以前做实验都需要虚拟机,现在有了docker container一切都简单了。电脑上装Docker engine和docker-compose,Mac的可以看这个: https://docs.docker.com/desktop/mac/install/
在host machine上建一个工作文件夹,然后创建一对RSA公钥和私钥用来做ssh免密登录,之后就可以开始创建Dockerfile和docker-compose.yml了
|
1 2 3 4 5 6 7 8 9 10 11 |
$ mkdir -p ~/code/ubuntu/app $ cd ~/code/ubuntu $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/Users/slyar/.ssh/id_rsa): ./docker_ssh_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ./docker_ssh_rsa Your public key has been saved in ./docker_ssh_rsa.pub $ touch Dockerfile $ touch docker-compose.yml |
Dockerfile内容如下
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
FROM ubuntu:20.04 # variable when building the image ARG USERNAME=slyar # Apt update & apt install required packages RUN apt update RUN apt -y install openssh-server sudo net-tools less iputils-ping iproute2 RUN apt -y install software-properties-common RUN add-apt-repository --yes --update ppa:ansible/ansible RUN apt -y install ansible RUN apt -y install vim # Add a non-root user RUN useradd -ms /bin/bash $USERNAME # Create the ssh directory USER $USERNAME RUN mkdir /home/$USERNAME/.ssh # Add host public key to authorized_keys file COPY docker_ssh_rsa.pub /home/$USERNAME/.ssh/authorized_keys USER root RUN chown $USERNAME /home/$USERNAME/.ssh/authorized_keys && \ chmod 600 /home/$USERNAME/.ssh/authorized_keys RUN echo "${USERNAME} ALL=(ALL) NOPASSWD: ALL " >> /etc/sudoers # Ignore SSH host key checking warning RUN echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config # Start ssh service RUN service ssh start USER $USERNAME WORKDIR /home/$USERNAME CMD ["sudo","/usr/sbin/sshd","-D"] |
docker-compose.yml 内容如下
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
version: "3.9" services: web1: build: . image: ubuntu_server container_name: web1 hostname: web1 volumes: - ./app:/app web2: image: ubuntu_server container_name: web2 hostname: web2 volumes: - ./app:/app web3: image: ubuntu_server container_name: web3 hostname: web3 volumes: - ./app:/app bastion: image: ubuntu_server container_name: bastion hostname: bastion volumes: - ./app:/app - ./docker_ssh_rsa:/home/slyar/.ssh/id_rsa |
然后在宿主机上启动container并进入bastion container,然后新建一个ansible invenroty文件并测试ansible
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
$ docker-compose down && docker-compose build && docker-compose up -d $ docker-compose ps NAME COMMAND SERVICE STATUS PORTS bastion "sudo /usr/sbin/sshd…" bastion running web1 "sudo /usr/sbin/sshd…" web1 running web2 "sudo /usr/sbin/sshd…" web2 running web3 "sudo /usr/sbin/sshd…" web3 running $ docker exec -it bastion bash slyar@bastion:~$ slyar@bastion:~$ cat /app/inventory all: children: webservers: hosts: web[1:3]: $ ansible all -a "hostname -I" -u slyar -i /app/inventory web3 | CHANGED | rc=0 >> 192.168.16.5 web2 | CHANGED | rc=0 >> 192.168.16.2 web1 | CHANGED | rc=0 >> 192.168.16.3 |
实验环境就搭建完成了,想干什么干什么。但是要注意container用的还是host主机的kernal,所以如果你是想做一些内核相关的实验,用docker是无法实现的。