二、鏡像定制
第一種方式（手動修改容器鏡像）
1.先下載centos鏡像
[root@docker ~]# docker pull centos

2.啟動容器并進行配置
啟動容器，
[root@docker ~]# docker run -it -d --name test-centos1 centos
d72250ecaa5e3e36226a1edd749f494d9f00eddc4143c81ac3565aa4e551791a

命令注釋：-it :　進行交互式操作
-d :　等同于 -d=true,容器將會在后臺運行，不然執(zhí)行一次命令后，退出后，便是exit狀態(tài)了。
--name : 容器啟動后的名字，默認不指定，將會隨機產(chǎn)生一個名字。或者使用 -name="containers_name"
centos：使用的鏡像名稱
進入容器，安裝ssh server，以及配置開機啟動
[root@docker ~]# docker exec -it test-centos1 /bin/bash
[root@d72250ecaa5e /]# ifconfig
bash: ifconfig: command not found

*注：命令最后參數(shù) /bin/bash： 指進入容器時執(zhí)行的命令（command）
我們檢查了下容器，暫時安裝以下必用的軟件吧 net-tools，openssh-server
[root@d72250ecaa5e /]# yum install openssh-server net-tools -y

創(chuàng)建ssh 所需的目錄，并在根目錄創(chuàng)建sshd 啟動腳本
[root@d72250ecaa5e /]# mkdir -pv /var/run/sshd
mkdir: created directory '/var/run/sshd'

[root@d72250ecaa5e /]# cat /auto_sshd.sh

!/bin/bash

/usr/sbin/sshd -D
[root@d72250ecaa5e /]# chmod +x /auto_sshd.sh

修改容器內root 的賬戶密碼
[root@d72250ecaa5e /]# echo "root:iloveworld" | chpasswd

生成ssh 主機dsa 密鑰（不然ssh 該容器時，會出現(xiàn)錯誤。）
[root@d72250ecaa5e /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
[root@d72250ecaa5e /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

OK，配置基本完畢?，F(xiàn)在可以生成一個新的docker 鏡像了。
3.配置完成后，進行打包成新的鏡像
[root@docker ~]# docker commit test-centos1 centos_sshd:7.0
sha256:6e3330b30dfff5f029f102874e54cfffffbc37dcf2a4eb7304c817148fbc944d

[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_sshd 7.0 6e3330b30dff 8 seconds ago 310.1 MB
docker.io/ubuntu latest e4415b714b62 12 days ago 128.1 MB

命令注釋：commit： 提交一個具有新配置的容器成為鏡像，后面跟容器的name 或者容器Id ，最后是生成新鏡像的名字
更新：這條命令更方便以后啟動，如下：
[root@docker ~]# docker commit --change='CMD ["/auto_sshd.sh"]' -c "EXPOSE 22" test-centos1 centos_sshd:7.0
sha256:7bb4efd82c4ff1f241cbc57ee45aab1b05d214b1e9fcd51196696c67d480e70b

命令注釋： --change : 將后期使用此鏡像運行容器時的命令參數(shù)、開放的容器端口提前設置好。
4.驗證
查看鏡像，并啟動新的容器
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_sshd 7.0 7bb4efd82c4f 4 minutes ago 310.1 MB
docker.io/ubuntu latest e4415b714b62 12 days ago 128.1 MB

[root@docker ~]# docker run -d -it --name centos_7.0-1 centos_sshd:7.0
ec17e553d5c4c60865afeb99df8dfd1f4e7d4ba6e1b0d5516f9127f09d1d6356
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec17e553d5c4 centos_sshd:7.0 "/auto_sshd.sh" 6 seconds ago Up 5 seconds 22/tcp centos_7.0-1

進行ssh測試，先查看一下該容器的ip，之后ssh。ok
[root@docker ~]# docker exec centos_7.0-1 hostname -i
172.17.0.4

[root@docker ~]# ssh root@172.17.0.4
The authenticity of host '172.17.0.4 (172.17.0.4)' can't be established.
RSA key fingerprint is 87:88:07:12:ac:0a:90:28:10:e1:9e:eb:1f:d6:c9:9d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.4' (RSA) to the list of known hosts.
root@172.17.0.4's password:
Last login: Tue Nov 29 16:00:49 2016 from gateway

[root@ec17e553d5c4 ~]# w
16:34:17 up 63 days, 7:49, 1 user, load average: 0.00, 0.02, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 gateway 16:34 1.00s 0.00s 0.00s w
[root@ec17e553d5c4 ~]# ping gateway
PING gateway (172.17.0.1) 56(84) bytes of data.
bytes from gateway (172.17.0.1): icmp_seq=1 ttl=64 time=0.048 ms

第二種方式（推薦：利用Dockerfile文件）
我的認為它就像ansible的playbook一樣。Dockerfile包含創(chuàng)建鏡像所需要的全部指令。基于在Dockerfile中的指令，我們可以使用Docker build命令來創(chuàng)建鏡像。通過減少鏡像和容器的創(chuàng)建過程來簡化部署。
1.創(chuàng)建Dockerfile文件
新建一個目錄，在里面新建一個dockerfile文件（新建一個的目錄，主要是為了和以防和其它dockerfile混亂 ）
[root@docker ~]# mkdir centos7-dockerfile

[root@docker centos7-dockerfile]# cat Dockerfile

The dockerfile has Change add sshd services on Centos7.0

centos7:latest image

FROM centos:latest

MAINTAINER Yifeng,http://www.cnblogs.com/hanyifeng

Install sshd net-tools

RUN yum install openssh-server net-tools -y
RUN mkdir /var/run/sshd

Set password for root

RUN echo 'root:iloveworld' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

Set history record

ENV HISTTIMEFORMAT "%F %T "

Fix sshd service:Read from socket failed: Connection reset by peer?

RUN ssh-keygen -A

Change timezone CST

RUN \cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

Open 22 port

EXPOSE 22

Auto running sshd service

CMD ["/usr/sbin/sshd","-D"]

上述文件內容就是一個dockerfile 常見的命令組合。開頭帶＃號的為注釋
文件解釋：
FROM： 必不可少的命令，從某個鏡像作為基。如 FROM <image_name> ，或者 FROM <image_name>:<tag>. 如果不加tag，默認為latest。先從本地鏡像倉庫去搜索基鏡像，如過本地沒有，在去網(wǎng)上docker registry去尋找。
MAINTAINER：標明該Dockerfile作者及聯(lián)系方式，可忽略不寫
RUN：建立新的鏡像時，可以執(zhí)行在系統(tǒng)里的命令，如安裝特定的軟件以及設置環(huán)境變量。
ENV：設置系統(tǒng)環(huán)境變量（注意：寫在/etc/profile里的命令在dockerfile這里會不生效，所以為改成ENV的方式）
EXPOSE：開放容器內的端口，但不和宿主機進行映射。方便在宿主機上進行開發(fā)測試。（如需映射到宿主機端口，可在運行容器時使用 -p host_port:container_port）
CMD：設置執(zhí)行的命令，經(jīng)常用于容器啟動時指定的某個操作。如執(zhí)行自定義腳本服務，或者是執(zhí)行系統(tǒng)命令。CMD 只能存在一條，如在Dockerfile中有多條CMD的話，只有最后一條CMD生效！
2.執(zhí)行build 創(chuàng)建鏡像
使用docker build命令來創(chuàng)建鏡像
[root@docker centos7-dockerfile]# docker build -t centos_sshd_1 .

-t 選項來docker build新的鏡像以便于標記構建的鏡像，. 表示當前目錄，也可以指定dockerfile 文件所在目錄。
下面縮略的內容是構建鏡像時的輸出，可以看下。
[root@docker centos7-dockerfile]# docker build -t centos_sshd_1 .
Sending build context to Docker daemon 4.096 kB
Step 1 : FROM centos:latest
---> 0584b3d2cf6d
Step 2 : MAINTAINER Yifeng,http://www.cnblogs.com/hanyifeng
---> Running in da643b55dc77
---> 1087074d44e4
Removing intermediate container da643b55dc77
Step 3 : RUN yum install openssh-server net-tools -y
---> Running in 5626d8f0f892
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors

• base: mirrors.btte.net
• extras: mirrors.tuna.tsinghua.edu.cn
• updates: mirrors.btte.net
  Resolving Dependencies
  --> Running transaction check
  ---> Package net-tools.x86_64 0:2.0-0.17.20131004git.el7 will be installed
  ---> Package openssh-server.x86_64 0:6.6.1p1-25.el7_2 will be installed
  --> Processing Dependency: openssh = 6.6.1p1-25.el7_2 for package: openssh-server-6.6.1p1-25.el7_2.x86_64
  --> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-6.6.1p1-25.el7_2.x86_64
  --> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-6.6.1p1-25.el7_2.x86_64
  --> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-6.6.1p1-25.el7_2.x86_64
  --> Running transaction check
  ---> Package fipscheck-lib.x86_64 0:1.4.1-5.el7 will be installed
  --> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-5.el7.x86_64
  ---> Package openssh.x86_64 0:6.6.1p1-25.el7_2 will be installed
  ---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed
  --> Running transaction check
  ---> Package fipscheck.x86_64 0:1.4.1-5.el7 will be installed
  --> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
net-tools x86_64 2.0-0.17.20131004git.el7 base 304 k
openssh-server x86_64 6.6.1p1-25.el7_2 updates 436 k
Installing for dependencies:
fipscheck x86_64 1.4.1-5.el7 base 21 k
fipscheck-lib x86_64 1.4.1-5.el7 base 11 k
openssh x86_64 6.6.1p1-25.el7_2 updates 435 k
tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k

Transaction Summary

Install 2 Packages (+4 Dependent packages)

Total download size: 1.2 M
Installed size: 3.4 M
Downloading packages:
Public key for fipscheck-lib-1.4.1-5.el7.x86_64.rpm is not installed
warning: /var/cache/yum/x86_64/7/base/packages/fipscheck-lib-1.4.1-5.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for openssh-6.6.1p1-25.el7_2.x86_64.rpm is not installed

Total 593 kB/s | 1.2 MB 00:02
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) security@centos.org"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fipscheck-1.4.1-5.el7.x86_64 1/6
Installing : fipscheck-lib-1.4.1-5.el7.x86_64 2/6
Installing : openssh-6.6.1p1-25.el7_2.x86_64 3/6
Installing : tcp_wrappers-libs-7.6-77.el7.x86_64 4/6
Installing : openssh-server-6.6.1p1-25.el7_2.x86_64 5/6
Installing : net-tools-2.0-0.17.20131004git.el7.x86_64 6/6
Verifying : openssh-6.6.1p1-25.el7_2.x86_64 1/6
Verifying : openssh-server-6.6.1p1-25.el7_2.x86_64 2/6
Verifying : net-tools-2.0-0.17.20131004git.el7.x86_64 3/6
Verifying : tcp_wrappers-libs-7.6-77.el7.x86_64 4/6
Verifying : fipscheck-lib-1.4.1-5.el7.x86_64 5/6
Verifying : fipscheck-1.4.1-5.el7.x86_64 6/6

Installed:
net-tools.x86_64 0:2.0-0.17.20131004git.el7
openssh-server.x86_64 0:6.6.1p1-25.el7_2

Dependency Installed:
fipscheck.x86_64 0:1.4.1-5.el7 fipscheck-lib.x86_64 0:1.4.1-5.el7
openssh.x86_64 0:6.6.1p1-25.el7_2 tcp_wrappers-libs.x86_64 0:7.6-77.el7

Complete!
---> 7b249ed8cb54
Removing intermediate container 5626d8f0f892
Step 4 : RUN mkdir /var/run/sshd
---> Running in fc94a139d438
---> ea2826eccc91
Removing intermediate container fc94a139d438
Step 5 : RUN echo 'root:iloveworld' | chpasswd
---> Running in ba53283081a7
---> 7ce1ddb5d9c0
Removing intermediate container ba53283081a7
Step 6 : RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
---> Running in 4112281a5bf0
---> be21fb6b5b1e
Removing intermediate container 4112281a5bf0
Step 7 : ENV HISTTIMEFORMAT "%F %T "
---> Running in f2081726e403
---> f3fafca42170
Removing intermediate container f2081726e403
Step 8 : RUN ssh-keygen -A
---> Running in 2ca9e743dee7
ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA ED25519
---> 1a927943bee7
Removing intermediate container 2ca9e743dee7
Step 9 : RUN \cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
---> Running in afd43cc6d4d6
---> 4a0cacf6cd72
Removing intermediate container afd43cc6d4d6
Step 10 : EXPOSE 22
---> Running in a03551bc3bcb
---> 3af544106bf4
Removing intermediate container a03551bc3bcb
Step 11 : CMD /usr/sbin/sshd -D
---> Running in f45fe5eb5561
---> d4620c9949b8
Removing intermediate container f45fe5eb5561
Successfully built d4620c9949b8

docker build stdout

3.查看鏡像列表，并創(chuàng)建容器
[root@docker centos7-dockerfile]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos_sshd_1 latest d4620c9949b8 4 minutes ago 308.4 MB
centos_sshd 7.0 7bb4efd82c4f 2 days ago 310.1 MB

我們剛剛新建的容器已經(jīng)存在了，現(xiàn)在用它來創(chuàng)建容器
[root@docker centos7-dockerfile]# docker run -d -it --name centos-two centos_sshd_1
7ae51091c138d249b5e97f6957073e748db278c0f1cf856e968ca78a4aec1a5b

查看容器
[root@docker centos7-dockerfile]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7ae51091c138 centos_sshd_1 "/usr/sbin/sshd -D" 16 seconds ago Up 15 seconds 22/tcp centos-two

??，可以看到容器的command 就是我們之前定義啟動ssh 服務的，并且開放了22端口。
現(xiàn)在我們在宿主機上查看下該容器的ip，然后用ssh 鏈接進去。
[root@docker ~]# docker exec centos-two hostname -I
172.17.0.7

[root@docker ~]# ssh root@172.17.0.7
The authenticity of host '172.17.0.7 (172.17.0.7)' can't be established.
ECDSA key fingerprint is 7a:38:69:d7:5e:f4:db:e8:3c:ea:92:a4:1a:a1:7b:9a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.7' (ECDSA) to the list of known hosts.
root@172.17.0.7's password:
[root@7ae51091c138 ~]# w
11:19:34 up 65 days, 18:34, 1 user, load average: 0.01, 0.04, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 gateway 11:19 6.00s 0.00s 0.00s w

OK。上述就是定義鏡像的兩種方式，如果還有其它更為方便的還望不吝賜教哈。