一般情况下,Linux系统管理员通过SSH服务来管理操作系统,但Docker的很多镜像是不带SSH服务的,那么我们怎样才能管理操作系统呢?在第一部分中我们介绍了一些进入容器的办法,比如用attach、exec等命令,但是这些命令都无法解决远程管理容器的问题。因此,当读者需要远程登录到容器内进行一些操作的时候,就需要SSH的支持了。
1、基于commit创建
# sudo docker run -it ubuntu:14.04 /bin/bash (以Ubuntu14.04为例创建一个容器)
# sshd (bash: sshd: command not found)
# apt-get install openssh-server (安装openssh-server)
# apt-get update (更新apt)
# vi /etc/apt/sources.list.d/163.list (创建镜像源)
添加:
deb http://mirrors.163.com/ubuntu/ trusty main restricted universemultiverse
deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse
# apt-get install openssh-server (安装服务)
# mkdir -p /var/run/sshd (要正常启动SSH服务,需要目录/var/run/sshd存在)
# /usr/sbin/sshd -D & (启动服务)
# netstat -tunlp (查看容器的22端口(SSH服务默认监听的端口),已经处于监听状态)
# sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd (修改SSH服务的安全登录配置,取消pam登录限制)
# mkdir root/.ssh
# vi /root/.ssh/authorized_keys
在root用户目录下创建.ssh目录,并复制需要登录的公钥信息(一般为本地主机用户目录下的.ssh/id_rsa.pub文件,可由ssh-keygen-t rsa命令生成)到authorized_keys文件中:
# vi /run.sh
# chmod +x run.sh
run.sh脚本内容如下:
#!/bin/bash
/usr/sbin/sshd -D
# exit
# docker commit 容器id sshd:ubuntu
2、使用dockerFile创建
在宿主主机上生成SSH密钥对,并创建authorized_keys文件:
# ssh-keygen -t rsa
# cat ~/.ssh/id_rsa.pub >authorized_keys
# vi /run.sh
# chmod +x run.sh
run.sh脚本内容如下:
#!/bin/bash
/usr/sbin/sshd -D
# vi dockerfile
FROM ubuntu:14.04
#提供一些作者的信息
MAINTAINER from wu-wu
#下面开始运行命令,此处更改ubuntu的源为国内163的源
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty main restricted universe multiverse" > /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.163.com/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN apt-get update
#安装ssh服务
RUN apt-get install -y openssh-server
RUN mkdir -p /var/run/sshd
RUN mkdir -p /root/.ssh
#取消pam限制
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
#复制配置文件到相应位置,并赋予脚本可执行权限
ADD authorized_keys /root/.ssh/authorized_keys
ADD run.sh /run.sh
RUN chmod 755 /run.sh
#开放端口
EXPOSE 22
#设置自启动命令
CMD ["/run.sh"]
# docker build -t sshd:dockerfile . (构建镜像)