Blog
Docker with Runit, Part 1: SSH
Though run only one process per container is listed in dockerfile best practice, it’s maybe essentail to run multiple processes for preview purpose or in a development environment.
Someone also ask Docker how do I run more than one process in a Docker container, there are superviord, runit, s6, or daemontools, etc. we can choose.
There are some debtes about whether we should use runit in docker, you can read if you are interested in this. #164 and phusion explain why they use runit in runit section and in github
I will choose Runit on the first try since I saw many developers are using it.
As a Docker beginner, it’s fantastic to migrate some web services in my KVM to Docker to follow the fashion in order to see whether I can take benefit from it. I will start with ssh before I migrate my web services.
There is a good post from sourcedirve.org, which shows us how to use Runit in Docker. And you can also check docker phusion image.
Install
To install docker is quite straightforward:
wget -qO- https://get.docker.com/ | sh
Then, To interactive with docker instance:
docker run -i -t debian /bin/bash
# run with --rm to clean up the container after it exit
docker run --rm -i -t debian /bin/bash
The docker instance will exit after you hit the exit command. Docker also have commands to run a process as daemon but we will discuss how to use runit to launch ssh process.
The officical doc about ssh can be found at running ssh service. Some settings in the document is essential to get the SSH service running in docker instance.
Prepare Scripts
Runit run script to run ssh service, copy to /etc/service/sshd/run
#!/bin/bash
exec 2>&1
exec /usr/sbin/sshd -D -e
Script to start runit, copy to /usr/sbin/runsvdir-start
#!/bin/bash
export > /etc/envvars
exec /usr/sbin/runsvdir-start
Build Image with runit
Make sure “./service/ssh/run” and “./runit_bootstrap” exist in local directory.
#Dockerfile
FROM debian:jessie
#
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:screencast' | chpasswd
RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# Fix
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
# prepare script
RUN mkdir -p /etc/service/ssh/
COPY ./service/ssh/run /etc/service/ssh/run
RUN chmod 755 /etc/service/ssh/run
#install, config runit
RUN touch /etc/inittab
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q runit
COPY runit_bootstrap /usr/sbin/runit_bootstrap
RUN chmod 755 /usr/sbin/runit_bootstrap
EXPOSE 22
ENTRYPOINT ["/usr/sbin/runit_bootstrap"]
After all files are ready, we can start to build the images. You can use the following commands to tag image, start docker instance, and login to docker, etc.
# start to build
docker build .
# find ID of new build image
docker images
# tag the image
docker tag 27bc398e8222 debian-runit:0.1
#An ENTRYPOINT allows you to configure a container that will run as an executable.
#So to run the image (-d deamon):
docker run -d -P -t debian-runit:0.1
# login to docker container
docker exec -i -t <ID> bash
# or:
docker attach <ID>
After you launch the docker instance you build, your can use ssh to login. Root password should be the one in Dockerfile.
If you need packages like curl, psmisc, please add by yourself in Dockerfile.
Default docker will set the ID as it’s hostname, to launch docker instance with a specific hostname, you can use docker run -h debian-runit1 -d -P -t debian-runit:0.1. For details please check docker networking
Hope this post can help you and I will discuss rsyslog later.
Written by Jimmy Yang who lives and works in Hong Kong.