1、使用Docker commit制作镜像

为ubuntu镜像提供ssh服务

①：拉取镜像

[root@openEuler-1 ~]# docker pull ubuntu:18.04

②：启动镜像

[root@openEuler-1 ~]# docker run --name c1 -it --rm ubuntu:18.04 bash

③：替换aliyun源

mv /etc/apt/sources.list{,.bak}
echo deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse > /etc/apt/sources.list.d/163.list
echo deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse >> /etc/apt/sources.list.d/163.list
echo deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse >> /etc/apt/sources.list.d/163.list
echo deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse >> /etc/apt/sources.list.d/163.list
echo deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse >> /etc/apt/sources.list.d/163.list
echo deb-src http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse >> /etc/apt/sources.list.d/163.list
echo deb-src http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse >> /etc/apt/sources.list.d/163.list
echo deb-src http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse >> /etc/apt/sources.list.d/163.list
echo deb-src http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse >> /etc/apt/sources.list.d/163.list
echo deb-src http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse >> /etc/apt/sources.list.d/163.list
apt update

④：安装并配置ssh服务

root@8377a04ab754:/# apt install openssh-server -y
root@8377a04ab754:/# mkdir -p /var/run/sshd
root@8377a04ab754:/# /usr/sbin/sshd -D &
# 取消pam登录限制
root@8377a04ab754:/# sed -ri 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/' /etc/pam.d/sshd

⑤：配置免密登录

# 宿主机上：创建密钥对
[root@openEuler-1 ~]# ssh-keygen -f ~/.ssh/id_rsa -P "" -q
[root@openEuler-1 ~]# cat .ssh/id_rsa.pub# 容器内：将刚刚查询到的公钥追加进去
root@8377a04ab754:/# mkdir ~/.sshi
root@8377a04ab754:/# echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCjVp4DSSoBFnxhT/9KsMwPi8hGU9vDK+c6H/X7f0tE+4sYeAIdXtLbn6q0aDV1AOQGfVLtITEHrdxNpUjqDvaNoxJj0Ac9zPn9qGYn6OTcvFoT45UNdglcwN7xx1MrG1piHTHSoZ+aSf0AOnkNH+RPOvXM6Oln46nPGjNsV/xMt8I0SX5lomd9jptCL57DvBiJ+JcRr9POBepkfq+/vO1zdmmfoaUyhdsc2mkKzRcvPs1H26mIyH+XOmzJKfhkqTYw2BrdtGISONR4OfiMcF9JULGc3nxUFClZ+0VeLdRK8xSTYOW4JZy6Zp2YQCotFQgSWmh74q9oCCpfAVxSuDmF3RLfzNzAOPzOyvqildEBnJfeUKIjF8QdyBPbWFpvugtZlnoG/IUNPCa5Iq92w2ulAl8kRmgK3OPKPHtdm5IspkCnVQN1QVAPmmJs7JVSMatcmA3tTthi/9wFBmHufZ8iemSdvEGJIKUZEVBIyOuwgIazDQLueVtYu7X55+lKdO8= root@openEuler-1
> " > ~/.ssh/authorized_keys

⑥：编写服务器启动脚本

root@8377a04ab754:/# echo '#!/bin/bash' > /run.sh
root@8377a04ab754:/# echo /usr/sbin/sshd -D >> /run.sh
root@8377a04ab754:/# chmod +x /run.sh

⑦：提交镜像

[root@openEuler-1 ~]# docker commit c1 sshd:ubuntu_v1
[root@openEuler-1 ~]# docker images
REPOSITORY   TAG         IMAGE ID       CREATED         SIZE
sshd         ubuntu_v1   eab45d3513f7   8 seconds ago   250MB
ubuntu       18.04       f9a80a55f492   2 years ago     63.2MB

⑧：验证镜像

[root@openEuler-1 ~]# docker run -d -p 9001:22 sshd:ubuntu_v1 /run.sh
[root@openEuler-1 ~]# ssh 192.168.93.10 -p 9001

2、使用dockerfile制作镜像

2.1、基于 ubuntu:18.04 构建一个宿主机免密钥登录

①：编写Dockerfile

[root@openEuler-1 ~]# docker pull ubuntu:18.04
18.04: Pulling from library/ubuntu
Digest: sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98
Status: Image is up to date for ubuntu:18.04
docker.io/library/ubuntu:18.04
[root@openEuler-1 ~]# mkdir ubuntu/ && cd ubuntu/
[root@openEuler-1 ubuntu]# cat Dockerfile
FROM ubuntu:18.04
MAINTAINER "obboda <obboda@163.com>"RUN mv /etc/apt/sources.list /etc/apt/sources.list.bak
COPY aliyun.list /etc/apt/sources.list.d/aliyun.list
RUN apt update && apt install openssh-server -y && mkdir -p /var/run/sshd
RUN sed -ri 's/session    required     pam_loginuid.so/#session    required     pam_loginuid.so/' /etc/pam.d/sshd
RUN mkdir /root/.ssh
COPY authorized_keys /root/.ssh/authorized_keysEXPOSE 22/tcp
CMD ["/usr/sbin/sshd","-D"]

②：准备文件

# 制作密钥
ssh-keygen -f ~/.ssh/id_rsa -P "" -qcat > aliyun.list << EOF
> deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
> deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
> deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
> deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
> EOFcat ~/.ssh/id_rsa.pub > authorized_keys

③：构建镜像

[root@openEuler-1 ubuntu]# docker build -t huiliyi/myubuntu:v1 .

④：测试

[root@openEuler-1 ubuntu]# ssh localhost -p 8001
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.10.0-216.0.0.115.oe2203sp4.x86_64 x86_64)* Documentation:  https://help.ubuntu.com* Management:     https://landscape.canonical.com* Support:        https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.To restore this content, you can run the 'unminimize' command.
Last login: Tue Jul 15 04:54:58 2025 from 172.17.0.1
root@8f96bfbb87ac:~#

2.2、使用busybox 构建一个静态web

①：编写Dockerfile

[root@openEuler-1 ~]# mkdir busybox/ && cd busybox/
[root@openEuler-4 busybox]# vim Dockerfile
FROM busybox:latest
MAINTAINER "huiliyi <huiliyi@163.com>"RUN mkdir -p /data/html
COPY index.html /data/html
CMD ["/bin/httpd","-f","-h","/data/html"]
EXPOSE 80/tcp

②：准备文件

[root@openEuler-4 busybox]# echo "busybox test page!" > index.html

③：构建镜像并上传（这里上传的是之前博客中做好的私人仓库）

[root@openEuler-1 busybox]# docker build -t huiliyi/demo:busybox_web .[root@openEuler-1 busybox]# docker login -u admin -p Harbor12345 www.huiliyi.com
[root@openEuler-1 busybox]# docker tag huiliyi/demo:busybox_web www.huiliyi.com/library/huiliyi/demo:busybox_web
[root@openEuler-1 busybox]# docker images | grep "www.huiliyi.com"
www.huiliyi.com/library/huiliyi/demo   busybox_web   a87c9b692c63   42 minutes ago   4.28MB[root@openEuler-1 busybox]# docker push www.huiliyi.com/library/huiliyi/demo:busybox_web
The push refers to repository [www.huiliyi.com/library/huiliyi/demo]
1a21182f3efd: Pushed
2e50c5d69b3a: Pushed
65014c70e84b: Pushed
busybox_web: digest: sha256:e246769ebf2aca55a055f0fda3d33d74c2799298e1a471fa9b57a83ee4dd4249 size: 942

④：测试

[root@openEuler-1 busybox]# docker pull www.huiliyi.com/library/huiliyi/demo:busybox_web[root@openEuler-1 busybox]# docker run -d -p 8080:80 --name web www.huiliyi.com/library/huiliyi/demo:busybox_web
c0c166f79432eb374371e3aba274386e519cffa19756fbf8c3ecbb34921b0876[root@openEuler-1 busybox]# curl localhost:8080
busybox test page!

2.3、制作tomcat服务镜像

①：准备文件

[root@openEuler-1 tomcat]# ls
apache-tomcat-9.0.102.tar.gz  jdk-8u261-linux-x64.rpm

②：编写Dockerfile

[root@openEuler-1 tomcat]# cat Dockerfile
FROM rockylinux:8
MAINTAINER huiliyi <huiliyi@163.com>COPY jdk-8u261-linux-x64.rpm /opt/jdk-8u261-linux-x64.rpm
ADD apache-tomcat-9.0.102.tar.gz /usr/local
RUN yum install -y /opt/jdk-8u261-linux-x64.rpm && ln -s /usr/local/apache-tomcat-9.0.102 /usr/local/tomcatEXPOSE 8080
CMD ["/usr/local/tomcat/bin/catalina.sh","run"]

③：构建镜像并上传

[root@openEuler-1 tomcat]# docker build -t tomcat:v2 .
[root@openEuler-1 tomcat]# docker tag tomcat:v2 www.huiliyi.com/library/tomcat:v2
[root@openEuler-1 tomcat]# docker images | grep "www.huiliyi.com"
[root@openEuler-1 tomcat]# docker push www.huiliyi.com/library/tomcat:v2
The push refers to repository [www.huiliyi.com/library/tomcat]
abebdb312e25: Pushed
6151c32f59a4: Pushed
f758d6584564: Pushed
c1827ee010db: Pushed
v2: digest: sha256:4dd9682c390fc7c3e61eefe5488d9579b7970b1a43d2eafb11f0ed83c12f1c6d size: 1167

④：测试

[root@openEuler-1 tomcat]# docker pull  www.huiliyi.com/library/tomcat:v2
v2: Pulling from library/tomcat
Digest: sha256:4dd9682c390fc7c3e61eefe5488d9579b7970b1a43d2eafb11f0ed83c12f1c6d
Status: Image is up to date for www.huiliyi.com/library/tomcat:v2
www.huiliyi.com/library/tomcat:v2
[root@openEuler-1 tomcat]# docker ps -a
CONTAINER ID   IMAGE                                              COMMAND                  CREATED          STATUS                        PORTS                                   NAMES
64362a92fe3a   tomcat:v1                                          "/usr/local/tomcat/b…"   43 minutes ago   Exited (127) 43 minutes ago  [root@openEuler-1 tomcat]# docker run -d -p 8088:8080 tomcat:v2
b24c6341733f08396f2a9aea3ece3e404ad79ff87762dc38d11354bb7607a86b
[root@openEuler-1 tomcat]# docker ps -a
CONTAINER ID   IMAGE                                              COMMAND                  CREATED          STATUS                        PORTS                                   NAMES
b24c6341733f   tomcat:v2                                          "/usr/local/tomcat/b…"   5 seconds ago    Exited (127) 5 seconds ago                                            modest_almeida

 这里看见状态是退出的，查看日志：

[root@openEuler-1 tomcat]# docker logs b24c6341733f
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f3023d39f81, pid=1, tid=0x00007f3024940700
#
# JRE version: Java(TM) SE Runtime Environment (8.0_261-b12) (build 1.8.0_261-b12)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.261-b12 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# C  [libc.so.6+0x21f81]  abort+0x203
#
# Core dump written. Default location: //core or core.1
#
# An error report file with more information is saved as:
# //hs_err_pid1.log
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
library initialization failed - unable to allocate file descriptor table - out of memory[root@openEuler-1 tomcat]#

 发现是系统资源不足，特别是文件描述符的数量不足，因此我们在运行时需要设置一个较高的

件描述符数量：

[root@openEuler-1 tomcat]# docker run  -d -p 8088:8080  --ulimit nofile=65535:65535 --ulimit nproc=65535:65535 tomcat:v2
ecac09dea15f834acbea03b51c1ad161827a231570e667a012e13854efcdab09
[root@openEuler-1 tomcat]# docker ps -a
CONTAINER ID   IMAGE                                              COMMAND                  CREATED              STATUS                            PORTS                                       NAMES
ecac09dea15f   tomcat:v2                                          "/usr/local/tomcat/b…"   9 seconds ago        Up 8 seconds                      0.0.0.0:8088->8080/tcp, :::8088->8080/tcp   strange_shirley