docker ssh + git

Container 2015.08.13 15:20

1. docker 설치하기

# docker 설치

$ sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

$ sudo vi /etc/apt/sources.list.d/docker.list


# Debian Jessie

#deb https://apt.dockerproject.org/repo debian-jessie main


# Debian Stretch/Sid

#deb https://apt.dockerproject.org/repo debian-stretch main


# Ubuntu Precise

#deb https://apt.dockerproject.org/repo ubuntu-precise main


# Ubuntu Trusty (14.04 LTS)

deb https://apt.dockerproject.org/repo ubuntu-trusty main


# Ubuntu Utopic (14.10)

#deb https://apt.dockerproject.org/repo ubuntu-utopic main


# Ubuntu Vivid (15.04)

#deb https://apt.dockerproject.org/repo ubuntu-vivid main


# Ubuntu Wily (15.10)

#deb https://apt.dockerproject.org/repo ubuntu-wily main


$ sudo apt-get update

$ sudo apt-get purge lxc-docker*

$ sudo apt-get purge docker.io

$ sudo apt-get autoremove

$ sudo apt-get install docker-engine


$ sudo apt-get install bridge-utils

$ sudo usermod -a -G docker stack      # stack user에 docker 그룹을 추가

$ sudo service docker restart


# Mac 에서 Docker 설치하기

$ ruby -e \

"$(curl -fsSL \ https://raw.githubusercontent.com/Homebrew/install/master/install)"


$ brew update

$ brew install caskroom/cask/brew-cask


$ brew cask install virtualbox

$ brew install docker

$ brew install boot2docker


$ boot2docker init

$ boot2docker up


To connect the Docker client to the Docker daemon, please set:

    export DOCKER_HOST=tcp://192.168.59.103:2376

    export DOCKER_CERT_PATH=/Users/ahnsk/.boot2docker/certs/boot2docker-vm

    export DOCKER_TLS_VERIFY=1


$ $(boot2docker shellinit)       # 환경변수 세팅


$ docker info

$ boot2docker ssh                 # vm 접속

$ boot2docker ip                   # vm ip


$ docker run --rm -ti ubuntu:latest /bin/bash        # ubuntu 이미지 테스트

$ docker run --rm -ti fedora:latest /bin/bash         # fedora 이미지 테스트

$ docker run --rm -ti centos:latest /bin/bash         # centos 이미지 테스트


# Upgrade the Boot2docker VM image

$ boot2docker stop

$ boot2docker download

$ boot2docker up


$ boot2docker delete


# Docker Hub 로그인

$ docker login


Username: seungkyua

Password: 

Email: seungkyua@gmail.com


$  cat ~/.docker/config.json


$ docker logout


# Docker Registry 를 insecure 로 변경


# boot2docker

sudo touch /var/lib/boot2docker/profile

$ sudo vi /var/lib/boot2docker/profile

EXTRA_ARGS="--insecure-registry 192.168.59.103:5000"

sudo /etc/init.d/docker restart


# Ubuntu

$ sudo vi /etc/default/docker

DOCKER_OPTS="--insecure-registry 192.168.59.103:5000"

$ sudo service docker restart


# Fedora

$ sudo vi /etc/sysconfig/docker

OPTIONS="--insecure-registry 192.168.59.103:5000"

$ sudo systemctl daemon-reload

$ sudo systemctl restart docker


# CoreOS

$ sudo cp /usr/lib/systemd/system/docker.service /etc/systemd/system/

$ sudo vi  /etc/systemd/system/docker.service

ExecStart=/usr/lib/coreos/dockerd --daemon --host=fd:// \

$DOCKER_OPTS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ \

--insecure-registry 192.168.59.103:5000

$ sudo systemctl daemon-reload

$ sudo systemctl restart docker


# Local Registry 띄우기

$ sudo mkdir -p /var/lib/registry

$ docker run -d -p 5000:5000 \

-v /var/lib/registry:/var/lib/registry \

--restart=always --name registry registry:2



# 테스트

$ docker pull ubuntu

$ docker tag ubuntu 192.168.59.103:5000/ubuntu


$ docker push 192.168.59.103:5000/ubuntu

$ docker pull 192.168.59.103:5000/ubuntu


$ docker stop registry

$ docker rm -v registry




2. docker file 만들기

# mkdir docker

# cd docker

# mkdir git-ssh

# cd git-ssh

# vi Dockerfile

FROM ubuntu:14.04


RUN apt-get -y update

RUN apt-get -y install openssh-server

RUN apt-get -y install git


# Setting openssh

RUN mkdir /var/run/sshd

RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config


# Adding git user

RUN adduser --system git

RUN mkdir -p /home/git/.ssh


# Clearing and setting authorized ssh keys

RUN echo '' > /home/git/.ssh/authorized_keys

RUN echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTFEBrNfpSIvgz7mZ+I96/UqKFCxcouoiDDS9/XPNB1Tn7LykgvHHaR5mrPOQIJ/xTFhSVWpwsmEvTLdv3QJYLB5P+UfrjY5fUmiYgGpKKr5ym2Yua2wykHgQYdT4+lLhyq3BKbnG9vgc/FQlaCWntLckJfAYnHIGYWl1yooMAOka0/pOeJ+hPF0TxLQtrjoVJWiaHLVnB8qgPiCgvSyKROvW6cs1AhY9abasUWrQ5eNsLLMY1rDWccantMjVlcUdDZuPzI4g+/MtfE3IAs7JxtmwMvCMFRMuzWTtZkZSVyqpEGDeLnPGgMNTYUwaxQhlJLtcYnNTqdyZr8ZCcz3zP stephen@Stephenui-MacBook-Pro.local' >> /home/git/.ssh/authorized_keys


# Updating shell to bash

RUN sed -i s#/home/git:/bin/false#/home/git:/bin/bash# /etc/passwd


EXPOSE 22

CMD ["/usr/sbin/sshd", "-D"]

docker build -t git-ssh-img .

docker run --name git-ssh -d -p 1234:22 git-ssh-img


3. docker container bash로 접속

docker run -i -t --rm --net='host' ubuntu:14.04 bash


3. docker container 접속

docker exec -it <containerIdOrName> bash


4. docker 모든 컨테이너 보기

# docker ps -a


5. 모든 컨테이너 삭제

docker ps -a | awk '{print $1}' | grep -v CONTAINER | xargs sudo docker rm


6. docker 모든 <none> 이미지 삭제

docker images | grep "<none>" | awk '{print $3}' | xargs sudo docker rmi


7. 이미지 조회 및 실행

$ sudo docker search ubuntu

sudo docker run --name myssh -d -p 4444:22 rastasheep/ubuntu-sshd


8. stack 사용자 docker 그룹 권한 추가

$ sudo usermod -aG docker stack

$ sudo service docker restart

$ 재로그인


9. docker 이미지 가져오기

$ docker pull ubuntu:lates


10. docker bash쉘로 실행 및 빠져나오기기

docker run -i -t --name hello ubuntu /bin/bash

root@bb97e5f57596:/#


Ctrl + p, Ctrl + q        => 멈추지 않고 빠져나오기


$ docker attach hello            => 다시 접속하기 (enter를 한번 쳐야 함)


11. nginx 설치하기

# mkdir data


# vi Dockerfile

FROM ubuntu:14.04.3


RUN apt-get update

RUN apt-get install -y nginx

RUN echo "\ndaemon off;" >> /etc/nginx/nginx.conf

RUN chown -R www-data:www-data /var/lib/nginx


VOLUME ["/data", "/etc/nginx/site-enabled", "/var/log/nginx"]


WORKDIR /etc/nginx


CMD ["nginx"]


EXPOSE 80

EXPOSE 443


# docker build -t nginx:0.1 .

docker run --name hello-nginx -d -p 2080:80 -v /root/data:/data nginx:0.1



11. 파일 꺼내서 보기

# docker cp hello-nginx:/etc/nginx/nginx.conf ./


12. 컨테이러를 이미지로 생성

# docker commit -a "aaa <aaa@aaa.com>" -m "Initial commit" hello-nginx nginx:0.2


13. 이미지와 컨테이너 변경사항 보기

# docker diff 컨테이너ID

# docker history 이미지ID


14. 컨테이너 내부 보기

# docker inspect hello-nginx


15. docker 컨테이너의 pid 알아내기

docker inspect -f '{{.State.Pid}}' containerID


16. Docker 끼리 point to point 통신하기 (도커마다 네임스페이스를 만들어서 VETH 로 연결)

https://docs.docker.com/v1.7/articles/networking/#building-your-own-bridge


$ docker run -i -t --rm --net=none base /bin/bash

root@1f1f4c1f931a:/#


$ docker run -i -t --rm --net=none base /bin/bash

root@12e343489d2f:/#


# Learn the container process IDs

# and create their namespace entries


$ docker inspect -f '{{.State.Pid}}' 1f1f4c1f931a

2989

$ docker inspect -f '{{.State.Pid}}' 12e343489d2f

3004

$ sudo mkdir -p /var/run/netns

$ sudo ln -s /proc/2989/ns/net /var/run/netns/2989

$ sudo ln -s /proc/3004/ns/net /var/run/netns/3004


# Create the "peer" interfaces and hand them out


$ sudo ip link add A type veth peer name B


$ sudo ip link set A netns 2989

$ sudo ip netns exec 2989 ip addr add 10.1.1.1/32 dev A

$ sudo ip netns exec 2989 ip link set A up

$ sudo ip netns exec 2989 ip route add 10.1.1.2/32 dev A


$ sudo ip link set B netns 3004

$ sudo ip netns exec 3004 ip addr add 10.1.1.2/32 dev B

$ sudo ip netns exec 3004 ip link set B up

$ sudo ip netns exec 3004 ip route add 10.1.1.1/32 dev B



# ssh 다른 샘플

FROM ubuntu:14.04

RUN echo "deb http://archive.ubuntu.com/ubuntu/ trusty main universe" > /etc/apt/sources.list

RUN apt-get update


RUN apt-get install -y openssh-server

RUN mkdir /var/run/sshd

RUN echo 'root:screencast' | chpasswd


EXPOSE 22

CMD /usr/sbin/sshd -D



# NodeJS 샘플

git clone https://github.com/spkane/docker-node-hello.git

cd docker-node-hello


$ brew install tree

tree -a -I .git             # Directory 를 tree 구조로 봄


docker build --no-cache -t example/docker-node-hello:latest .

$ docker run -d -p 8081:8080 example/docker-node-hello:latest    # host 8081, docker 8080


$ echo $DOCKER_HOST


$ docker stop DOCKER_ID


# -e 옵션으로 env 넘기기

$ docker run -d -p 8081:8080 -e WHO="Seungkyu Ahn" example/docker-node-hello:latest


$ docker inspect DOCKER_ID









Posted by Kubernetes Korea co-leader seungkyua@gmail.com