Docker In Action<一> 制作可以SSH登录的docker容器服务指北

docker-logo
Docker官网 的示例中基本上采用的是Ubuntu来作为环境的,但大部分企业相比来说还是采用RedHat/CentOS 系列的比较多,故这里整理了一篇从yum源方式制作自己干净简单的Docker镜像开始,一步一步构建具有SSH功能,Java/Tomcat环境,用Supervisor来启动并监控服务,最后构建具有Oracle等企业应用服务的完整Docker镜像。

环境准备

Mac环境

我的电脑是Mac OS X,故使用brew来安装 Boot2docker 来运行docker,安装过程中会从亚马逊下载Boot2docker ISO镜像,需要用VPN翻墙。另前期需要安装好VirtuBox这个虚拟机软件。

启动boot2docker

1
2
3
4
MacBookPro:~ hzchenkj$boot2docker start #启动boot2dokcer,并根据提示设置环境变量
Waiting for VM and Docker daemon to start...
......
MacBookPro:~ hzchenkj$export DOCKER_HOST=tcp://192.168.59.103:2376

然后查看下docker的版本:

1
2
3
4
5
6
7
8
9
10
MacBookPro:hzchenkj$ docker  version
Client version: 1.3.0
Client API version: 1.15
Go version (client): go1.3.3
Git commit (client): c78088f
OS/Arch (client): darwin/amd64
Server version: 1.3.0
Server API version: 1.15
Go version (server): go1.3.3
Git commit (server): c78088f

Linux环境(CentOS)

1 配置epel yum,使用国内的repo访问速度比较快

1
2
3
4
cd /etc/yum.repos.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo 
#wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS6-Base-163.repo
rpm -ivh http://mirrors.aliyun.com/epel/6Server/x86_64/epel-release-6-8.noarch.rpm

2 yum更新

1
yum clean all && yum makecache && yum update -y

3 安装docker并启动docker服务

1
2
3
4
5
6
7
8
9
10
11
12
13
yum install docker-io
service docker start 
chkconfig docker on
docker version 
[root@master ~]# docker version
Client version: 1.1.2
Client API version: 1.13
Go version (client): go1.2.2
Git commit (client): d84a070/1.1.2
Server version: 1.1.2
Server API version: 1.13
Go version (server): go1.2.2
Git commit (server): d84a070/1.1.2

测试docker

1
2
3
#run a simple echo command, that will echo hello world back to the console over standard out.
$ docker run base /bin/echo hello world
hello world

看起来简单,但后台做了很多的事情:
1 Generated a new LXC container
2 Created a new file system
3 Mounted a read/write layer
4 Allocated network interface
5 Setup IP
6 Setup NATing
7 Executed the process in the container
8 Captured it’s output
9 Printed to screen

10 Stopped the container

构建CentOS基础镜像

使用 febootstrap 从yum源 构建简洁的CentOS 镜像 (由于Mac上没有febootstrap,在Linux环境上安装并制作基础镜像,然后导入到Mac上运行)

1
2
3
yum -y install febootstrap 
#centos6-image -i 参数制定需要安装的软件
febootstrap -i bash -i wget -i yum -i iputils -i iproute -i man -i vim-minimal centos65 centos65-image http://mirrors.aliyun.com/centos/6.5/os/x86_64/

制作Docker镜像,镜像名字是centos6-base

1
cd centos65-image && tar -c .|docker import - centos65-base

查看镜像列表

1
2
3
4
$docker images 
[root@master centos65-image]# docker  images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centos65-base       latest              0b1acae7bfea        18 seconds ago      292.3 MB

导出该基础镜像备份,可以使用save或者export命令

1
2
3
4
5
6
$docker save centos65-base > /tmp/centos65-base-save.tar
#最好能压缩下,保持空间最小
$tar zcvf centos65-base-save.tar.gz centos65-base-save.tar 
$docker export 6c5563 > /tmp/centos65-base-export.tar
#导出容器,6c5563是容器的id(不是镜像id),可以用docer ps -a 命令查看
$docker images --tree

export 导出的是容器当用所用的镜像内容.
save 保存的是所有这个镜像的版本记录,包括一些历史数据.

另外整理记录两个常用的命令:

1
2
$docker rm $(docker ps -q -a) 一次性删除所有的容器,
$docker rmi $(docker images -q) 一次性删除所有的镜像

到另外一台docker主机导入,此处是Mac环境

1
2
MacBookPro:~ hzchenkj$docker load < /tmp/centos65-base.tar
MacBookPro:~ hzchenkj$$docer images

构建CentOS SSH服务镜像

制作可以ssh登陆的Docker镜像,名字是centos6-ssh,先创建目录

1
2
mkdir  -p ~/docker/centos65-ssh
cd ~/docker/centos65-ssh

Dockerfile 创建文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#Dockerfile
FROM centos65-base
MAINTAINER hzchenkj <hzchenkj@163.com>
RUN rpm -ivh http://mirrors.aliyun.com/epel/6Server/x86_64/epel-release-6-8.noarch.rpm
RUN yum -y install openssh-server supervisor
RUN rm -rf /var/cache/yum/
RUN ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN sed -ri 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/g' /etc/pam.d/sshd
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh
RUN echo 'root:123456' | chpasswd
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ADD supervisord.conf /etc/supervisord.conf
EXPOSE 8080 22
CMD supervisord -c /etc/supervisord.conf

supervisord.conf 使用supervisord服务

1
2
3
4
[supervisord]
nodaemon=true
[program:sshd]
command=/usr/sbin/sshd -D

开始构建

1
2
3
4
5
6
7
8
9
10
11
12
[jun@master centos65-ssh]$docker build -t centos65-ssh ~/docker/centos65-ssh
#docker build -t centos65-ssh  - < ~/docker/centos65-ssh/ssh.Dockerfile
Sending build context to Docker daemon 4.096 kB
Sending build context to Docker daemon 
Step 0 : FROM centos65-base
 ---> 0b1acae7bfea
Step 1 : MAINTAINER hzchenkj <hzchenkj@163.com>
 ---> Running in fdac76e3148b
 ---> d927b5f78971
Removing intermediate container fdac76e3148b
Step 2 : RUN yum -y install openssh-server
 ---> Running in e3dcbd612317

可以看到centos65-ssh 镜像

1
2
3
4
[jun@master centos65-ssh]$ docker images 
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
centos65-ssh         latest              166d41113466        13 seconds ago      311.3 MB
centos65-base        latest              6f5454ae061a        6 minutes ago       311.3 MB

运行镜像centos65-ssh ,暴露端口(docker run -d -P centos65-ssh)

1
2
3
4
5
[jun@master centos65-ssh]$ docker run -d -p 127.0.0.1:33301:22 centos65-ssh
867187ab245f3edf79a4d422f9ac8be549baebf1367f7badfdf35de1c8005e1c
[jun@master centos65-ssh]$ docker  ps 
CONTAINER ID        IMAGE                 COMMAND                CREATED             STATUS              PORTS                               NAMES
867187ab245f        centos65-ssh:latest   /bin/sh -c 'supervis   3 seconds ago       Up 2 seconds        8080/tcp, 127.0.0.1:33301->22/tcp   elegant_wilson

ssh登陆容器:

1
2
3
4
5
6
7
[jun@master ~]$ ssh root@127.0.0.1 -p 33301
The authenticity of host '[127.0.0.1]:33301 ([127.0.0.1]:33301)' can't be established.
RSA key fingerprint is f4:f3:2c:21:a0:df:1e:00:a2:e0:e6:e4:ae:a1:0e:70.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[127.0.0.1]:33301' (RSA) to the list of known hosts.
root@127.0.0.1's password: 
-bash-4.1#

关闭容器

1
2
3
[jun@master centos65-ssh]$ docker  stop 867187ab245f
867187ab245f
[jun@master centos65-ssh]$

后面使用这个centos65-ssh 来做基础的镜像,来构建Tomcat和Oracle 镜像

评论