core@localhost ~/git/DockerExam/cent6_ssh $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/core/.ssh/id_rsa): /home/core/git/DockerExam/cent6_ssh/id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/core/git/DockerExam/cent6_ssh/id_rsa. Your public key has been saved in /home/core/git/DockerExam/cent6_ssh/id_rsa.pub. The key fingerprint is: 4a:24:1f:13:11:58:de:23:1c:f4:8b:78:bc:ad:41:6d core@localhost The key's randomart image is: +--[ RSA 2048]----+ | +Bo | | .o = | | . B + | | * * o | | . B E | | + = | | + . | | o | | . | +-----------------+ core@localhost ~/git/DockerExam/cent6_ssh $ ls id_rsa id_rsa.pub ssh.conf core@localhost ~/git/DockerExam/cent6_ssh $ cat id_rsa.pub >> authorized_keys
$ scp -i ~/.ssh/id_rsa.coreos core@192.168.10.13:~/dockerfile/monit_ssh/id_rsa ~/.ssh/id_rsa.dockerとかやって取り出す。
# FROM (1) : base docker image # MAINTAINER (1) : # RUM <cmd> (0.n) : Command. You can use both simple command style and # the exec form style ["xx","-y","-z"]. # ADD <src> <dest> (0.n) : Copy files from host to gest # EXPOSE <port> (0.n) : Expose port infos for container users. It's not port # forward setting. # CMD <cmd> (1) : Service command.(["/usr/sbin/apachectl","-DFOREGROUND"]) # You should use the exec form style ["xx","-y","-z"]. # ENTRYPOINT <cmd> (0.1) : Prefix of service command. ("/usr/sbin/apachectl") # $ docker run -p 8080:80 -d cent6_apache -DFOREGROUND # => call "/usr/sbin/apachectl -DFOREGROUND" on guest. # ENV <key> <val> (0.n) : # VOLUME <dir> (0.n) : shared directory # WORKDIR <dir> (0.1) : # ONBUILD RUN ... (0.n) : will execute during child image building (this image is # ONBUILD ADD ... (0.n) : specified as FROM). # # Each line is commit as layer of Unit FS. Caution, max layer is 127. # Pull base image. FROM centos:centos6 MAINTAINER Atsushi HONDOH <kagyuu@hondou.homedns.org> ## Proxy # ENV http_proxy http://foo%40bar.com:password@proxy.bar.com:3124/ # ENV https_proxy http://foo%40bar.com:password@proxy.bar.com:3124/ ## Install monit and sshd RUN rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm RUN yum -y update RUN yum -y install passwd openssh openssh-server openssh-clients sudo monit ## Operator user RUN useradd docker RUN passwd -f -u docker RUN usermod -G wheel docker ## Setup sudoers RUN echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers ## Set up SSH RUN mkdir -p /home/docker/.ssh; chown docker /home/docker/.ssh; chmod 700 /home/docker/.ssh ADD authorized_keys /home/docker/.ssh/authorized_keys RUN chown docker /home/docker/.ssh/authorized_keys RUN chmod 600 /home/docker/.ssh/authorized_keys RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config RUN sed -ri 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_config RUN sed -ri 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config RUN sed -ri 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config ## Init SSHD RUN /etc/init.d/sshd start &&\ /etc/init.d/sshd stop ## Setup monit RUN sed -ri 's/use address localhost/use address 0.0.0.0/g' /etc/monit.conf RUN sed -ri 's/allow localhost/#allow localhost/g' /etc/monit.conf ADD ssh.conf /etc/monit.d/ssh.conf ## Expose ports ## 22 : ssh ## 2812 : monit web console EXPOSE 22 2812 ## Execute monit CMD ["/usr/bin/monit","-I"]
## Init SSHD RUN /etc/init.d/sshd start &&\ /etc/init.d/sshd stopというように && で一度に実行するコマンドをつなげる
FROM | ベースイメージ https://registry.hub.docker.com/ 。ローカルに格納されている docker images も指定できる |
MAINTAINER | メンテナンス担当 |
RUN <cmd> | コンテナ上で実行するコマンド |
ADD <src> <dest> | ホスト上のファイルをコンテナにコピーする。ディレクトリも指定できる |
EXPOSE <port> [... <port>] | 公開ポート。利用者向け情報なので、EXPOSE 22 と指定しても 22 番ポートが公開されるのではなく、実行時に docker run -p 10022:22 などと引数で指定する必要がある |
CMD <cmd> | コンテナ起動時に実行されるコマンド ["xx","-y","-z"] 形式で指定する必要あり |
ENTRYPOINT <cmd> | コンテナ起動時に実行されるコマンドの接頭辞 |
ENV <key> <val> | 環境変数 |
VOLUME <dir> | Docker の Volume やホストのファイルシステムをマウントするためのマウントポイント。Dockerfile でコンテナ構築中にホストのファイルシステムをマウントすることはできない = 商用アプリを DVD からインストール出来ない = |
WORKDIR <dir> | RUN でコマンドを実行するときのカレントディレクトリ |
check process sshd with pidfile /var/run/sshd.pid start program = "/etc/init.d/sshd start" stop program = "/etc/init.d/sshd stop"
ADD /media/INTERSTAGE /tmp/INTERSTAGE RUN chmod 755 -R /tmp/INTERSTAGE RUN /tmp/INTERSTAGE/setup.sh --silent typical_jee_install_option.csv RUN rm -rf /tmp/INTERSTAGEというように、一旦コンテナ内にDVDの内容をコピーする
core@localhost ~/git/DockerExam/cent6_ssh $ docker build -t atsushi/cent6_monit_ssh ./ Sending build context to Docker daemon 12.8 kB Sending build context to Docker daemon Step 0 : FROM centos:centos6 ---> b1bd49907d55 Step 1 : MAINTAINER Atsushi HONDOH <kagyuu@hondou.homedns.org> ---> 73dd39abd0da Step 2 : RUN rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm ---> b7e1c2986df2 Step 3 : RUN yum -y update ---> 90383b83723e Step 4 : RUN yum -y install passwd openssh openssh-server openssh-clients sudo monit ---> 0af9aabfeaa5 Step 5 : RUN useradd docker ---> d087b332f891 Step 6 : RUN passwd -f -u docker ---> 946e4483f21f Step 7 : RUN usermod -G wheel docker ---> 79096ff3f274 Step 8 : RUN echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers ---> b320bdb5e8c6 Step 9 : RUN mkdir -p /home/docker/.ssh; chown docker /home/docker/.ssh; chmod 700 /home/docker/.ssh ---> 5e071b7eecdf Step 10 : ADD authorized_keys /home/docker/.ssh/authorized_keys ---> 3dc25cd4fd7e Step 11 : RUN chown docker /home/docker/.ssh/authorized_keys ---> 14066bb6bb2c Step 12 : RUN chmod 600 /home/docker/.ssh/authorized_keys ---> 2fdf021a1bd0 Step 13 : RUN sed -ri 's/UsePAM yes/#UsePAM yes/g' /etc/ssh/sshd_config ---> 9b19879ca517 Step 14 : RUN sed -ri 's/#UsePAM no/UsePAM no/g' /etc/ssh/sshd_config ---> 39d043b35e23 Step 15 : RUN sed -ri 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config ---> d521d63867d1 Step 16 : RUN sed -ri 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config ---> cb23671f25f9 Step 17 : RUN /etc/init.d/sshd start &&/etc/init.d/sshd stop ---> b5f833d07457 Step 18 : RUN sed -ri 's/use address localhost/use address 0.0.0.0/g' /etc/monit.conf ---> 1f24fa7d7da5 Step 19 : RUN sed -ri 's/allow localhost/#allow localhost/g' /etc/monit.conf ---> 14cf11694cbf Step 20 : ADD ssh.conf /etc/monit.d/ssh.conf ---> 3ffa6f3b9e26 Step 21 : EXPOSE 22 2812 ---> Running in 8857657ec67e Successfully built 43db0564a524
できた
core@localhost ~/git/DockerExam/cent6_ssh $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE atsushi/volume latest aaf0c39f6953 22 hours ago 226.4 MB atsushi/cent6_monit_ssh latest 43db0564a524 23 hours ago 452.9 MB atsushi/ubuntu_monit_ssh latest c53db8fef482 24 hours ago 409.9 MB ubuntu 14.10 75204fdb260b 3 weeks ago 226.4 MB cent6_monit latest 42c1c6908ea4 3 weeks ago 324.2 MB cent6_apache latest 633e8b36e083 3 weeks ago 300.6 MB centos centos6 b1bd49907d55 5 weeks ago 212.5 MB centos latest b157b77b1a65 5 weeks ago 243.7 MB
core@localhost ~/git/DockerExam/cent6_ssh $ docker run -p 12812:2812 -p 10022:22 -d atsushi/cent6_monit_ssh 57b3d5c16134d0952c291288639a223ca84008ae2d34d5cd28a5b5a396ec544e