这样我们进入容器中检查一下这个页面文件是否存在
[root@localhost apache]# docker exec -it test /bin/bash [root@b7ec122849c6 /]# cat /var/www/html/index.html <h1>this is docker httpd web</h1>那么此时我们可以通过浏览器访问宿主机ip地址结合端口号(32768)来访问网站,结果如下:
下面的案例构建就直接给出Dockerfile和构建测试命令了。主要介绍其中的关键点。
2、构建sshd镜像 mkdir sshd cd sshd #sshd服务的镜像构建——基于Dockerfile #首先先下载基础镜像centos,创建对应的工作目录 #开始编写nginx的Dockerfile #第一步:基础镜像 FROM centos:7 #第二步:维护者信息 MAINTAINER lokott@123.com #第三步:指令集 RUN yum -y update RUN yum -y install openssh* net-tools lsof telnet passwd RUN echo '123123' | passwd --stdin root #不以PAM认证登录而是以密钥对登录(非对称密钥),即禁用ssh的PAM认证 RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key #禁用ssh中PAM会话模块 RUN sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd #创建ssh工作目录和权限设置 RUN mkdir -p /root/.ssh && chown root:root /root && chmod 700 /root/.ssh #开放22端口 EXPOSE 22 #第四步:启动容器时执行指令 CMD ["/usr/sbin/sshd","-D"]构建镜像和运行容器
[root@localhost sshd]# docker build -t sshd:new . [root@localhost sshd]# docker run -d -P sshd:new c7991648efebd192eb29f1d4e3503e47e0581f55381ff7a23e545041ef5d3e67 [root@localhost sshd]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c7991648efeb sshd:new "/usr/sbin/sshd -D" 20 seconds ago Up 20 seconds 0.0.0.0:32769->22/tcp jolly_ishizaka b7ec122849c6 httpd:new "/run.sh" 20 minutes ago Up 20 minutes 0.0.0.0:32768->80/tcp test测试
[root@localhost sshd]# ssh 20.0.0.149 -p 32769 The authenticity of host '[20.0.0.149]:32769 ([20.0.0.149]:32769)' can't be established. RSA key fingerprint is SHA256:XLezVGFvOKIKW3fTBD0sIE9rsdz4021taphmcCo8IJM. RSA key fingerprint is MD5:1e:86:94:2a:f5:a3:6c:e2:b4:b1:e4:50:9c:ad:8e:fb. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[20.0.0.149]:32769' (RSA) to the list of known hosts. root@20.0.0.149's password: [root@c7991648efeb ~]# exit logout Connection to 20.0.0.149 closed.此时我们登录该容器(ssh或者docker exec命令)查看sshd服务的状态(但是systemctl无法使用)
[root@c7991648efeb ~]# systemctl status sshd Failed to get D-Bus connection: Operation not permitted一则我们可以使用下面的命令使用该命令,二则我们可以基于上面构建的镜像作为基础镜像构建systemctl的镜像来测试验证。
[root@localhost sshd]# docker run --privileged -itd -P sshd:new /usr/sbin/init 8dafa05dc12fc02f91dce93c6ab3085ab55eff1ee6b18c24731205e5c2ed37a9 [root@localhost sshd]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8dafa05dc12f sshd:new "/usr/sbin/init" 3 seconds ago Up 3 seconds 0.0.0.0:32770->22/tcp hardcore_mccarthy c7991648efeb sshd:new "/usr/sbin/sshd -D" 20 minutes ago Up 20 minutes 0.0.0.0:32769->22/tcp jolly_ishizaka b7ec122849c6 httpd:new "/run.sh" 40 minutes ago Up 40 minutes 0.0.0.0:32768->80/tcp test [root@localhost sshd]# ssh 20.0.0.149 -p 32770 The authenticity of host '[20.0.0.149]:32770 ([20.0.0.149]:32770)' can't be established. ECDSA key fingerprint is SHA256:LU81jNjOCKaiWrCsxTLPmx+YsUMVOBa2rG/XLXQsv9E. ECDSA key fingerprint is MD5:03:15:aa:8a:65:8a:cc:b4:fb:66:f8:f6:6c:89:84:7b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[20.0.0.149]:32770' (ECDSA) to the list of known hosts. root@20.0.0.149's password: [root@8dafa05dc12f ~]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-04-22 02:28:49 UTC; 33s ago Docs: man:sshd(8) man:sshd_config(5)--privileged表示提权,使得容器真正具备root的权限
3、构建systemctl镜像 mkdir systemctl cd systemctl创建Dockerfile