使用docker commit创建带ssh服务的基础镜像

第一步：pull一个ubuntu:14:04镜像

[root@localhost ~]# docker pull ubuntu:14.04
14.04: Pulling from library/ubuntu
01a4f8387457: Pull complete
c887940e680c: Pull complete
5432573ac160: Pull complete
027ee9a9665e: Pull complete
5611db80430d: Pull complete
Digest: sha256:3ed36e21dd87806fa6d92f91ae1a172d6b4f76b3471eef09dd847c6110a180b6
Status: Downloaded newer image for ubuntu:14.04
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ubuntu              14.04               d6ed29ffda6b        4 days ago          221MB
tomcat              latest              11df4b40749f        7 days ago          557MB
adminer             <none>              faa9618a39a6        2 weeks ago         58.8MB
mysql               latest              5709795eeffa        2 weeks ago         408MB
hello-world         latest              725dcfab7d63        2 weeks ago         1.84kB
clearlinux          latest              32685d114002        2 weeks ago         62.5MB
alpine              latest              053cde6e8953        2 weeks ago         3.96MB

第二步：创建一个容器并进入容器

[root@localhost ~]# docker run -ti ubuntu:14.04  /bin/bash
root@e8dccc52cb96:/#

第三步：apt-get update更新软件源信息

root@e8dccc52cb96:/# apt-get update
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]      
Ign http://archive.ubuntu.com trusty InRelease                            
Get:2 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB]
Get:3 http://security.ubuntu.com trusty-security/universe Sources [79.5 kB]
Get:4 http://archive.ubuntu.com trusty-backports InRelease [65.9 kB]           
Get:5 http://archive.ubuntu.com trusty Release.gpg [933 B]                     
Get:6 http://security.ubuntu.com trusty-security/main amd64 Packages [857 kB]
Get:7 http://archive.ubuntu.com trusty-updates/universe Sources [244 kB]
Get:8 http://security.ubuntu.com trusty-security/restricted amd64 Packages [18.0 kB]
Get:9 http://archive.ubuntu.com trusty-updates/main amd64 Packages [1291 kB]
Get:10 http://security.ubuntu.com trusty-security/universe amd64 Packages [248 kB]
Get:11 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [4716 B]
Get:12 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [21.4 kB]
Get:13 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [560 kB]
Get:14 http://archive.ubuntu.com trusty-updates/multiverse amd64 Packages [16.3 kB]
Get:15 http://archive.ubuntu.com trusty-backports/main amd64 Packages [14.7 kB]
Get:16 http://archive.ubuntu.com trusty-backports/restricted amd64 Packages [40 B]
Get:17 http://archive.ubuntu.com trusty-backports/universe amd64 Packages [52.5 kB]
Get:18 http://archive.ubuntu.com trusty-backports/multiverse amd64 Packages [1392 B]
Get:19 http://archive.ubuntu.com trusty Release [58.5 kB]                      
Get:20 http://archive.ubuntu.com trusty/universe Sources [7926 kB]             
Get:21 http://archive.ubuntu.com trusty/main amd64 Packages [1743 kB]          
Get:22 http://archive.ubuntu.com trusty/restricted amd64 Packages [16.0 kB]    
Get:23 http://archive.ubuntu.com trusty/universe amd64 Packages [7589 kB]      
Get:24 http://archive.ubuntu.com trusty/multiverse amd64 Packages [169 kB]     
Fetched 21.1 MB in 17s (1206 kB/s)                                             
Reading package lists... Done

第四步：安装ssh服务openssh-server

root@e8dccc52cb96:/# apt-get install openssh-server
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  ca-certificates krb5-locales libck-connector0 libedit2 libgssapi-krb5-2
  libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0
  libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libwrap0 libx11-6
  libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 ncurses-term
  openssh-client openssh-sftp-server openssl python python-chardet
  python-minimal python-requests python-six python-urllib3 python2.7
  python2.7-minimal ssh-import-id tcpd wget xauth
Suggested packages:
  krb5-doc krb5-user ssh-askpass libpam-ssh keychain monkeysphere rssh
  molly-guard ufw python-doc python-tk python2.7-doc binutils binfmt-support
The following NEW packages will be installed:
  ca-certificates krb5-locales libck-connector0 libedit2 libgssapi-krb5-2
  libidn11 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0
  libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libwrap0 libx11-6
  libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 ncurses-term
  openssh-client openssh-server openssh-sftp-server openssl python
  python-chardet python-minimal python-requests python-six python-urllib3
  python2.7 python2.7-minimal ssh-import-id tcpd wget xauth
0 upgraded, 38 newly installed, 0 to remove and 2 not upgraded.
Need to get 7592 kB of archives.
After this operation, 35.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

第五步：手动创建/var/run/sshd目录，并启动sshd服务

root@e8dccc52cb96:/# mkdir -p /var/run/sshd
root@e8dccc52cb96:/# /usr/sbin/sshd -D &
[1] 3015
root@e8dccc52cb96:/# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3015/sshd       
tcp6       0      0 :::22                   :::*                    LISTEN      3015/sshd

第六步：在宿主机下生成公钥信息，公钥信息保存到文件/root/.ssh/id_rsa.pub中，使用ssh-keygen工具都默认下一步。

[root@localhost .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
28:e6:c8:54:25:d7:f1:4f:41:84:a0:39:0c:a2:b7:66 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|  . o o.oo ++    |
| . . * o...  .   |
|. . . =   . .    |
| . o   o   o     |
|  E o . S   .    |
| = + .           |
|  o .            |
|                 |
|                 |
+-----------------+

第七步：查看公钥信息

[root@localhost .ssh]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBXLx/qrI3hUtYSssRSSrIMLMQpNwlzA99cT2vB+GgcgyJT0pQZydSvXZwve2bYA95xHDJJRxM3fZK5W86nVUtYVU34GG28dRePvbN40EFFeCbrrAbgM+XhbfoWDwLJhQy9bz9CZ2LcODOPZnqK6H77y7xDuy38/9iNln+AErgQ4fAFRMRBacetpKGokkWDjaKQvW8a7f940yUqr2jGiC9l0KVVd/VPw5i5U7HVOnZ0ZwlPEuXUj7zxAOW6aXLeMJ6IrFS4Zg0WUm0CpH6Krq8V+JZsIjqaxk4UF4ymp7TTVbyB+TG9/uSUMyRnga3p5HdYA4TBLXAlq6KM+Gg6GUx [email protected]

第八步：将以上公钥信息保存到容器的/root/.ssh/authorized_keys中

root@e8dccc52cb96:~/.ssh# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBXLx/qrI3hUtYSssRSSrIMLMQpNwlzA99cT2vB+GgcgyJT0pQZydSvXZwve2bYA95xHDJJRxM3fZK5W86nVUtYVU34GG28dRePvbN40EFFeCbrrAbgM+XhbfoWDwLJhQy9bz9CZ2LcODOPZnqK6H77y7xDuy38/9iNln+AErgQ4fAFRMRBacetpKGokkWDjaKQvW8a7f940yUqr2jGiC9l0KVVd/VPw5i5U7HVOnZ0ZwlPEuXUj7zxAOW6aXLeMJ6IrFS4Zg0WUm0CpH6Krq8V+JZsIjqaxk4UF4ymp7TTVbyB+TG9/uSUMyRnga3p5HdYA4TBLXAlq6KM+Gg6GUx [email protected]

第九步：修改SSH服务安全登录配置，取消pam限制

sed -ri 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/g' /etc/pam.d/sshd

第十步：创建自启动SSH服务的可执行文件run.sh,并添加可执行权限

root@e8dccc52cb96:~/.ssh# vi /run.sh
root@e8dccc52cb96:~/.ssh# cat /run.sh
#!/bin/bash
/usr/sbin/sshd -D
root@e8dccc52cb96:~/.ssh# chmod +x /run.sh
root@e8dccc52cb96:~/.ssh# exit

第十一步：保存镜像

[root@localhost ~]# docker commit e8d sshd:ubuntu
sha256:ac3169fe4fcf6a0cfbd2a6a50fd11ef12d3c584122d0657a4acbf3695fc26521
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
sshd                ubuntu              ac3169fe4fcf        7 seconds ago       284MB
ubuntu              14.04               d6ed29ffda6b        4 days ago          221MB
tomcat              latest              11df4b40749f        7 days ago          557MB
adminer             <none>              faa9618a39a6        2 weeks ago         58.8MB
mysql               latest              5709795eeffa        2 weeks ago         408MB
hello-world         latest              725dcfab7d63        2 weeks ago         1.84kB
clearlinux          latest              32685d114002        2 weeks ago         62.5MB
alpine              latest              053cde6e8953        2 weeks ago         3.96MB

第十二步：验证创建的镜像是否成功

[root@localhost ~]# sudo docker  run -p 100:22  -d sshd:ubuntu /run.sh
a878a77a2de3bb12edb2cd8c8121a43221a411b255e4dd7cb530d217684ad26a
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                 NAMES
a878a77a2de3        sshd:ubuntu         "/run.sh"                16 seconds ago      Up 12 seconds       0.0.0.0:100->22/tcp   hardcore_boyd
3dcb19a519fe        adminer:latest      "entrypoint.sh doc..."   About an hour ago   Up About an hour    8080/tcp              mysql_adminer.1.2pz52p76jiykg8yqgjr6psgtp
a334bfbd2f37        mysql:latest        "docker-entrypoint..."   About an hour ago   Up About an hour    3306/tcp              mysql_db.1.diaxlly44nq1347uia3gnwo1q
[root@localhost ~]# ssh 192.168.0.107 -p 100
The authenticity of host '[192.168.0.107]:100 ([192.168.0.107]:100)' can't be established.
ECDSA key fingerprint is 08:b9:ed:00:c1:4b:44:42:04:08:15:6b:cd:1f:d4:89.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '[192.168.0.107]:100' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-98-generic x86_64)
* Documentation:  https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@a878a77a2de3:~#