docker深入1-使用supervisor来管理服务
docker深入1-使用supervisor来管理服务目的:
a) 提供ssh登录;
b) 提供supervisor来管理其他服务;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
一、制作一个基础镜像
$ pwd
/home/Jack/base
$ ls
binconfDockerfileREADME
1)【Dockerfile】
$ cat Dockerfile
FROM centos
MAINTAINER pcnk
# yum
RUN yum -y update; yum clean all
# epel & supervisor
RUN rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
RUN yum -y install python-pip \
&& /usr/bin/pip install supervisor
&& yum clean all
RUN mkdir -p /etc/supervisor/conf.d /var/log/supervisor
COPY ./conf/supervisord.conf /etc/supervisord.conf
# sshd
RUN yum -y install openssh-server passwd \
&& yum clean all
ADD ./bin/start.sh /root/start.sh
RUN mkdir /var/run/sshd
RUN /bin/sed -i 's/.*session.*required.*pam_loginuid.so.*/session optional pam_loginuid.so/g' /etc/pam.d/sshd
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
RUN chmod 755 /root/start.sh
# EXPOSE 22
RUN ./root/start.sh
ENTRYPOINT ["/usr/bin/supervisord"]
2)【启动脚本】
$ cat bin/start.sh
#!/bin/bash
#
# 2015/5/5
# Update public key for root
__update_root() {
SSH_USERPASS=toortoor
echo -e "$SSH_USERPASS\n$SSH_USERPASS" | (passwd --stdin root)
echo ssh user password: $SSH_USERPASS
d_root='/root/.ssh'
[ -d ${d_root} ] || mkdir ${d_root}
cat <<_PUBKEY > /${d_root}/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA+kdRTFU8zzzypY7BF1vfjk00ECGruUTWVILVcAVKX2FlUa0MVgXuX8auaqcl7mU3jq8DCKXUpJE4zywDQh0v6+b7/x3K+LTascPLRrdoZRMyc3B9F8F6buJWUjkvcosvRRp4rtymngLHczOeH9v9yK+xIc32xJiQv0apjyUA8ZXqNx8QAOlZYoGTi8AISzcf+lMgWUcbm8Y7cjZSOG3GjzGuJWWjBUnLGxgIZXDLF/qXYHxqYzac9uHRjG8gXrO2zawNKlq18m50pKF12P5eYlvGoYqYDwVR+mk9wte4+MPgiUi/nA43FHTp57LToUc0AE64fQelsyh2fCOU50Jgkw== Jack@test
_PUBKEY
chmod 700 ${d_root}
chmod 600 ${d_root}/authorized_keys
}
# Call all functions
__update_root
3)【supervisor配置】
$ cat conf/supervisord.conf
logfile=/var/log/supervisor/supervisord.log
nodaemon=true
files = /etc/supervisor/conf.d/*.conf
command=/usr/sbin/sshd -D
4)【build一个image】
$ docker build --rm -t pcnk/base:v1 .
【查看images】
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
pcnk/base v1 44348b9b1529 3 minutes ago 336.7 MB
centos 7 fd44297e2ddb 13 days ago 215.7 MB
centos centos7 fd44297e2ddb 13 days ago 215.7 MB
centos latest fd44297e2ddb 13 days ago 215.7 MB
5)【启动一个container】
$ docker run -d --name sync -p 10022:22 pcnk/base:v1
ed5c6fe42caf8b37c6f81810ee94cfccf435b1fd0125911536f58fdd3a07d30a
$ docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bd6340e0d81c pcnk/base:v1 "/usr/bin/supervisor 23 seconds ago Up 22 seconds 0.0.0.0:10022->22/tcp sync
登录测试:
$ echo> ../.ssh/known_hosts
上边先清理一下,因为之前的测试有保留其他的key的信息。
先测试用passwd方式登录:
$ ssh -p 10022 root@127.0.0.1
The authenticity of host ':10022 (:10022)' can't be established.
RSA key fingerprint is a5:e8:cc:7c:61:5e:a1:a2:88:f7:30:a0:d3:4a:ca:e8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ':10022' (RSA) to the list of known hosts.
root@127.0.0.1's password:
# exit
logout
Connection to 127.0.0.1 closed.
再测试用public key方式登录:
$ ssh -p 10022 root@127.0.0.1 -i /home/Jack/.ssh/Jack
Last login: Tue May5 08:34:54 2015 from 172.17.42.1
# exit
logout
Connection to 127.0.0.1 closed.
6)【删除镜像的方式】
先停止用到这个image的container:
$ docker stop sync
$ docker rm sync
再删掉image:
$ docker rmi `docker images |grep 'pcnk/base' |awk '{print $3}'`
页:
[1]