利用dockerfile封装centos7容器并启用SSH服务
封装过程
- 1.编写 dockerfile 用于封装一个自定义的 centos7 镜像
注1:若构建过程执行 yum install 报错 Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY,可添加 --nogpgcheck
cat > /opt/dockerfile-centos7.yml <<EOF
FROM centos:7
MAINTAINER sqlfans "78667417@qq.com"
#RUN yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#.配置时区及dns并更改yum源
ENV TZ Asia/Shanghai
RUN echo "nameserver 223.5.5.5" > /etc/resolv.conf
RUN rm -f /etc/yum.repos.d/*.repo
RUN curl -sL https://mirrors.cloud.tencent.com/repo/centos7_base.repo -o /etc/yum.repos.d/CentOS-Base.repo
RUN yum clean all && yum makecache
#.安装service及ssh服务
RUN yum install -y -q --nogpgcheck initscripts curl net-tools
RUN yum install -y -q --nogpgcheck openssh openssh-server openssh-clients openssl openssl-libs
#.修改port并启用root登录
RUN sed -i "s/#Port/Port/" /etc/ssh/sshd_config
RUN sed -i 's/^Port.*/Port 23245/g' /etc/ssh/sshd_config
RUN sed -i "s/#PermitRootLogin/PermitRootLogin/" /etc/ssh/sshd_config
RUN sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config
RUN sed -i "s/#ListenAddress/ListenAddress/" /etc/ssh/sshd_config
RUN sed -i 's/^ListenAddress.*/ListenAddress yes/g' /etc/ssh/sshd_config
RUN cat /etc/ssh/sshd_config | egrep "(^Port|^PermitRootLogin|^ListenAddress|^PasswordAuthentication)"
#.重启sshd服务
RUN ssh-keygen -A
RUN echo Admin_147 | passwd --stdin root
#RUN systemctl restart sshd.service
EXPOSE 23245
EOF
- 2.使用 docker build 构建基础镜像,耗时约 00:01:43,镜像大小约 731 MB(大小可能会变)
注2:执行 docker build 的命令最后有一个小数点,切不可丢失
time docker build -f /opt/dockerfile-centos7.yml -t centos7:7 .
docker images | grep centos
- 3.利用新的镜像启动centos7容器,并将ssh端口映射为23245(避免与主机ssh端口冲突)
注3:若在容器内使用systemctl报错 Failed to get D-Bus connection: Operation not permitted,可在启动容器添加 --privileged=true,同时将entrypoint设置为 /usr/sbin/init 即可
docker run -it -d -p 23245:23245 --privileged=true --name centos7 centos7:7 /usr/sbin/init
docker ps -a | grep centos
- 4.确认容器已启动、端口已监听
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7 7 eb4b1dccd9c2 50 minutes ago 1.26GB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c0bf43121df9 centos7:7 "/usr/sbin/init" 49 minutes ago Up 49 minutes 0.0.0.0:23245->23245/tcp, :::23245->23245/tcp centos7
[root@localhost ~]# netstat -lnpt | egrep "(22|23245)"
tcp 0 0 0.0.0.0:23245 0.0.0.0:* LISTEN 62350/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 1/init
tcp6 0 0 :::23245 :::* LISTEN 62356/docker-proxy
- 5.测试一下新的centos容器
注4:若在容器内使用systemctl报错 Failed to get D-Bus connection: No such file or directory,未解决
注5:在容器内执行 /usr/sbin/sshd -D 报错 bad addr or host: yes (Name or service not known),未解决
docker exec -it centos7 /bin/bash -c "/usr/sbin/ip a|grep inet"
docker exec -it centos7 /bin/bash -c "/usr/bin/netstat -lnpt|grep 23245"
docker exec -it centos7 /bin/bash -c "/usr/bin/systemctl status sshd.service"
docker exec -it centos7 /bin/bash -c "/usr/sbin/sshd -D"
- 6.测试ok,将新的容器导出为一个tar包,方便日后使用
docker save -o /opt/centos7_2025.tar centos7:7
后续工作
- 等需要的时候,在新的机器上导入该tar包并启动容器,别的机器通过端口23245、root密码Admin_147 就可以ssh登录一台纯净的centos容器(不会污染主机环境)
curl -sL http://iso.sqlfans.cn/docker/centos7_2025.tar -o /tmp/centos7_2025.tar
docker load -i /tmp/centos7.2025.tar
docker run -it -d -p 23245:23245 --privileged=true --name centos7 centos7:7 /usr/sbin/init
docker ps -a | grep centos
- 附:清理痕迹
docker stop $(docker ps -a | grep centos | awk '{print $1}')
docker rm $(docker ps -a | grep centos | awk '{print $1}')
docker rmi -f $(docker images -qf dangling=true)
docker rmi -f $(docker images | grep centos | awk '{print $3}')