這一篇是我在弄編某家 IC 設計公司的 SDK 的弄的 Docker document 時寫的文件, 懶得轉成中文了, 所以大家就將就看一下吧
最早是因為 Host OS 已經升級, 但是編 SDK 一直出問題, 所以只好弄一個環境編譯 SDK
Ubuntu 16.04 應該是目前最穩定的版本, 所以以下的文件也都是基於 Ubuntu 16.04 寫的 最後的 Docker file 可以安裝和編譯該家公司目前大多數的 SDK, 或許也適合其他家公司使用.
給各位參考一下
Why Need Docker
Some people run VM to compile SDK, but VM has one problem, every VM needs one disk, whatever virtual or physical. if have a lot of SDK versions, VM will be too heavy to run different version of SDK.
Docker is a technical to provide container, it can isolate to run another OS with the same kernel.
Docker just like chroot, can switch to another directory and run system inside the directory.
So, if have problem on compile SDK, and wants to use another OS, use Docker means we don’t need to create new VM or find new PC to install new OS. It can save time on install OS.
Install Docker
If you are using VMWare Workstation as virtual machine runs on Windows
suggest to run Ubuntu 17.10 in VM. kernel is more stable than Ubuntu 17.04.
This guide is for Ubuntu, but I think it can easy to do the same thing on
other Linux distributions.
it’s easy to install Docker with following command
$ sudo apt install docker.io
edit /etc/group and add your account to group docker, then, re-login. replace username with your account name
docker:x:132:[username]
Create Docker Image
Before use Docker, it needs to create new image with sshd.
After create Docker image, we can use this image to run Docker containers.
First step:
create a folder, ex: in /work/docker/ubuntu
$ mkdir -p /work/docker/ubuntu
Second step:
create a file name “dockerfile”, this file will download ubuntu 16.04 official Docker image, and install/run sshd.
this dockerfile will create only one account “root”.
Following is contain of file name “dockerfile”, please save it as file “dockerfile”
FROM ubuntu:16.04 RUN apt-get update && apt-get install -y openssh-server RUN mkdir /var/run/sshd RUN echo 'root:root' |chpasswd # echo password | passwd --stdin root RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config RUN sed -i '/pam_loginuid.so/c session optional pam_loginuid.so' /etc/pam.d/sshd RUN echo "export VISIBLE=now" >> /etc/profile EXPOSE 22 CMD bash /root/service.sh ; /usr/sbin/sshd -D
Third Step:
Build Docker image, ubuntu_sshd is image name, you can replace it with what you like
$ cd /work/docker/ubuntu $ docker build -t ubuntu_sshd ./
Next step, check the image list with Docker images command
$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE ubuntu_sshd latest a35b72393f98 7 days ago 216 MB centos7_sshd latest 5863726c0ae2 8 days ago 282 MB centos centos6 5dedbd63518e 8 weeks ago 194 MB
if you don’t want this image, use docker rmi to remove it.
$ docker rmi 5dedbd63518e Untagged: centos:centos6 Untagged: centos@sha256:27129d34f09970d0a348e789b7dba7d1bf39bc346eb5931a9c4dd3be658dfa75 Deleted: sha256:5dedbd63518eeb45b6c9740d9ea6dee99a4a4c3d0202eac25ebc5fd43809f0a0 Deleted: sha256:80716a2ba414a02bb63de844acff6578a25b8583b01cf0a4c2653da50a31e305
At least, it might have another requirement about to use other OS like centos.
Here is centos dockerfile, you can change number 7 to get other centos version
FROM centos:centos7 RUN yum install -y which openssh-clients openssh-server RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key RUN echo 'root:root' |chpasswd # echo password | passwd --stdin root RUN sed -i '/pam_loginuid.so/c session optional pam_loginuid.so' /etc/pam.d/sshd EXPOSE 22 CMD bash /root/service.sh ; /usr/sbin/sshd -D
Run Docker Container
Run docker container is very easy, following command is to run docker container,
-v /work:/work means it can share host /work with /work inside docker.
-P means will create a port mapping to port 22 inside docker
–privileged=true can allow mount loop back devices.
$ docker run --privileged=true -d --name sdk620 -v /work:/work -P ubuntu_sshd
Aftet this command, it will see docker image is running
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 693fdc5ff6c4 ubuntu_sshd "/bin/sh -c '/usr/..." 1 hours ago Up 1 hours 0.0.0.0:32768->22/tcp sdk620
it can also use outside Docker image resource, like rastasheep.
rastasheep provides a ubuntu sshd environment, so, that means it doesn’t need to create Docker image ourselves, if just need a sshd environment.
Visit this web for more information
https://hub.docker.com/r/rastasheep/ubuntu-sshd/
run following command to create a docker container from rastasheep, it will download some files from internet.
$ docker run -d --name test -v /work:/work -P rastasheep/ubuntu-sshd:16.04 16.04: Pulling from rastasheep/ubuntu-sshd ae79f2514705: Already exists [ignore download message] $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dfbfed255ff4 rastasheep/ubuntu-sshd:16.04 "/usr/sbin/sshd -D" 16 seconds ago Up 14 seconds 0.0.0.0:32771->22/tcp test
sometimes, VM crash or host reboot, docker containers are gone,
it can use docker ps -a to find it, ex:
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 693fdc5ff6c4 ubuntu_sshd "/bin/sh -c '/usr/..." 19 hours ago Exited (137) 11 hours ago sdk620 now we can get docker id and run it again $ docker start 693fdc5ff6c4 Check current status, it can see docker containers running again, but mapping port maybe different $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7000c5d55029 ubuntu_sshd "/bin/sh -c '/usr/..." 11 hours ago Up 11 hours 0.0.0.0:32768->22/tcp sdk510-2 693fdc5ff6c4 ubuntu_sshd "/bin/sh -c '/usr/..." 19 hours ago Up 11 seconds 0.0.0.0:32769->22/tcp sdk620
Everytime restart docker image, the binding port will be re-assigned,
if needs to fix the binding port, it can use -p parameter, for example, following command will assign localhost port 40001 to port 22. please notice, only can assign it before create it.
$ docker run -d --privileged=true --name sdk620-2 -v /work:/work -p 40001:22 -P ubuntu_sshd
SSH into Docker Container
Now, it has running docker container, next step is to use ssh to login docker container.
if doesn’t have ssh key, please generate one. default value is good for docker. Don’t need higher security in this circumstance
$ ssh-keygen
in previous docker ps information, we can know sdk620’s open port is 32769.
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 693fdc5ff6c4 ubuntu_sshd "/bin/sh -c '/usr/..." 19 hours ago Up 11 seconds 0.0.0.0:32769->22/tcp sdk620 $ ssh-copy-id -p 32769 root@localhost /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_rsa.pub" Number of key(s) added: 1
Now try logging into the machine, with: “ssh -p ‘32769’ ‘root@localhost'” and check to make sure that only the key(s) you wanted were added.
Now, it can ssh to Docker container
$ ssh -p 32769 root@localhost Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.13.0-16-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Last login: Wed Nov 8 08:14:13 2017 from 172.17.0.1 root@693fdc5ff6c4:~#
Please understand, this Docker image only contain basic function, even doesn’t have some basic commands like sudo or other commands. Here is some example commands to install basic packages.
echo "export LC_ALL=C" | tee ~/.bashrc apt update apt -y upgrade apt -y install vim tmux lftp net-tools ethtool bc sudo wget
If you prepare to install SDK, it needs to install build environment
First, modify /etc/apt/source.list , replace “# deb-src” with “deb-src” remove # and include all source packages.
$ apt update
Install build kernel packages
$ apt-get build-dep linux-image-lowlatency-lts-xenial
Install build other packages’s packages
$ apt -y install vim tmux lftp net-tools ethtool bc sudo wget $ apt-get -y build-dep linux-image-lowlatency-lts-xenial $ apt install -y docbook-utils libncurses5-dev help2man texinfo m4 flex $ apt install -y bison autoconf libltdl-dev libltdl7 zlib1g-dev uuid-dev $ apt install -y pkg-config alien libglib2.0-dev pigz liblz4-tool $ apt install -y libssl-dev pkg-config aptitude m4 flex bison texinfo $ aptitude install -y liblz4-tool pandoc texlive-xetex device-tree-compiler
Next Step, it can use alien to install SDK rpm packages
$ alien -i --script *.rpm
Create new Docker Image for build SDK
combind all information above,we can create a new image which can provide an Docker image to compile SDK
First, create a ubuntu 16.04 dockerfile like following
FROM ubuntu:16.04 RUN sed -i -- 's/# deb-src/deb-src/g' /etc/apt/sources.list # following line is local proxy example configuration file. # RUN echo "Acquire::http::Proxy \"http://192.168.1.254:3142\";" >> /etc/apt/apt.conf RUN apt-get update && apt-get install -y openssh-server apt-utils RUN mkdir -p /var/run/sshd RUN apt -y install vim tmux lftp net-tools ethtool bc sudo wget RUN apt-get -y build-dep linux-image-lowlatency-lts-xenial RUN apt install -y docbook-utils libncurses5-dev help2man texinfo m4 flex RUN apt install -y bison autoconf libltdl-dev libltdl7 zlib1g-dev uuid-dev RUN apt install -y pkg-config alien libglib2.0-dev pigz liblz4-tool RUN apt install -y libssl-dev pkg-config aptitude m4 flex bison texinfo RUN apt install language-pack-en RUN aptitude install -y liblz4-tool pandoc texlive-xetex device-tree-compiler RUN apt -y upgrade RUN apt autoclean #RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key #RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key RUN echo 'root:root' |chpasswd # echo password | passwd --stdin root RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config RUN sed -i '/pam_loginuid.so/c session optional pam_loginuid.so' /etc/pam.d/sshd RUN echo "export VISIBLE=now" >> /etc/profile EXPOSE 22 CMD bash /root/service.sh ; /usr/sbin/sshd -D
If used Centos, here has another example
FROM centos:centos7 RUN yum install -y which openssh-clients openssh-server #-y表示交互都输入yes RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key RUN echo 'root:root' |chpasswd # echo password | passwd --stdin root RUN sed -i '/pam_loginuid.so/c session optional pam_loginuid.so' /etc/pam.d/sshd RUN yum install -y bc sudo zlib-devel uuid-devel yum libuuid-devel.i686 uuid-devel.i686 RUN yum install -y vim perl-Env patch ncurses ncurses-devel glibc.i686 RUN yum install -y device-mapper-devel dtc gdisk glib2-devel libfdt RUN yum install -y libfdt-devel libpcap libpcap-devel openssl openssl-devel RUN yum install -y pciutils pciutils-devel texinfo-tex pigz libuuid-devel RUN yum groupinstall -y 'Development Tools' EXPOSE 22 CMD bash /root/service.sh ; /usr/sbin/sshd -D
Build a Docker image
$ docker build -t ubuntu1604_sdk ./
It will take ten minutes or more depend on network speed. After finish build image, it can use following command to check current status.
$ docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE ubuntu1604_sdk latest 9f02c2ad68c4 36 minutes ago 2.14 GB
Then, we can run new Docker container with this image.
$ docker run -d --privileged=true --name sdk620-2 -v /work:/work -p 40001:22 -P ubuntu1604_sdk
Remove a running Docker container
Ff project closed or don’t really need Docker container, it can be removed. use docker ps to find which one container we don’t need.
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7000c5d55029 ubuntu_sshd "/bin/sh -c '/usr/..." 11 hours ago Up 11 hours 0.0.0.0:32768->22/tcp sdk510-2 693fdc5ff6c4 ubuntu_sshd "/bin/sh -c '/usr/..." 20 hours ago Up 25 minutes 0.0.0.0:32769->22/tcp sdk620 51b5fff37d74 centos/centos7 "/bin/sh -c '/usr/..." 37 hours ago Up 2 seconds 0.0.0.0:32770->22/tcp sdk510
Sdk510 with centos7 will fail to compile, I don’t need it.
run following command to stop it.
$ docker stop 51b5fff37d74
run following command to remove it.
$ docker rm 51b5fff37d74
sdk510 Docker container won’t occupy disk anymore. but please use it carefully,
once you remove it, you cannot recall it back.
SSH fail
After reboot, Docker listen port will change, when ssh to docker, sometimes, it will show below error message
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the RSA key sent by the remote host is
ERROR: SHA256:le87dSbnHw6hmDCjqNF38wGgI3W95nvLLoDEgtfnNyY.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /home/username/.ssh/known_hosts to get rid of this message.
ERROR: Offending RSA key in /home/username/.ssh/known_hosts:15
ERROR: remove with:
ERROR: ssh-keygen -f “/home/username/.ssh/known_hosts” -R “[localhost]:32769”
ERROR: RSA host key for [localhost]:32769 has changed and you have requested strict checking.
ERROR: Host key verification failed.
Just run following command to remove it.
$ ssh-keygen -f "/home/username/.ssh/known_hosts" -R "[localhost]:32769"
Auto Start Docker Container When reboot
Enable docker by default
systemctl enable docker
Change docker status to unless-stopped (ref. Start containers automatically)
docker update --restart=unless-stopped sdk620
Ubuntu 18.04
if rootfs is 18.04, there are some minor change between docker file.
1) Cannot use change root password to login system. reason unknown.
2) kernel package name is different
3) need to configure time-zone.
but it can use different way to login system : ssh login with key. it needs minor change to dockerfile.
if you don’t have ~/.ssh/ida_rsa and ~/.ssh/ida_rsa.pub file, it can generate ssh key with command and copy file to your docker folder.
$ ssh-keygen $ cp ~/.ssh/ida_rsa.pub [path to ubuntu 18.04 docker folder]
following is docker 18.04 file , if you are not in Taiwan, please also change zoneinfo to your timezone accordingly.
FROM ubuntu:18.04 RUN sed -i -- 's/# deb-src/deb-src/g' /etc/apt/sources.list # RUN echo "Acquire::http::Proxy \"http://192.168.1.254:3142\";" >> /etc/apt/apt.conf RUN apt-get update && apt-get install -y openssh-server apt-utils RUN mkdir -p /var/run/sshd RUN export DEBIAN_FRONTEND=noninteractive RUN apt-get install -y tzdata RUN ln -fs /usr/share/zoneinfo/Asia/Taiwan /etc/localtime RUN dpkg-reconfigure --frontend noninteractive tzdata RUN apt -y install vim tmux lftp net-tools ethtool bc sudo wget RUN apt-get -y build-dep linux-image-generic RUN apt install -y docbook-utils libncurses5-dev help2man texinfo m4 flex RUN apt install -y bison autoconf libltdl-dev libltdl7 zlib1g-dev uuid-dev RUN apt install -y pkg-config alien libglib2.0-dev pigz liblz4-tool RUN apt install -y libssl-dev pkg-config aptitude m4 flex bison texinfo RUN aptitude install -y liblz4-tool pandoc texlive-xetex device-tree-compiler # it needs gmake to compile u-boot RUN sudo ln -s /usr/bin/make /usr/bin/gmake RUN apt -y upgrade RUN apt autoclean #RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key #RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key RUN echo 'root:root' |chpasswd # echo password | passwd --stdin root RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config RUN sed -i '/pam_loginuid.so/c session optional pam_loginuid.so' /etc/pam.d/sshd RUN echo "export VISIBLE=now" >> /etc/profile RUN sed -i "s/UsePAM yes/UsePAM no/" /etc/ssh/sshd_config # ADD id_rsa.pub /root/.ssh/authorized_keys EXPOSE 22 CMD bash /root/service.sh ; /usr/sbin/sshd -D
發佈留言