Brief introduction
In general, Linux system administrator to manage the operating system through the SSH service, but many Mirror Docker is without SSH service, then how can we manage the operating system?
In the first part we introduce some way into the vessel, such as using the exec command, but these commands do not resolve the problem remotely manage the container. So when the reader needs to remotely log in to a container of some operations, it needs the support of the SSH.
This article describes how to create their own specific image with a SSH services, and details two ways to create a container: Create and based Dockerfile created based docker commit command.
Based commit to create
Docker provides a docker commit command, allowing users to submit their own modifications to the container, and generate a new image. The command format is docker commit CONTAINER [REPOSITORY [: TAG ]].
Here explains how to use docker commit command, add SSH service for ubuntu mirror.
Ready to work
First, ubuntu mirror to create a container:
[root@gavin /]# sudo docker run -it ubuntu /bin/bash
First, try using SSHD command, you will find that the container did not install the service:
root@c8178608e454:/# sshd
bash: sshd: command not found
At the same time, I also can not find the services they need to start SSH openssh-server package from apt source information manager software. This is because the official Ubuntu mirror package does not contain cache files:
root@c8178608e454:/# apt-get install openssh-server Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package openssh-server
Below, I will demonstrate how to update the package cache, and install the SSHD service.
Configuration software source
Check the software source, and the source of information to update the software using apt-get update:
root@c8178608e454:/# apt-get update Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB] Get:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB] Get:4 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [4957 B] ... Fetched 14.4 MB in 36s (404 kB/s) Reading package lists... Done
Install and configure SSH service
After updating the package cache, already installed SSH service, and select mainstream openssh-server as a server. We can see the need to download and install a large number of dependent packages:
root@c8178608e454:/# apt-get install openssh-server ... done. Processing triggers for systemd (237-3ubuntu10.28) ...
To start the normal SSH service, you need a directory / var / run / sshd exist, create it manually, and start the service:
root@c8178608e454:/# mkdir -p /var/run/sshd root@c8178608e454:/# /usr/sbin/sshd -D &
Modify the security configuration of SSH login service, log on to cancel pam restrictions:
root@c8178608e454:/# sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
Create a user .ssh directory in the root directory, and copy the public key information needed to log in (usually .ssh / id_rsa.pub file in the local host user directory, by the ssh-keygen -t rsa command generates) to the authorized_keys file.
root@c8178608e454:/# mkdir root/.ssh
root@c8178608e454:/# vi /root/.ssh/authorized_keys
SSH service to start automatically create executable files run.sh, and add executable permissions:
root@c8178608e454:/# vi /run.sh
bash: vi: command not found
At this time, I found it impossible to use the vi command, because vim is not installed, use the following command to install:
root@c8178608e454:/# apt-get install vim Reading package lists... Done Building dependency tree Reading state information... Done ... Processing triggers for libc-bin (2.27-3ubuntu1) ...
SSH service to start automatically create executable files run.sh, and add executable permissions:
root@c8178608e454:/# vi /run.sh
root@c8178608e454:/# chmod +x run.sh
run.sh script reads as follows:
#!/bin/bash
/usr/sbin/sshd -D
If you want to log in as root, you need to modify / etc / ssh / sshd_config, making it possible to use direct root login:
vim /etc/ssh/sshd_config
/ Etc / ssh / sshd_config added as follows:
PermitRootLogin yes
UsePAM no
Set the root password:
root@c8178608e454:/# passwd root Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Finally, exit the container:
root@c8178608e454:/# exit
exit
Save image
The exit of the container with a docker commit command to save a new sshd: ubuntu Mirror:
[root@gavin /]# sudo docker commit c8178608e454 sshd:ubuntu sha256:00eb7bf408ece207efae9a349b8d36d15d0c9c858ccb013e05561230c9e5c2ab
Use docker images to view the new image sshd locally generated: ubuntu, now has a mirror as follows:
[root@gavin /]# sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE sshd ubuntu 00eb7bf408ec About a minute ago 243MB ubuntu latest a2a15febcdf3 2 weeks ago 64.2MB
Mirroring
Start container, and add the port mapping 10022--> 22. 10022 wherein the host is a host port, the SSH server is listening on port 22 of the container:
[root@gavin /]# sudo docker run -p 10022:22 -d sshd:ubuntu /run.sh ec6a0c53dc5790a569d1eb7b63866856748fc39285f13ffb57e66cfcf5adb061
After a successful start, you can see the details of the container running on the host Host:
[root@gavin /]# sudo docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ec6a0c53dc57 sshd:ubuntu "/run.sh" 44 seconds ago Up 43 seconds 0.0.0.0:10022->22/tcp focused_knuth
On the host host or other hosts can be accessed via SSH port 10022 to log container:
[root@gavin ~]# ssh 192.168.41.15 -p 10022 root@192.168.41.15's password: Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 3.10.0-957.el7.x86_64 x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage This system has been minimized by removing packages and content that are not required on a system that users do not log into. To restore this content, you can run the 'unminimize' command. Last login: Wed Sep 4 13:25:49 2019 from 192.168.41.15 root@bc419278a175:~#
Creating use Dockerfile
In the first part I have introduced the basics of Dockerfile, the following describes how to use Dockerfile to create a mirror image support SSH service.
Create a working directory
First, create a sshd_ubuntu working directory:
[root@gavin /]# mkdir sshd_ubuntu [root@gavin /]# cd sshd_ubuntu/ [root@gavin sshd_ubuntu]# touch Dockerfile run.sh [root@gavin sshd_ubuntu]# ls Dockerfile run.sh
Run.sh script written content is consistent with the previous section:
#!/bin/bash
/usr/sbin/sshd -D
Created on the host SSH host keys right, and create the authorized_keys file:
[root@gavin /]# ssh-keygen -t rsa
...
[root@gavin sshd_ubuntu]# cat ~/.ssh/id_rsa.pub >authorized_keys
Write Dockerfile
The following comments are Dockerfile content of each part, can be found, the comparison process to create an image utilizing docker commit command, operations performed are basically the same.
# Settings are inherited mirroring the FROM Ubuntu # provide some of the information MAINTAINER from [email protected] # configure software source RUN APT - GET Update # ssh service installed and configured RUN APT - GET install openssh- Server RUN mkdir -p / var / RUN / the sshd the RUN mkdir -p / the root / .ssh # pam restriction cancel the RUN Sed -ri ' S / required pam_loginuid.so/#session the session required pam_loginuid.so/g ' /etc/pam.d/ the sshd # copy files into the appropriate position, and given the script executable permissions to the ADD authorized_keys /root/.ssh/ authorized_keys the ADD run.sh / run.sh RUN chmod 755 / run.sh # open ports EXPOSE 22 # set from the start command CMD [ " /run.sh " ]
Create a mirror
In sshd_ubuntu directory, use the docker build command to create a mirror. Note, at last there is a ".", Using the current directory Dockerfile.
[root@gavin sshd_ubuntu]# sudo docker build -t sshd:dockerfile .
If readers use Dockerfile create custom images, you need to pay attention to is the Docker will automatically delete the temporary creation of the middle layer, also need to pay attention to the correspondence between Dockerfile every step of the operation and the writing of command.
Docker build execute command output reference as follows:
Sending build context to Docker daemon 4.608kB Step 1/12 : FROM ubuntu ---> a2a15febcdf3 Step 2/12 : MAINTAINER from [email protected] ---> Using cache ---> dc49243843b7 Step 3/12 : RUN apt-get update ---> Using cache ---> ce8282eea754 Step 4/12 : RUN apt-get install -y openssh-server ---> Running in 8ceb2d7d95fc Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: ca-certificates dbus dmsetup file gir1.2-glib-2.0 krb5-locales libapparmor1 libargon2-0 libbsd0 libcap2 libcryptsetup12 libdbus-1-3 libdevmapper1.02.1 libedit2 libexpat1 libgirepository-1.0-1 libglib2.0-0 libglib2.0-data libgssapi-krb5-2 libicu60 libidn11 libip4tc0 libjson-c3 libk5crypto3 libkeyutils1 libkmod2 libkrb5-3 libkrb5support0 libmagic-mgc libmagic1 libmpdec2 libnss-systemd libpam-systemd libpsl5 libpython3-stdlib libpython3.6-minimal libpython3.6-stdlib libreadline7 libsqlite3-0 libssl1.0.0 libssl1.1 libsystemd0 libwrap0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxmuu1 mime-support multiarch-support ncurses-term networkd-dispatcher openssh-client openssh-sftp-server openssl publicsuffix python3 python3-certifi python3-chardet python3-dbus python3-gi python3-idna python3-minimal python3-pkg-resources python3-requests python3-six python3-urllib3 python3.6 python3.6-minimal readline-common shared-mime-info ssh-import-id systemd systemd-sysv ucf wget xauth xdg-user-dirs xz-utils Suggested packages: default-dbus-session-bus | dbus-session-bus krb5-doc krb5-user iw | wireless-tools keychain libpam-ssh monkeysphere ssh-askpass molly-guard rssh ufw python3-doc python3-tk python3-venv python-dbus-doc python3-dbus-dbg python3-setuptools python3-cryptography python3-openssl python3-socks python3.6-venv python3.6-doc binutils binfmt-support readline-doc systemd-container policykit-1 The following NEW packages will be installed: ca-certificates dbus dmsetup file gir1.2-glib-2.0 krb5-locales libapparmor1 libargon2-0libbsd0 libcap2 libcryptsetup12 libdbus- 1 - 3 libdevmapper1. 02.1 libedit2 libexpat1 libgirepository - 1.0 - 1 libglib2. 0 - 0 libglib2. 0 - data libgssapi -krb5- 2 libicu60 libidn11 libip4tc0 libjson- c3 libk5crypto3 libkeyutils1 libkmod2 libkrb5 - 3 libkrb5support0 libmagic- mgc libmagic1 libmpdec2 libnss -systemd libpam-systemd libpsl5 libpython3- stdlib libpython3. 6 -Minimal libpython3. 6-stdlib libreadline7 libsqlite3-0 libssl1.0.0 libssl1.1 libwrap0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxml2 libxmuu1 mime-support multiarch-support ncurses-term networkd-dispatcher openssh-client openssh-server openssh-sftp-server openssl publicsuffix python3 python3-certifi python3-chardet python3-dbus python3-gi python3-idna python3-minimal python3-pkg-resources python3-requests python3-six python3-urllib3 python3.6 python3.6-minimal readline-common shared-mime-info ssh-import-id systemd systemd-sysv ucf wget xauth xdg-user-dirs xz-utils The following packages will be upgraded: libsystemd0 1 upgraded, 82 newly installed, 0 to remove and 14 not upgraded. Need to get 27.3 MB of archives. After this operation, 118 MB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libsystemd0 amd64 237-3ubuntu10.28 [204 kB] Get:2 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libssl1.1 amd64 1.1.1-1ubuntu2.1~18.04.4 [1300 kB] Get:3 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython3.6-minimal amd64 3.6.8-1~18.04.1 [533 kB] ... Successfully built 18f9de8b84b7 Successfully tagged sshd:dockerfile
After the command is completed, if the visible word "Successfully built xxx", then the image has been created. Can be seen, the above commands are generated image ID 18f9de8b84b7.
View sshd locally: dockerfile mirror already exists:
[root@gavin sshd_ubuntu]# sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE sshd dockerfile 18f9de8b84b7 5 minutes ago 207MB
Mirror test run container
Use just created sshd: dockerfile mirror to run a container. Direct boot image, the mapping 22 of the container port 10122 to the local port:
[root@gavin sshd_ubuntu]# sudo docker run -d -p 10122:22 sshd:dockerfile 177ebf24952b871bd5de74a665d1bf962859f6f453e18c5d6b038df7be6c47ba [root@gavin sshd_ubuntu]# sudo docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 177ebf24952b sshd:dockerfile "/run.sh" 4 seconds ago Up 3 seconds 0.0.0.0:10122->22/tcp vigorous_matsumoto
Opening a new terminal in the host, the new container is connected to:
[root@gavin sshd_ubuntu]# ssh 192.168.41.15 -p 10122 Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 3.10.0-957.el7.x86_64 x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage This system has been minimized by removing packages and content that are not required on a system that users do not log into. To restore this content, you can run the 'unminimize' command. Last login: Thu Sep 5 14:02:46 2019 from 192.168.41.15 root@177ebf24952b:~#
Effects consistent with the previous one, mirroring created.
This article is my record Docker learning, content reference from "Docker technology introduction and practical"