[英]rkt/image building: acbuild run instructions “ignored”
I'm experiencing unexpected behavior using acbuild run
. 我使用
acbuild run
遇到了意外的行为。 To get used to rkt the idea was to start with a CentOS7 based container running a SSH host. 为了习惯rkt,这个想法是从运行SSH主机的基于CentOS7的容器开始的。 The bare CentOS 7 container referenced below as
centos7.aci
was created on a up-to-date CentOS7 install using the instructions given here . 下面引用为
centos7.aci
CentOS 7裸容器是根据此处提供的说明在最新的CentOS7安装上创建的。 The script used to build the SSHd ACI is 用于构建SSHd ACI的脚本是
#! /bin/bash
acbuild begin ./centos7.aci
acbuild run -- yum install -y openssh-server
acbuild run -- mkdir /var/run/sshd
acbuild run -- sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
acbuild run -- sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
acbuild run -- ssh-keygen -A -C "" -N "" -q
acbuild run -- echo 'root:screencast' | chpasswd
acbuild set-name centos7-sshd
acbuild set-exec -- /usr/sbin/sshd -D
acbuild port add ssh tcp 22
acbuild write --overwrite centos7-sshd.aci
acbuild end
When it's spinned up using rkt run --insecure-options=image ./centos7-sshd.aci
the server runs but connection attempts fail because the password is not accepted. 使用
rkt run --insecure-options=image ./centos7-sshd.aci
启动服务器后,服务器将运行,但由于密码未接受,连接尝试失败。 If I use rkt enter
to get into the running container and re-run echo 'root:screencast' | chpasswd
如果我使用
rkt enter
正在运行的容器并重新运行rkt enter
echo 'root:screencast' | chpasswd
echo 'root:screencast' | chpasswd
inside, I can login. echo 'root:screencast' | chpasswd
里面,我可以登录。 So that acbuild run instruction has just not worked for some reason... To test a bit more, I replaced it by acbuild run -- mkdir ~/.ssh acbuild run -- echo "<rkt host SSH public key>“ >> ~/.ssh/authorized_keys
因此该acbuild运行指令由于某种原因而无法使用...为了进行更多测试,我将其替换为
acbuild run -- mkdir ~/.ssh acbuild run -- echo "<rkt host SSH public key>“ >> ~/.ssh/authorized_keys
to enable key based instead of password login. 启用基于密钥而不是密码登录。 It doesn't work: the key is refused.
它不起作用:密钥被拒绝。 The reason is obvious once you look into the container: there's no
authorized_keys
file in ~/.ssh/
. 一旦您查看容器,原因就很明显:
~/.ssh/
没有authorized_keys
文件。 If I add a 如果我添加一个
acbuild run -- touch ~/.ssh/authorized_keys
instruction before the key appending attempt, the file is created but it's still empty. acbuild run -- touch ~/.ssh/authorized_keys
在尝试添加密钥之前, acbuild run -- touch ~/.ssh/authorized_keys
指令,文件已创建,但仍然为空。 So again a acbuild run instruction didn't work - without error notice. 因此,再次出现acbuild运行指令无效-没有错误通知。 May it be related to the fact that both „ignored“ instructions use operators like
>>
and |
这可能与以下事实有关:两个“被忽略的”指令都使用
>>
和|
等运算符|
? ? All commands shown in the examples I've seen don't use any such operators yet the docs don't mention anything and a Google search doesn't help either.
我见过的示例中显示的所有命令均未使用任何此类运算符,但文档未提及任何内容,Google搜索也无济于事。 In dockerfile
RUN
instructions they also work fine... what is going wrong here? 在dockerfile
RUN
指令中,它们也可以正常工作...这里出了什么问题?
PS: I tried to use the chroot
instead of the default systemd-nspawn
engine in the „ignored“ acbuild run
instructions => same results PS:我尝试在“忽略的”
acbuild run
说明中使用chroot
而不是默认的systemd-nspawn
引擎=>相同的结果
PPS: there's no acbuild
tag yet on StackOverflow so I had to tag this as rkt
- could somebody with enough reputation create one please? PPS:StackOverflow上还没有
acbuild
标签,因此我不得不将其标记为rkt
拥有足够声誉的人可以创建一个吗? Thx 谢谢
Ok, I understood what happens using the the acbuild run --debug
option. 好的,我了解了使用
acbuild run --debug
选项会发生什么。 When 什么时候
acbuild run -- echo 'root:screencast' | chpasswd
gets executed it returns Running: [echo root:screencast]
, the pipe is executed on the host machine. 被执行后返回
Running: [echo root:screencast]
,该管道在主机上执行。 To get the intended result it should be 为了获得预期的结果,应该
acbuild run -- /bin/sh -c "echo 'root:screencast' | chpasswd"
or in generic form 或一般形式
acbuild run -- /bin/sh -c "<cmd with pipes>"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.