Docker管理-基于CentOS手动制作SVN镜像
2020-04-18 本文已影响0人
复苏的兵马俑
1、拉取CentOS基础镜像(centos:8.1.1911)
[root@Server ~]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@Server ~]# docker image pull centos:8.1.1911
8.1.1911: Pulling from library/centos
8a29a15cefae: Pull complete
Digest: sha256:fe8d824220415eed5477b63addf40fb06c3b049404242b31982106ac204f6700
Status: Downloaded newer image for centos:8.1.1911
docker.io/library/centos:8.1.1911
[root@Server ~]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 8.1.1911 470671670cac 3 months ago 237MB
2、运行创建CentOS容器
[root@Server ~]# docker container run -it --name "svnsrv" centos:8.1.1911 /bin/bash
[root@b3d3eb61a192 /]#
3、安装subversion
[root@b3d3eb61a192 /]# yum -y update
[root@b3d3eb61a192 /]# yum install -y subversion
[root@b3d3eb61a192 /]# svnserve --version
svnserve, version 1.10.2 (r1835932)
compiled Jun 24 2019, 19:19:14 on x86_64-redhat-linux-gnu
Copyright (C) 2018 The Apache Software Foundation.
This software consists of contributions made by many people;
see the NOTICE file for more information.
Subversion is open source software, see http://subversion.apache.org/
The following repository back-end (FS) modules are available:
* fs_fs : Module for working with a plain file (FSFS) repository.
* fs_x : Module for working with an experimental (FSX) repository.
Cyrus SASL authentication is available.
4、创建svn库
[root@b3d3eb61a192 /]# mkdir -p /usr/svn/repository
[root@b3d3eb61a192 /]# ls -l /usr/svn/
total 0
drwxr-xr-x 2 root root 6 Apr 19 04:06 repository
[root@b3d3eb61a192 /]# svnadmin create /usr/svn/repository
[root@b3d3eb61a192 /]# ls -l /usr/svn/repository
total 8
drwxr-xr-x 2 root root 76 Apr 19 04:07 conf
drwxr-sr-x 6 root root 233 Apr 19 04:07 db
-r--r--r-- 1 root root 2 Apr 19 04:07 format
drwxr-xr-x 2 root root 231 Apr 19 04:07 hooks
drwxr-xr-x 2 root root 41 Apr 19 04:07 locks
-rw-r--r-- 1 root root 246 Apr 19 04:07 README.txt
[root@b3d3eb61a192 /]# chmod -R 777 /usr/svn/repository/db
[root@b3d3eb61a192 /]# ls -l /usr/svn/repository
total 8
drwxr-xr-x 2 root root 76 Apr 19 04:07 conf
drwxrwsrwx 6 root root 233 Apr 19 04:07 db
-r--r--r-- 1 root root 2 Apr 19 04:07 format
drwxr-xr-x 2 root root 231 Apr 19 04:07 hooks
drwxr-xr-x 2 root root 41 Apr 19 04:07 locks
-rw-r--r-- 1 root root 246 Apr 19 04:07 README.txt
5、设置访问权限
[root@b3d3eb61a192 /]# cd /usr/svn/repository/conf/
[root@b3d3eb61a192 conf]# cat svnserve.conf
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)
### Visit http://subversion.apache.org/ for more information.
[general]
### The anon-access and auth-access options control access to the
### repository for unauthenticated (a.k.a. anonymous) users and
### authenticated users, respectively.
### Valid values are "write", "read", and "none".
### Setting the value to "none" prohibits both reading and writing;
### "read" allows read-only access, and "write" allows complete
### read/write access to the repository.
### The sample settings below are the defaults and specify that anonymous
### users have read-only access to the repository, while authenticated
### users have read and write access to the repository.
# anon-access = read
# auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
# password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control. Unless you specify a path
### starting with a /, the file's location is relative to the
### directory containing this file. The specified path may be a
### repository relative URL (^/) or an absolute file:// URL to a text
### file in a Subversion repository. If you don't specify an authz-db,
### no path-based access control is done.
### Uncomment the line below to use the default authorization file.
# authz-db = authz
### The groups-db option controls the location of the file with the
### group definitions and allows maintaining groups separately from the
### authorization rules. The groups-db file is of the same format as the
### authz-db file and should contain a single [groups] section with the
### group definitions. If the option is enabled, the authz-db file cannot
### contain a [groups] section. Unless you specify a path starting with
### a /, the file's location is relative to the directory containing this
### file. The specified path may be a repository relative URL (^/) or an
### absolute file:// URL to a text file in a Subversion repository.
### This option is not being used by default.
# groups-db = groups
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository's uuid.
# realm = My First Repository
### The force-username-case option causes svnserve to case-normalize
### usernames before comparing them against the authorization rules in the
### authz-db file configured above. Valid values are "upper" (to upper-
### case the usernames), "lower" (to lowercase the usernames), and
### "none" (to compare usernames as-is without case conversion, which
### is the default behavior).
# force-username-case = none
### The hooks-env options specifies a path to the hook script environment
### configuration file. This option overrides the per-repository default
### and can be used to configure the hook script environment for multiple
### repositories in a single file, if an absolute path is specified.
### Unless you specify an absolute path, the file's location is relative
### to the directory containing this file.
# hooks-env = hooks-env
[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### Enabling this option requires svnserve to have been built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'
# use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
# min-encryption = 0
# max-encryption = 256
[root@b3d3eb61a192 conf]# sed -i -e 's/# anon-access = read/anon-access = none/g' -e 's/# auth-access = write/auth-access = write/g' -e 's/# password-db = passwd/password-db = passwd/g' -e 's/# authz-db = authz/authz-db = authz/g' -e 's/# realm = My First Repository/realm = repository/g' ./svnserve.conf
[root@b3d3eb61a192 conf]# cat svnserve.conf
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)
### Visit http://subversion.apache.org/ for more information.
[general]
### The anon-access and auth-access options control access to the
### repository for unauthenticated (a.k.a. anonymous) users and
### authenticated users, respectively.
### Valid values are "write", "read", and "none".
### Setting the value to "none" prohibits both reading and writing;
### "read" allows read-only access, and "write" allows complete
### read/write access to the repository.
### The sample settings below are the defaults and specify that anonymous
### users have read-only access to the repository, while authenticated
### users have read and write access to the repository.
anon-access = none
auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control. Unless you specify a path
### starting with a /, the file's location is relative to the
### directory containing this file. The specified path may be a
### repository relative URL (^/) or an absolute file:// URL to a text
### file in a Subversion repository. If you don't specify an authz-db,
### no path-based access control is done.
### Uncomment the line below to use the default authorization file.
authz-db = authz
### The groups-db option controls the location of the file with the
### group definitions and allows maintaining groups separately from the
### authorization rules. The groups-db file is of the same format as the
### authz-db file and should contain a single [groups] section with the
### group definitions. If the option is enabled, the authz-db file cannot
### contain a [groups] section. Unless you specify a path starting with
### a /, the file's location is relative to the directory containing this
### file. The specified path may be a repository relative URL (^/) or an
### absolute file:// URL to a text file in a Subversion repository.
### This option is not being used by default.
# groups-db = groups
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository's uuid.
realm = repository
### The force-username-case option causes svnserve to case-normalize
### usernames before comparing them against the authorization rules in the
### authz-db file configured above. Valid values are "upper" (to upper-
### case the usernames), "lower" (to lowercase the usernames), and
### "none" (to compare usernames as-is without case conversion, which
### is the default behavior).
# force-username-case = none
### The hooks-env options specifies a path to the hook script environment
### configuration file. This option overrides the per-repository default
### and can be used to configure the hook script environment for multiple
### repositories in a single file, if an absolute path is specified.
### Unless you specify an absolute path, the file's location is relative
### to the directory containing this file.
# hooks-env = hooks-env
[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### Enabling this option requires svnserve to have been built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'
# use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
# min-encryption = 0
# max-encryption = 256
[root@b3d3eb61a192 conf]# cat ./passwd
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.
[users]
# harry = harryssecret
# sally = sallyssecret
[root@b3d3eb61a192 conf]# sed -i '$a\admin = 1qaz@WSX' ./passwd
[root@b3d3eb61a192 conf]# cat ./passwd
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.
[users]
# harry = harryssecret
# sally = sallyssecret
admin = 1qaz@WSX
[root@b3d3eb61a192 conf]# cat ./authz
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
### - a single user,
### - a group of users defined in a special [groups] section,
### - an alias defined in a special [aliases] section,
### - all authenticated users, using the '$authenticated' token,
### - only anonymous users, using the '$anonymous' token,
### - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
# [/foo/bar]
# harry = rw
# &joe = r
# * =
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r
[root@b3d3eb61a192 conf]# sed -i -e '$a\admin = admin' -e '$a\[repository:/]' -e '$a\@admin = rw' ./authz
[root@b3d3eb61a192 conf]# cat ./authz
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
### - a single user,
### - a group of users defined in a special [groups] section,
### - an alias defined in a special [aliases] section,
### - all authenticated users, using the '$authenticated' token,
### - only anonymous users, using the '$anonymous' token,
### - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
# [/foo/bar]
# harry = rw
# &joe = r
# * =
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r
admin = admin
[repository:/]
@admin = rw
6、启动svn服务并测试
[root@b3d3eb61a192 conf]# svnserve -d -r /usr/svn/
[root@b3d3eb61a192 conf]# ps -aux | grep svnserve
root 212 0.0 0.0 92460 844 ? Ss 04:12 0:00 svnserve -d -r /usr/svn/
root 214 0.0 0.0 12108 1108 pts/0 S+ 04:12 0:00 grep --color=auto svnserve
[root@b3d3eb61a192 conf]# cd
[root@b3d3eb61a192 ~]# svn co svn://127.0.0.1/repository --username admin --password 1qaz@WSX
-----------------------------------------------------------------------
ATTENTION! Your password for authentication realm:
<svn://127.0.0.1:3690> repository
can only be stored to disk unencrypted! You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible. See the documentation for details.
You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/root/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? yes
Checked out revision 0.
[root@b3d3eb61a192 ~]# ls -l
total 12
-rw------- 1 root root 2366 Jan 13 21:49 anaconda-ks.cfg
-rw-r--r-- 1 root root 435 Jan 13 21:49 anaconda-post.log
-rw------- 1 root root 2026 Jan 13 21:49 original-ks.cfg
drwxr-xr-x 3 root root 18 Apr 19 04:12 repository
7、安装ssh服务并验证
[root@b3d3eb61a192 ~]# yum install -y openssh-server
[root@b3d3eb61a192 ~]# sed -i -e 's/#LoginGraceTime 2m/LoginGraceTime 2m/g' -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' -e 's/#StrictModes yes/StrictModes yes/g' /etc/ssh/sshd_config
[root@b3d3eb61a192 ~]# mkdir /var/run/sshd
[root@b3d3eb61a192 ~]# echo 'UseDNS no' >> /etc/ssh/sshd_config
[root@b3d3eb61a192 ~]# sed -i -e '/pam_loginuid.so/d' /etc/pam.d/sshd
[root@b3d3eb61a192 ~]# echo 'root:1qaz@WSX' | chpasswd
[root@b3d3eb61a192 ~]# /usr/bin/ssh-keygen -A
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
8、创建初始化脚本
[root@b3d3eb61a192 ~]# vi /usr/svn/init.sh
#!/bin/bash
svnserve -d -r /usr/svn/
/usr/sbin/sshd -D
[root@b3d3eb61a192 ~]# ls -l /usr/svn/
total 4
-rw-r--r-- 1 root root 55 Apr 19 04:29 init.sh
drwxr-xr-x 6 root root 86 Apr 19 04:07 repository
[root@b3d3eb61a192 ~]# chmod 777 /usr/svn/init.sh
[root@b3d3eb61a192 ~]# ls -l /usr/svn/
total 4
-rwxrwxrwx 1 root root 55 Apr 19 04:29 init.sh
drwxr-xr-x 6 root root 86 Apr 19 04:07 repository
9、构建镜像
[root@Server ~]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 8.1.1911 470671670cac 3 months ago 237MB
[root@Server ~]# docker commit svnsrv kevin/svnsrv:1.13.0
sha256:57c75e30f455b065ad2c520e62f9559bc2067998ecdda6bcb424dd994ea6382c
[root@Server ~]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
kevin/svnsrv 1.13.0 57c75e30f455 15 seconds ago 470MB
centos 8.1.1911 470671670cac 3 months ago 237MB
10、运行验证镜像
[root@Server ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b3d3eb61a192 centos:8.1.1911 "/bin/bash" 30 minutes ago Exited (0) About a minute ago svnsrv
[root@Server ~]# docker container run -d --name "svnsrv01" -p 3690 kevin/svnsrv:1.13.0 /usr/svn/init.sh
ebfe63550b07212dfe96156f65cc2195b4b482eec8c0d712d8ffaacaae0d5c22
[root@Server ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ebfe63550b07 kevin/svnsrv:1.13.0 "/usr/svn/init.sh" 18 seconds ago Up 16 seconds 0.0.0.0:32768->3690/tcp svnsrv01
b3d3eb61a192 centos:8.1.1911 "/bin/bash" 35 minutes ago Exited (0) 6 minutes ago svnsrv
[root@Server ~]# svn co svn://192.168.28.8:32768/repository --username admin --password 1qaz@WSX
-----------------------------------------------------------------------
ATTENTION! Your password for authentication realm:
<svn://192.168.28.8:32768> repository
can only be stored to disk unencrypted! You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible. See the documentation for details.
You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/root/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? yes
Checked out revision 0.
