Docker Basics - 2

This article was last updated on: February 7, 2024 pm

Container OS type

Busybox

A software toolbox that integrates more than a hundred of the most commonly used Linux commands and tools.

containcat echo grep find mount telnet wait

Busybox is the Swiss Army knife for Linux

Debian/Ubuntu

CentOS/Fedora

CoreOS

Link to official website

Linux distribution, for container technology.

Create an image of the custom operating system

Created based on the commit command

Users can submit their own modifications to the container and generate new images. The command format is:

docker commit CONTAINER [REPOSITORY[:TAG]]

Create a step

  1. Use the OS image to create a container

  2. Configure the software source to a domestic software source, such as ALI

    deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse

  3. execute apt-get update Update the package cache

  4. Pass apt-get Install services (e.g. ssh): apt-get install openssh-server

  5. Create a directory: A directory is required /var/run/sshd exists, created manually: mkdir -p /var/run/sshd. At this point, you are ready to start the service: /usr/sbin/sshd -D &

  6. modify the service configuration, Remove PAM login restrictions: sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd

  7. Other actions: Created in the root directory .ssh directory, and copy the public key information that needs to be logged in (1. directly from the user directory .ssh/id_rsa.pub Copy of files 2. ssh-keygen -t rsa generate) to authorized_keys Middle: mkdir -p /root/.ssh && vi /root/.ssh/authorized_keys . An example of a public key information format is as follows:

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtuqN2zGhhVBTVCCoNa8hPvGu3xo8+UsqG+AxW0jEUvQYhr6/IEXiIAk41HzjeEZVYKGGr08Jh8n5xxmBW4AyH/1DaU1Ej3m0dOuZ09HAUJfY7WnrtO8GrZtQT2KhI6P2pwnOJU3fm6eRLLVzL2oSyhBQ8ca/njwAyHXOVJiPOpO3cokOPa2BzziWqslmFKyWQdaf6rBwYKF+2eoFrVk0QepoJtc6OfgIyuQEi+gJXste6QiPJRYgFQoYlv/bzYnnrG7Zs0qVCi6SfIRF7twVXUNW/hkPbGxsKZTLAvITS3tOR2nRt6pibT46RM/+ebiuT0fZ/e/xl3w4QygGTB2Xl casey@ubuntu

  8. Additional steps: Create an executable file for the SSH service that starts automatically run.sh , and add the executable permission: vi /run.sh; chmod +x run.sh

    1
    2
    #!/bin/bash
    /usr/sbin/sshd -D

  9. Finally, exit the container exit

Save the image

sudo docker commit <container id> ubuntu-sshd

Start the image

sudo docker run -p 10122:22 -d ubuntu /run.sh

use

You can connect through the SSH service

ssh <container ip> -p 10122 -l root

Created with Dockerfile (focus)

My ubuntu-sshd image on Docker hun

Dockerfile example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
## OS 镜像 
FROM ubuntu:16.04

## 维护者 
LABEL maintainer="CaseyCui [email protected]"

## 1. Backup 官方源 
## 2. 创建 /var/run/sshd 文件夹(正常启动 SSH 服务需要)
## 3. 创建 root 用户目录下.ssh 目录 
RUN mv /etc/apt/sources.list /etc/apt/sources.list.default \
    && mkdir -p /var/run/sshd \
    && mkdir -p /root/.ssh

## 拷贝阿里镜像源信息到 /etc/apt/sources.list
COPY sources.list /etc/apt/sources.list

## 拷贝公钥到 /root/.ssh 目录 
COPY authorized_keys /root/.ssh/authorized_keys

## 拷贝运行脚本 run-sshd.sh 到根目录下 
COPY run-sshd.sh /run-sshd.sh

## 1. 安装 openssh-server
## 2. 修改时区为 ** 中国 / 上海 **(ubuntu 新版本需要安装 *tzdata*,通过 ** 链接 ** 方式使之生效)
## 3. 修改 SSH 服务的安全登录配置,取消 pam 登录限制 
## 4. run-sshd.sh 增加执行权限 
RUN apt-get update \
    && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends \
        openssh-server \
        tzdata \
    && rm -rf /var/lib/apt/lists/* \
    && ln -fs /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && dpkg-reconfigure -f noninteractive tzdata \  
    && sed -ri 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/g' /etc/pam.d/sshd \
    && chmod +x /run-sshd.sh

## 开放端口 
EXPOSE 22

## 增加挂载点 /tmp
VOLUME /tmp

## 设置启动命令 
CMD ["/run-sshd.sh"]

Automate time zone modification

Before Ubuntu 16.04:

echo "Asia/Shanghai" > /etc/timezone && dpkg-reconfigure -f noninteractive tzdata

Ubuntu 16.04 and later:

&& ln -fs /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && dpkg-reconfigure -f noninteractive tzdata

Prerequisite: tzdata package needs to be installed:

apt-get -yq install tzdata
ENV environment variable

ENV environment variables take effect globally, and sometimes there may be negative effects.

As: ENV DEBIAN_FRONTEND noninteractive All operations are set to non-interactive.

Try not to use it as above, the recommended usage is: when necessary, execute the command together, such as:

1
2
RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends tzdata # -q: quiet

.dockerignore file

## 忽略文件夹 .git/
.git

## 忽略临时文件
*.swp

run.sh script

1
2
##!/bin/bash
/usr/sbin/sshd -D

Create an image

Execute in the Dockerfile directory:

sudo docker build -t caseycui/ubuntu-sshd .

CloudNative
#Ubuntu #Docker #containers #dockerfile #Busybox
Docker Basics - 2
https://e-whisper.com/posts/20535/
Author
east4ming
Posted on
September 27, 2021
Licensed under