使用Dockerfile创建ssh服务的镜像02

使用Dockerfile创建ssh服务的镜像02

1:创建工作目录---一个镜像的所有文件都放这个目录下

ubuntu@ubuntu:~$ mkdir sshd_ubuntu
ubuntu@ubuntu:~/sshd_ubuntu$ touch Dockerfile run.sh   #创建需要的文件
ubuntu@ubuntu:~/sshd_ubuntu$ ls
Dockerfile  run.sh

2:编写run.sh脚本和authorized_keys文件

ubuntu@ubuntu:~/sshd_ubuntu$ cat run.sh
#! /bin/bash
/usr/sbin/sshd -D

ubuntu@ubuntu:~/sshd_ubuntu$ ssh-keygen -trsa    #在宿主主机上生成ssh密钥对
ubuntu@ubuntu:~/sshd_ubuntu$ cat ~/.ssh/id_rsa.pub > authorized_keys   #生成authorized_keys文件

3：编写Dockerfile

ubuntu@ubuntu:~/sshd_ubuntu$ cat Dockerfile
        FROM ubuntu:18.04

        #提供一些作者的信息
        MAINTAINER docker_user (user@docker.com)

        #下面开始运行命令，此处更改ubuntu的源为国内163的源
        RUN echo  "deb http://mirrors.aliyun.com/ubuntu/ trusty main restricted universe multiverse" >  /etc/apt/sources.list
        RUN echo  "deb http://mirrors.aliyun.com/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list
        RUN echo  "deb http://mirrors.aliyun.com/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list
        RUN echo  "deb http://mirrors.aliyun.com/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list
        RUN echo  "deb http://mirrors.aliyun.com/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list
        RUN echo  "deb-src http://mirrors.aliyun.com/ubuntu/ trusty main restricted universe multiverse" >> /etc/apt/sources.list
        RUN echo  "deb-src http://mirrors.aliyun.com/ubuntu/ trusty-security main restricted universe multiverse" >> /etc/apt/sources.list
        RUN echo  "deb-src http://mirrors.aliyun.com/ubuntu/ trusty-updates main restricted universe multiverse" >> /etc/apt/sources.list
        RUN echo  "deb-src http://mirrors.aliyun.com/ubuntu/ trusty-proposed main restricted universe multiverse" >> /etc/apt/sources.list
        RUN echo  "deb-src http://mirrors.aliyun.com/ubuntu/ trusty-backports main restricted universe multiverse" >> /etc/apt/sources.list
        RUN apt-get update

        #安装 ssh 服务
        RUN apt-get install -y openssh-server
        RUN mkdir -p /var/run/sshd
        RUN mkdir -p /root/.ssh
        #取消pam限制
        RUN sed  -ri  's/session       required        pam_loginuid.so/#&/g' /etc/pam.d/sshd

        ADD authorized_keys /root/.ssh/authorized_keys
        ADD run.sh /run.sh
        RUN chmod 755 /run.sh

        #开放端口
        EXPOSE 22

        #设置自启动命令
        CMD ["/run.sh"]

4：创建镜像

ubuntu@ubuntu:~/sshd_ubuntu$ docker images    #查看当前镜像
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                ubuntu              3475b858b5b3        22 hours ago        209MB
mysql               latest              d435eee2caa5        3 days ago          456MB
ubuntu              18.04               775349758637        3 weeks ago         64.2MB
training/webapp     latest              6fae60ef3446        4 years ago         349MB

格式：格式：docker build [选项] <上下文路径/URL/->
ubuntu@ubuntu:~/sshd_ubuntu$ docker build  -f Dockerfile -t sshd:dockerfile  .　#注意这个.是指代上下文路劲

......
Step 20/20 : CMD ["/run.sh"]
 ---> Running in 5f04be8aac51
Removing intermediate container 5f04be8aac51
 ---> a5a0ca238063
Successfully built a5a0ca238063
Successfully tagged sshd:dockerfile  #表示成功

ubuntu@ubuntu:~/sshd_ubuntu$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                dockerfile          a5a0ca238063        25 seconds ago      149MB
sshd                ubuntu              3475b858b5b3        22 hours ago        209MB
mysql               latest              d435eee2caa5        3 days ago          456MB
ubuntu              18.04               775349758637        3 weeks ago         64.2MB
training/webapp     latest              6fae60ef3446        4 years ago         349MB
ubuntu@ubuntu:~/sshd_ubuntu$ docker run -d -p 10122:22  sshd:dockerfile
0ecd50a7ca0d908b4afcc4f61b2623e28a159d31d2881b017afee0c97f3dad91

ubuntu@ubuntu:~/sshd_ubuntu$ ssh root@192.168.43.97 -p 10122
The authenticity of host '[192.168.43.97]:10122 ([192.168.43.97]:10122)' can't be established.
ECDSA key fingerprint is SHA256:MJcMMQd7LgFTx51fUGDJOl/lLH++6mbrRloeiptPHJQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[192.168.43.97]:10122' (ECDSA) to the list of known hosts.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@0ecd50a7ca0d:~#

工作原理：docker build

Docker 在运行时分为 Docker 引擎（也就是服务端守护进程）和客户端工具。Docker 的引擎提供了一组 REST API，被称为 Docker Remote API，而如 docker 命令这样的客户端工具，则是通过这组 API 与 Docker 引擎交互，从而完成各种功能。因此，虽然表面上我们好像是在本机执行各种 docker 功能，但实际上，一切都是使用的远程调用形式在<b>服务端（Docker 引擎）</b>完成。也因为这种 C/S 设计，让我们操作远程服务器的 Docker 引擎变得轻而易举。

当我们进行镜像构建的时候，并非所有定制都会通过 RUN 指令完成，经常会需要将一些本地文件复制进镜像，比如通过 COPY 指令、ADD 指令等。而 docker build 命令构建镜像，其实并非在本地构建，而是在服务端，也就是 Docker 引擎中构建的。那么在这种客户端/服务端的架构中，如何才能让服务端获得本地文件呢？

这就引入了上下文的概念。当构建的时候，用户会指定构建镜像上下文的路径，docker build 命令得知这个路径后，会将路径下的所有内容打包，然后上传给 Docker 引擎。这样 Docker 引擎收到这个上下文包后，展开就会获得构建镜像所需的一切文件