下面制作的镜像的ssh的root账号密码是root,已经推到阿里云的docker仓库
在本地制作Ubuntu镜像时,apt-get install 安装软件老是抛下来的错,docker build一直失败了十几次,都没成功,后面移动了一下安装软件顺序又突然成功了。不知道是否与apt-get install的顺序有关,但是在腾讯云服务器却制作成功,安装顺序和本地的一样,在阿里云服务器docker build,好像又失败了,太诡异了
E: Failed to fetch http://mirrors.aliyun.com/ubuntu/pool/main/a/automake-1.15/automake_1.15.1-3ubuntu2_all.deb Undetermined Error [IP: 220.113.152.233 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
docker pull registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:20.04.1-20200729
docker tag registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:20.04.1-20200729 ubuntu:20.04.1-20200729
docker rmi registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:20.04.1-20200729
# docker run --privileged -itd --restart always -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name ubuntu ubuntu:20.04.1-20200729 /sbin/init
docker pull registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:18.04.5-20200807
docker tag registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:18.04.5-20200807 ubuntu:18.04.5-20200807
docker rmi registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:18.04.5-20200807
# docker run --privileged -itd --restart always -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name ubuntu ubuntu:18.04.5-20200807 /sbin/init
docker pull registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.8.2003
docker tag registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.8.2003 centos:ssh-7.8.2003
docker rmi registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.8.2003
# docker run -itd --privileged --name centos centos:ssh-7.8.2003 /usr/sbin/init
docker pull registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.7.1908
docker tag registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.7.1908 centos:ssh-7.7.1908
docker rmi registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.7.1908
# docker run -itd --privileged --name centos centos:ssh-7.7.1908 /usr/sbin/init
docker pull registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.6.1810
docker tag registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.6.1810 centos:ssh-7.6.1810
docker rmi registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.6.1810
# docker run -itd --privileged --name centos centos:ssh-7.6.1810 /usr/sbin/init
docker pull registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.5.1804
docker tag registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.5.1804 centos:ssh-7.5.1804
docker rmi registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.5.1804
# docker run -itd --privileged --name centos centos:ssh-7.5.1804 /usr/sbin/init
制作带有systemctl的Ubuntu镜像,经过千辛万苦才找到的可以正常运行的例子
ubuntu-18.04.5镜像的制作例子,包含完整的lsb-release指令
rm -rf 18.04.5-20200807 && mkdir 18.04.5-20200807 && cd 18.04.5-20200807
# 制作Dockerfile文件
tee Dockerfile <<-'EOF'
FROM ubuntu:bionic-20200807
ENV TZ Asia/Shanghai
ENV container docker
ARG DEBIAN_FRONTEND=noninteractive
COPY Dockerfile /Dockerfile
RUN echo "deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse" > /etc/apt/sources.list; \
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse" >> /etc/apt/sources.list; \
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list; \
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse" >> /etc/apt/sources.list; \
echo "deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list; \
rm -rf /var/lib/apt/lists/* ; \
apt-get update; \
apt-get install -y apt-utils systemd curl wget iproute2 iproute2-doc telnet openssh-server net-tools tree lsb-core dpkg-dev iputils-ping; \
apt-get autoclean && apt-get clean && rm -rf /tmp/* /var/tmp/*; \
systemctl enable ssh
RUN echo 'root:root' | chpasswd; \
sed -ri 's|^#?PubkeyAuthentication\s+.*|PubkeyAuthentication yes|' /etc/ssh/sshd_config; \
sed -ri 's|^PasswordAuthentication\s+.*|PasswordAuthentication yes|' /etc/ssh/sshd_config; \
sed -ri 's|^GSSAPIAuthentication\s+.*|GSSAPIAuthentication no|' /etc/ssh/sshd_config; \
sed -ri 's|#PermitRootLogin prohibit-password|PermitRootLogin yes|' /etc/ssh/sshd_config;
STOPSIGNAL SIGRTMIN+3
WORKDIR /
VOLUME ["/sys/fs/cgroup"]
CMD ["/sbin/init"]
EOF
docker stop ubuntu
docker rm ubuntu
docker rmi ubuntu:18.04.5-20200807
docker build -t ubuntu:18.04.5-20200807 .
cd .. && rm -rf 18.04.5-20200807
# 启动命令加 /sbin/init 指令, 或不指定命令, 请不要写其他指令, 万一产生其他问题不好解决
docker run --privileged -itd --restart always -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name ubuntu ubuntu:18.04.5-20200807 /sbin/init
# docker tag ubuntu:18.04.5-20200807 registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:18.04.5-20200807
# docker push registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:18.04.5-20200807
# docker rmi registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:18.04.5-20200807
# docker network create --subnet=10.10.6.0/24 ubuntu-network
# docker run --privileged -itd --restart always -v /sys/fs/cgroup:/sys/fs/cgroup:ro --net ubuntu-network --ip 10.10.6.103 --name ubuntu ubuntu:18.04.5-20200807 /sbin/init
rm -rf 20.04.1-20200729 && mkdir 20.04.1-20200729 && cd 20.04.1-20200729
tee Dockerfile <<-'EOF'
FROM ubuntu:focal-20200729
ENV TZ Asia/Shanghai
ENV container docker
# 不添下面这句会出现一个手动交互输入地址的界面,让无人看守的自动化梦想毁灭,对这种手动设置的软件无语了
ENV DEBIAN_FRONTEND noninteractive
ARG DEBIAN_FRONTEND=noninteractive
COPY Dockerfile /Dockerfile
RUN echo "deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse" > /etc/apt/sources.list; \
echo "deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse" >> /etc/apt/sources.list; \
echo "deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse" >> /etc/apt/sources.list; \
echo "deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse" >> /etc/apt/sources.list; \
echo "deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse" >> /etc/apt/sources.list; \
apt-get update; \
apt-get install -y systemd curl wget telnet openssh-server iproute2 iproute2-doc iputils-ping net-tools tree dpkg-dev; \
apt-get autoclean && apt-get clean && rm -rf /tmp/* /var/tmp/*; \
systemctl enable ssh
RUN echo 'root:root' | chpasswd; \
sed -ri 's|^#?PubkeyAuthentication\s+.*|PubkeyAuthentication yes|' /etc/ssh/sshd_config; \
sed -ri 's|^PasswordAuthentication\s+.*|PasswordAuthentication yes|' /etc/ssh/sshd_config; \
sed -ri 's|^GSSAPIAuthentication\s+.*|GSSAPIAuthentication no|' /etc/ssh/sshd_config; \
sed -ri 's|#PermitRootLogin prohibit-password|PermitRootLogin yes|' /etc/ssh/sshd_config;
STOPSIGNAL SIGRTMIN+3
WORKDIR /
VOLUME ["/sys/fs/cgroup"]
CMD ["/sbin/init"]
EOF
docker stop ubuntu
docker rm ubuntu
docker rmi ubuntu:20.04.1-20200729
docker build -t ubuntu:20.04.1-20200729 .
cd .. && rm -rf 20.04.1-20200729
# 启动命令加 /sbin/init 指令, 或不指定命令, 请不要写其他指令, 万一产生其他问题不好解决
docker run --privileged -itd --restart always -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name ubuntu ubuntu:20.04.1-20200729 /sbin/init
# docker tag ubuntu:20.04.1-20200729 registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:20.04.1-20200729
# docker push registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:20.04.1-20200729
# docker rmi registry.cn-hangzhou.aliyuncs.com/hegp/ubuntu:20.04.1-20200729
在上述的Dockerfile中,有许多内容是与Systemd在Docker下运行息息相关的
ENV container docker
STOPSIGNAL SIGRTMIN+3
VOLUME ["/sys/fs/cgroup"]
CMD ["/sbin/init"]
第一行指定了环境变量container="docker",经测试,这一条环境变量会使得Systemd识别到Docker是它的虚拟化环境。同时,也会使得对init发送信号SIGRTMIN+3可以使Systemd正常关闭,也就是第二行里面的STOPSIGNAL SIGRTMIN+3。
第三行里面指定了Volumes。其中/sys/fs/cgroup是系统CGroup的挂载点,Systemd依赖CGroup,这里显式地提示用户挂载CGroup目录(只读即可)。
镜像构建相关,镜像构建过程,影响到的变量有这两个:
ARG LC_ALL=C 会将容器的地区设置为无,兼容所有基本的地区设置。
ARG DEBIAN_FRONTEND=noninteractive 告知apt相关应用目前的进程是不可交互的,避免出现需要变更配置文件或者交互式配置情况出现,从而保证构建顺利进行。
不必要的unit
在上文已经阐述过了,既然是在容器内又无特权,那么需要将一部分和完全虚拟相关的部分——挂载去除。因而可以直接删除*.mount型unit。同时,因为容器网络由外部管理,其也没有NET_ADMIN的权限,无需响应变更,所以可以去除networkd-dispatcher.service这个unit。
# remove unnecessary units
RUN rm -f /lib/systemd/system/sysinit.target.wants/*.mount \
&& systemctl disable networkd-dispatcher.service
centos:7.0.1406
centos:7.1.1503
centos:7.2.1511
centos:7.3.1611
centos:7.4.1708
centos:7.5.1804
centos:7.6.1810
centos:7.7.1908
centos:7.8.2003
rm -rf 7.8.2003 && mkdir 7.8.2003 && cd 7.8.2003
tee Dockerfile <<-'EOF'
FROM centos:7.8.2003
ENV ROOT_PASSWORD root
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo ; \
sed -i "/mirrors.aliyuncs.com/d" /etc/yum.repos.d/CentOS-Base.repo ; \
sed -i "/mirrors.cloud.aliyuncs.com/d" /etc/yum.repos.d/CentOS-Base.repo ; \
echo "export LC_ALL=en_US.UTF-8" >> /etc/profile ; \
yum clean all && yum makecache ; \
yum install -y openssh-server openssh-clients net-tools firewalld curl wget telnet tree initscripts ; \
ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa -q ; \
echo "root:${ROOT_PASSWORD}" | chpasswd ; \
sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config; \
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config; \
sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config; \
yum clean all ;
EXPOSE 22
CMD ["/usr/sbin/init"]
EOF
docker stop centos
docker rm centos
docker rmi centos:ssh-7.8.2003
docker build -t centos:ssh-7.8.2003 .
cd .. && rm -rf 7.8.2003
docker run -itd --privileged --name centos centos:ssh-7.8.2003 /usr/sbin/init
rm -rf 7.7.1908 && mkdir 7.7.1908 && cd 7.7.1908
tee Dockerfile <<-'EOF'
FROM centos:7.7.1908
ENV ROOT_PASSWORD root
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo ; \
sed -i "/mirrors.aliyuncs.com/d" /etc/yum.repos.d/CentOS-Base.repo ; \
sed -i "/mirrors.cloud.aliyuncs.com/d" /etc/yum.repos.d/CentOS-Base.repo ; \
echo "export LC_ALL=en_US.UTF-8" >> /etc/profile ; \
yum clean all && yum makecache ; \
yum install -y openssh-server openssh-clients net-tools firewalld curl wget telnet tree initscripts ; \
ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa -q ; \
echo "root:${ROOT_PASSWORD}" | chpasswd ; \
sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config; \
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config; \
sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config; \
yum clean all ;
EXPOSE 22
CMD ["/usr/sbin/init"]
EOF
docker stop centos
docker rm centos
docker rmi centos:ssh-7.7.1908
docker build -t centos:ssh-7.7.1908 .
cd .. && rm -rf 7.7.1908
docker run -itd --privileged --name centos centos:ssh-7.7.1908 /usr/sbin/init
rm -rf 7.6.1810 && mkdir 7.6.1810 && cd 7.6.1810
tee Dockerfile <<-'EOF'
FROM centos:7.6.1810
ENV ROOT_PASSWORD root
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo ; \
sed -i "/mirrors.aliyuncs.com/d" /etc/yum.repos.d/CentOS-Base.repo ; \
sed -i "/mirrors.cloud.aliyuncs.com/d" /etc/yum.repos.d/CentOS-Base.repo ; \
echo "export LC_ALL=en_US.UTF-8" >> /etc/profile ; \
yum clean all && yum makecache ; \
yum install -y openssh-server openssh-clients net-tools firewalld curl wget telnet tree initscripts ; \
ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa -q ; \
echo "root:${ROOT_PASSWORD}" | chpasswd ; \
sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config; \
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config; \
sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config; \
yum clean all ;
EXPOSE 22
CMD ["/usr/sbin/init"]
EOF
docker stop centos
docker rm centos
docker rmi centos:ssh-7.6.1810
docker build -t centos:ssh-7.6.1810 .
cd .. && rm -rf 7.6.1810
docker run -itd --privileged --name centos centos:ssh-7.6.1810 /usr/sbin/init
rm -rf 7.5.1804 && mkdir 7.5.1804 && cd 7.5.1804
tee Dockerfile <<-'EOF'
FROM centos:7.5.1804
ENV ROOT_PASSWORD root
RUN curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo ; \
sed -i "/mirrors.aliyuncs.com/d" /etc/yum.repos.d/CentOS-Base.repo ; \
sed -i "/mirrors.cloud.aliyuncs.com/d" /etc/yum.repos.d/CentOS-Base.repo ; \
echo "export LC_ALL=en_US.UTF-8" >> /etc/profile ; \
yum clean all && yum makecache ; \
yum install -y openssh-server openssh-clients net-tools firewalld curl wget telnet tree initscripts ; \
ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa -q ; \
echo "root:${ROOT_PASSWORD}" | chpasswd ; \
sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config; \
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config; \
sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/' /etc/ssh/sshd_config; \
yum clean all ;
EXPOSE 22
CMD ["/usr/sbin/init"]
EOF
docker stop centos
docker rm centos
docker rmi centos:ssh-7.5.1804
docker build -t centos:ssh-7.5.1804 .
cd .. && rm -rf 7.5.1804
docker tag centos:ssh-7.5.1804 registry.cn-hangzhou.aliyuncs.com/hegp/centos:ssh-7.5.1804