`
m635674608
  • 浏览: 5044317 次
  • 性别: Icon_minigender_1
  • 来自: 南京
社区版块
存档分类
最新评论

Docker实战笔记:Docker简介(二)

 
阅读更多

摘要: 摘要: 此Docker系列学习笔记,根据Reboot教育PC大神的运维自动化部分课程整理而成,补充少量个人理解以及练习日志(部分日志有删减)。 PC大神在知乎的专栏:面向工资编程 Docker简介(一) Docker简介(二) Docker管理系统(一) Docker管理系统(二) Docker管理系统(三) Docker原理-namespace和文件系统 Docker原理-徒手创建一个docker容器 Docker、etcd构建服务自发现体系 Docker生态系统:k8s、etcd等 etcd分布式一致性算法paxos、raft <!-- 正文 -->

Docker实战笔记

[TOC]

提纲

此Docker系列学习笔记,根据Reboot教育PC大神的运维自动化部分课程整理而成,补充少量个人理解以及练习日志(部分日志有删减)。

PC大神在知乎的专栏:面向工资编程

  • Docker简介(一)
  • Docker简介(二)
  • Docker管理系统(一)
  • Docker管理系统(二)
  • Docker管理系统(三)
  • Docker原理-namespace和文件系统
  • Docker原理-徒手创建一个docker容器
  • Docker、etcd构建服务自发现体系
  • Docker生态系统:k8s、etcd等
  • etcd分布式一致性算法paxos、raft

Docker简介(二)

盗梦空间

​ 使用docker时,应时刻注意自己在哪儿,防止误操作。docker容器一般都是root全新,这个时候往往是宿主机、各容器相互交错,甚至有时候还有自己的笔记本远程登录维护的场景;一个不慎,就是生产事故。

解决办法:设置PS1变量,每个用户下颜色不一样,提示符不一样。同时加强用户权限的管理和落地,赋予运维人员岗位角色最小的权限,严格控制特殊权限如root的申请流程和双人复核制度;

参考bashrc

将以下代码保存为 bashrc

#!/bin/bash
#export DYLD_FALLBACK_LIBRARY_PATH="${HOME}/wine/wine-1.2/lib:/usr/X11/lib:/usr/
lib"
export TERM=xterm-color
export CLICOLOR=1
export LSCOLORS=ExFxCxDxBxegedabagacad
export EDITOR=vi
#export CDPATH=$CDPATH:/Users/auxten/Documents/Codes/

use_color=false

# Set colorful PS1 only on colorful terminals.
# dircolors --print-database uses its own built-in database
# instead of using /etc/DIR_COLORS.  Try to use the external file
# first to take advantage of user additions.  Use internal bash
# globbing instead of external grep binary.
safe_term=${TERM//[^[:alnum:]]/?}   # sanitize TERM
match_lhs=""
[[ -f ~/.dir_colors   ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
[[ -z ${match_lhs}    ]] \
    && type -P dircolors >/dev/null \
    && match_lhs=$(dircolors --print-database)
[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true

if ${use_color} ; then
    # Enable colors for ls, etc.  Prefer ~/.dir_colors #64489if type -P dircolors >/dev/null ; then
        if [[ -f ~/.dir_colors ]] ; then
            eval $(dircolors -b ~/.dir_colors)
        elif [[ -f /etc/DIR_COLORS ]] ; then
            eval$(dircolors -b /etc/DIR_COLORS)
        fi
    fi

    if [[ ${EUID} == 0 ]] ; then
        PS1='\[\033[01;31m\]\h\[\033[01;34m\] \w \$\[\033[00m\] 'else
        PS1='\[\033[01;33m\]\u.\[\033[01;34m\]\[\033[01;32m\]\h\[\033[01;34m\] \
w \$\[\033[00m\] '#PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
    fi

    alias ls='ls -G'
    alias grep='grep --colour=auto'elseif [[ ${EUID} == 0 ]] ; then
        # show root@ when we don't have colors
        PS1='\u@\h \W \$ 'else
        PS1='\u@\h \w \$ '
    fi
fi

# Try to keep environment pollution down, EPA loves us.
unset use_color safe_term match_lhs

设置命令

cp bashrc ~/.bashrc
. ~/.bashrc

赠与root

sudo cp ~/.bashrc /root/
sudo su -

效果展示

AnInputForce账号没有sudo权限,这里有一个课件截图:

盗梦空间_ps1

基本操作

docker stop

停止docker容器。

建议不使用,直接使用docker rm -f 停止并删除容器:干净整洁不留垃圾;stop命令略慢,rm命令毫秒级别。以下是演示,

停止,清理容器

AnInputForce.teach ~ $ docker run --name="centos_kch" -itd centos tail -f /etc/hosts
608ca094cbf836087a749f464e4e1175502cd0e0d184e174b99bfe59b4a18015
AnInputForce.teach ~ $ docker ps | grep kch
608ca094cbf8        centos                         "tail -f /etc/hosts"     28 seconds ago      Up 26 seconds                                                                           centos_kch
AnInputForce.teach ~ $ docker stop centos_kch
centos_kch
AnInputForce.teach ~ $ docker ps | grep kch
AnInputForce.teach ~ $ docker ps -a | grep kch
608ca094cbf8        centos                         "tail -f /etc/hosts"     About a minute ago   Exited (137) 16 seconds ago                                                                       centos_kch
AnInputForce.teach ~ $ docker rm centos_kch
centos_kch
AnInputForce.teach ~ $ docker ps -a | grep kch

直接停止并删除容器

AnInputForce.teach ~ $ docker run --name="centos_kch" -itd centos tail -f /etc/hosts
e916042b88f1fe5829d400188c7cb806d7075751a9142c5fb9935a81b7924f56
AnInputForce.teach ~ $ docker ps | grep kch
e916042b88f1        centos                         "tail -f /etc/hosts"     18 seconds ago      Up 17 seconds                                                                           centos_kch
AnInputForce.teach ~ $ docker rm -f centos_kch
centos_kch
AnInputForce.teach ~ $ docker ps | grep kch
AnInputForce.teach ~ $ docker ps -a | grep kch
AnInputForce.teach ~ $

docker exec 进入容器简化

我们经常要写这条命令,进入容器交互bash:

docker exec -it centos_kch bash

有网友写了个脚本简化这件事:帖子看这里,看3楼的回复。

#!/bin/bash -xe

# docker id might be given as a parameter
DID=$1

if [[ "$DID" == "" ]]; then
  # if no id given simply just connect to the first running instance
    DID=$(docker ps | grep -Eo "^[0-9a-z]{8,}\b")
fi

docker exec -i -t $DID bash

修订一下:如果不带参数,默认进入第一个运行的容器,但是过滤出来的是所有运行的容器。此处修订:

保存脚本为dgo

#!/bin/bash -xe

# docker id might be given as a parameter
DID=$1

if [[ "$DID" == "" ]]; then
  # if no id given simply just connect to the first running instance
    DID=$(docker ps | grep -Eo "^[0-9a-z]{8,}\b" | head -n 1)
fi

docker exec -i -t $DID bash

设置Setup

Put docker-ssh file in your $PATH with the following contents

有root权限的话,我们直接copy到bin目录

sudo cp dgo /usr/local/bin/

演示Usage

If you have one running instance simply run

  • dgo

Otherwise provide it with a docker id parmeter that you get from docker ps (first col)

  • dgo $docker-id,# dgo 3ccdb6bcf75a
  • dgo $container-name,# dgo centos_kch
AnInputForce.teach ~ $ docker run --name="centos_kch" -itd centos tail -f /etc/hosts
3ccdb6bcf75a197b4cfbeec3d6754d3d55630e11544f396e5cd942064dae220e
AnInputForce.teach ~ $ dgo centos_kch
+ DID=centos_kch
+ [[ centos_kch == '' ]]
+ docker exec -i -t centos_kch bash
[root@3ccdb6bcf75a /]#

脚本参数

  • bash -xe
  • -x 显示执行日志
    • 把它执行的每条命令都打到console上,有助于让大家了解都执行的什么,有助于提醒这个脚本是个自定义命令;这是一个非常好的习惯;
  • -e 执行完退出;

docker run -v -p

  • -v 映射目录
  • -p 映射端口

Tips:端口映射docker是用iptable实现的,CentOS7引入了firewalld,本质上比iptable好用一些,如果docker用到端口映射,firewalld服务就不能听。内网使用,可以一上来用firewalld把所有端口都打开,这样比较方便docker管理端口映射。

验证思路

筛选端口有没有占用,没有输出则可用

sudo netstat -nltp | grep 8084

将宿主机home目录的data文件夹映射到容器的/data目录,同时将宿主机的8084端口映射到宿主机的80端口

docker run --name"kch-centos" -v ~/data:/data -p 8084:80 -itd centos tail -f /etc/hosts

映射目录验证

AnInputForce.teach ~ $ docker run --name "kch-centos" -v ~/data:/data -p 8084:80 -itd centos tail -f /etc/hosts
9bae287a1df72f557a218044e58dc61c473b8d746f9f4e02c801cf58e014385f
AnInputForce.teach ~ $ ll
总用量 16
-rw-r--r-- 1 AnInputForce  231 1115 09:15 20161115.bashrc
drwxr-xr-x 2 root         4096 1115 19:42 data
drwxr-xr-x 6 root         4096 1016 10:41 open-falcon
-rwxr-xr-x 1 AnInputForce  377 1016 11:42 runof.sh
AnInputForce.teach ~ $ docker exec -it kch-centos /bin/bash
[root@9bae287a1df7 /]# ll | grep data
drwxr-xr-x   2 root root  4096 Nov 15 11:42 data
[root@9bae287a1df7 /]# echo xxxyyy > data/xxx
[root@9bae287a1df7 /]# exit
exit
AnInputForce.teach ~ $ cat data/xxx
xxxxyyy
AnInputForce.teach ~ $

端口映射验证

进入容器,启动一个python的SimpleHTTPServer,绑定80端口;

在浏览器中输入http://localhost:8084,成功访问;

演示使用的是教学机http://reboot.linrc.com:8084

AnInputForce.teach ~ $ docker exec -it kch-centos /bin/bash
[root@9bae287a1df7 /]# python -m SimpleHTTPServer 80
Serving HTTP on 0.0.0.0 port 80 ...
219.142.60.11 - - [15/Nov/2016 12:03:14] "GET / HTTP/1.1" 200 -
219.142.60.11 - - [15/Nov/2016 12:03:14] code 404, message File not found
219.142.60.11 - - [15/Nov/2016 12:03:14] "GET /favicon.ico HTTP/1.1" 404 -

docker inspect

$docker id | $docker name

docker inspect centos_kch

我们在使用docker过程中,如果碰上莫名其妙的问题,比如没写绝对路径时,不知道目录映射到哪儿了,就可以运行此命令,看"Mounts"属性;

docker 创建镜像

推荐用dockerfile来构建镜像,因为可以提交git版本控制:清楚展现了所经历的过程。不推荐在现有容器中yum安装配置后,再commit创建镜像。后者参考:Docker学习之路(六)用commit命令创建镜像

  • commit

    • docker commit -m "Added something" -a "Docker Newbee" centos centos:v2
      
    • docker rmi
      
    • -a 就是author,作者

  • dockerfile

    • FROM ubuntu:14.04
      MAINTAINER Docker Newbee newbee@docker.com
      RUN apt-get -qq update
      RUN apt-get -qqy install ruby ruby-dev
      RUN gem install sinatra
      

科普:bash黑科技

  • ctrl + u:#移到行尾,按快捷键暂存,当前命令行清空
  • ctrl + y:# 恢复刚暂存的目录
  • Ctrl + r:# 输入字符查找上一条命令
  • sudo !! :执行上一条因权限不足而未能执行的命令

演示:徒手写Dockerfile

我们写个dockerfile,给镜像安装一个vim

查看centos有哪些版本:dockerhub

保存脚本为centos-vim/Dockerfile

FROM centos:7
MAINTAINER mdr<kang.cunhua@qq.com>
RUN yum install -y vim
AnInputForce.teach ~ $ mkdir experment
AnInputForce.teach ~ $ cd experment/
AnInputForce.teach ~/experment $ mkdir centos-vim
AnInputForce.teach ~/experment $ cd centos-vim/
AnInputForce.teach ~/experment $ vi Dockerfile

构建镜像 docker build centos-vim/

AnInputForce.teach ~/experment $ cd centos-vim/
AnInputForce.teach ~/experment/centos-vim $ ll
总用量 4
-rw-rw-r-- 1 root 72111520:34 Dockerfile
AnInputForce.teach ~/experment/centos-vim $ cd ..
AnInputForce.teach ~/experment $ pwd
/home/AnInputForce/experment
AnInputForce.teach ~/experment $ ll
总用量 4
drwxrwxr-x 2 AnInputForce 4096 11月 15 20:36 centos-vim
AnInputForce.teach ~/experment $ docker build centos-vim/
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM centos:7
 ---> 0584b3d2cf6d
Step 2 : MAINTAINER mdr<kang.cunhua@qq.com>
 ---> Running in ec9eae8742d8
 ---> 9153702517b5
Removing intermediate container ec9eae8742d8
Step 3 : RUN yum install -y vim
 ---> Running in4e3ec7cee383
Loaded plugins: fastestmirror, ovl
......                                                   

Complete!
 ---> 5c72d36ad69e
Removing intermediate container 4e3ec7cee383
Successfully built 5c72d36ad69e

查看镜像

AnInputForce.teach ~/experment $ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
<none>                    <none>              5c72d36ad69e        2 minutes ago       361.1 MB
centos-vim                latest              37e42772dafe        11 days ago         361.1 MB
centos                    7                   0584b3d2cf6d        12 days ago         196.5 MB
centos                    latest              0584b3d2cf6d        12 days ago         196.5 MB

给镜像美容

docker tag $dockerid $imagename #默认不写,tag是latest

docker tag $dockerid $image-name:$tag #也可以指定tag

默认

AnInputForce.teach ~ $ docker tag 5c72d36ad69e centos-vim
AnInputForce.teach ~ $ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
centos-vim                latest              5c72d36ad69e        10 minutes ago      361.1 MB

写$tag

AnInputForce.teach ~ $ docker tag 5c72d36ad69e centos-vim:mdr
AnInputForce.teach ~ $ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
centos-vim                latest              5c72d36ad69e        13 minutes ago      361.1 MB
centos-vim                mdr                 5c72d36ad69e        13 minutes ago      361.1 MB
<none>                    <none>              37e42772dafe        11 days ago         361.1 MB

注意

可以给一个镜像打多个tag,他们可以共存。

但是$image-name需全局唯一,如果你使用了已有的名字,原来叫这个名字的就会变成<none> <none> ,请注意上文日志中docker id为“37e42772dafe”的前后变化;

测试新镜像

docker rm -f kch-centos删除之前的容器,

AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8084:80 -itd centos-vim tail -f /etc/hosts
7ce8203e0431a7571df28e51fe7bb2152093fa49ebb8495516342046af23e953
AnInputForce.teach ~ $ dgo mdr-centos
+ DID=mdr-centos
+ [[ mdr-centos == '' ]]
+ docker exec -i -t mdr-centos bash
[root@7ce8203e0431 /]# vim

可以看到,成功进入vim;

小练习:新增账号后打包镜像

基于centos镜像,加一个账号,然后build镜像,镜像名字自己起。同时安装SSH服务,这个后续有用。

Dockerfile参考

FROM centos:7
MAINTAINER mdr<kang.cunhua@qq.com>
RUN useradd mdr
RUN yum install -y openssh-server

构建演示

AnInputForce.teach ~ $ cd experment/
AnInputForce.teach ~/experment $ mkdir centos-dev
AnInputForce.teach ~/experment $ cd centos-dev/
AnInputForce.teach ~/experment/centos-dev $ vi Dockerfile 
AnInputForce.teach ~/experment/centos-dev $ cd ..
AnInputForce.teach ~/experment $ docker build centos-dev/
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM centos:7
 ---> 0584b3d2cf6d
......
Complete!
 ---> 7677fcb139ca
Removing intermediate container 9bb12e1ee067
Successfully built 7677fcb139ca
AnInputForce.teach ~/experment $ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
<none>                    <none>              7677fcb139ca        44 seconds ago      307.8 MB
centos-vim                latest              5c72d36ad69e        24 hours ago        361.1 MB
centos-vim                mdr                 5c72d36ad69e        24 hours ago        361.1 MB
AnInputForce.teach ~/experment $ docker tag 7677fcb139ca centos-dev:mdr
AnInputForce.teach ~/experment $ docker images | grep mdr
centos-dev                mdr                 7677fcb139ca        3 minutes ago       307.8 MB
centos-vim                mdr                 5c72d36ad69e        24 hours ago        361.1 MB
AnInputForce.teach ~/experment $

小技巧

在Dockerfile中设置用户密码

来自kongsys童鞋

Run echo "yourpasswd666"|passwd kongsys --stdin

在构建镜像时指定标签

这样的话,就不用构建后在给镜像命名和打tag了--来自Roven童鞋;

docker build -t test-centos|centos7.2 centos-vim

如何拿Docker撘开发机

搭建开发机,让各位同学能自动登录。之前我们是通过Dockerfile构建的,此处演示我们用commit来构建。

不需要输密码,只要我在wheel组里

sudoedit /etc/sudoers编辑

找到

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

改为

## Allows people in group wheel to run all commands
# %wheel  ALL=(ALL)       ALL

## Same thing without a password
 %wheel        ALL=(ALL)       NOPASSWD: ALL

演示日志

AnInputForce.teach ~ $ dgo mdr-centos
+ DID=mdr-centos
+ [[ mdr-centos == '' ]]
+ docker exec -i -t mdr-centos bash
[root@7ce8203e0431 /]# useradd mdr
[root@7ce8203e0431 /]# passwd mdr
Changing password for user mdr.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@7ce8203e0431 /]# yum install -y openssh-server
....                                     
Dependency Installed:
  fipscheck.x86_64 0:1.4.1-5.el7       fipscheck-lib.x86_64 0:1.4.1-5.el7      
  openssh.x86_64 0:6.6.1p1-25.el7_2    tcp_wrappers-libs.x86_64 0:7.6-77.el7   

Complete!
[root@7ce8203e0431 /]# usermod -aG wheel mdr
[root@7ce8203e0431 /]# yum install -y sudo          
Loaded plugins: fastestmirror, ovl
......
Installed:
  sudo.x86_64 0:1.8.6p7-17.el7_2                                                

Complete!
[root@7ce8203e0431 /]# sudoedit /etc/sudoers
[root@7ce8203e0431 /]# exit
exit
AnInputForce.teach ~ $ docker ps
CONTAINER ID        IMAGE                          COMMAND                  CREATED             STATUS              PORTS                                                               NAMES
7ce8203e0431        centos-vim                     "tail -f /etc/hosts"     24 hours ago        Up 24 hours         0.0.0.0:8084->80/tcp                                                mdr-centos
......
AnInputForce.teach ~ $ docker commit mdr-centos centos-dev:7
sha256:f331bbce086b75f00133b8fc3385f03d1bb3c5274e7c279e69ab06a2192f63ae
AnInputForce.teach ~ $ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
centos-dev                7                   f331bbce086b        11 seconds ago      473.3 MB
centos-dev                mdr                 7677fcb139ca        44 minutes ago      307.8 MB
centos-vim                latest              5c72d36ad69e        25 hours ago        361.1 MB
centos-vim                mdr                 5c72d36ad69e        25 hours ago        361.1 MB
......
AnInputForce.teach ~ $ docker rm -f mdr-centos
mdr-centos
AnInputForce.teach ~ $ docker run --name="mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 /usr/sbin/sshd -D
af94c0ffe40432112a4d5b7c38a2b66f2244b7baf941995c2e6b5ef95384ee76
AnInputForce.teach ~ $

登录开发机,报错

我们来尝试登录一下开发机,发现报错,docker logs $container-id查日志排错

ssh -P 8088 mdr@127.0.0.1
ssh: connect to host 8088 port 22: Invalid argument
AnInputForce.teach ~ $ docker logs mdr-centos
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key

tips:ssh-keygen如何不输入-y,搜索关键词:ssh-kengen no interactive

回到简单模式,启动container

报错:/etc/hosts: no such file or directory

AnInputForce.teach ~ $ docker run --name="mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 "tail -f /etc/hosts"
2fafa8f4c7fd503cd62cb083ffa0135a2f20eff7d3d7e75b421fb61e2b13e358
docker: Error response from daemon: invalid header field value "oci runtime error: container_linux.go:247: starting container process caused \"exec: \\\"tail -f /etc/hosts\\\": stat tail -f /etc/hosts: no such file or directory\"\n".

原因 :command多加了引号

AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 tail -f /etc/hosts
f47f6e673f49154c261355039da9f45bb50777106917752d17aee96a3135421c

再回到container安装ssh

同时,根据日志提示安装对应加密算法

Welcome to aliyun Elastic Compute Service!

-bash: /home/AnInputForce: 是一个目录
AnInputForce.teach ~ $ dgo mdr-centos
+ DID=mdr-centos
+ [[ mdr-centos == '' ]]
+ docker exec -i -t mdr-centos bash
[root@f47f6e673f49 /]# ssh-keygen
......
+--[ RSA 2048]----+
......
+-----------------+
[root@f47f6e673f49 /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
......
+--[ DSA 1024]----+
......
+-----------------+
[root@f47f6e673f49 /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
......
+--[ RSA 2048]----+
......
+-----------------+

测试下:提示缺两种非对称加密算法

[root@f47f6e673f49 /]# /usr/sbin/sshd -D
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key

继续安装非对称加密算法

[root@f47f6e673f49 /]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key    
+--[ECDSA  256]---+
......
+-----------------+
[root@f47f6e673f49 /]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
......
+--[ED25519  256--+
......
+-----------------+

SSH服务成功启动

[root@f47f6e673f49 /]# /usr/sbin/sshd -D
^C
[root@f47f6e673f49 /]#

提交打包镜像

[root@f47f6e673f49 /]# exit
exit
AnInputForce.teach ~ $ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
centos-dev                7                   f331bbce086b        11 hours ago        473.3 MB
centos-dev                mdr                 7677fcb139ca        12 hours ago        307.8 MB
centos-vim                latest              5c72d36ad69e        37 hours ago        361.1 MB
AnInputForce.teach ~ $ docker commit mdr-centos centos-dev:7
sha256:90fc2a3fa895faa4611731b442b7e17fcdfab2084cc488378a48d54a44e59490
AnInputForce.teach ~ $ docker commit mdr-centos centos-dev
sha256:a7d3dc16d111e7ab50fd0d8b2a5aabe8c5c4213ffdc8d7b4a2e32a7ba09f096c
AnInputForce.teach ~ $ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
centos-dev                latest              a7d3dc16d111        4 seconds ago       473.3 MB
centos-dev                7                   90fc2a3fa895        19 seconds ago      473.3 MB
centos-dev                mdr                 7677fcb139ca        12 hours ago        307.8 MB
centos-vim                latest              5c72d36ad69e        37 hours ago        361.1 MB

测试进入开发机

AnInputForce.teach ~ $ docker rm -f mdr-centos
mdr-centos
AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev:7 tail -f /usr/sbin/sshd -D
6d0bae922b6e380adb93ceea88b6ba230b3b578d93744e2dcc0d524080f95356
AnInputForce.teach ~ $ ssh -P 8088 mdr@reboot.linrc.com
ssh: connect to host 8088 port 22: Invalid argument
AnInputForce.teach ~ $ docker logs
"docker logs" requires exactly 1 argument(s).
See 'docker logs --help'.

Usage:  docker logs [OPTIONS] CONTAINER

Fetch the logs of a container
AnInputForce.teach ~ $ docker logs mdr-centos
tail: invalid option -- 'D'
Try 'tail --help' for more information.
AnInputForce.teach ~ $ docker rm -f mdr-centos
mdr-centos
AnInputForce.teach ~ $ docker run --name "mdr-centos" -v ~/data:/data -p 8088:22 -itd centos-dev /usr/sbin/sshd -D
b996a0f5c858ea59dae380960274371ff45c2fba4ee2b307b9eea241e0ea6e2d
AnInputForce.teach ~ $ ssh -P 8088 mdr@reboot.linrc.com
ssh: connect to host 8088 port 22: Invalid argument
AnInputForce.teach ~ $ docker logs mdr-centos
AnInputForce.teach ~ $ ssh -p 8088 mdr@reboot.linrc.com
The authenticity of host '[reboot.linrc.com]:8088 ([59.110.12.72]:8088)' can't be established.
ECDSA key fingerprint is 2e:c3:ac:e6:86:99:98:65:c8:4b:44:67:f3:84:2e:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[reboot.linrc.com]:8088,[59.110.12.72]:8088' (ECDSA) to the list of known hosts.
mdr@reboot.linrc.com's password: 
[mdr@b996a0f5c858 ~]$

​ 成功进入。Tips:我们在使用docker时,碰上报错可以,使用docker logs $container-id 来查看日志。以上日志对应包含了对应排错过程,请参考。

让我们做得更好:免密码登录

​ 我们在日常使用开发机的时候,不能每个容器都这儿操作一遍:加入id_rsa.pub 内容到.ssh/authorized_keys。能不能批量实现这个效果?可以的,用到了目录映射:^演示账号权限不足提示

思路

把自己目录下的id_rsa.pub内容加入/root/.ssh/authorized_keys

演示

AnInputForce.teach ~/.ssh $ cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLqCVUrRiiGCuK3lAa3kIrk1rSU0WuzpOZT9LctQE1m0TOrAGDC/C0USp6AOTQ90V+JdaRFC6hvjmI5AVrZIbnhHFbhlJpqPegnC7pZiMLFIt8Pcdi9aCZGAqvj6ALfMOsXRgM4H5vgwAKg1YAihnse4A2rLmS237UK43/Yk1E6fn/0wILzdy1gPjIuQbHbKUuJV/VAhP8655xRDLGjOj7rmfR0rm+qukyOrgfW4kCtuGSQfC0qykTHmS25pNnByWaS1tzxspgL0XWRcHIKCxzFSDgzdLgtIOvrlDR46pZFJ8lShQKaMhu/eDj4ZC4VN7QHulZNP/rjiWlB1pafkw5 AnInputForce@teach
[mdr@b996a0f5c858 log]$ sudo su -
teach ~ # vi .ssh/authorized_keys

让所有人都可以免密码登录

把宿主机的ssh目录映射到容器里,所有人都可以免密码登录了。只要用户能免密码登录宿主机,就能免密码登录容器;

docker rm -f mdr-centos
sudo docker run --name='mdr-centos' -v ~/data:/data -v /root/.ssh:/root/.ssh -p 8088:22 -itd centos-dev /usr/sbin/sshd -D

也可以把自己目录的映射到容器中。

Tips:风险--目录映射之后,在容器中修改对应目录或文件,也会同步到本地。需要特别注意。如果有童鞋知道如何映射本地目录到容器中为只读权限,麻烦您给我留言,我会更新本文。

Docker简介总结:我们做了什么

  • 为什么是docker:秒级启动,化复杂安装配置为简洁
  • docker基本概念:仓库、镜像、容器
  • docker基本操作:ps、port、pull、images、run、stop、rm、exec、inspect、logs、commit
  • 徒手写Dockerfile构建镜像
  • 一个小练习:新增账号后,打包镜像
  • 用Docker来搭建开发机:快速批量提供开发环境,让所有人免密登录
  • https://my.oschina.net/hexie/blog/789705
分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics