Docker Dockerfile Docker容器对外的22端口的监听_dockerfile 22端口

什么是Dockerfile

由于Docker官网公共仓库镜像大多不完整，无法真正满足企业的生产环境系统，此时需要我们自行定制镜像或者重新打包镜像。

Docker镜像制作是管理员的必备工作之一，Docker镜像制作的方法主要有两种，制作方法如下：

1. Docker commit|export将新容器提交至Images列表
2. 编写Dockerfile，bulid新的镜像至镜像列表

Dockerfile正是用来构建Docker镜像的构建文件，是由一系列的命令和参数构成的脚本，Dokcerfle的构建步骤

(1）编写Dokcerfle文件（2）docker buld 生成新的镜像（3）docker run 运行镜像      https://hub.docker.com/

Docker file制作过程解析

基础知识

1，每条保留字指令影必须为大写字母后面要眼随至少一个参数

2，指令从上到下顺序执行

3，#表示注释

4，每条指令都会创建一个新的镜像层，并对镜像提交

大致流程

1，docker从基础镜像运行一个容器

2，执行一条指令并对容器进行修改

3，执行类似于docker commit的操作提文一个新的镜像，

4，docker再基于刚提交的新的镜像运行一个新的容器

5，执行Dockerfile的下一个指令再从执行第2点直到没有指令

基于Centos7镜像制作开放22端口开ssh服务登入Centos7

[root@localhost ssh]# chmod 600 ssh_host_ed25519_key
[root@localhost ssh]# cp ssh_host_ed25519_key /test/
[root@localhost ssh]# chmod 600 ssh_host_ecdsa_key
[root@localhost ssh]# cp ssh_host_ecdsa_key /test/
[root@localhost ssh]# chmod 600 ssh_host_rsa_key
[root@localhost ssh]# cp ssh_host_rsa_key /test/
[root@localhost docker]# tar -czf  ssh.tar ssh*
[root@localhost docker]# ll
total 20
-rw-r--r-- 1 root root  394 Jul 23 20:58 Dockerfile
-rw------- 1 root root  227 Jul 23 15:29 ssh_host_ecdsa_key
-rw------- 1 root root  387 Jul 23 15:29 ssh_host_ed25519_key
-rw------- 1 root root 1675 Jul 23 15:29 ssh_host_rsa_key
-rw-r--r-- 1 root root 1829 Jul 23 15:31 ssh.tar
 
 
 
[root@localhost docker]# cat Dockerfile 
FROM ansible/centos7-ansible
MAINTAINER complicated
RUN echo 12345 |passwd --stdin root &&\ 
    yum install net-tools openssh-server -y &&\ 
    rm -rf  /etc/yum.repos.d/epel* 
 
ADD ssh.tar /etc/ssh
 
RUN  sed -i '/DNS/s/#//g' /etc/ssh/sshd_config &&\
     sed -i '/DNS/s/yes/no/g'   /etc/ssh/sshd_config &&\
     /usr/sbin/sshd 
 
EXPOSE 22
WORKDIR /root
 
CMD /usr/sbin/sshd;/bin/bash
 
 
[root@localhost docker]# docker build -t coten7-ssh-v1 .
 
 
[root@localhost docker]# docker images
REPOSITORY                TAG                 IMAGE ID            CREATED              SIZE
coten7-ssh-v1             latest              3c72505e3d2a        About a minute ago   573MB
ansible/centos7-ansible   latest              688353a31fde        3 years ago          447MB
 
[root@localhost docker]# docker run -itd coten7-ssh-v1 
23d2beae2b00d326c8baab44a5806260cf78db63ffd1662b0816b77d0852ad80
 
[root@localhost docker]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
23d2beae2b00        coten7-ssh-v1       "/bin/sh -c /usr/sbi…"   8 seconds ago       Up 8 seconds        22/tcp              wizardly_hugle
 
 
[root@localhost docker]# docker exec -it 23d2beae2b00 /bin/bash
[root@23d2beae2b00 ~]# netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      7/sshd              
tcp6       0      0 :::22                   :::*                    LISTEN      7/sshd 
 
 
[root@localhost docker]# docker inspect 23d2beae2b00 | grep -i ipaddr | tail -1
                    "IPAddress": "192.168.179.1",
 
 
#使用shell去登入
Connecting to 192.168.179.1:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
 
WARNING! The remote SSH server rejected X11 forwarding request.
Last failed login: Thu Jul 23 13:18:21 UTC 2020 from 192.168.179.4 on ssh:notty
There were 2 failed login attempts since the last successful login.
[root@23d2beae2b00 ~]# 

开放22端口并且配置容器和宿主机免密登入

[root@www ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:t16JQoHMQNlQapgpQFfRkNHttXzRM+rZzouWh4pbBr0 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|o. o=XO .     .  |
|. .+.*.+ . . . + |
|. + o + o o . o o|
| . .     o.o o   |
|        S...o o  |
|       . ..o.+ . |
|        . oEo =  |
|         o+. +.+ |
|         oo.o....|
+----[SHA256]-----+
[root@www ~]# ll .ssh/
total 12
-rw------- 1 root root 1679 Jul 25 19:35 id_rsa
-rw-r--r-- 1 root root  402 Jul 25 19:35 id_rsa.pub   --私钥
-rw-r--r-- 1 root root  172 Jul 25 21:25 known_hosts  --公钥
#公钥要传给容器，或者制作dockerfile，这样宿主机ssh登入容器才能免密码登入
[root@www ~]# cp .ssh/id_rsa.pub /docker/
[root@www docker]# ll
total 24
-rw-r--r-- 1 root root  385 Jul 25 21:21 Dockerfile
-rw-r--r-- 1 root root  402 Jul 25 19:36 id_rsa.pub
-rw------- 1 root root  227 Jul 25 21:14 ssh_host_ecdsa_key
-rw------- 1 root root  387 Jul 25 21:13 ssh_host_ed25519_key
-rw------- 1 root root 1679 Jul 25 21:14 ssh_host_rsa_key
-rw-r--r-- 1 root root 1833 Jul 25 21:15 ssh.tar
[root@www docker]# cat Dockerfile 
FROM ansible/centos7-ansible
MAINTAINER Complicated
RUN echo 123456 | passwd --stdin root &&\
    yum install net-tools openssh-server -y 
ADD ssh.tar /etc/ssh
RUN  sed -i '/DNS/s/#//g' /etc/ssh/sshd_config &&\
     sed -i '/DNS/s/yes/no/g'   /etc/ssh/sshd_config &&\
     mkdir -p /root/.ssh
COPY id_rsa.pub /root/.ssh/authorized_keys
WORKDIR /root
CMD /usr/sbin/sshd;/bin/bash

[root@www ~]# docker run -itd --name os1 --privileged -p 6522:22 centos7-ssh:v2 
8b047b9db23701025f10f8364894d1170f065fe7398fd0f4b331451725f5d0d2
 
[root@www ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
8b047b9db237        centos7-ssh:v2      "/bin/sh -c /usr/sbi??   2 seconds ago       Up 2 seconds        0.0.0.0:6522->22/tcp   os1
[root@www ~]# docker exec 8b047 netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      7/sshd              
tcp6       0      0 :::22                   :::*                    LISTEN      7/sshd    
[root@www ~]# docker exec 8b047  ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 8  bytes 648 (648.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@www ~]#  ssh -l root 172.17.0.2 
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:f+ZyP4Ec4dPDSYUXXrhZPdSIkrNyh2M+ALTi77N+vdY.
ECDSA key fingerprint is MD5:fd:3a:e0:d3:6a:37:01:44:19:8e:ff:cf:29:c0:c4:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
[root@8b047b9db237 ~]# exit
logout
Connection to 172.17.0.2 closed.
[root@www ~]#  ssh -l root 172.17.0.2 
Last login: Sat Jul 25 13:25:04 2020 from 172.17.0.1