使用podman制作基于fedora31的hexchat镜像,并运行容器封装的hexchat

使用podman制作基于fedora31的hexchat镜像,并运行容器封装的hexchat

1 环境

  • Red Hat Enterprise Linux Server release 7.7 (Maipo)
  • podman version 1.4.4
  • openssh-8.1p1-1.fc31.x86_64
  • HexChat 2.14.2

2 编写用于生成fedora31的hexchat镜像的Dockerfile

2.1 建立一个独立的文件夹

1
# mkdir -p /containerImages/hexchat

2.2 进入此文件夹并且编写Dockerfile (也可以将RUN用&&连接起来,这样层数会少一些)

1
2
3
4
5
6
7
8
9
10
11
12
FROM fedora
MAINTAINER Sam.Lee 1382358xxxx@139.com
RUN yum install -y hexchat iproute openssh-server atk bzip2 cairo expat fontconfig freetype fribidi gdk-pixbuf2 graphite2 harfbuzz keyutils libattr libblkid libcanberra libcap libcom_err libffi libgcc libgcrypt libgpg-error libmodman libmount libnotify libogg libpng libproxy libselinux libstdc++ libtdb libthai libtool libuuid libX11 libXau libXcomposite libXcursor libXdamage libXext libXfixes libXi libXinerama libXrandr libXrender lz4 nss pcre pixman systemd xz zlib xorg-x11-font-utils xorg-x11-drv-qxl xorg-x11-xkb-utils xorg-x11-server-common xorg-x11-xauth xorg-x11-utils xorg-x11-drv-intel xorg-x11-xbitmaps xorg-x11-apps xorg-x11-server-Xorg xorg-x11-drv-ati xorg-x11-drv-nouveau xorg-x11-drv-vmware xorg-x11-drv-wacom-serial-support xorg-x11-fonts-misc xorg-x11-drv-libinput xorg-x11-xinit xorg-x11-drv-evdev xorg-x11-drv-openchrome xorg-x11-drv-wacom xorg-x11-drv-fbdev xorg-x11-drv-vesa xorg-x11-server-utils
RUN echo 'root:A@b8f0c69' | chpasswd
RUN useradd fedorawhexchat && echo 'fedorawhexchat:fedorawhexchat' | chpasswd
RUN sed -i 's/\#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
RUN ssh-keygen -A
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]

3 通过podman生成hexchat镜像,并打上对应的标签 (因为要下包,会受网络影响,大约需要20分钟)

1
# podman build -f Dockerfile . -t 192.168.122.1:5000/fedorawhexchat:v1

4 检查容器里面用户的uid/guid

1
2
# podman run --rm 192.168.122.1:5000/fedorawhexchat:v1 cat /etc/passwd |grep fedorawhexchat
fedorawhexchat:x:1000:1000::/home/fedorawhexchat:/bin/bash

5 建立一个volume给容器做持久存储,并且设置好对应uid/guid

5.1 建立volume

1
# podman volume create samlee-hexchat-volume

5.2 找到volume的mount point

1
# podman volume inspect samlee-hexchat-volume |grep mountPoint

5.3 设置好对应uid/guid

1
# chown -R 1000:1000 /var/lib/containers/storage/volumes/samlee-hexchat-volume

6 运行容器并且挂载volume

1
# podman run --rm -d -p 53721:22 --mount 'type=volume,source=samlee-hexchat-volume,dst=/home/fedorawhexchat/' --restart=always --name fedorawhexchat 192.168.122.1:5000/fedorawhexchat:v1

7 通过ssh启动容器中封装的”hexchat” (可用命令,脚本,应用封装,或者做ssh免秘钥执行)

  • 直接命令
    1
    # ssh -X -p 53721 fedorawhexchat@0.0.0.0 hexchat
  • 自动输入密码
    1
    # sshpass -p fedorawhexchat ssh -X -p 53721 fedorawhexchat@0.0.0.0 hexchat
  • 脚本 “myhexchat.sh” (加上while也可以作为循环调用)
    1
    2
    #!/bin/sh
    sshpass -p fedorawhexchat ssh -X -p 53721 fedorawhexchat@0.0.0.0 hexchat
  • expect 脚本 “myautohexchat.sh” (自动输入密码并执行)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    #!/bin/sh
    /usr/bin/expect -c '
    set timeout 15
    spawn ssh -X -p 53721 fedorawhexchat@0.0.0.0 hexchat
    expect {
    "*password:*"
    {
    send "fedorawhexchat\r"
    sleep 1
    interact
    }
    "*(yes/no)*"
    {
    send "yes\r"
    send "fedorawhexchat\r"
    sleep 1
    interact
    }
    "*No route to host*"
    {
    send [exec echo "Can not execute hexchat"]
    }
    }'
  • 应用封装
    • 比如标准C库的system函数;
    • Java的Process和Runtime;
    • python的os模块的system或者popen方法都行.