docker build -t nginx:new . #制作镜像
[root@server1 nginx]# docker run -d -P nginx:new #启动镜像
670d2a4daffc6f3ced2507c4d3a6a0d6b26d0a49e75adb307c888b30192eb4dc
[root@server1 nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
670d2a4daffc nginx:new "/run.sh" 8 seconds ago Up 7 seconds 0.0.0.0:32773->80/tcp, 0.0.0.0:32772->443/tcp zen_thompson
0caa26309cb7 systemd:new "/sbin/init" 23 minutes ago Up 23 minutes 22/tcp optimistic_hamilton
183354346cd7 sshd:new "/usr/sbin/sshd -D" 35 minutes ago Up 35 minutes 0.0.0.0:32771->22/tcp cool_wu
#可以访问nginx了
2.tomcat
[root@server1 ~]# mkdir tomcat/
[root@server1 ~]# cd tomcat/
[root@server1 tomcat]# vim Dockerfile
FROM centos:7
MAINTAINER this is tomcat <ycx>
ADD jdk-8u91-linux-x64.tar.gz /usr/local
WORKDIR /usr/local/
RUN mv jdk1.8.0_91 /usr/local/java
ENV JAVA_HOME /usr/local/java
ENV JAVA_BIN /usr/local/java/bin
ENV JRE_HOME /usr/local/java/jre
ENV PATH $PATH:/usr/local/java/bin:/usr/local/java/jre/bin
ENV CLASSPATH /usr/local/java/jre/bin:/usr/local/java/lib:/usr/local/java/jre/lib/charsets.jar
ADD apache-tomcat-8.5.16.tar.gz /usr/local
WORKDIR /usr/local/
RUN mv apache-tomcat-8.5.16 /usr/local/tomcat8
EXPOSE 8080
ENTRYPOINT ["/usr/local/tomcat8/bin/catalina.sh","run"]
[root@server1 tomcat]# docker build -t tomcat:new .
[root@server1 tomcat]# docker run -d --name tomcatycx -p 1216:8080 tomcat:new
d96c37673bee8768cf2d900cde95bf00abf7facab01e46642728f7596f93adb7
[root@server1 tomcat]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d96c37673bee tomcat:new "/usr/local/tomcat8/…" 10 seconds ago Up 9 seconds 0.0.0.0:1216->8080/tcp tomcatycx
29e628063dbf c5bf437e4995 "/bin/sh -c 'mv jdk1…" 3 minutes ago Exited (1) 3 minutes ago sad_curran
注意:外部的CMD命令可以覆盖Dockerfile中的CMD,而外部的CMD命令无法覆盖Dockerfile中的ENTRYPOINT,只能作为参数
验证
3.mysql
[root@server1 ~]# mkdir mysql && cd mysql
[root@server1 mysql]# vim Dockerfile
FROM centos:7
MAINTAINER ycx
RUN yum -y update
RUN yum -y install ncurses ncurses-devel bison cmake make gcc gcc-c++
RUN groupadd mysql
RUN useradd -M -s /sbin/nologin mysql -g mysql
ADD mysql-boost-5.7.20.tar.gz /usr/local/src
WORKDIR /usr/local/src/mysql-5.7.20
RUN cmake \
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
-DSYSCONFDIR=/etc \
-DSYSTEMD_PID_DIR=/usr/local/mysql \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DMYSQL_DATADIR=/usr/local/mysql/data \
-DWITH_BOOST=boost \
-DWITH_SYSTEMD=1 && make && make install
RUN chown -R mysql:mysql /usr/local/mysql
RUN rm -rf /etc/my.cnf
ADD my.cnf /etc/my.cnf
RUN chown mysql:mysql /etc/my.cnf
ENV PATH $PATH:/usr/local/mysql/bin:/usr/local/mysql/lib
RUN /usr/local/mysql/bin/mysqld \
--initialize-insecure \
--user=mysql \
--basedir=/usr/local/mysql \
--datadir=/usr/local/mysql/data
EXPOSE 3306
RUN cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/
ADD run.sh /run.sh
RUN sh /run.sh
CMD ["/usr/sbin/init"]
[root@localhost mysql]# vim run.sh
#!/bin/bash
systemctl enable mysqld
[root@server1 mysql]# vim my.cnf
[client]
port = 3306
default-character-set=utf8
socket = /usr/local/mysql/mysql.sock
[mysql]
port = 3306
default-character-set=utf8
socket = /usr/local/mysql/mysql.sock
[mysqld]
user = mysql
basedir = /usr/local/mysql
datadir = /usr/local/mysql/data
port = 3306
character_set_server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket = /usr/local/mysql/mysql.sock
server-id = 1
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
[root@server1 mysql]# docker build -t mysql:new .
[root@server1 mysql]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql new 4721d742be41 About an hour ago 10GB
[root@server1 mysql]# docker run --name=mysql_server -d -P --privileged mysql:new
[root@server1 mysql]# docker exec -it f94fd8b41b57 /bin/bash
[root@f94fd8b41b57 mysql-5.7.20]# grant all privileges on *.* to 'root'@'%' identified by 'abc123';
[root@f94fd8b41b57 mysql-5.7.20]# grant all privileges on *.* to 'root'@'localhost' identified by 'abc123';
#可以直接在宿主机远程连接容器内的MySQL数据库了