rkt /映像构建:acbuild运行说明“已忽略”
[英]rkt/image building: acbuild run instructions “ignored”
问题描述
I'm experiencing unexpected behavior using acbuild run . 
我使用acbuild run遇到了意外的行为。 To get used to rkt the idea was to start with a CentOS7 based container running a SSH host. 为了习惯rkt,这个想法是从运行SSH主机的基于CentOS7的容器开始的。 The bare CentOS 7 container referenced below as centos7.aci was created on a up-to-date CentOS7 install using the instructions given here . 下面引用为centos7.aci CentOS 7裸容器是根据此处提供的说明在最新的CentOS7安装上创建的。 The script used to build the SSHd ACI is 用于构建SSHd ACI的脚本是
#! /bin/bash
acbuild begin ./centos7.aci
acbuild run -- yum install -y openssh-server
acbuild run -- mkdir /var/run/sshd
acbuild run -- sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
acbuild run -- sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
acbuild run -- ssh-keygen -A -C "" -N "" -q
acbuild run -- echo 'root:screencast' | chpasswd
acbuild set-name centos7-sshd
acbuild set-exec -- /usr/sbin/sshd -D
acbuild port add ssh tcp 22
acbuild write --overwrite centos7-sshd.aci
acbuild end
When it's spinned up using rkt run --insecure-options=image ./centos7-sshd.aci the server runs but connection attempts fail because the password is not accepted. 使用rkt run --insecure-options=image ./centos7-sshd.aci启动服务器后,服务器将运行,但由于密码未接受,连接尝试失败。 If I use rkt enter to get into the running container and re-run echo 'root:screencast' | chpasswd 如果我使用rkt enter正在运行的容器并重新运行rkt enter echo 'root:screencast' | chpasswd echo 'root:screencast' | chpasswd inside, I can login. echo 'root:screencast' | chpasswd里面,我可以登录。 So that acbuild run instruction has just not worked for some reason... To test a bit more, I replaced it by acbuild run -- mkdir ~/.ssh acbuild run -- echo "<rkt host SSH public key>“ >> ~/.ssh/authorized_keys 因此该acbuild运行指令由于某种原因而无法使用...为了进行更多测试,我将其替换为acbuild run -- mkdir ~/.ssh acbuild run -- echo "<rkt host SSH public key>“ >> ~/.ssh/authorized_keys
to enable key based instead of password login. 启用基于密钥而不是密码登录。 It doesn't work: the key is refused. 它不起作用:密钥被拒绝。 The reason is obvious once you look into the container: there's no authorized_keys file in ~/.ssh/ . 一旦您查看容器,原因就很明显: ~/.ssh/没有authorized_keys文件。 If I add a 如果我添加一个
acbuild run -- touch ~/.ssh/authorized_keys instruction before the key appending attempt, the file is created but it's still empty. acbuild run -- touch ~/.ssh/authorized_keys在尝试添加密钥之前, acbuild run -- touch ~/.ssh/authorized_keys指令,文件已创建,但仍然为空。 So again a acbuild run instruction didn't work - without error notice. 因此,再次出现acbuild运行指令无效-没有错误通知。 May it be related to the fact that both „ignored“ instructions use operators like >> and | 这可能与以下事实有关:两个“被忽略的”指令都使用>>和|等运算符| ? ? All commands shown in the examples I've seen don't use any such operators yet the docs don't mention anything and a Google search doesn't help either. 我见过的示例中显示的所有命令均未使用任何此类运算符,但文档未提及任何内容,Google搜索也无济于事。 In dockerfile RUN instructions they also work fine... what is going wrong here? 在dockerfile RUN指令中,它们也可以正常工作...这里出了什么问题?
PS: I tried to use the chroot instead of the default systemd-nspawn engine in the „ignored“ acbuild run instructions => same results PS:我尝试在“忽略的” acbuild run说明中使用chroot而不是默认的systemd-nspawn引擎=>相同的结果
PPS: there's no acbuild tag yet on StackOverflow so I had to tag this as rkt - could somebody with enough reputation create one please? PPS:StackOverflow上还没有acbuild标签,因此我不得不将其标记为rkt拥有足够声誉的人可以创建一个吗? Thx 谢谢
1 个解决方案
解决方案1
1 2017-08-14 14:02:57
Ok, I understood what happens using the the acbuild run --debug option. 好的,我了解了使用acbuild run --debug选项会发生什么。 When 什么时候
acbuild run -- echo 'root:screencast' | chpasswd
gets executed it returns Running: [echo root:screencast] , the pipe is executed on the host machine. 被执行后返回Running: [echo root:screencast] ,该管道在主机上执行。 To get the intended result it should be 为了获得预期的结果,应该
acbuild run -- /bin/sh -c "echo 'root:screencast' | chpasswd"
or in generic form 或一般形式
acbuild run -- /bin/sh -c "<cmd with pipes>"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.