body閉じタグの直前にscriptタグを挿入した話(スクレイピング 環境構築に派生した話)

まえがき

スクレイピングなんだろって気になった。ググって、調べていたら、おもしろそうとおもってスクレイピングするローカルホスト環境を構築したいなと思いました。

参考文献

記号を言葉で表現できなかったから調べた。

キーボード特殊記号の読み方  

関数定義と関数呼出の方法知っておけばいいとおもう。

関数の定義と呼び出し  

フォルダ構成

__htmlに対してsedかます

コード表示

[oracle@centos weban]$ ll
合計 192
-rw-r--r--. 1 oracle docker    246  5月 25 08:44 Dockerfile
-rw-r--r--. 1 oracle docker 176088  5月 25 09:57 __.html
-rwxr-xr-x. 1 oracle docker    807  5月 17 16:46 kick.sh
-rw-r--r--. 1 root   root       96  5月 25 09:53 screep.js
drwxr-xr-x. 6 oracle docker   4096  5月 20 20:10 src
drwxr-xr-x. 2 oracle docker   4096  5月 19 22:31 tmp
[oracle@centos weban]$ docker exec -it httpd /bin/bash
[root@6d1f534a84b7 /]# cd /var/www/html
[root@6d1f534a84b7 html]# ll
total 192
-rw-r--r--. 1 1000 1001    246 May 24 23:44 Dockerfile
-rw-r--r--. 1 1000 1001 176088 May 25 00:57 __.html
-rwxr-xr-x. 1 1000 1001    807 May 17 07:46 kick.sh
-rw-r--r--. 1 root root     96 May 25 00:53 screep.js
drwxr-xr-x. 6 1000 1001   4096 May 20 11:10 src
drwxr-xr-x. 2 1000 1001   4096 May 19 13:31 tmp

Dockerfile

コード表示

[oracle@centos weban]$ cat D*
FROM centos:latest

RUN yum install -y httpd \ 
yum install -y iputils \
yum install -y net-tools \
yum install -y iproute \
yum install -y vim \
yum install -y tree \
yum install -y lsof \
yum install -y traceroute

EXPOSE 80
CMD ["/sbin/init"]

コンテナ作成

コード表示

[oracle@centos weban]$ docker build -t centos_httpd .
[oracle@centos weban]$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos_httpd        latest              1eeca6ecbb88        2 hours ago         389MB
centos_php          latest              8d9f2dcb8da1        3 days ago          499MB
centos              latest              9f38484d220f        2 months ago        202MB

コンテナ起動

コード表示

[oracle@centos weban]$ docker run --privileged -v $(pwd):/var/www/html -p 8080:80 --name httpd -itd centos_httpd /sbin/init
[oracle@centos weban]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                  NAMES
6d1f534a84b7        centos_httpd        "/sbin/init"        2 hours ago         Up 2 hours          0.0.0.0:8080->80/tcp   httpd

httpdサービス起動

コード表示

[oracle@centos weban]$ docker exec -it httpd systemctl start httpd
[oracle@centos weban]$ docker exec -it httpd systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-05-24 23:58:50 UTC; 1h 36min ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 2663 (httpd)
   Status: "Total requests: 38; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /docker/6d1f534a84b7d7b77dd82169582df46058867c0f159d829c9ff92735d3e28a62/system.slice/httpd.service
           ├─2663 /usr/sbin/httpd -DFOREGROUND
           ├─2664 /usr/sbin/httpd -DFOREGROUND
           ├─2665 /usr/sbin/httpd -DFOREGROUND
           ├─2666 /usr/sbin/httpd -DFOREGROUND
           ├─2667 /usr/sbin/httpd -DFOREGROUND
           ├─2668 /usr/sbin/httpd -DFOREGROUND
           └─2682 /usr/sbin/httpd -DFOREGROUND
           ‣ 2663 /usr/sbin/httpd -DFOREGROUND

May 24 23:58:50 6d1f534a84b7 systemd[1]: Starting The Apache HTTP Server...
May 24 23:58:50 6d1f534a84b7 httpd[2663]: AH00558: httpd: Could not reliably...e
May 24 23:58:50 6d1f534a84b7 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

【OK】埋め込む用のsed

レフト・アングル、ライト・アングルはエスケープしなくてOKだったことに気付いた。

コード表示

sed -e 's/<\/body>/\<script type=\"text\/javascript\" src=\"screep.js\"\>\<\/script\><\/body>/' __.html | grep \</body\>

【NG】埋め込む用のsed

レフト・アングル、ライト・アングルはエスケープしなくてOKだったことに気付いた。

コード表示

sed -e 's/\<\/body\>/\<script type=\"text\/javascript\" src=\"screep.js\"\>\<\/script\><\/body>/' __.html | grep \</body\>

【OK】埋め込む用のsed上書き指定

-i指定

コード表示

sed -i -e 's/<\/body>/\<script type=\"text\/javascript\" src=\"screep.js\"\>\<\/script\><\/body>/' __.html | grep \</body\>

確認

NGパターンで置換していない状態を確認し、OKパターンで置換されたことを確認する。

コード表示

[root@6d1f534a84b7 html]# sed -e 's/\<\/body\>/\<script type=\"text\/javascript\" src=\"screep.js\"\>\<\/script\><\/body>/' __.html | grep \</body\>
<div id="fancybox-tmp"></div><div id="fancybox-loading"><div></div></div><div id="fancybox-overlay"></div><div id="fancybox-wrap"><div id="fancybox-outer"><div class="fancybox-bg" id="fancybox-bg-n"></div><div class="fancybox-bg" id="fancybox-bg-ne"></div><div class="fancybox-bg" id="fancybox-bg-e"></div><div class="fancybox-bg" id="fancybox-bg-se"></div><div class="fancybox-bg" id="fancybox-bg-s"></div><div class="fancybox-bg" id="fancybox-bg-sw"></div><div class="fancybox-bg" id="fancybox-bg-w"></div><div class="fancybox-bg" id="fancybox-bg-nw"></div><div id="fancybox-content"></div><a id="fancybox-close"></a><div id="fancybox-title"></div><a id="fancybox-left"><span class="fancy-ico" id="fancybox-left-ico"></span></a><a id="fancybox-right"><span class="fancy-ico" id="fancybox-right-ico"></span></a></div></div></body>
[root@6d1f534a84b7 html]# sed -e 's/<\/body>/\<script type=\"text\/javascript\" src=\"screep.js\"\>\<\/script\><\/body>/' __.html | grep \</body\>
<div id="fancybox-tmp"></div><div id="fancybox-loading"><div></div></div><div id="fancybox-overlay"></div><div id="fancybox-wrap"><div id="fancybox-outer"><div class="fancybox-bg" id="fancybox-bg-n"></div><div class="fancybox-bg" id="fancybox-bg-ne"></div><div class="fancybox-bg" id="fancybox-bg-e"></div><div class="fancybox-bg" id="fancybox-bg-se"></div><div class="fancybox-bg" id="fancybox-bg-s"></div><div class="fancybox-bg" id="fancybox-bg-sw"></div><div class="fancybox-bg" id="fancybox-bg-w"></div><div class="fancybox-bg" id="fancybox-bg-nw"></div><div id="fancybox-content"></div><a id="fancybox-close"></a><div id="fancybox-title"></div><a id="fancybox-left"><span class="fancy-ico" id="fancybox-left-ico"></span></a><a id="fancybox-right"><span class="fancy-ico" id="fancybox-right-ico"></span></a></div></div><script type="text/javascript" src="screep.js"></script></body>

スクレイピングの練習環境をミニマムに作りたかった

screep.js

コード表示

function an(){
  var html = document.getElementsByTagName('html');
  console.log(html);
}
an();

firefoxのコンソールログでscreepを検索条件に入力すると見易い。自分のサイトをスクレイピングの犠牲にする。

あとがき

スクレイピングっておもしろい。練習は自分のサイトをlocalhostに落としてからやればよさそう。イメージどおりに練習環境つくれた。「スクレイピング 環境構築」でぐぐっていたらseleniumヒットして「ぁぁあったのか」となったけど、まぁいいか。以上、ありがとうございました。

Webスクレイピング入門

htmlの書き方がすごい便利になってて感動した話

まえがき

htmlでひさしぶりにあそぼうとして、いろいろ調べていたら、書き方がこんなに便利になっていたんだ。。と驚き、めもしておこうかなとおもいました。仕事では微塵もhtmlとかは書いていないですが。。ブラウザはChromeで。

参考文献

index.html  
fancy-button.js  
app.js  
Web Componentsについて気になること、泉水さんに全部聞いてきました!  
Custom Elements  
HTML Imports - Web Components を構成する技術  
私がscriptタグについて知っていること全て : 知られていない属性や実行順序など 【続】Web標準だけでHTMLを部品化するWeb Componentsを試してみる  
Shadow DOM v1: 自己完結型ウェブ コンポーネント  

ホスト側フォルダ構成

bkは最初やろうとしていたやつ。bk以外が今回ぉぉぉとなったやつ。

コード表示

[oracle@centos weban]$ pwd
/home/oracle/weban
[oracle@centos weban]$ tree
.
├── Dockerfile
├── kick.sh
└── src
    ├── bk
    │   ├── compose.html
    │   ├── footer.html
    │   ├── header.html
    │   └── js
    │       ├── footer.js
    │       └── header.js
    ├── compose2.html
    └── js
        ├── define_component_tag.js
        ├── footer2.js
        └── header2.js

4 directories, 11 files

コンテナ側フォルダ構成

bkは最初やろうとしていたやつ。bk以外が今回ぉぉぉとなったやつ。

コード表示

[oracle@centos weban]$ docker exec -it apa /bin/bash
[root@cffae1e0f9eb /]# cd /var/www/html
[root@cffae1e0f9eb html]# pwd
/var/www/html
[root@cffae1e0f9eb html]# tree
.
|-- bk
|   |-- compose.html
|   |-- footer.html
|   |-- header.html
|   `-- js
|       |-- footer.js
|       `-- header.js
|-- compose2.html
`-- js
    |-- define_component_tag.js
    |-- footer2.js
    `-- header2.js

3 directories, 9 files

Dockerfile

コード表示

[oracle@centos weban]$ cat D*
FROM centos:latest

RUN yum install -y httpd \ 
yum install -y iputils \
yum install -y net-tools \
yum install -y iproute \
yum install -y vim \
yum install -y tree \
yum install -y lsof \
yum install -y traceroute

EXPOSE 80
CMD ["/sbin/init"]

kick.sh

コード表示

[oracle@centos weban]$ cat k*
#!/bin/bash

WK_PATH=$0
EXE_PATH=$(pwd)${WK_PATH#.}
IMAGE_NAME=$1

if [ -z "${IMAGE_NAME}" ]; then
cat <<EOF
_________________________________________________________________________________
please enter build image name.

EOF
  exit 1
fi

echo "Building image '${IMAGE_NAME}' ..."

BUILD_START=$(date '+%s')
( cd ${EXE_PATH%/*};docker build --force-rm=true --no-cache=true -t ${IMAGE_NAME} -f Dockerfile . || {
  echo 'there was an error building the image.'
  exit 1
} )
BUILD_END=$(date '+%s')
BUILD_ELAPSED=$((${BUILD_END}-${BUILD_START}))

echo ''

if [ $? -eq 0 ]; then
cat <<EOF
_________________________________________________________________________________

-->${IMAGE_NAME} was built

Build completed in ${BUILD_ELAPSED} seconds.

EOF

else
  echo 'docker image was NOT successfully created'
fi

httpdサービス起動

コード表示

[oracle@centos weban]$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
apache/httpd        latest              c6496579c5db        5 hours ago         389MB
[oracle@centos weban]$ docker run -v /home/oracle/weban/src:/var/www/html -p 8080:80 --privileged -it --name apa -d apache/httpd
[oracle@centos weban]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                  NAMES
cffae1e0f9eb        apache/httpd        "/sbin/init"        5 hours ago         Up 5 hours          0.0.0.0:8080->80/tcp   apa
[oracle@centos weban]$ docker exec -it apa /bin/bash
[root@cffae1e0f9eb /]# systemctl start httpd
[root@cffae1e0f9eb /]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-05-17 07:56:50 UTC; 4h 36min ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 2617 (httpd)
   Status: "Total requests: 232; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /docker/cffae1e0f9ebbecb6cb05e853cb3c17515ff4a805dd8b8ead996f87fcb37beff/system.slice/httpd.service
           ├─2617 /usr/sbin/httpd -DFOREGROUND
           ├─2618 /usr/sbin/httpd -DFOREGROUND
           ├─2619 /usr/sbin/httpd -DFOREGROUND
           ├─2620 /usr/sbin/httpd -DFOREGROUND
           ├─2621 /usr/sbin/httpd -DFOREGROUND
           ├─2622 /usr/sbin/httpd -DFOREGROUND
           ├─2624 /usr/sbin/httpd -DFOREGROUND
           ├─2625 /usr/sbin/httpd -DFOREGROUND
           ├─2626 /usr/sbin/httpd -DFOREGROUND
           └─2988 /usr/sbin/httpd -DFOREGROUND
           ‣ 2617 /usr/sbin/httpd -DFOREGROUND

May 17 07:56:50 cffae1e0f9eb systemd[1]: Starting The Apache HTTP Server...
May 17 07:56:50 cffae1e0f9eb httpd[2617]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
May 17 07:56:50 cffae1e0f9eb systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

bk/compose.html

コード表示

[root@cffae1e0f9eb html]# cat $(find ./bk -name "c*")
<html>
  <head>
    <link rel="import" href="./header.html">
    <link rel="import" href="./footer.html">
  </head>
  <body>
    <div id="header"></div>
    <div id="content">
      <div>main</div>
      <div>side</div>
    </div>
    <div id="footer"></div>
    <script type="text/javascript" src="./js/header.js"></script>
    <script type="text/javascript" src="./js/footer.js"></script>
  </body>
</html>

bk/header.html

コード表示

[root@cffae1e0f9eb html]# cat $(find ./bk -name "h*")
<template>
  <div>
    <h1>header</h1> 
  </div>
</template>

bk/footer.html

コード表示

[root@cffae1e0f9eb html]# cat $(find ./bk -name "h*")
<template>
  <div>
    <h1>header</h1> 
  </div>
</template>

bk/js/header.js

コード表示

[root@cffae1e0f9eb html]# cat $(find ./js/bk -name "h*")
var link = document.querySelector('link[rel="import"]');
var template = link.import.querySelector('template');
var clone = document.importNode(template.content, true);
document.querySelector('#header').appendChild(clone);

bk/js/footer.js

コード表示

[root@cffae1e0f9eb html]# cat $(find ./js/bk -name "f*")
var link = document.querySelector('link[rel="import"]');
var template = link.import.querySelector('template');
var clone = document.importNode(template.content, true);
document.querySelector('#footer').appendChild(clone);

http://192.168.1.109:8080/bk/compose.html

compose2.html

コード表示

[root@cffae1e0f9eb html]# cat $(find ./ -maxdepth 1 -name "c*")
<html>
  <body>
    <header-custom></header-custom>
    <div id="content">
      <div>main</div>
      <div>side</div>
    </div>
    <footer-custom></footer-custom>
  <script type="module" src="./js/define_component_tag.js"></script>
  </body>
</html>

js/header2.js

コード表示

[root@cffae1e0f9eb html]# cat $(find ./js -name "h*")
export default class Header extends HTMLElement {
  static get template() {
    return `
      <div>
        <h1>header</h1>
      </div>
    `;
  }

  constructor() {
    super();
  }

  connectedCallback() {
    this.attachShadow({
      mode: 'open'
    }).innerHTML = Header.template;
  }
};

js/footer2.js

コード表示

[root@cffae1e0f9eb html]# cat $(find ./js -name "f*")
export default class Footer extends HTMLElement {
  static get template() {
    return `
      <div>
        <h1>footer</h1>
      </div> 
    `;
  }
  
  constructor() {
    super();
  }
  
  connectedCallback(){
    this.attachShadow({
      mode: 'open'
    }).innerHTML = Footer.template;
  }
};

js/define_component_tag.js

コード表示

[root@cffae1e0f9eb html]# cat $(find ./js -name "d*")
import Header from './header2.js';
import Footer from './footer2.js';
customElements.define('header-custom', Header);
customElements.define('footer-custom', Footer);

http://192.168.1.109:8080/compose2.html

あとがき

たのしくなってきた!!!自作タグできるすごい便利。新しいことに飛び込んでみるもんだなー。

追記

slotタグつかうとかなり便利。関数になった!!!

フォルダ構成

コード表示

[oracle@centos weban]$ tree
.
├── Dockerfile
├── kick.sh
└── src
    ├── compose.html
    └── js
        ├── define_component_tag.js
        ├── footer.js
        └── header.js

2 directories, 6 files

src/compose.html

コード表示

[oracle@centos weban]$ cat $(find . -name "c*")
<html>
  <body>
    <header-custom>hoge</header-custom>
    <div id="content">
      <div>main</div>
      <div>side</div>
    </div>
    <footer-custom>toge</footer-custom>
  <script type="module" src="./js/define_component_tag.js"></script>
  </body>
</html>

src/js/header.js

コード表示

[oracle@centos weban]$ cat $(find . -name "h*")
export default class Header extends HTMLElement {
  static get template() {
    return `
      <div>
        <h1><slot></slot></h1>
      </div>
    `;
  }

  constructor() {
    super();
  }

  connectedCallback() {
    this.attachShadow({
      mode: 'open'
    }).innerHTML = Header.template;
  }
};

src/js/footer.js

コード表示

[oracle@centos weban]$ cat $(find . -name "f*")
export default class Footer extends HTMLElement {
  static get template() {
    return `
      <div>
        <h1><slot></slot></h1>
      </div>
    `;
  }

  constructor() {
    super();
  }

  connectedCallback() {
    this.attachShadow({
      mode: 'open'
    }).innerHTML = Footer.template;
  }
};

http://192.168.1.109:8080/compose.html

dockerのフォルダ構成見直してみた話

フォルダ構成

tmplにはサービスごとにフォルダきってtmplateファイル作成しておく。必要なら。各コンテナに配備する。今回のサービスはssh。httpが必要なら都度フォルダきる。

コード表示

[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── scripts
│   ├── env
│   │   ├── cmn
│   │   │   ├── path.sh
│   │   │   └── tz.sh
│   │   └── ssh
│   ├── inst
│   │   ├── cmn
│   │   │   └── yum_install.sh
│   │   └── ssh
│   │       └── yum_install.sh
│   ├── main
│   │   ├── cmn
│   │   └── ssh
│   │       ├── create_dir.sh
│   │       ├── create_grp.sh
│   │       ├── create_pwd.sh
│   │       ├── create_usr.sh
│   │       └── define_seq.sh
│   ├── post
│   │   ├── cmn
│   │   └── ssh
│   └── pre
│       ├── cmn
│       └── ssh
├── share
│   ├── saba1
│   │   └── ssh
│   │       └── tmpl
│   ├── saba2
│   │   └── ssh
│   │       └── tmpl
│   ├── saba3
│   │   └── ssh
│   │       └── tmpl
│   ├── saba4
│   │   └── ssh
│   │       └── tmpl
│   ├── saba5
│   │   └── ssh
│   │       └── tmpl
│   └── saba6
│       └── ssh
│           └── tmpl
└── tmpl
    └── ssh
        ├── config
        └── genkey.sh

37 directories, 14 files

フォルダ作成

コード表示

[oracle@centos ~]$ mkdir tadan
[oracle@centos ~]$ cd tadan
[oracle@centos tadan]$ mkdir -p ./scripts/{env,inst,main,post,pre}/{cmn,ssh}
[oracle@centos tadan]$ mkdir -p tmpl/{ssh}

Dockerfile

コード表示

[oracle@centos tadan]$ cat D*
FROM centos:latest

ENV MNT_DIR=/mnt
ENV ENV_DIR=${MNT_DIR}/env
ENV ENV_CMN_DIR=${ENV_DIR}/cmn
ENV ENV_SSH_DIR=${ENV_DIR}/ssh
ENV INST_DIR=${MNT_DIR}/inst
ENV INST_CMN_DIR=${INST_DIR}/cmn
ENV INST_SSH_DIR=${INST_DIR}/ssh
ENV PRE_DIR=${MNT_DIR}/pre
ENV PRE_CMN_DIR=${PRE_DIR}/cmn
ENV PRE_SSH_DIR=${PRE_DIR}/ssh
ENV MAIN_DIR=${MNT_DIR}/main
ENV MAIN_CMN_DIR=${MAIN_DIR}/cmn
ENV MAIN_SSH_DIR=${MAIN_DIR}/ssh
ENV POST_DIR=${MNT_DIR}/post
ENV POST_CMN_DIR=${POST_DIR}/cmn
ENV POST_SSH_DIR=${POST_DIR}/ssh

COPY ./scripts ${MNT_DIR}

RUN find ${INST_CMN_DIR} -name "*.sh" | while read line;do [ -e ${line} ] && chmod u+x ${line} && bash -c ${line};done
RUN find ${INST_SSH_DIR} -name "*.sh" | while read line;do [ -e ${line} ] && chmod u+x ${line} && bash -c ${line};done
RUN find ${PRE_CMN_DIR} -name "*.sh" | while read line;do [ -e ${line} ] && chmod u+x ${line} && bash -c ${line};done
RUN find ${PRE_SSH_DIR} -name "*.sh" | while read line;do [ -e ${line} ] && chmod u+x ${line} && bash -c ${line};done
RUN find ${MAIN_CMN_DIR} -name "*.sh" | while read line;do [ -e ${line} ] && chmod u+x ${line} && bash -c ${line};done
RUN [ -e ${MAIN_SSH_DIR}/define_seq.sh ] && chmod u+x ${MAIN_SSH_DIR}/define_seq.sh && ${MAIN_SSH_DIR}/define_seq.sh
RUN find ${POST_CMN_DIR} -name "*.sh" | while read line;do [ -e ${line} ] && chmod u+x ${line} && bash -c ${line};done
RUN find ${POST_SSH_DIR} -name "*.sh" | while read line;do [ -e ${line} ] && chmod u+x ${line} && bash -c ${line};done

USER oracle
WORKDIR /home/oracle

EXPOSE 20
CMD ["/sbin/init"]

Makefile

コード表示

[oracle@centos tadan]$ cat M*
CMD=docker-compose
up:
	@$(CMD) up -d
down:
	@$(CMD) down

docker-compose.yml

コード表示

[oracle@centos tadan]$ cat d*
version: '3.7'
services:
  saba1:
    image: centos_aine
    container_name: saba1
    hostname: saba1
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/saba1/ssh:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl/ssh:/home/oracle/.ssh/tmpl
    networks:
      saba_net_1:
        ipv4_address: 192.168.100.101
    ports:
      - '1:22'
  saba2:
    image: centos_aine
    container_name: saba2
    hostname: saba2
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/saba2/ssh:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl/ssh:/home/oracle/.ssh/tmpl
    networks:
      saba_net_1:
        ipv4_address: 192.168.100.102
    ports:
      - '2:22'
  saba3:
    image: centos_aine
    container_name: saba3
    hostname: saba3
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/saba3/ssh:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl/ssh:/home/oracle/.ssh/tmpl
    networks:
      saba_net_1:
        ipv4_address: 192.168.100.103
    ports:
      - '3:22'
  saba4:
    image: centos_aine
    container_name: saba4
    hostname: saba4
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/saba4/ssh:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl/ssh:/home/oracle/.ssh/tmpl
    networks:
      saba_net_2:
        ipv4_address: 192.168.200.101
    ports:
      - '4:22'
  saba5:
    image: centos_aine
    container_name: saba5
    hostname: saba5
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/saba5/ssh:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl/ssh:/home/oracle/.ssh/tmpl
    networks:
      saba_net_2:
        ipv4_address: 192.168.200.102
    ports:
      - '5:22'
  saba6:
    image: centos_aine
    container_name: saba6
    hostname: saba6
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/saba6/ssh:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl/ssh:/home/oracle/.ssh/tmpl
    networks:
      saba_net_2:
        ipv4_address: 192.168.200.103
    ports:
      - '6:22'
networks:
  saba_net_1:
    name: saba_net_1
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.100.0/24
  saba_net_2:
    name: saba_net_2
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.200.0/24

/tmpl/ssh/genkey.sh

コード表示

[oracle@centos tadan]$ cat $(find $(pwd) -name "*gen*")
#!/bin/bash
USR="$1"
shift
NM="$@"
PWD=""
expect -c "
spawn ssh-keygen -f /home/${USR}/.ssh/${NM} -t rsa
expect \"Enter\"
send \"${PWD}\n\"
expect \"Enter\"
send \"${PWD}\n\"
expect \"Enter\"
send \"${PWD}\n\"
expect \"\\\$\"
exit 0
"

/scripts/main/ssh/create_usr.sh

コード表示

[oracle@centos tadan]$ cat $(find $(pwd) -name "*usr*")
#!/bin/bash
useradd -m -g docker -u 1000 oracle

/scripts/main/ssh/create_dir.sh

コード表示

[oracle@centos tadan]$ cat $(find $(pwd) -name "*dir*")
#!/bin/bash
mkdir -p /home/oracle/.ssh

/scripts/main/ssh/create_grp.sh

コード表示

[oracle@centos tadan]$ cat $(find $(pwd) -name "*grp*")
#!/bin/bash
groupadd -g 1001 docker

/scripts/main/ssh/create_pwd.sh

コード表示

[oracle@centos tadan]$ cat $(find $(pwd) -name "*pwd*")
#!/bin/bash
echo 'ORACLE_PWD' | passwd --stdin oracle
echo 'ORACLE_PWD' | passwd --stdin root

/scripts/main/ssh/define_seq.sh

sourceコマンドで順番を制御できる。実行順序をここに集約できるからいいとおもう。

コード表示

[oracle@centos tadan]$ cat $(find $(pwd) -name "*seq*")
#!/bin/bash
find ${ENV_CMN_DIR} -name "*.sh" | while read line;do [ -e ${line} ] && source ${line};done
find ${ENV_SSH_DIR} -name "*.sh" | while read line;do [ -e ${line} ] && source ${line};done
[ -e ${MAIN_SSH_DIR}/create_grp.sh ] && source ${MAIN_SSH_DIR}/create_grp.sh
[ -e ${MAIN_SSH_DIR}/create_usr.sh ] && source ${MAIN_SSH_DIR}/create_usr.sh
[ -e ${MAIN_SSH_DIR}/create_pwd.sh ] && source ${MAIN_SSH_DIR}/create_pwd.sh
[ -e ${MAIN_SSH_DIR}/create_dir.sh ] && source ${MAIN_SSH_DIR}/create_dir.sh

/scripts/env/cmn/path.sh

これはあってもなくてもいいかも。dockerfileでもENVしているし。

コード表示

[oracle@centos tadan]$ cat $(find $(pwd) -name "*path*")
#!/bin/bash
MNT_DIR=/mnt
ENV_DIR=${MNT_DIR}/env
INST_DIR=${MNT_DIR}/inst
PRE_DIR=${MNT_DIR}/pre
MAIN_DIR=${MNT_DIR}/main
MAIN_CMN_DIR=${MAIN_DIR}/cmn
MAIN_SSH_DIR=${MAIN_DIR}/ssh
POST_DIR=${MNT_DIR}/post

/scripts/env/cmn/tz.sh

コード表示

[oracle@centos tadan]$ cat $(find $(pwd) -name "*tz*")
#!/bin/bash
TZ=Asia/Tokyo

/scripts/inst/cmn/yum_install.sh

コード表示

[oracle@centos tadan]$ cat /home/oracle/tadan/scripts/inst/cmn/yum_install.sh
#!/bin/bash
yum install -y iputils \
yum install -y net-tools \
yum install -y iproute \
yum install -y vim \
yum install -y tree \
yum install -y lsof \
yum install -y expect

/scripts/inst/ssh/yum_install.sh

コード表示

[oracle@centos tadan]$ cat /home/oracle/tadan/scripts/inst/ssh/yum_install.sh
#!/bin/bash
yum install -y openssh-server \
yum install -y openssh-clients

異なるネットワークに属するdockerコンテナ間でsshポートフォーワーディング機能を利用して疎通できるか試した話(できた)

参考文献

dockerでコンテナの中からホストにsshで通信してみた  
SSHポートフォワード(トンネリング)を使って、遠隔地からLAN内のコンピュータにログインする  
SSH公開鍵認証メモ  

まえがき

参考文献記載のやつdockerでやってみたくなったので。dockerホストを中継器として捉えれば、異なるセグメント同士でも疎通できる気がした。

~/.sshにシンボリックリンク作成

気分でつくった

コード表示

[oracle@centos tadan]$ unlink .ssh
[oracle@centos tadan]$ ln -s ~/.ssh ./.ssh

フォルダ構成

コード表示

[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   ├── config
│   │   ├── known_hosts
│   │   ├── ssh1
│   │   ├── ssh1.pub
│   │   └── tmpl
│   ├── ssh2
│   │   ├── config
│   │   ├── ssh2
│   │   ├── ssh2.pub
│   │   └── tmpl
│   ├── ssh3
│   │   ├── config
│   │   ├── ssh3
│   │   ├── ssh3.pub
│   │   └── tmpl
│   ├── ssh4
│   │   ├── config
│   │   ├── known_hosts
│   │   ├── ssh4
│   │   ├── ssh4.pub
│   │   └── tmpl
│   ├── ssh5
│   │   ├── config
│   │   ├── ssh5
│   │   ├── ssh5.pub
│   │   └── tmpl
│   └── ssh6
│       ├── config
│       ├── ssh6
│       ├── ssh6.pub
│       └── tmpl
└── tmpl
    ├── a.sh
    └── config

14 directories, 25 files

a.sh

コンテナごとに作りたいから引数準備

コード表示

[oracle@centos tadan]$ cat tmpl/a*
#!/bin/bash
USR="$1"
shift
NM="$@"
PWD=""
expect -c "
spawn ssh-keygen -f /home/${USR}/.ssh/${NM} -t rsa
expect \"Enter\"
send \"${PWD}\n\"
expect \"Enter\"
send \"${PWD}\n\"
expect \"Enter\"
send \"${PWD}\n\"
expect \"\\\$\"
exit 0
"

tmpl/config

あとで置換するようにプレースホルダうめこみ

コード表示

[oracle@centos tadan]$ cat tmpl/c*
Host centos
  Hostname 192.168.1.109
  Port 22
  Identityfile ~/.ssh/ssh@
  User oracle

Dockerfile

コード表示

[oracle@centos tadan]$ cat D*
FROM centos:latest

RUN yum install -y iputils \
yum install -y net-tools \
yum install -y iproute \
yum install -y vim \
yum install -y tree \
yum install -y lsof \
yum install -y expect \
yum install -y openssh-server \
yum install -y openssh-clients

ENV TZ='Asia/Tokyo'

RUN groupadd -g 1001 docker
RUN useradd -m -g docker -u 1000 oracle

RUN echo 'ORACLE_PWD' | passwd --stdin oracle
RUN echo 'ORACLE_PWD' | passwd --stdin root

RUN mkdir -p /home/oracle/.ssh

#USER oracle
#WORKDIR /home/oracle
EXPOSE 20
CMD ["/sbin/init"]

Makefile

コード表示

[oracle@centos tadan]$ cat M*
CMD=docker-compose
up:
	@$(CMD) up -d
down:
	@$(CMD) down

docker-compose.yml

コード表示

[oracle@centos tadan]$ cat d*
version: '3.7'
services:
  ssh_saba1:
    image: centos_ssh
    container_name: ssh1
    hostname: ssh1
    #command: bash -c "ehoc hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh1:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net_1:
        ipv4_address: 192.168.100.101
    ports:
      - '1:22'
  ssh_saba2:
    image: centos_ssh
    container_name: ssh2
    hostname: ssh2
    #command: bash -c "echo hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh2:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net_1:
        ipv4_address: 192.168.100.102
    ports:
      - '2:22'
  ssh_saba3:
    image: centos_ssh
    container_name: ssh3
    hostname: ssh3
    #command: bash -c "echo hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh3:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net_1:
        ipv4_address: 192.168.100.103
    ports:
      - '3:22'
  ssh_saba4:
    image: centos_ssh
    container_name: ssh4
    hostname: ssh4
    #command: bash -c "ehoc hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh4:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net_2:
        ipv4_address: 192.168.200.101
    ports:
      - '4:22'
  ssh_saba5:
    image: centos_ssh
    container_name: ssh5
    hostname: ssh5
    #command: bash -c "ehoc hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh5:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net_2:
        ipv4_address: 192.168.200.102
    ports:
      - '5:22'
  ssh_saba6:
    image: centos_ssh
    container_name: ssh6
    hostname: ssh6
    #command: bash -c "ehoc hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh6:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net_2:
        ipv4_address: 192.168.200.103
    ports:
      - '6:22'
networks:
  ssh_net_1:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.100.0/24
  ssh_net_2:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.200.0/24

コンテナ起動

コード表示

[oracle@centos tadan]$ make down
Stopping ssh4 ... done
Stopping ssh6 ... done
Stopping ssh3 ... done
Stopping ssh1 ... done
Stopping ssh5 ... done
Stopping ssh2 ... done
Removing ssh4 ... done
Removing ssh6 ... done
Removing ssh3 ... done
Removing ssh1 ... done
Removing ssh5 ... done
Removing ssh2 ... done
Removing network tadan_ssh_net_1
Removing network tadan_ssh_net_2
[oracle@centos tadan]$ make up
Creating network "tadan_ssh_net_1" with driver "bridge"
Creating network "tadan_ssh_net_2" with driver "bridge"
Creating ssh1 ... done
Creating ssh4 ... done
Creating ssh3 ... done
Creating ssh6 ... done
Creating ssh2 ... done
Creating ssh5 ... done
[oracle@centos tadan]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                       NAMES
a03dc9d7de51        centos_ssh          "/sbin/init"        14 seconds ago      Up 13 seconds       20/tcp, 0.0.0.0:2->22/tcp   ssh2
9ef461324642        centos_ssh          "/sbin/init"        14 seconds ago      Up 12 seconds       20/tcp, 0.0.0.0:5->22/tcp   ssh5
89e798d2ec0d        centos_ssh          "/sbin/init"        14 seconds ago      Up 12 seconds       20/tcp, 0.0.0.0:6->22/tcp   ssh6
ff0c588e6911        centos_ssh          "/sbin/init"        14 seconds ago      Up 12 seconds       20/tcp, 0.0.0.0:4->22/tcp   ssh4
a3d17c9ad59e        centos_ssh          "/sbin/init"        14 seconds ago      Up 13 seconds       20/tcp, 0.0.0.0:3->22/tcp   ssh3
1fe33ec64581        centos_ssh          "/sbin/init"        14 seconds ago      Up 13 seconds       20/tcp, 0.0.0.0:1->22/tcp   ssh1

dockerコンテナごとに公開鍵と秘密鍵を作成し、公開鍵をsshサーバとして起動するdockerホストに登録する

これはめんどいけど、安全。

dockerホスト側で公開鍵と秘密鍵を作成し、秘密鍵を各dockerコンテナに配布する

これはらくだけど、危い。

めんどい方法を楽に出来れば安全になるので、探した

あった。

SSHの公開鍵配布を簡単にやる  

ばばっと鍵作成

dockerホスト側で鍵消してから、dockerコンテナごとに公開鍵と秘密鍵を作成する。ランドマートきれいだなー。

コード表示

[oracle@centos tadan]$ rm -f ./share/ssh{1..6}/ssh* && seq 6 | xargs -I@ bash -c 'docker exec --user oracle ssh@ ./home/oracle/.ssh/tmpl/a.sh oracle ssh@'
spawn ssh-keygen -f /home/oracle/.ssh/ssh1 -t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/ssh1.
Your public key has been saved in /home/oracle/.ssh/ssh1.pub.
The key fingerprint is:
SHA256:aA2NWKfkzchO9CyaiVll4iawi0S5dvFDablPJWwUmbU oracle@ssh1
The key's randomart image is:
+---[RSA 2048]----+
|... . @o*.       |
|.+ o / ^ ..      |
|..o X % OE       |
|o+ B X *         |
|+ + + B S        |
|     . .         |
|                 |
|                 |
|                 |
+----[SHA256]-----+
send: spawn id exp5 not open
    while executing
"send "\n""
spawn ssh-keygen -f /home/oracle/.ssh/ssh2 -t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/ssh2.
Your public key has been saved in /home/oracle/.ssh/ssh2.pub.
The key fingerprint is:
SHA256:ekwfvr1Wzgd7R8U5+TPbCwsq5vFnBdlOGk4Kbs/KKoM oracle@ssh2
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|            o  .o|
|       .   = o +o|
|      . S = *   +|
|       * + + oooo|
|  .   o.= o..= +=|
| E o  .+oo.=o *.=|
|    o.++oo+.oo +o|
+----[SHA256]-----+
send: spawn id exp5 not open
    while executing
"send "\n""
spawn ssh-keygen -f /home/oracle/.ssh/ssh3 -t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/ssh3.
Your public key has been saved in /home/oracle/.ssh/ssh3.pub.
The key fingerprint is:
SHA256:ua/Vs4if9RJF+l3SrqzbkQkwmCvTbtfF5g3eGI64TEk oracle@ssh3
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|         o    .  |
|        o o  o . |
|       . o o..o o|
|      o S E .o*+.|
|       + o =.O.Oo|
|        + * *oO.o|
|       . B =.=o. |
|        ooB ++o  |
+----[SHA256]-----+
send: spawn id exp5 not open
    while executing
"send "\n""
spawn ssh-keygen -f /home/oracle/.ssh/ssh4 -t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/ssh4.
Your public key has been saved in /home/oracle/.ssh/ssh4.pub.
The key fingerprint is:
SHA256:sOUIiiAQMXuugjvDBLlk5lwcuGPEY1wN7+Uyj//v/lc oracle@ssh4
The key's randomart image is:
+---[RSA 2048]----+
|Boooo            |
|.X ...           |
|*.= o....        |
|=@ +..o*         |
|X.=  +o.S        |
|o=    =         E|
|*    . .        .|
|+o    .        . |
|.o     ...++...  |
+----[SHA256]-----+
send: spawn id exp5 not open
    while executing
"send "\n""
spawn ssh-keygen -f /home/oracle/.ssh/ssh5 -t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/ssh5.
Your public key has been saved in /home/oracle/.ssh/ssh5.pub.
The key fingerprint is:
SHA256:22qDSW/RBYISJvZaCICNCW4SE0lmy57LWgp4Y2IaKWI oracle@ssh5
The key's randomart image is:
+---[RSA 2048]----+
|%Xo o. .         |
|X=o=. . . .      |
|.=. o.   . .     |
|+ .o        .    |
| o.     S. .     |
|o..   . .o.      |
|OE=  . +...      |
|OB .  o =.       |
|+      o..       |
+----[SHA256]-----+
send: spawn id exp5 not open
    while executing
"send "\n""
spawn ssh-keygen -f /home/oracle/.ssh/ssh6 -t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/ssh6.
Your public key has been saved in /home/oracle/.ssh/ssh6.pub.
The key fingerprint is:
SHA256:Znwc4hth5MGV9Nsu60n/BFl0l8YIy3BoNvXZtWHbYNQ oracle@ssh6
The key's randomart image is:
+---[RSA 2048]----+
|       .o+==..*+*|
|       o.*=.oo+*E|
|        B oo.o.+o|
|       + + . o o |
|        S o . +  |
|       o +   . . |
|        .   o . .|
|           . = . |
|           .+ ...|
+----[SHA256]-----+
send: spawn id exp5 not open
    while executing
"send "\n""
[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   ├── config
│   │   ├── known_hosts
│   │   ├── ssh1
│   │   ├── ssh1.pub
│   │   └── tmpl
│   ├── ssh2
│   │   ├── config
│   │   ├── ssh2
│   │   ├── ssh2.pub
│   │   └── tmpl
│   ├── ssh3
│   │   ├── config
│   │   ├── ssh3
│   │   ├── ssh3.pub
│   │   └── tmpl
│   ├── ssh4
│   │   ├── config
│   │   ├── known_hosts
│   │   ├── ssh4
│   │   ├── ssh4.pub
│   │   └── tmpl
│   ├── ssh5
│   │   ├── config
│   │   ├── ssh5
│   │   ├── ssh5.pub
│   │   └── tmpl
│   └── ssh6
│       ├── config
│       ├── ssh6
│       ├── ssh6.pub
│       └── tmpl
└── tmpl
    ├── a.sh
    └── config

14 directories, 25 files
[oracle@centos tadan]$ ll ./share/ssh{1..6}
./share/ssh1:
合計 20
-rw-r--r--. 1 oracle docker   88  5月 14 06:49 config
-rw-r--r--. 1 oracle docker  175  5月 14 06:58 known_hosts
-rw-------. 1 oracle docker 1675  5月 14 07:25 ssh1
-rw-r--r--. 1 oracle docker  393  5月 14 07:25 ssh1.pub
drwxr-xr-x. 2 oracle docker 4096  5月 12 17:20 tmpl

./share/ssh2:
合計 16
-rw-r--r--. 1 oracle docker   88  5月 14 06:49 config
-rw-------. 1 oracle docker 1675  5月 14 07:25 ssh2
-rw-r--r--. 1 oracle docker  393  5月 14 07:25 ssh2.pub
drwxr-xr-x. 2 oracle docker 4096  5月 12 17:20 tmpl

./share/ssh3:
合計 16
-rw-r--r--. 1 oracle docker   88  5月 14 06:49 config
-rw-------. 1 oracle docker 1679  5月 14 07:25 ssh3
-rw-r--r--. 1 oracle docker  393  5月 14 07:25 ssh3.pub
drwxr-xr-x. 2 oracle docker 4096  5月 12 17:20 tmpl

./share/ssh4:
合計 20
-rw-r--r--. 1 oracle docker   88  5月 14 06:49 config
-rw-r--r--. 1 oracle docker  175  5月 14 07:18 known_hosts
-rw-------. 1 oracle docker 1679  5月 14 07:25 ssh4
-rw-r--r--. 1 oracle docker  393  5月 14 07:25 ssh4.pub
drwxr-xr-x. 2 oracle docker 4096  5月 13 19:54 tmpl

./share/ssh5:
合計 16
-rw-r--r--. 1 oracle docker   88  5月 14 06:49 config
-rw-------. 1 oracle docker 1675  5月 14 07:25 ssh5
-rw-r--r--. 1 oracle docker  393  5月 14 07:25 ssh5.pub
drwxr-xr-x. 2 oracle docker 4096  5月 13 19:59 tmpl

./share/ssh6:
合計 16
-rw-r--r--. 1 oracle docker   88  5月 14 06:49 config
-rw-------. 1 oracle docker 1679  5月 14 07:25 ssh6
-rw-r--r--. 1 oracle docker  393  5月 14 07:25 ssh6.pub
drwxr-xr-x. 2 oracle docker 4096  5月 13 19:59 tmpl
[oracle@centos tadan]$ find $(pwd) -name "*pub" | sort
/home/oracle/tadan/share/ssh1/ssh1.pub
/home/oracle/tadan/share/ssh2/ssh2.pub
/home/oracle/tadan/share/ssh3/ssh3.pub
/home/oracle/tadan/share/ssh4/ssh4.pub
/home/oracle/tadan/share/ssh5/ssh5.pub
/home/oracle/tadan/share/ssh6/ssh6.pub

dockerコンテナごとに作成した公開鍵をdockerホストのauthorized_keysに登録する

さっと。リンクはった意味。

コード表示

[oracle@centos tadan]$ rm ~/.ssh/authorized_keys || touch ~/.ssh/authorized_keys && find $(pwd) -name "*pub" | sort | xargs -I@ bash -c "cat @ >> ~/.ssh/authorized_keys"
[oracle@centos tadan]$ cd ~/.ssh
[oracle@centos .ssh]$ cat a*
[oracle@centos tadan]$ rm ~/.ssh/authorized_keys || touch ~/.ssh/authorized_keys && find $(pwd) -name "*pub" | sort | xargs -I@ bash -c "cat @ >> ~/.ssh/authorized_keys"
[oracle@centos tadan]$ cd ~/.ssh
[oracle@centos .ssh]$ cat a*
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnytJwMdrWyLuAvlQQY51oBau7so2qAxxWHFVYube+HPaBHRizwvyx6I+udmybcpyJxwoqOrnrapXqGvf22cVNqeSENmq0U1QISnszejUAY4XtZHG0MJwLbvY9ICnCUzjamPMbgbslbyVweC+1vG7oVhSqdKSzrSrID4DYpMslZ571jTS9fgi8+YM9xIQyivKufzbYo+GAHy5tAPiqRRGlqLOthEf9eOGINgPvXsBXyWeb5Mrzqa88c0MG6x/Sdf7TNpBDlfU1Le9mHGjaIjoLGbVBPuf0LfqhdikCqP1F3S4t/KTiUYa0ViVhzNxzoEowYMmRBMWOI1H9wFS2Oy9t oracle@ssh1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8LaiJCxVODsz+vnbQcgZPN2ZIZ6h7LJQWHuH3ryIaX5a8cu2xR740QHpFWdJdV/MYcqxRXKivoLQL7mhdWYpMLF/yGZUoxbmU+KNrFFaxCS++LKVn+OjjwefGrgvTTlpNXOqPB3KnGkcbWFVbW0H3doGMIBUzKXam0JP2tz8F+vQN+dXrAknm0M+ua7bmony3MNyOQ9RZY8KmtIhoktvGrZjon1OEO0BPOWcSpRT/N7bdEgl6b37ho/qVTcrJ6vJWcSaUlzptKRScxnPsQs1NmHPjS/HAMqx/1cdI/A+iFE7PNyPipufFGM2w3AINbd+9JYZ6wPf+NXSPYwNwGc0/ oracle@ssh2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQMVxQe1VjKh61oPyfmcoMs+TdN2xoVDbvP3erR1qozc5nbBaKKS4oII+dixLX8fg1O+fMM3wqu0AEwWT+Y+F/CCAJF3CgcWjEZA9AN0dmjU88D6VD5DtmteZKq5i3QpbLtZRWJxg5Votcz/QSTaM+O4cpuARPMLV9JEYL9C7iXxJMLQd8X3+eu1qpuqNLEF1mHm25IRbxQXG9pTTiOZLFyXs64sFnIYYCa33bmMLvLZ8rwIjqFIbpcVJSB/qtt1mQkt/i0T+F00yzJdYOCA4b2hLtRqQB/19mFbWSiOFnVqkP4526x2ToEY5sENtyM4ygykYQyDyrVlegViRlvnvz oracle@ssh3
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU5uYFQA6BV1Oqh6WWchaiV72L8Dkp/apLnaSRZ7f/+wU3nKTjvc9VT8vAMMF9U7kEdmVbEi0NhjYohsrtLkD6BWaOolBCy3decCeJWvuxsYtxR/+ssRAq8IX+lhqks7d4vlggeavmAjKyUyEIBHOdicUIex3Pu9AEFbXh8W0zdi/cwNRyL1T1S3UrCjgiVWwtY41hdjPV/lLYJa1ku/epa8CzY2ozrIAEwrydY/vQQBJO1+MtiLdqgkbTKZ8dSmoXZpJNOkUBlp7MjNKR04kHPtUIHiozdNII4F9FBX8B+1KcTWnVgR6FKPN+I5uhwtXnocZ8p3ePIeu5S61pBvnn oracle@ssh4
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKGCSdnQXWDDBAnJF90RBrBK6Tfcoc3/sXJyvhBF0Rq4BvzuEUx718ezV2J20E0iuaxwaL+pgyQEXsOLOU90b3eCx81QHuoZb5cX4TX6egAJhv9nBbOoXHOrf2ZmiNXNSsGYGaow7N3wCanNOfWfG64KZpwS/x4/p0aFMnXu5PBq4TdeHhZGpNHb+FNDean7PFFe5wukDBOpMpa56l68OH8inlQ3uANFkRfj4cfeQX+uMYEKvnC7QXIeu3g9gyzVOSngsYGZAbombijJwNlaQzLAGnan6Ib0AMa2YlilrEH0cxnCgX3FHZpe/4znujNOIdArlIsbF6IzZl053EPgDn oracle@ssh5
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIer/jMtRhzYCDxkjElnX4n7/uXhXvKc3P8UskdYh53n0hyOOJixCkwPJHY7la09FQXvGM+Xm4NdDrY/LjRbG9YgYILAppL7UpexWuJlyyyMMbThJvbu8ukTaZzOg6Z/vvveVmVBs+tFNMJU01PCPjmLNDU1ATBeL85dHb2lUWEa7On1e2PNXKpbpaF61S3O3DBp8H81w+QNF899MikCDEuyJe2ZIfZgnbpqz4o8mEOxzn22YtlKEIkXmNlb06N65c7SWqmsYnqp+nNqlmHsfOt8ufsx91pwjpU7IM9/X7pNgjtv9UomjbX67pw7tT8cW48nPHgkleW/bAA6wLtwCD oracle@ssh6

各dockerコンテナのconfigファイルにdockerホストへの接続情報を記載する

dockerコンテナからssh接続できるように設定する。あらかじめテンプレート用意しコンテナごとに複写して置換する。

コード表示

[oracle@centos tadan]$ rm ./share/ssh{1..6}/c*
[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   ├── known_hosts
│   │   ├── ssh1
│   │   ├── ssh1.pub
│   │   └── tmpl
│   ├── ssh2
│   │   ├── ssh2
│   │   ├── ssh2.pub
│   │   └── tmpl
│   ├── ssh3
│   │   ├── ssh3
│   │   ├── ssh3.pub
│   │   └── tmpl
│   ├── ssh4
│   │   ├── known_hosts
│   │   ├── ssh4
│   │   ├── ssh4.pub
│   │   └── tmpl
│   ├── ssh5
│   │   ├── ssh5
│   │   ├── ssh5.pub
│   │   └── tmpl
│   └── ssh6
│       ├── ssh6
│       ├── ssh6.pub
│       └── tmpl
└── tmpl
    ├── a.sh
    └── config

14 directories, 19 files
[oracle@centos tadan]$ seq 6 | xargs -I{} bash -c 'cp $(pwd)/tmpl/config $(pwd)/share/ssh{}/config && sed -i s/@/{}/g $(pwd)/share/ssh{}/config'
[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   ├── config
│   │   ├── known_hosts
│   │   ├── ssh1
│   │   ├── ssh1.pub
│   │   └── tmpl
│   ├── ssh2
│   │   ├── config
│   │   ├── ssh2
│   │   ├── ssh2.pub
│   │   └── tmpl
│   ├── ssh3
│   │   ├── config
│   │   ├── ssh3
│   │   ├── ssh3.pub
│   │   └── tmpl
│   ├── ssh4
│   │   ├── config
│   │   ├── known_hosts
│   │   ├── ssh4
│   │   ├── ssh4.pub
│   │   └── tmpl
│   ├── ssh5
│   │   ├── config
│   │   ├── ssh5
│   │   ├── ssh5.pub
│   │   └── tmpl
│   └── ssh6
│       ├── config
│       ├── ssh6
│       ├── ssh6.pub
│       └── tmpl
└── tmpl
    ├── a.sh
    └── config

14 directories, 25 files
[oracle@centos tadan]$ cat ./share/ssh{1..6}/c*
Host centos
  Hostname 192.168.1.109
  Port 22
  Identityfile ~/.ssh/ssh1
  User oracle
Host centos
  Hostname 192.168.1.109
  Port 22
  Identityfile ~/.ssh/ssh2
  User oracle
Host centos
  Hostname 192.168.1.109
  Port 22
  Identityfile ~/.ssh/ssh3
  User oracle
Host centos
  Hostname 192.168.1.109
  Port 22
  Identityfile ~/.ssh/ssh4
  User oracle
Host centos
  Hostname 192.168.1.109
  Port 22
  Identityfile ~/.ssh/ssh5
  User oracle
Host centos
  Hostname 192.168.1.109
  Port 22
  Identityfile ~/.ssh/ssh6
  User oracle

dockerホストでsshdサービス起動

サービス起動確認

コード表示

[oracle@centos .ssh]$ sudo systemctl restart sshd
[oracle@centos .ssh]$ systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since 月 2019-05-13 22:26:04 JST; 3s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 10295 (sshd)
    Tasks: 1
   Memory: 1.0M
   CGroup: /system.slice/sshd.service
           └─10295 /usr/sbin/sshd -D

dockerコンテナ間の接続を確認する

現状どうなっているか。セグメントは越えられない。

コード表示

[oracle@centos tadan]$ docker exec --user oracle --workdir ~/.ssh -it ssh1 /bin/bash
[oracle@ssh1 .ssh]$ ip r
default via 192.168.100.1 dev eth0 
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.101 
[oracle@ssh1 .ssh]$ whoami
oracle
[oracle@ssh1 .ssh]$ hostname
ssh1
[oracle@ssh1 .ssh]$ ping -c 1 192.168.100.102
PING 192.168.100.102 (192.168.100.102) 56(84) bytes of data.
64 bytes from 192.168.100.102: icmp_seq=1 ttl=64 time=0.083 ms

--- 192.168.100.102 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.083/0.083/0.083/0.000 ms
[oracle@ssh1 .ssh]$ ping -c 1 192.168.100.103
PING 192.168.100.103 (192.168.100.103) 56(84) bytes of data.
64 bytes from 192.168.100.103: icmp_seq=1 ttl=64 time=0.057 ms

--- 192.168.100.103 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.057/0.057/0.057/0.000 ms
[oracle@ssh1 .ssh]$ ping -c 1 192.168.100.101
PING 192.168.100.101 (192.168.100.101) 56(84) bytes of data.
64 bytes from 192.168.100.101: icmp_seq=1 ttl=64 time=0.024 ms

--- 192.168.100.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.024/0.024/0.024/0.000 ms
[oracle@ssh1 .ssh]$ ping -c 1 192.168.200.101
PING 192.168.200.101 (192.168.200.101) 56(84) bytes of data.
^C
--- 192.168.200.101 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

[oracle@ssh1 .ssh]$ ping -c 1 192.168.200.102
PING 192.168.200.102 (192.168.200.102) 56(84) bytes of data.
^C
--- 192.168.200.102 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

[oracle@ssh1 .ssh]$ ping -c 1 192.168.200.103
PING 192.168.200.103 (192.168.200.103) 56(84) bytes of data.
^C
--- 192.168.200.103 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

dockerコンテナからdockerホストにssh接続できるか確認

yesちゃんといれること。各セグメントから代表1コンテナで確認。

コード表示

[oracle@ssh1 .ssh]$ sed -i /192.168.1.109/d  known_hosts
[oracle@ssh1 .ssh]$ ssh centos
The authenticity of host '192.168.1.109 (192.168.1.109)' can't be established.
ECDSA key fingerprint is SHA256:yOr7hVcqUf559Yl1lTurqPd7V+QQd7OPztlTzOHEpF4.
ECDSA key fingerprint is MD5:03:e5:6a:4f:f1:65:88:f5:88:6d:ad:ff:7a:72:bd:b3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.109' (ECDSA) to the list of known hosts.
Last login: Tue May 14 06:56:59 2019 from 192.168.100.101
[oracle@centos ~]$ whoami
oracle
[oracle@centos ~]$ hostname
centos
[oracle@centos ~]$ ip r | grep eno1
default via 192.168.1.1 dev eno1 proto static metric 100 
192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.109 metric 100 
[oracle@centos ~]$ ログアウト
Connection to 192.168.1.109 closed.
[oracle@centos tadan]$ docker exec --user oracle --workdir ~/.ssh -it ssh4 /bin/bash
[oracle@ssh4 .ssh]$ ll
total 20
-rw-r--r--. 1 oracle docker   88 May 14 06:49 config
-rw-r--r--. 1 oracle docker  175 May 13 23:20 known_hosts
-rw-------. 1 oracle docker 1679 May 13 22:35 ssh4
-rw-r--r--. 1 oracle docker  393 May 13 22:35 ssh4.pub
drwxr-xr-x. 2 oracle docker 4096 May 14 06:15 tmpl
[oracle@ssh4 .ssh]$ cat k*
192.168.1.109 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMUYxEWsHgM7+gYRAClMKLNNre9v84lsIL5Tf6K4TBxFhn5JhpRFPy/rBgH84DLnaSj+2uazgzVY332JCwxqHLw=
[oracle@ssh4 .ssh]$ sed -i /192.168.1.109/d  known_hosts
[oracle@ssh4 .ssh]$ cat k*
[oracle@ssh4 .ssh]$ ssh centos
The authenticity of host '192.168.1.109 (192.168.1.109)' can't be established.
ECDSA key fingerprint is SHA256:yOr7hVcqUf559Yl1lTurqPd7V+QQd7OPztlTzOHEpF4.
ECDSA key fingerprint is MD5:03:e5:6a:4f:f1:65:88:f5:88:6d:ad:ff:7a:72:bd:b3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.109' (ECDSA) to the list of known hosts.
Last login: Tue May 14 06:58:04 2019 from 192.168.100.101
[oracle@centos ~]$ whoami
oracle
[oracle@centos ~]$ hostname
centos
[oracle@centos ~]$ ip r | grep eno1
default via 192.168.1.1 dev eno1 proto static metric 100 
192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.109 metric 100 
[oracle@centos ~]$ ログアウト
Connection to 192.168.1.109 closed.

sshポートフォーワーディング設定

セグメント跨ぎたい。ssh4(192.168.200.101)からssh1(192.168.100.101)へ通信したいとなったと仮定する。そのときは中継器として見立てているdockerホストからssh1へ向けてポート転送設定をおこなう。

コード表示

[oracle@centos tadan]$ cd .ssh
[oracle@centos .ssh]$ ll
合計 16
-rw-r--r--. 1 oracle docker 2358  5月 13 22:36 authorized_keys
-rw-r--r--. 1 oracle docker   88  5月 14 06:36 config
-rw-------. 1 oracle docker 1679  5月 12 17:23 id_rsa
-rw-r--r--. 1 oracle docker  395  5月 12 17:23 id_rsa.pub
-rw-r--r--. 1 oracle docker    0  5月 14 07:13 known_hosts
[oracle@centos .ssh]$ ssh 192.168.1.109 -R 10022:192.168.100.101:22
The authenticity of host '192.168.1.109 (192.168.1.109)' can't be established.
ECDSA key fingerprint is SHA256:yOr7hVcqUf559Yl1lTurqPd7V+QQd7OPztlTzOHEpF4.
ECDSA key fingerprint is MD5:03:e5:6a:4f:f1:65:88:f5:88:6d:ad:ff:7a:72:bd:b3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.109' (ECDSA) to the list of known hosts.
oracle@192.168.1.109's password: 
Last login: Tue May 14 07:11:02 2019 from centos
[oracle@centos ~]$ 

端末もういっこ開いて、ssh4からssh1に接続できるか試す

oracle@localhost’s password: には転送先マシンのものを入力する。

コード表示

[oracle@centos ~]$ docker exec --user oracle --workdir ~/.ssh -it ssh4 /bin/bash
[oracle@ssh4 .ssh]$ ll
total 20
-rw-r--r--. 1 oracle docker   88 May 14 06:49 config
-rw-r--r--. 1 oracle docker  175 May 14 07:17 known_hosts
-rw-------. 1 oracle docker 1679 May 13 22:35 ssh4
-rw-r--r--. 1 oracle docker  393 May 13 22:35 ssh4.pub
drwxr-xr-x. 2 oracle docker 4096 May 14 06:15 tmpl
[oracle@ssh4 .ssh]$ cat k*
192.168.1.109 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMUYxEWsHgM7+gYRAClMKLNNre9v84lsIL5Tf6K4TBxFhn5JhpRFPy/rBgH84DLnaSj+2uazgzVY332JCwxqHLw=
[oracle@ssh4 .ssh]$ sed -i /192.168.1.109/d k*
[oracle@ssh4 .ssh]$ cat k*
[oracle@ssh4 .ssh]$ ll
total 16
-rw-r--r--. 1 oracle docker   88 May 14 06:49 config
-rw-r--r--. 1 oracle docker    0 May 14 07:17 known_hosts
-rw-------. 1 oracle docker 1679 May 13 22:35 ssh4
-rw-r--r--. 1 oracle docker  393 May 13 22:35 ssh4.pub
drwxr-xr-x. 2 oracle docker 4096 May 14 06:15 tmpl
[oracle@ssh4 .ssh]$ ssh oracle@centos
The authenticity of host '192.168.1.109 (192.168.1.109)' can't be established.
ECDSA key fingerprint is SHA256:yOr7hVcqUf559Yl1lTurqPd7V+QQd7OPztlTzOHEpF4.
ECDSA key fingerprint is MD5:03:e5:6a:4f:f1:65:88:f5:88:6d:ad:ff:7a:72:bd:b3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.109' (ECDSA) to the list of known hosts.
Last login: Tue May 14 07:14:30 2019 from centos
[oracle@centos ~]$ ssh localhost -p 10022
The authenticity of host '[localhost]:10022 ([::1]:10022)' can't be established.
ECDSA key fingerprint is SHA256:gNBn8Jg8Z2W6pX6CkcJsj+TjcLbPsAuCOGoV/mohFmk.
ECDSA key fingerprint is MD5:74:1f:58:b0:72:51:45:cf:e0:2a:cf:b1:9f:75:e1:ec.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:10022' (ECDSA) to the list of known hosts.
oracle@localhost's password: 
Last login: Mon May 13 21:27:34 2019
[oracle@ssh1 ~]$ ip r           
default via 192.168.100.1 dev eth0 
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.101 

異なるセグメントはまたげた話

ちょっとカオス化してきたから、色変えたいなtmuxとかうまく使えばいい感じに出来そうだな。タグLANも試してみよう。以上、ありがとうございました。

dockerホストとdockerコンテナでX転送して遊んでみた話

参考文献

4.5. X11 転送を使う  
X11でX11 forwarding request failed on channel 0とエラー表示されて、窓が飛んでこない場合  
ssh X Forwarding できないときの対処  
X11 Forwarding  
多段sshを行うときに、ローカルの秘密鍵を参照し続ける  
Linux - X Window System  
Linux - X Window System  
Linux - X Window System  
C.3. X サーバーの設定ファイル  

環境

参考文献は6なんだよな。。

コード表示

[oracle@centos .ssh]$ cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core) 

dockerホスト側(sshクライアント側)でのXserverサービス起動確認

サービス名はgdm.service。centosをインストールするときにGNOME選択して、アドオンにXserver互換オプションチェック入れておいたから、マシン立ち上がったら、サービス自動起動するのかな。

コード表示

[oracle@centos .ssh]$ systemctl status gdm.service
● gdm.service - GNOME Display Manager
   Loaded: loaded (/usr/lib/systemd/system/gdm.service; enabled; vendor preset: enabled)
   Active: active (running) since 日 2019-05-12 16:26:16 JST; 5h 55min ago
 Main PID: 1119 (gdm)
    Tasks: 18
   Memory: 89.4M
   CGroup: /system.slice/gdm.service
           ├─ 1119 /usr/sbin/gdm
           └─21036 /usr/bin/X :0 -background none -noreset -audit 4 -verbose -auth /run/gdm/auth-for-gdm-dIETUH/database -seat seat0 -nolisten tcp vt1

xorgでググる

/etc/X11/配下がたのしそう。

コード表示

[root@centos .ssh]# find / -name "*xorg*"
/usr/share/X11/xorg.conf.d
/usr/share/X11/xkb/rules/xorg.lst
/usr/share/X11/xkb/rules/xorg
/usr/share/X11/xkb/rules/xorg.xml
/etc/X11/xorg.conf.d
/etc/X11/fontpath.d/xorg-x11-fonts-Type1
[oracle@centos X11]$ pwd
/etc/X11
[oracle@centos X11]$ tree -a
.
├── Xmodmap
├── Xresources
├── applnk
├── fontpath.d
│   ├── cjkuni-uming-fonts -> /usr/share/fonts/cjkuni-uming/
│   ├── default-ghostscript -> /usr/share/fonts/default/ghostscript
│   ├── fonts-default -> /usr/share/fonts/default/Type1
│   ├── liberation-fonts -> /usr/share/fonts/liberation
│   ├── xorg-x11-fonts-100dpi:unscaled:pri=30 -> /usr/share/X11/fonts/100dpi
│   ├── xorg-x11-fonts-Type1 -> /usr/share/X11/fonts/Type1
│   └── xorg-x11-fonts-misc:unscaled:pri=10 -> /usr/share/X11/fonts/misc
├── mwm
│   └── system.mwmrc
├── xinit
│   ├── Xclients
│   ├── Xclients.d
│   ├── Xsession
│   ├── xinitrc
│   ├── xinitrc-common
│   ├── xinitrc.d
│   │   ├── 00-start-message-bus.sh
│   │   ├── 10-qt5-check-opengl2.sh
│   │   ├── 50-xinput.sh
│   │   ├── localuser.sh
│   │   ├── xmbind.sh
│   │   └── zz-liveinst.sh
│   ├── xinput.d
│   │   ├── ibus.conf
│   │   ├── none.conf
│   │   ├── xcompose.conf
│   │   └── xim.conf
│   └── xinputrc -> /etc/alternatives/xinputrc
└── xorg.conf.d
    └── 00-keyboard.conf

15 directories, 19 files

manはここ

コード表示

[oracle@centos X11]$ man 5 xorg.conf
[oracle@centos X11]$ man 1 Xorg
[oracle@centos X11]$ man 1 xhost

dockerコンテナ(sshサーバー)からdockerホスト(sshクライアント)へリモートアクセスできるように設定する

ホスト名とかで指定しても、denyされたので、ipで指定してみたらいけた。指定したsshサーバーからのレスポンスを受け取ることができるようにする。

コード表示

[oracle@centos .ssh]$ xhost +192.168.100.101
192.168.100.101 being added to access control list

dockerコンテナ(sshサーバー)にxauthをインストール

dockerホスト側ではxauthは違うレポから提供されているけど、dockerコンテナ側で用意するのはbaseレポから提供されているものでOK。Failed to set locale, defaulting to Cとかでてるけど、環境変数指定していないだけだと思う。そのままでOK。指定しないとCがデフぉみたいな感じ。

コード表示

[root@638ccb67f9ca ssh]# yum install -y xauth
[oracle@centos X11]$ yum list installed | grep xauth
xorg-x11-xauth.x86_64                   1:1.0.9-1.el7                  @anaconda
[oracle@centos X11]$ ssh ssh1
root@192.168.100.101's password: 
Last login: Sun May 12 10:01:50 2019 from gateway
[root@638ccb67f9ca ~]# yum list installed | grep xauth
Failed to set locale, defaulting to C
xorg-x11-xauth.x86_64                   1:1.0.9-1.el7                   @base   

dockerコンテナ内(Xクラインアント)で起動したアプリケーションをdockerホスト(Xサーバー)に転送ないし送信できるように設定する

引っ張ってくる。pullするイメージ。リモートで作業した結果をpullする感じかな。/etc/ssh/で作業するよ。X11Forwarding yesとX11DisplayOffset 10とX11UseLocalhost noがコメントアウトされていないこと。環境変数DISPLAYに転送先のIP指定しておく。設定変更したら、sshdサービス再起動。

コード表示

[oracle@centos .ssh]$ ssh ssh1
root@192.168.100.101's password: 
Last login: Sun May 12 09:25:13 2019 from gateway
[root@638ccb67f9ca ~]# cd /etc/ssh/
[root@638ccb67f9ca ssh]# ll
total 604
-rw-r--r--. 1 root root     581843 Apr 11  2018 moduli
-rw-r--r--. 1 root root       2276 Apr 11  2018 ssh_config
-rw-r-----. 1 root ssh_keys    227 May 12 08:20 ssh_host_ecdsa_key
-rw-r--r--. 1 root root        162 May 12 08:20 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys    387 May 12 08:20 ssh_host_ed25519_key
-rw-r--r--. 1 root root         82 May 12 08:20 ssh_host_ed25519_key.pub
-rw-r-----. 1 root ssh_keys   1679 May 12 08:20 ssh_host_rsa_key
-rw-r--r--. 1 root root        382 May 12 08:20 ssh_host_rsa_key.pub
-rw-------. 1 root root       3907 Apr 11  2018 sshd_config
[root@638ccb67f9ca ssh]# cat /etc/ssh/sshd_config | grep X11
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#	X11Forwarding no
[root@638ccb67f9ca ssh]# cp sshd_config org_sshd_config
[root@638ccb67f9ca ssh]# vi /etc/ssh/sshd_config
[root@638ccb67f9ca ssh]# diff sshd_config org_sshd_config
102,103c102,103
< X11DisplayOffset 10
< X11UseLocalhost no
---
> #X11DisplayOffset 10
> #X11UseLocalhost yes
[root@638ccb67f9ca ~]# cat /etc/ssh/sshd_config | grep X11
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
#	X11Forwarding no
[root@638ccb67f9ca ~]# systemctl restart sshd
[root@638ccb67f9ca ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-05-12 13:37:19 UTC; 7s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 8768 (sshd)
   CGroup: /docker/638ccb67f9caf21a7ad35524eb9c3b09950ca17f7cda1d8f5ee33ad0537d7078/system.slice/sshd.service
           └─8768 /usr/sbin/sshd -D
           ‣ 8768 /usr/sbin/sshd -D

May 12 13:37:19 638ccb67f9ca systemd[1]: Starting OpenSSH server daemon...
May 12 13:37:19 638ccb67f9ca sshd[8768]: Server listening on 0.0.0.0 port 22.
May 12 13:37:19 638ccb67f9ca sshd[8768]: Server listening on :: port 22.
May 12 13:37:19 638ccb67f9ca systemd[1]: Started OpenSSH server daemon.

dockerホストからdockerコンテナに接続してみる

sshで。-vはデバッグオプション。-XがX転送で。-Cが転送量の圧縮だっけな。

コード表示

[oracle@centos .ssh]$ pwd
/home/oracle/.ssh
[oracle@centos .ssh]$ ll
合計 16
-rw-r--r--. 1 oracle docker  352  5月 12 22:56 config
-rw-------. 1 oracle docker 1679  5月 12 17:23 id_rsa
-rw-r--r--. 1 oracle docker  395  5月 12 17:23 id_rsa.pub
-rw-r--r--. 1 oracle docker  531  5月 12 17:37 known_hosts
[oracle@centos .ssh]$ cat c*
Host ssh3
  Hostname 192.168.100.103
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
  ProxyCommand ssh -W %h:%p 192.168.100.102
Host ssh2
  Hostname 192.168.100.102
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
  ProxyCommand ssh -W %h:%p 192.168.100.101
Host ssh1
  Hostname 192.168.100.101
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
[oracle@centos .ssh]$ ssh -vXC ssh1
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /home/oracle/.ssh/config
debug1: /home/oracle/.ssh/config line 13: Applying options for ssh1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 192.168.100.101 [192.168.100.101] port 22.
debug1: Connection established.
debug1: identity file /home/oracle/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/oracle/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.100.101:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:  compression: zlib@openssh.com
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:  compression: zlib@openssh.com
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:YJHAd648yfk43PAAx3L0vp0IKhBINaYEEGb53Mxn7pw
debug1: Host '192.168.100.101' is known and matches the ECDSA host key.
debug1: Found key in /home/oracle/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/oracle/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: password
root@192.168.100.101's password: 
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (password).
Authenticated to 192.168.100.101 ([192.168.100.101]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: exec
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env XMODIFIERS = @im=ibus
debug1: Sending env LANG = ja_JP.UTF-8
Last login: Sun May 12 13:51:37 2019 from gateway
[root@638ccb67f9ca ~]# whoami
root
[root@638ccb67f9ca ~]# hostname
638ccb67f9ca
[root@638ccb67f9ca ~]# ip a show eth0
23: eth0@if24:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:65 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.101/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever

DBUSでXclientとXserver同士を接着させる呪文を唱える

dbus-x11-1.10.24-12.el7.x86_64をいんすこ。

コード表示

[root@638ccb67f9ca ~]# yum provides dbus-launch
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: ftp.riken.jp
 * extras: ftp.riken.jp
 * updates: ftp.riken.jp
1:dbus-x11-1.10.24-12.el7.x86_64 : X11-requiring add-ons for D-BUS
Repo        : base
Matched from:
Filename    : /usr/bin/dbus-launch



1:dbus-x11-1.10.24-13.el7_6.x86_64 : X11-requiring add-ons for D-BUS
Repo        : updates
Matched from:
Filename    : /usr/bin/dbus-launch



1:dbus-x11-1.10.24-12.el7.x86_64 : X11-requiring add-ons for D-BUS
Repo        : @base
Matched from:
Filename    : /usr/bin/dbus-launch



[root@638ccb67f9ca ~]# yum list installed | grep dbus*
Failed to set locale, defaulting to C
dbus.x86_64                             1:1.10.24-12.el7                @CentOS 
dbus-glib.x86_64                        0.100-7.el7                     @CentOS 
dbus-libs.x86_64                        1:1.10.24-12.el7                @CentOS 
dbus-python.x86_64                      1.1.1-9.el7                     @CentOS 
dbus-x11.x86_64                         1:1.10.24-12.el7                @base   
[root@638ccb67f9ca ~]# which dbus-launch
/usr/bin/dbus-launch
[root@638ccb67f9ca ~]# eval `dbus-launch --sh-syntax`
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from 192.168.100.101 52204
debug1: channel 1: new [x11]
debug1: confirm x11
debug1: channel 1: FORCE input drain
[root@638ccb67f9ca ~]# debug1: channel 1: free: x11, nchannels 2

[root@638ccb67f9ca ~]# export DBUS_SESSION_BUS_ADDRESS
[root@638ccb67f9ca ~]# export DBUS_SESSION_BUS_PID
[root@638ccb67f9ca ~echo $DBUS_SESSION_BUS_ADDRESS
unix:abstract=/tmp/dbus-gtDglgmnGA,guid=8131513d6d575324bd5d33555cd827fa
[root@638ccb67f9ca ~]# echo $DBUS_SESSION_BUS_PID
8856
[root@638ccb67f9ca ~]# ps 8856
  PID TTY      STAT   TIME COMMAND
 8856 ?        Ss     0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
[root@638ccb67f9ca ~]# ps aux 
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  43324  3576 ?        Ss   08:20   0:00 /sbin/init
root        17  0.0  0.0  39084  6308 ?        Ss   08:20   0:00 /usr/lib/systemd/systemd-journald
root        30  0.0  0.0  42656  1788 ?        Ss   08:20   0:00 /usr/lib/systemd/systemd-udevd
root       985  0.0  0.0  26508  1840 ?        Ss   08:20   0:00 /usr/lib/systemd/systemd-logind
dbus      1113  0.0  0.0  58104  2340 ?        Ss   08:20   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root      8079  0.0  0.0  57988  1360 ?        Ss   09:50   0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
root      8799  0.0  0.0 112860  4304 ?        Ss   13:50   0:00 /usr/sbin/sshd -D
root      8818  0.0  0.0 155608  6388 ?        Rs   13:58   0:00 sshd: root@pts/0
root      8820  0.0  0.0  15224  1912 pts/0    Ss   13:58   0:00 -bash
root      8856  0.0  0.0  57988   884 ?        Ss   14:04   0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
root      8864  0.0  0.0  55144  1764 pts/0    R+   14:07   0:00 ps aux

Xクライアントアプリをdockerコンテナ側で用意

yumする。xeyesはxorg-x11-apps-7.7-7.el7.x86_64として提供されている。

コード表示

[root@638ccb67f9ca ~]# yum install -y xeyes xterm firefox
[root@638ccb67f9ca ~]# yum provides xeyes        
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: ftp.riken.jp
 * extras: ftp.riken.jp
 * updates: ftp.riken.jp
xorg-x11-apps-7.7-7.el7.x86_64 : X.Org X11 applications
Repo        : base
Matched from:
Provides    : xeyes



xorg-x11-apps-7.7-7.el7.x86_64 : X.Org X11 applications
Repo        : @base
Matched from:
Provides    : xeyes
[root@638ccb67f9ca ~]# yum list installed | grep -E "xorg|xterm|firefox"
Failed to set locale, defaulting to C
firefox.x86_64                          60.6.1-1.el7.centos             @updates
xorg-x11-apps.x86_64                    7.7-7.el7                       @base   
xorg-x11-server-utils.x86_64            7.7-20.el7                      @base   
xorg-x11-xauth.x86_64                   1:1.0.9-1.el7                   @base   
xorg-x11-xinit.x86_64                   1.3.4-2.el7                     @base   
xterm.x86_64                            295-3.el7                       @base   

大切なのはdockerコンテナ内(sshサーバ)で、DISPLAYとDBUS_SESSION_BUS_PIDとDBUS_SESSION_BUS_ADDRESSを確認すること

ちょっとかんたんにX転送する場合としない場合、ssh鯖内でeval `dbus-launch –sh-syntax`する場合としない場合で比較してみる

X転送しない場合

コード表示

[oracle@centos .ssh]$ ssh ssh1
root@192.168.100.101's password: 
Last login: Sun May 12 14:25:33 2019 from gateway
[root@638ccb67f9ca ~]# echo $DISPLAY

[root@638ccb67f9ca ~]# echo $DBUS_SESSION_BUS_PID

[root@638ccb67f9ca ~]# echo $DBUS_SESSION_BUS_ADDRESS

[root@638ccb67f9ca ~]# logout
Connection to 192.168.100.101 closed.
[oracle@centos .ssh]$ 

X転送する場合

コード表示

[oracle@centos .ssh]$ ssh -XC ssh1
root@192.168.100.101's password: 
Last login: Sun May 12 14:32:12 2019 from gateway
[root@638ccb67f9ca ~]# echo $DISPLAY
192.168.100.101:10.0
[root@638ccb67f9ca ~]# echo $DBUS_SESSION_BUS_PID

[root@638ccb67f9ca ~]# echo $DBUS_SESSION_BUS_ADDRESS

[root@638ccb67f9ca ~]# logout
Connection to 192.168.100.101 closed.
[oracle@centos .ssh]$ 

X転送してeval `dbus-launch –sh-syntax`もする場合

コード表示

[oracle@centos .ssh]$ ssh -XC ssh1
root@192.168.100.101's password: 
Last login: Sun May 12 14:32:48 2019 from gateway
[root@638ccb67f9ca ~]# eval `dbus-launch --sh-syntax`
[root@638ccb67f9ca ~]# echo $DBUS_SESSION_BUS_PID
8978
[root@638ccb67f9ca ~]# echo $DBUS_SESSION_BUS_ADDRESS
unix:abstract=/tmp/dbus-1bRTlpm0VX,guid=689e9f7764605cb41f5144695cd82ef2
[root@638ccb67f9ca ~]# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  43324  3576 ?        Ss   08:20   0:00 /sbin/init
root        17  0.0  0.0  39084  6344 ?        Ss   08:20   0:00 /usr/lib/systemd/systemd-journald
root        30  0.0  0.0  42656  1788 ?        Ss   08:20   0:00 /usr/lib/systemd/systemd-udevd
root       985  0.0  0.0  26508  1840 ?        Ss   08:20   0:00 /usr/lib/systemd/systemd-logind
dbus      1113  0.0  0.0  58104  2340 ?        Ss   08:20   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root      8079  0.0  0.0  57988  1360 ?        Ss   09:50   0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
root      8799  0.0  0.0 112860  4340 ?        Ss   13:50   0:00 /usr/sbin/sshd -D
root      8856  0.0  0.0  57988   884 ?        Ss   14:04   0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
root      8956  0.0  0.0 155608  6388 ?        Ss   14:33   0:00 sshd: root@pts/0
root      8958  0.0  0.0  15224  1912 pts/0    Ss   14:33   0:00 -bash
root      8978  0.0  0.0  57988   884 ?        Ss   14:34   0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
root      8979  0.0  0.0  55144  1764 pts/0    R+   14:34   0:00 ps aux

Xクライアントでアプリ実行してfin

ぉぉぉ

コード表示

[root@638ccb67f9ca ~]# xeyes &
[2] 8985
[1]   Done                    xeyes
[root@638ccb67f9ca ~]# Warning: locale not supported by C library, locale unchanged
^C
[root@638ccb67f9ca ~]# xterm &
[3] 8986
[2]   Done                    xeyes
[root@638ccb67f9ca ~]# Warning: locale not supported by C library, locale unchanged
^C
[3]+  Done                    xterm
[root@638ccb67f9ca ~]# xterm &
[1] 9005
[root@638ccb67f9ca ~]# Warning: locale not supported by C library, locale unchanged
^C
[1]+  Done                    xterm



あとがき

xtermは便利そ。端末複製できる点がよい。firefoxとかは文字化けの原因しらべよ。Xはちょーたのしい!!!!以上、ありがとうございました。

多段ssh接続をdockerホストからdockerコンテナに向けてやってみた話

参考文献

多段ssh設定のまとめ  
SSH 多段接続で三段先のサーバに接続する  
多段sshを行うときに、ローカルの秘密鍵を参照し続ける  
Compose file version 3 reference  
Compose のネットワーク機能  

まえがき

フォルダ構成

ssh3フォルダは用意。a.shは使わない。

コード表示

[oracle@centos tadan]$ rm ./share/ssh{1..3}/*pub
[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   └── tmpl
│   ├── ssh2
│   │   └── tmpl
│   └── ssh3
│       └── tmpl
└── tmpl
    └── a.sh

8 directories, 4 files

権限整備

dockerホストで

コード表示

[oracle@centos tadan]$ sudo chown -R oracle:docker share
[oracle@centos tadan]$ sudo chown -R oracle:docker tmpl
[oracle@centos tadan]$ ll
合計 20
-rw-r--r--. 1 oracle docker  531  5月 11 16:33 Dockerfile
-rw-r--r--. 1 oracle docker   58  5月 11 13:25 Makefile
-rw-r--r--. 1 oracle docker  962  5月 11 16:25 docker-compose.yml
drwxr-xr-x. 4 oracle docker 4096  5月 11 16:08 share
drwxr-xr-x. 2 oracle docker 4096  5月 11 16:19 tmpl

Dockerfile

oracleユーザーでログインするようにすると、権限まわりであぁとなるので、デフぉのrootで。suしてもだめだった気がする。

コード表示

[oracle@centos tadan]$ cat D*
FROM centos:latest

RUN yum install -y iputils \
yum install -y net-tools \
yum install -y iproute \
yum install -y vim \
yum install -y tree \
yum install -y lsof \
yum install -y expect \
yum install -y openssh-server \
yum install -y openssh-clients

ENV TZ='Asia/Tokyo'

RUN groupadd -g 1001 docker
RUN useradd -m -g docker -u 1000 oracle

RUN echo 'ORACLE_PWD' | passwd --stdin oracle
RUN echo 'ORACLE_PWD' | passwd --stdin root

RUN mkdir -p /home/oracle/.ssh

#USER oracle
#WORKDIR /home/oracle
EXPOSE 20
CMD ["/sbin/init"]

Makefile

エイリアス

コード表示

[oracle@centos tadan]$ cat M*
CMD=docker-compose
up:
	@$(CMD) up -d
down:
	@$(CMD) down

docker-compose.yml

3コンテナ起動。

コード表示

[oracle@centos tadan]$ docker --version
Docker version 18.09.5, build e8ff056
[oracle@centos tadan]$ cat d*
version: '3.7'
services:
  ssh_saba1:
    image: centos_ssh
    container_name: ssh1
    #command: bash -c "ehoc hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh1:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.101
    ports:
      - '1:22'
  ssh_saba2:
    image: centos_ssh
    container_name: ssh2
    #command: bash -c "echo hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh2:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.102
    ports:
      - '2:22'
  ssh_saba3:
    image: centos_ssh
    container_name: ssh3
    #command: bash -c "echo hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh3:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.103
    ports:
      - '3:22'
networks:
  ssh_net:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.100.0/24

a.sh

コンテナ内でkickするやつ。sshの公開鍵と秘密鍵をコンテナ単位で作成。expectコマンド使って自動化しようとした名残だけある。今回はローカル(docker ホスト)で鍵作成。

コード表示

[oracle@centos tadan]$ cat t*/a*
#!/bin/bash
PWD=""
expect -c "
spawn ssh-keygen -t rsa
expect \"Enter\"
send \"${PWD}\n\"
expect \"Enter\"
send \"${PWD}\n\"
expect \"Enter\"
send \"${PWD}\n\"
expect \"\\\$\"
exit 0
"

centos_sshイメージの作成

dockerfileでマルチステージング機能あるぽくて、サイズ圧縮できるってどっかで見て試したけど、うまく使いこなせなかった。

コード表示

[oracle@centos tadan]$ docker build -t centos_ssh .
[oracle@centos tadan]$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos_ssh          latest              43f44c1e64a5        11 seconds ago      360MB
centos              latest              9f38484d220f        8 weeks ago         202MB

コンテナ起動前ネットワーク確認

ネットワークすき

コード表示

[oracle@centos tadan]$ brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.0242818de210	no		
virbr0		8000.5254006a2171	yes		virbr0-nic
[oracle@centos tadan]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ccc0:20d4:3aed:ca75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
6: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:81:8d:e2:10 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:81ff:fe8d:e210/64 scope link 
       valid_lft forever preferred_lft forever


[oracle@centos tadan]$ sudo iptables -t nat -L -n | grep -A 10 "Chain POSTROUTING"
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
RETURN     all  --  192.168.122.0/24     224.0.0.0/24        
RETURN     all  --  192.168.122.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    
POSTROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           

コンテナ起動

makeコマンドで。

コード表示

[oracle@centos tadan]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[oracle@centos tadan]$ make up
Creating network "tadan_ssh_net" with driver "bridge"
Creating ssh1 ... done
Creating ssh2 ... done
Creating ssh3 ... done
[oracle@centos tadan]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                       NAMES
4869f3cec966        centos_ssh          "/sbin/init"        13 hours ago        Up 13 hours         20/tcp, 0.0.0.0:1->22/tcp   ssh1
5f6b238319ff        centos_ssh          "/sbin/init"        13 hours ago        Up 13 hours         20/tcp, 0.0.0.0:2->22/tcp   ssh2
50e75a25f30f        centos_ssh          "/sbin/init"        13 hours ago        Up 13 hours         20/tcp, 0.0.0.0:3->22/tcp   ssh3

コンテナ起動後ネットワーク確認

docker0のIFは使われていない。独自に定義したbridgeルータにコンテナは接続している。

コード表示

[oracle@centos tadan]$ brctl show
bridge name	bridge id		STP enabled	interfaces
br-3cb3a09916e1		8000.0242011202de	no		veth3ab229f
							vetha272766
							vethc24b63c
docker0		8000.0242818de210	no		
virbr0		8000.5254006a2171	yes		virbr0-nic
[oracle@centos tadan]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ccc0:20d4:3aed:ca75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
6: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:81:8d:e2:10 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:81ff:fe8d:e210/64 scope link 
       valid_lft forever preferred_lft forever
363: br-3cb3a09916e1:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:01:12:02:de brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global br-3cb3a09916e1
       valid_lft forever preferred_lft forever
    inet6 fe80::42:1ff:fe12:2de/64 scope link 
       valid_lft forever preferred_lft forever
365: vetha272766@if364:  mtu 1500 qdisc noqueue master br-3cb3a09916e1 state UP group default 
    link/ether c2:10:0e:d3:93:fb brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::c010:eff:fed3:93fb/64 scope link 
       valid_lft forever preferred_lft forever
367: veth3ab229f@if366:  mtu 1500 qdisc noqueue master br-3cb3a09916e1 state UP group default 
    link/ether 66:3f:98:2c:cc:97 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::643f:98ff:fe2c:cc97/64 scope link 
       valid_lft forever preferred_lft forever
369: vethc24b63c@if368:  mtu 1500 qdisc noqueue master br-3cb3a09916e1 state UP group default 
    link/ether b6:f4:23:67:1d:3a brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::b4f4:23ff:fe67:1d3a/64 scope link 
       valid_lft forever preferred_lft forever
[oracle@centos tadan]$ sudo iptables -t nat -L -n | grep -A 10 "Chain POSTROUTING"
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  192.168.100.0/24     0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
RETURN     all  --  192.168.122.0/24     224.0.0.0/24        
RETURN     all  --  192.168.122.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    
POSTROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           

a.shをキックしない。

今回はローカル(docker ホスト)で鍵作成。

コード表示

[oracle@centos .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bxKbA6TM6rg/RG5ANOqORnL/7wP/247Mjbsnr8D7Hvg oracle@centos
The key's randomart image is:
+---[RSA 2048]----+
|.o               |
|...              |
|o     .          |
|o .o o           |
|.*. + . S        |
|=.+o  .o *       |
|.=. .  oO +      |
|.o.  .  oX.*.    |
|ooo.  .o+=EX=    |
+----[SHA256]-----+

dockerホストから各コンテナに公開鍵を配布

コンテナごとに公開鍵を配布。

コード表示

[oracle@centos tadan]$ echo -e $(pwd)/share/ssh{1..3}\\n | xargs -I@ bash -c 'cp ~/.ssh/*pub @'
[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   ├── id_rsa.pub
│   │   └── tmpl
│   ├── ssh2
│   │   ├── id_rsa.pub
│   │   └── tmpl
│   └── ssh3
│       ├── id_rsa.pub
│       └── tmpl
└── tmpl
    └── a.sh

8 directories, 7 files

sshdサービス起動確認

コード表示

[oracle@centos .ssh]$ docker exec -it ssh1 /bin/bash
[root@4869f3cec966 /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-05-11 18:27:07 JST; 13h ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 2344 (sshd)
   CGroup: /docker/4869f3cec966c4611962f1b02c163264d8e292c8df4a3b320b8e8b08fbb86d35/system.slice/sshd.service
           └─2344 /usr/sbin/sshd -D
           ‣ 2344 /usr/sbin/sshd -D

May 11 18:27:07 4869f3cec966 systemd[1]: Starting OpenSSH server daemon...
May 11 18:27:07 4869f3cec966 sshd[2344]: Server listening on 0.0.0.0 port 22.
May 11 18:27:07 4869f3cec966 sshd[2344]: Server listening on :: port 22.
May 11 18:27:07 4869f3cec966 systemd[1]: Started OpenSSH server daemon.
May 11 21:57:48 4869f3cec966 sshd[5431]: Accepted password for root from 192.168.100.1 port 33038 ssh2
May 11 21:57:55 4869f3cec966 sshd[5448]: Connection closed by 192.168.100.1 port 33044 [preauth]
May 12 07:22:11 4869f3cec966 sshd[5454]: Accepted password for root from 192.168.100.1 port 42396 ssh2
May 12 07:23:04 4869f3cec966 sshd[5471]: Accepted password for root from 192.168.100.1 port 42410 ssh2
[root@4869f3cec966 /]# exit
[oracle@centos .ssh]$ docker exec -it ssh2 /bin/bash
[root@5f6b238319ff /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-05-11 18:27:07 JST; 13h ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1866 (sshd)
   CGroup: /docker/5f6b238319ff35260f1385261064b6f67562554c668cf4f009682acf20202b54/system.slice/sshd.service
           └─1866 /usr/sbin/sshd -D
           ‣ 1866 /usr/sbin/sshd -D

May 11 18:27:07 5f6b238319ff systemd[1]: Starting OpenSSH server daemon...
May 11 18:27:07 5f6b238319ff sshd[1866]: Server listening on 0.0.0.0 port 22.
May 11 18:27:07 5f6b238319ff sshd[1866]: Server listening on :: port 22.
May 11 18:27:07 5f6b238319ff systemd[1]: Started OpenSSH server daemon.
May 11 21:51:32 5f6b238319ff sshd[5402]: Accepted password for root from 192.168.100.1 port 46484 ssh2
May 11 22:09:56 5f6b238319ff sshd[5419]: Accepted password for oracle from 192.168.100.1 port 47334 ssh2
May 11 22:16:08 5f6b238319ff sshd[5422]: Accepted password for oracle from 192.168.100.1 port 47626 ssh2
May 11 22:17:21 5f6b238319ff sshd[5425]: Accepted password for oracle from 192.168.100.1 port 47646 ssh2
May 11 22:17:53 5f6b238319ff sshd[5428]: Accepted password for oracle from 192.168.100.1 port 47660 ssh2
[root@5f6b238319ff /]# exit
[oracle@centos .ssh]$ docker exec -it ssh3 /bin/bash
[root@50e75a25f30f /]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-05-11 18:27:06 JST; 13h ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1884 (sshd)
   CGroup: /docker/50e75a25f30f6af7dd199924be5505094f35b0550ee87113f252fea2f5815194/system.slice/sshd.service
           └─1884 /usr/sbin/sshd -D
           ‣ 1884 /usr/sbin/sshd -D

May 11 18:27:06 50e75a25f30f systemd[1]: Starting OpenSSH server daemon...
May 11 18:27:06 50e75a25f30f sshd[1884]: Server listening on 0.0.0.0 port 22.
May 11 18:27:06 50e75a25f30f sshd[1884]: Server listening on :: port 22.
May 11 18:27:06 50e75a25f30f systemd[1]: Started OpenSSH server daemon.
May 11 21:48:59 50e75a25f30f sshd[8002]: Accepted password for root from 192.168.100.1 port 59862 ssh2
May 11 21:54:55 50e75a25f30f sshd[8020]: Connection closed by 192.168.100.1 port 60144 [preauth]
May 11 22:10:02 50e75a25f30f sshd[8022]: Accepted password for root from 192.168.100.102 port 50252 ssh2
May 11 22:16:23 50e75a25f30f sshd[8040]: Accepted password for root from 192.168.100.102 port 50542 ssh2
May 11 22:17:28 50e75a25f30f sshd[8073]: Accepted password for oracle from 192.168.100.102 port 50568 ssh2
May 11 22:17:58 50e75a25f30f sshd[8095]: Accepted password for root from 192.168.100.102 port 50576 ssh2

こっちのほうが楽。-itオプション指定しないこと。

コード表示

[oracle@centos tadan]$ seq 3 | xargs -I@ bash -c 'docker exec ssh@ systemctl status sshd'
[oracle@centos tadan]$ seq 3 | xargs -I@ bash -c 'docker exec ssh@ systemctl status sshd'
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-05-12 17:20:27 JST; 13min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 2015 (sshd)
   CGroup: /docker/638ccb67f9caf21a7ad35524eb9c3b09950ca17f7cda1d8f5ee33ad0537d7078/system.slice/sshd.service
           └─2015 /usr/sbin/sshd -D
           ‣ 2015 /usr/sbin/sshd -D

May 12 17:20:27 638ccb67f9ca systemd[1]: Starting OpenSSH server daemon...
May 12 17:20:27 638ccb67f9ca sshd[2015]: Server listening on 0.0.0.0 port 22.
May 12 17:20:27 638ccb67f9ca sshd[2015]: Server listening on :: port 22.
May 12 17:20:27 638ccb67f9ca systemd[1]: Started OpenSSH server daemon.
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-05-12 17:20:27 JST; 13min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1991 (sshd)
   CGroup: /docker/f62321332bb2fc8952c5de347678c9c362fec317c7316670b61c87e9397ef99c/system.slice/sshd.service
           └─1991 /usr/sbin/sshd -D
           ‣ 1991 /usr/sbin/sshd -D

May 12 17:20:27 f62321332bb2 systemd[1]: Starting OpenSSH server daemon...
May 12 17:20:27 f62321332bb2 sshd[1991]: Server listening on 0.0.0.0 port 22.
May 12 17:20:27 f62321332bb2 sshd[1991]: Server listening on :: port 22.
May 12 17:20:27 f62321332bb2 systemd[1]: Started OpenSSH server daemon.
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-05-12 17:20:27 JST; 13min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1405 (sshd)
   CGroup: /docker/cb4b615a81692c9bb1d2283d49cb84d24ecae03b69210e08724255afca9f03b5/system.slice/sshd.service
           └─1405 /usr/sbin/sshd -D
           ‣ 1405 /usr/sbin/sshd -D

May 12 17:20:27 cb4b615a8169 systemd[1]: Starting OpenSSH server daemon...
May 12 17:20:27 cb4b615a8169 sshd[1405]: Server listening on 0.0.0.0 port 22.
May 12 17:20:27 cb4b615a8169 sshd[1405]: Server listening on :: port 22.
May 12 17:20:27 cb4b615a8169 systemd[1]: Started OpenSSH server daemon.

dockerホストからssh3コンテナまでssh疎通できるかconfigファイル編集しながら試す。

ssh1まで

できた

コード表示

[oracle@centos .ssh]$ pwd
/home/oracle/.ssh
[oracle@centos .ssh]$ whoami
oracle
[oracle@centos .ssh]$ ip a show eth0
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ccc0:20d4:3aed:ca75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[oracle@centos .ssh]$ cat c*
#Host ssh3
#  Hostname 192.168.100.103
#  Port 22
#  Identityfile ~/.ssh/id_rsa
#  User root
#  ProxyCommand ssh -W %h:%p 192.168.100.102
#Host ssh2
#  Hostname 192.168.100.102
#  Port 22
#  Identityfile ~/.ssh/id_rsa
#  User root
#  ProxyCommand ssh -W %h:%p 192.168.100.101
Host ssh1
  Hostname 192.168.100.101
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
[oracle@centos .ssh]$ ssh ssh1
root@192.168.100.101's password: 
Last login: Sat May 11 22:23:04 2019 from gateway
[root@4869f3cec966 ~]# whoami
root
[root@4869f3cec966 ~]# ip a show eth0
368: eth0@if369:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:65 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.101/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@4869f3cec966 ~]# logout
Connection to 192.168.100.101 closed.
[oracle@centos .ssh]$ ssh oracle@ssh1
oracle@192.168.100.101's password: 
[oracle@4869f3cec966 ~]$ whoami
oracle
[oracle@4869f3cec966 ~]$ ip a show eth0
368: eth0@if369:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:65 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.101/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[oracle@4869f3cec966 ~]$ logout
Connection to 192.168.100.101 closed.



[oracle@centos .ssh]$ ssh ssh2
ssh: Could not resolve hostname ssh2: Name or service not known
[oracle@centos .ssh]$ ssh ssh3
ssh: Could not resolve hostname ssh3: Name or service not known

ssh2まで

できた

コード表示

[oracle@centos .ssh]$ cat c*
#Host ssh3
#  Hostname 192.168.100.103
#  Port 22
#  Identityfile ~/.ssh/id_rsa
#  User root
#  ProxyCommand ssh -W %h:%p 192.168.100.102
Host ssh2
  Hostname 192.168.100.102
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
  ProxyCommand ssh -W %h:%p 192.168.100.101
Host ssh1
  Hostname 192.168.100.101
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
[oracle@centos .ssh]$ ssh ssh2
oracle@192.168.100.101's password: 
root@192.168.100.102's password: 
Last login: Sat May 11 12:51:32 2019 from gateway
[root@5f6b238319ff ~]# whoami
root
[root@5f6b238319ff ~]# ip a show eth0
366: eth0@if367:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:66 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.102/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever


[root@5f6b238319ff ~]# logout
Connection to 192.168.100.102 closed.
Killed by signal 1.
[oracle@centos .ssh]$ ssh oracle@ssh2
oracle@192.168.100.101's password: 
oracle@192.168.100.102's password: 
Permission denied, please try again.
oracle@192.168.100.102's password: 
Last failed login: Sat May 11 22:48:43 UTC 2019 from ssh1.tadan_ssh_net on ssh:notty
There was 1 failed login attempt since the last successful login.
[oracle@5f6b238319ff ~]$ whoami
oracle
[oracle@5f6b238319ff ~]$ ip a show eth0
366: eth0@if367:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:66 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.102/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[oracle@5f6b238319ff ~]$ logout
Connection to 192.168.100.102 closed.
Killed by signal 1.
[oracle@centos .ssh]$ ssh ssh3
ssh: Could not resolve hostname ssh3: Name or service not known

ssh3まで

できた

コード表示

[oracle@centos .ssh]$ cat c*
Host ssh3
  Hostname 192.168.100.103
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
  ProxyCommand ssh -W %h:%p 192.168.100.102
Host ssh2
  Hostname 192.168.100.102
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
  ProxyCommand ssh -W %h:%p 192.168.100.101
Host ssh1
  Hostname 192.168.100.101
  Port 22
  Identityfile ~/.ssh/id_rsa
  User root
[oracle@centos .ssh]$ ssh ssh3
oracle@192.168.100.102's password: 
root@192.168.100.103's password: 
Last login: Sat May 11 13:17:58 2019 from ssh2.tadan_ssh_net
[root@50e75a25f30f ~]# whoami
root
[root@50e75a25f30f ~]# ip a show eth0
364: eth0@if365:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:67 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.103/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@50e75a25f30f ~]# logout
Connection to 192.168.100.103 closed.
Killed by signal 1.


[oracle@centos .ssh]$ ssh oracle@ssh3
oracle@192.168.100.102's password: 
oracle@192.168.100.103's password: 
Last login: Sat May 11 13:17:28 2019 from ssh2.tadan_ssh_net
[oracle@50e75a25f30f ~]$ whoami
oracle
[oracle@50e75a25f30f ~]$ ip a show eth0
364: eth0@if365:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:67 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.103/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[oracle@50e75a25f30f ~]$ logout
Connection to 192.168.100.103 closed.
Killed by signal 1.

あとがき

多段sshの練習になった。コンテナ名の色とコンテナの名前をおしゃれにしたい。以上、ありがとうございました。

dockerコンテナ同士でssh疎通した話

参考文献

ssh-keygen - 認証用の鍵を生成 - Linuxコマンド  
Compose file version 3 reference  
SSH通信って、結局何してるの?  
Compose のネットワーク機能  

参考文献よんで感じたこと

自鯖にログインしてきたユーザーが持って来たハッシュ値と鯖側でユーザーごとに生成しておいたハッシュ値をマッチングして本人であることを証明している感じかな。あらかじめ、自鯖側ではログインしてくるユーザーを知る必要がある(コンテナごとの公開鍵)。鯖はログインしてきたユーザに対して暗号を生成して、ログインユーザーのマシンに送り返す。ログインユーザーは送られてきた暗号を自分だけが保持している秘密鍵を使って、解読し、ハッシュ値を生成。作ったハッシュ値を鯖に送り返す。鯖は送られてきたハッシュ値と予めユーザーごとに生成して置いたハッシュ値をマッチングし、照合一致したら、ログインしてきていじっていいよ。照合不一致なら、denyする。ってかんじか。ちなみにログインユーザーは秘密鍵を作成するときに公開鍵も一緒につくっちゃってるらしいので、この公開鍵を鯖に送っておいて(公開鍵をauthorized_keysとして送る)、鯖がログインユーザごとのハッシュ値を生成するときに使用すれば、ハッシュ値をマッチングする際にご本人様であることを証明できるのかな。。rootユーザー以外にもユーザー作っておこうかな。

参考文献よんで感じたことがまちがっていたこと

以下の考え方が正しい。気づけてよかった。


SSH公開鍵認証
 
ゼロからはじめるLinuxサーバー構築・運用ガイド 動かしながら学ぶWebサーバーの作り方  

まえがき

仕事ではwindowsでteratermから鯖に接続しているけど、sshという技術を使って接続しているぐらいの理解。dockerコンテナ内でもそういうのつくってみよとおもった。自動化したかったけど、今のシェル力では実現できなかった。

フォルダ構成

ssh3フォルダは用意していない、めんどくさくなってしまった。

コード表示

[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   └── ssh2
└── tmpl
    └── a.sh

4 directories, 4 files

権限整備

dockerホストで

コード表示

[oracle@centos tadan]$ sudo chown -R oracle:docker share
[oracle@centos tadan]$ sudo chown -R oracle:docker tmpl
[oracle@centos tadan]$ ll
合計 20
-rw-r--r--. 1 oracle docker  531  5月 11 16:33 Dockerfile
-rw-r--r--. 1 oracle docker   58  5月 11 13:25 Makefile
-rw-r--r--. 1 oracle docker  962  5月 11 16:25 docker-compose.yml
drwxr-xr-x. 4 oracle docker 4096  5月 11 16:08 share
drwxr-xr-x. 2 oracle docker 4096  5月 11 16:19 tmpl

Dockerfile

oracleユーザーでログインするようにすると、権限まわりであぁとなるので、デフぉのrootで。suしてもだめだった気がする。

コード表示

[oracle@centos tadan]$ cat D*
FROM centos:latest

RUN yum install -y iputils \
yum install -y net-tools \
yum install -y iproute \
yum install -y vim \
yum install -y tree \
yum install -y lsof \
yum install -y expect \
yum install -y openssh-server \
yum install -y openssh-clients

ENV TZ='Asia/Tokyo'

RUN groupadd -g 1001 docker
RUN useradd -m -g docker -u 1000 oracle

RUN echo 'ORACLE_PWD' | passwd --stdin oracle
RUN echo 'ORACLE_PWD' | passwd --stdin root

RUN mkdir -p /home/oracle/.ssh

#USER oracle
#WORKDIR /home/oracle
EXPOSE 20
CMD ["/sbin/init"]

Makefile

エイリアス

コード表示

[oracle@centos tadan]$ cat M*
CMD=docker-compose
up:
	@$(CMD) up -d
down:
	@$(CMD) down

docker-compose.yml

ssh3コンテナは今回は起動しない。

コード表示

[oracle@centos tadan]$ docker --version
Docker version 18.09.5, build e8ff056
[oracle@centos tadan]$ cat d*
version: '3.7'
services:
  ssh_saba1:
    image: centos_ssh
    container_name: ssh1
    #command: bash -c "ehoc hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh1:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.101
    ports:
      - '1:22'
  ssh_saba2:
    image: centos_ssh
    container_name: ssh2
    #command: bash -c "echo hoge"
    privileged: true
    volumes:
      -  /home/oracle/tadan/share/ssh2:/home/oracle/.ssh
      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
    networks:
      ssh_net:
        ipv4_address: 192.168.100.102
    ports:
      - '2:22'
#  ssh_saba3:
#    image: centos_ssh
#    container_name: ssh3
#    #command: bash -c "echo hoge"
#    privileged: true
#    volumes:
#      -  /home/oracle/tadan/share/ssh3:/home/oracle/.ssh
#      -  /home/oracle/tadan/tmpl:/home/oracle/.ssh/tmpl
#    networks:
#      ssh_net:
#        ipv4_address: 192.168.100.103
#    ports:
#      - '3:22'
networks:
  ssh_net:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.100.0/24

a.sh

コンテナ内でkickするやつ。sshの公開鍵と秘密鍵をコンテナ単位で作成。expectコマンド使って自動化しようとした名残だけある。

コード表示

[oracle@centos tadan]$ cat t*/a*
#!/bin/bash
PWD=""
expect -c "
spawn ssh-keygen -t rsa
expect \"Enter\"
send \"${PWD}\n\"
expect \"Enter\"
send \"${PWD}\n\"
expect \"Enter\"
send \"${PWD}\n\"
expect \"\\\$\"
exit 0
"

centos_sshイメージの作成

dockerfileでマルチステージング機能あるぽくて、サイズ圧縮できるってどっかで見て試したけど、うまく使いこなせなかった。

コード表示

[oracle@centos tadan]$ docker build -t centos_ssh .
[oracle@centos tadan]$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos_ssh          latest              43f44c1e64a5        11 seconds ago      360MB
centos              latest              9f38484d220f        8 weeks ago         202MB

コンテナ起動前ネットワーク確認

ネットワークすき

コード表示

[oracle@centos tadan]$ brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.0242818de210	no		
virbr0		8000.5254006a2171	yes		virbr0-nic
[oracle@centos tadan]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ccc0:20d4:3aed:ca75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
6: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:81:8d:e2:10 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:81ff:fe8d:e210/64 scope link 
       valid_lft forever preferred_lft forever


[oracle@centos tadan]$ sudo iptables -t nat -L -n | grep -A 10 "Chain POSTROUTING"
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
RETURN     all  --  192.168.122.0/24     224.0.0.0/24        
RETURN     all  --  192.168.122.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    
POSTROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           

コンテナ起動

makeコマンドで。

コード表示

[oracle@centos tadan]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[oracle@centos tadan]$ make up
Creating network "tadan_ssh_net" with driver "bridge"
Creating ssh1 ... done
Creating ssh2 ... done
[oracle@centos tadan]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                       NAMES
4f8438a2804d        centos_ssh          "/sbin/init"        3 minutes ago       Up 3 minutes        20/tcp, 0.0.0.0:2->22/tcp   ssh2
6a3e6a11fc2e        centos_ssh          "/sbin/init"        3 minutes ago       Up 3 minutes        20/tcp, 0.0.0.0:1->22/tcp   ssh1

コンテナ起動後ネットワーク確認

docker0のIFは使われていない。独自に定義したbridgeルータにコンテナは接続している。

コード表示

[oracle@centos tadan]$ brctl show
bridge name	bridge id		STP enabled	interfaces
br-c37740979afc		8000.0242636f83e9	no		veth0e21071
							veth75a278d
docker0		8000.0242818de210	no		
virbr0		8000.5254006a2171	yes		virbr0-nic
[oracle@centos tadan]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ccc0:20d4:3aed:ca75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:6a:21:71 brd ff:ff:ff:ff:ff:ff
6: docker0:  mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:81:8d:e2:10 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:81ff:fe8d:e210/64 scope link 
       valid_lft forever preferred_lft forever
358: br-c37740979afc:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:63:6f:83:e9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global br-c37740979afc
       valid_lft forever preferred_lft forever
    inet6 fe80::42:63ff:fe6f:83e9/64 scope link 
       valid_lft forever preferred_lft forever
360: veth75a278d@if359:  mtu 1500 qdisc noqueue master br-c37740979afc state UP group default 
    link/ether 32:55:ae:38:be:ed brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::3055:aeff:fe38:beed/64 scope link 
       valid_lft forever preferred_lft forever
362: veth0e21071@if361:  mtu 1500 qdisc noqueue master br-c37740979afc state UP group default 
    link/ether 02:b8:bf:1a:82:a9 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::b8:bfff:fe1a:82a9/64 scope link 
       valid_lft forever preferred_lft forever


[oracle@centos tadan]$ sudo iptables -t nat -L -n | grep -A 10 "Chain POSTROUTING"
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  192.168.100.0/24     0.0.0.0/0           
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
RETURN     all  --  192.168.122.0/24     224.0.0.0/24        
RETURN     all  --  192.168.122.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    
POSTROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           

a.shをキック

コンテナごとに公開鍵と秘密鍵を作成。これが面倒。su oracle忘れそう。。

コード表示

[oracle@centos tadan]$ docker exec -it ssh1 /bin/bash
[root@6a3e6a11fc2e /]# whoami
root
[root@6a3e6a11fc2e /]# id
uid=0(root) gid=0(root) groups=0(root)
[root@6a3e6a11fc2e ~]# su oracle
[oracle@6a3e6a11fc2e root]$ cd ~ && pwd
/home/oracle
[oracle@6a3e6a11fc2e ~]$ cd .ssh
[oracle@6a3e6a11fc2e .ssh]$ ll
total 4
drwxr-xr-x. 2 oracle docker 4096 May 11 16:19 tmpl
[oracle@6a3e6a11fc2e .ssh]$ cd tmpl
[oracle@6a3e6a11fc2e tmpl]$ ll
total 4
-rwxr-xr-x. 1 oracle docker 185 May 11 16:13 a.sh
[oracle@6a3e6a11fc2e tmpl]$ id
uid=1000(oracle) gid=1001(docker) groups=1001(docker)
[oracle@6a3e6a11fc2e tmpl]$ ./a.sh
spawn ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:qq8h9ksNyw0iBJMkC6MTkyv4lWoxMptVYB/kzKZ143w oracle@6a3e6a11fc2e
The key's randomart image is:
+---[RSA 2048]----+
|X+ooo            |
|BB =..           |
|=o .B.o          |
|B.++o+ .         |
|oBo=o o E        |
|o.+o * o         |
| .o = +          |
| . + o           |
|    =+.          |
+----[SHA256]-----+
[oracle@6a3e6a11fc2e tmpl]$ cd -
/home/oracle/.ssh
[oracle@6a3e6a11fc2e .ssh]$ ll
total 12
-rw-------. 1 oracle docker 1679 May 11 17:32 id_rsa
-rw-r--r--. 1 oracle docker  401 May 11 17:32 id_rsa.pub
drwxr-xr-x. 2 oracle docker 4096 May 11 16:19 tmpl
[oracle@6a3e6a11fc2e .ssh]$ exit
[root@6a3e6a11fc2e ~]# exit
[oracle@centos tadan]$ docker exec -it ssh2 /bin/bash
[root@4f8438a2804d /]# whoami
root
[root@4f8438a2804d /]# id
uid=0(root) gid=0(root) groups=0(root)
[root@4f8438a2804d /]# su oracle
[oracle@4f8438a2804d /]$ whoami
oracle
[oracle@4f8438a2804d /]$ id
uid=1000(oracle) gid=1001(docker) groups=1001(docker)
[oracle@4f8438a2804d /]$ cd ~ && pwd
/home/oracle
[oracle@4f8438a2804d ~]$ cd .ssh
[oracle@4f8438a2804d .ssh]$ ll
total 4
drwxr-xr-x. 2 oracle docker 4096 May 11 16:19 tmpl
[oracle@4f8438a2804d .ssh]$ cd tmpl
[oracle@4f8438a2804d tmpl]$ ll
total 4
-rwxr-xr-x. 1 oracle docker 185 May 11 16:13 a.sh
[oracle@4f8438a2804d tmpl]$ ./a.sh
spawn ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:a7sPCgRI/k9/g8S8xn/bxI7OrvdFttxbFwuDTqL83Ys oracle@4f8438a2804d
The key's randomart image is:
+---[RSA 2048]----+
| .               |
|o.               |
|...              |
|  ..  o     .    |
|   ... +S. o o + |
|   .o = +.+ . * =|
|    .. O+o . o =+|
|     ..o+o+oB . +|
|      . o*BEo*.. |
+----[SHA256]-----+
[oracle@4f8438a2804d tmpl]$ cd -
/home/oracle/.ssh
[oracle@4f8438a2804d .ssh]$ ll
total 12
-rw-------. 1 oracle docker 1675 May 11 17:33 id_rsa
-rw-r--r--. 1 oracle docker  401 May 11 17:33 id_rsa.pub
drwxr-xr-x. 2 oracle docker 4096 May 11 16:19 tmpl
[oracle@4f8438a2804d .ssh]$ exit
[root@4f8438a2804d /]# exit

dockerホストでauthorized_keysを作成

コンテナごとの公開鍵を互いに配布。

コード表示

[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   ├── id_rsa
│   │   ├── id_rsa.pub
│   │   └── tmpl
│   └── ssh2
│       ├── id_rsa
│       ├── id_rsa.pub
│       └── tmpl
└── tmpl
    └── a.sh

6 directories, 8 files
[oracle@centos tadan]$ cp ./share/ssh1/id_rsa.pub ./share/ssh2/authorized_keys
[oracle@centos tadan]$ diff ./share/ssh1/id_rsa.pub ./share/ssh2/authorized_keys
[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   ├── id_rsa
│   │   ├── id_rsa.pub
│   │   └── tmpl
│   └── ssh2
│       ├── authorized_keys
│       ├── id_rsa
│       ├── id_rsa.pub
│       └── tmpl
└── tmpl
    └── a.sh

6 directories, 9 files
[oracle@centos tadan]$ cp ./share/ssh2/id_rsa.pub ./share/ssh1/authorized_keys
[oracle@centos tadan]$ diff ./share/ssh2/id_rsa.pub ./share/ssh1/authorized_keys
[oracle@centos tadan]$ tree
.
├── Dockerfile
├── Makefile
├── docker-compose.yml
├── share
│   ├── ssh1
│   │   ├── authorized_keys
│   │   ├── id_rsa
│   │   ├── id_rsa.pub
│   │   └── tmpl
│   └── ssh2
│       ├── authorized_keys
│       ├── id_rsa
│       ├── id_rsa.pub
│       └── tmpl
└── tmpl
    └── a.sh

6 directories, 10 files

sshdサービス起動確認

コード表示

[oracle@centos tadan]$ docker exec -it ssh1 /bin/bash
[root@6a3e6a11fc2e /]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-05-11 17:19:39 JST; 18min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1794 (sshd)
   CGroup: /docker/6a3e6a11fc2e4d26e1c0d521f6a1cee66c28352f71820538e4ceb18d06b95286/system.slice/sshd.service
           └─1794 /usr/sbin/sshd -D
           ‣ 1794 /usr/sbin/sshd -D

May 11 17:19:39 6a3e6a11fc2e systemd[1]: Starting OpenSSH server daemon...
May 11 17:19:39 6a3e6a11fc2e sshd[1794]: Server listening on 0.0.0.0 port 22.
May 11 17:19:39 6a3e6a11fc2e sshd[1794]: Server listening on :: port 22.
May 11 17:19:39 6a3e6a11fc2e systemd[1]: Started OpenSSH server daemon.
[root@6a3e6a11fc2e /]# lsof -i:22 -P
COMMAND  PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
sshd    1794 root    3u  IPv4 1670476      0t0  TCP *:22 (LISTEN)
sshd    1794 root    4u  IPv6 1670485      0t0  TCP *:22 (LISTEN)
[root@6a3e6a11fc2e /]# exit
[oracle@centos tadan]$ docker exec -it ssh2 /bin/bash
[root@4f8438a2804d /]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-05-11 17:19:40 JST; 18min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1915 (sshd)
   CGroup: /docker/4f8438a2804da37b2b2334f4982bd58c8eb310402a9765991eb667d79988d75e/system.slice/sshd.service
           └─1915 /usr/sbin/sshd -D
           ‣ 1915 /usr/sbin/sshd -D

May 11 17:19:39 4f8438a2804d systemd[1]: Starting OpenSSH server daemon...
May 11 17:19:40 4f8438a2804d sshd[1915]: Server listening on 0.0.0.0 port 22.
May 11 17:19:40 4f8438a2804d sshd[1915]: Server listening on :: port 22.
May 11 17:19:40 4f8438a2804d systemd[1]: Started OpenSSH server daemon.
[root@4f8438a2804d /]# lsof -i:22 -P
COMMAND  PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
sshd    1915 root    3u  IPv4 1671407      0t0  TCP *:22 (LISTEN)
sshd    1915 root    4u  IPv6 1671409      0t0  TCP *:22 (LISTEN)

ssh1からssh2のrootユーザーへログイン

できた

コード表示

[oracle@centos tadan]$ docker exec -it ssh1 /bin/bash
[root@6a3e6a11fc2e /]# ssh root@ssh2 
The authenticity of host 'ssh2 (192.168.100.102)' can't be established.
ECDSA key fingerprint is SHA256:YLGhVCPZjqdyU07cP241x2pJiuWc6eG25aAbrruLxdg.
ECDSA key fingerprint is MD5:14:c5:03:e2:e4:93:7f:99:b7:4b:3b:c3:df:78:5e:c4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ssh2,192.168.100.102' (ECDSA) to the list of known hosts.
root@ssh2's password: 
[root@4f8438a2804d ~]# whoami
root
[root@4f8438a2804d ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@4f8438a2804d ~]# ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
361: eth0@if362:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:66 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.102/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@4f8438a2804d ~]# logout
Connection to ssh2 closed.

ssh1からssh2のoracleユーザーへログイン

できた

コード表示

[root@6a3e6a11fc2e /]# ssh oracle@192.168.100.102
oracle@192.168.100.102's password: 
Last login: Sat May 11 08:32:54 2019
[oracle@4f8438a2804d ~]$ whoami
oracle
[oracle@4f8438a2804d ~]$ id
uid=1000(oracle) gid=1001(docker) groups=1001(docker)
[oracle@4f8438a2804d ~]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
361: eth0@if362:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:66 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.102/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever

[oracle@4f8438a2804d ~]$ logout
Connection to 192.168.100.102 closed.
[root@6a3e6a11fc2e /]# exit

ssh2からssh1のrootユーザーへログイン

できた

コード表示

[oracle@centos tadan]$ docker exec -it ssh2 /bin/bash
[root@4f8438a2804d /]# ssh root@ssh1
The authenticity of host 'ssh1 (192.168.100.101)' can't be established.
ECDSA key fingerprint is SHA256:m9E3P8+t6PNN7QQ1QHaq7xn2zdOWJ36pNBfogyP0QEk.
ECDSA key fingerprint is MD5:5a:f2:d3:9d:75:4e:b4:1d:28:3e:d5:9c:9e:4e:48:3b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ssh1,192.168.100.101' (ECDSA) to the list of known hosts.
root@ssh1's password: 
[root@6a3e6a11fc2e ~]# whoami
root
[root@6a3e6a11fc2e ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@6a3e6a11fc2e ~]# ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
359: eth0@if360:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:65 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.101/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@6a3e6a11fc2e ~]# logout
Connection to ssh1 closed.

ssh2からssh1のoracleユーザーへログイン

できた

コード表示

[root@4f8438a2804d /]# ssh oracle@192.168.100.101
oracle@192.168.100.101's password: 
Last login: Sat May 11 08:30:13 2019
[oracle@6a3e6a11fc2e ~]$ whoami
oracle
[oracle@6a3e6a11fc2e ~]$ id
uid=1000(oracle) gid=1001(docker) groups=1001(docker)
[oracle@6a3e6a11fc2e ~]$ ip a show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
359: eth0@if360:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:c0:a8:64:65 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.101/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
[oracle@6a3e6a11fc2e ~]$ logout
Connection to 192.168.100.101 closed.
[root@4f8438a2804d /]# exit

あとがき

sshの練習になった。コンテナ名の色とコンテナの名前をおしゃれにしたい。以上、ありがとうございました。

docker oracle 19cr3 imageファイル作成

バイトサイズ確認!!!

imageファイル作成準備


[oracle@centos ~]$ cd /home/oracle/docker-images/OracleDatabase/SingleInstance/dockerfiles/19.3.0
[oracle@centos 19.3.0]$ ll
合計 2988076
-rw-r--r--. 1 oracle docker         63  5月  1 20:17 Checksum.ee
-rw-r--r--. 1 oracle docker         63  5月  1 20:17 Checksum.se2
-rw-r--r--. 1 oracle docker       3357  5月  1 20:17 Dockerfile
-rw-r--r--. 1 oracle docker 3059705302  5月  1 20:01 LINUX.X64_193000_db_home.zip
-rwxr-xr-x. 1 oracle docker       1050  5月  1 20:17 checkDBStatus.sh
-rwxr-xr-x. 1 oracle docker        905  5月  1 20:17 checkSpace.sh
-rwxr-xr-x. 1 oracle docker       3088  5月  1 20:17 createDB.sh
-rw-r--r--. 1 oracle docker       6878  5月  1 20:17 db_inst.rsp
-rw-r--r--. 1 oracle docker       9204  5月  1 20:17 dbca.rsp.tmpl
-rwxr-xr-x. 1 oracle docker       2526  5月  1 20:17 installDBBinaries.sh
-rwxr-xr-x. 1 oracle docker       6526  5月  1 20:17 runOracle.sh
-rwxr-xr-x. 1 oracle docker       1015  5月  1 20:17 runUserScripts.sh
-rwxr-xr-x. 1 oracle docker        758  5月  1 20:17 setPassword.sh
-rwxr-xr-x. 1 oracle docker        932  5月  1 20:17 setupLinuxEnv.sh
-rwxr-xr-x. 1 oracle docker        678  5月  1 20:17 startDB.sh

imageファイル作成


[oracle@centos 19.3.0]$ cd ..
[oracle@centos dockerfiles]$ ll
合計 32
drwxr-xr-x. 2 oracle docker 4096  5月  1 20:17 11.2.0.2
drwxr-xr-x. 2 oracle docker 4096  5月  1 20:17 12.1.0.2
drwxr-xr-x. 2 oracle docker 4096  5月  1 20:17 12.2.0.1
drwxr-xr-x. 2 oracle docker 4096  5月  1 20:17 18.3.0
drwxr-xr-x. 2 oracle docker 4096  5月  1 20:17 18.4.0
drwxr-xr-x. 2 oracle docker 4096  5月  1 20:20 19.3.0
-rwxr-xr-x. 1 oracle docker 5103  5月  1 20:17 buildDockerImage.sh
[oracle@centos dockerfiles]$ ./*sh -h

Usage: buildDockerImage.sh -v [version] [-e | -s | -x] [-i] [-o] [Docker build option]
Builds a Docker Image for Oracle Database.
  
Parameters:
   -v: version to build
       Choose one of: 11.2.0.2  12.1.0.2  12.2.0.1  18.3.0  18.4.0  19.3.0  
   -e: creates image based on 'Enterprise Edition'
   -s: creates image based on 'Standard Edition 2'
   -x: creates image based on 'Express Edition'
   -i: ignores the MD5 checksums
   -o: passes on Docker build option

* select one edition only: -e, -s, or -x

LICENSE UPL 1.0

Copyright (c) 2014-2019 Oracle and/or its affiliates. All rights reserved.
[oracle@centos dockerfiles]$ ./buildDockerImage.sh -i -v 19.3.0 -e
Successfully built 3c941f34e1d3
Successfully tagged oracle/database:19.3.0-ee


  Oracle Database Docker Image for 'ee' version 19.3.0 is ready to be extended: 
    
    --> oracle/database:19.3.0-ee

  Build completed in 346 seconds.
  

imageファイル作成結果

5分ぐらいかーはやい。。


[oracle@centos dockerfiles]$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
oracle/database     19.3.0-ee           3c941f34e1d3        2 minutes ago       6.64GB
oraclelinux         7-slim              f7512ac13c1b        2 weeks ago         118MB

どうさ確認

sqlplusつなぐまで


[oracle@centos doclan]$ docker run -v /home/oracle/doclan:/mnt -v /home/oracle/doclan/19cr3/init:/docker-entrypoint-initdb.d/startup -d --name orcl_19cr3 --shm-size=4g -p 1521:1521 -p 5500:5500 -e TZ=Asia/Tokyo -e ORACLE_PWD=ORACLE_PWD -e ORACLE_SID=ORCL -e ORACLE_PDB=pdb1 oracle/database:19.3.0-ee
7347fe12d03f3a191c114d01043d3f72e473552f6f18df1d099f6117beb1c0a9
[oracle@centos doclan]$ docker ps -a
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS                    PORTS                                            NAMES
7347fe12d03f        oracle/database:19.3.0-ee   "/bin/sh -c 'exec $O…"   37 minutes ago      Up 37 minutes (healthy)   0.0.0.0:1521->1521/tcp, 0.0.0.0:5500->5500/tcp   orcl_19cr3
[oracle@centos doclan]$ docker exec -it orcl_19cr3 /bin/bash
[oracle@7347fe12d03f ~]$ sqlplus sys/ORACLE_PWD as sysdba

SQL*Plus: Release 19.0.0.0.0 - Production on Wed May 1 21:47:46 2019
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.


Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0

SQL> show pdbs

    CON_ID CON_NAME			  OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
	 2 PDB$SEED			  READ ONLY  NO
	 3 PDB1 			  READ WRITE NO
SQL> select BANNER_FULL from v$version;

BANNER_FULL
--------------------------------------------------------------------------------
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0

[oracle@7347fe12d03f ~]$ sqlplus sys/ORACLE_PWD@pdb1 as sysdba

SQL*Plus: Release 19.0.0.0.0 - Production on Wed May 1 21:52:12 2019
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.


Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0

SQL> show pdbs

    CON_ID CON_NAME			  OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
	 3 PDB1 			  READ WRITE NO
SQL> select BANNER_FULL from v$version;

BANNER_FULL
--------------------------------------------------------------------------------
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0

SQL> CREATE USER aine IDENTIFIED BY "ORACLE_PWD" DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE temp;

User created.

SQL> GRANT dba TO aine;

Grant succeeded.

SQL> GRANT UNLIMITED TABLESPACE TO aine;

Grant succeeded.

[oracle@7347fe12d03f ~]$ sqlplus aine/ORACLE_PWD@pdb1

SQL*Plus: Release 19.0.0.0.0 - Production on Wed May 1 21:56:10 2019
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.

Last Successful login time: Wed May 01 2019 21:55:13 +09:00

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0

SQL> DROP TABLE warehouse_mst PURGE;
CREATE TABLE warehouse_mst (
        warehouse_code                  VARCHAR2(24 BYTE)
        , shipping_permission_over_days   NUMBER
        , CONSTRAINT warehouse_mst_pk PRIMARY KEY ( warehouse_code )
);

INSERT INTO warehouse_mst (warehouse_code,shipping_permission_over_days) VALUES ('w_BS98',25);
INSERT INTO warehouse_mst (warehouse_code,shipping_permission_over_days) VALUES ('w_DIX4',28);
INSERT INTO warehouse_mst (warehouse_code,shipping_permission_over_days) VALUES ('w_C5MN',29);
COMMIT;
Table dropped.

SQL>   2    3    4    5  
Table created.

SQL> SQL> 
1 row created.

SQL> 
1 row created.

SQL> 
1 row created.

SQL> 

Commit complete.

SQL> select * from warehouse_mst;

WAREHOUSE_CODE		 SHIPPING_PERMISSION_OVER_DAYS
------------------------ -----------------------------
w_BS98						    25
w_DIX4						    28
w_C5MN						    29


dockerでapacheサービス作ろうとした話(curl attackするサーバ建てたかっただけ。)

参考文献

run引数書いていると上書きされるんだね

CMD とENTRYPOINT の違いを試してみた  
Apache HTTP Server Documentation  

Dockerfile

コード表示

[oracle@centos tmp]$ pwd
/home/oracle/tmp
[oracle@centos tmp]$ cat $(find . -name "D*")
FROM centos:latest

ENV MNT_DIR=/mnt
ENV MIG_DIR=./mig
ENV CFG_DIR=${MNT_DIR}/cfg
ENV EXE_DIR=${MNT_DIR}/exe
ENV WEB_SRC_DIR=${MIG_DIR}/src
ENV AP_SRC_DIR=${MNT_DIR}/src/ap
ENV TAR_DIR=/mnt

COPY ${MIG_DIR}/ ${MNT_DIR}/

RUN source ${CFG_DIR}/*.sh

COPY ${WEB_SRC_DIR}/*.html ${WEB_TAR_DIR}/
 
RUN find ${TAR_DIR} -name "*.sh"

RUN chmod u+x ${CFG_DIR}/*.sh && find ${CFG_DIR} -name "*.sh" | while read line;do bash -c ${line};done
RUN chmod u+x ${EXE_DIR}/*.sh && find ${EXE_DIR} -name "*.sh" | while read line;do bash -c ${line};done
EXPOSE 80
CMD ["/sbin/init"]

env.sh

設定ファイルを=で繋いだ奴とか除外対象とかていぎしたらいいとおもう。今回はない。

コード表示

[oracle@centos tmp]$ cat $(find . -name "env*")
#!/bin/bash

inst.sh

yum installはそとだし。きほん。

コード表示

[oracle@centos tmp]$ cat $(find . -name "inst*")
#!/bin/bash
yum install -y httpd \ 
yum install -y iputils \
yum install -y net-tools \
yum install -y iproute \
yum install -y vim \
yum install -y tree \
yum install -y lsof \
yum install -y traceroute

pre.sh

systemd使えるようにする奴。ただいまの最新だと、privillagedとか/sbin/initとか忘れなきゃ、普通につかえる。なにか前処理的なものを組み込んでおきたいとかは役立つかも。サービスの自動起動とか。そのサービスの自動起動がハマったんだけどね。コンテナ起こしてから起動するのはできるけど、コンテナUPしたときにサービス起動するようにしたい時、コマンド基本的に1つしか受け付けていないぽくて、&&でつなぐなりしてもExitしてたり。CMD上書きだったり、ENTRYPOINT上書きだったり。

コード表示

[oracle@centos tmp]$ cat $(find . -name "pre*")
#!/bin/bash
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;\
yum update -y;yum clean all;

index.html

See the Pen
XQQKWv
by ukijumotahaneniarukenia (@brunohigashi)
on CodePen.

kick.sh

コード表示

[oracle@centos tmp]$ cat $(find . -name "kic*")
WK_PATH=$0
EXE_PATH=$(pwd)${WK_PATH#.}
IMAGE_NAME=$1

if [ -z "${IMAGE_NAME}" ]; then
cat <<EOF
_________________________________________________________________________________
please enter build image name.

EOF
  exit 1
fi

echo "Building image '${IMAGE_NAME}' ..."

BUILD_START=$(date '+%s')
( cd ${EXE_PATH%/*};docker build --force-rm=true --no-cache=true -t ${IMAGE_NAME} -f Dockerfile . || {
  echo 'there was an error building the image.'
  exit 1
} )
BUILD_END=$(date '+%s')
BUILD_ELAPSED=$((${BUILD_END}-${BUILD_START}))

echo ''

if [ $? -eq 0 ]; then
cat <<EOF
_________________________________________________________________________________

-->${IMAGE_NAME} was built

Build completed in ${BUILD_ELAPSED} seconds.

EOF

else
  echo 'docker image was NOT successfully created'
fi

build ログ

コード表示

[oracle@centos tmp]$ bash $(find . -name "kic*") apache/httpd
Building image 'apache/httpd' ...
Sending build context to Docker daemon  10.75kB
Step 1/17 : FROM centos:latest
latest: Pulling from library/centos
8ba884070f61: Pull complete 
Digest: sha256:8d487d68857f5bc9595793279b33d082b03713341ddec91054382641d14db861
Status: Downloaded newer image for centos:latest
 ---> 9f38484d220f
Step 2/17 : ENV MNT_DIR=/mnt
 ---> Running in 629fc3fb337e
Removing intermediate container 629fc3fb337e
 ---> 4a5e68bba915
Step 3/17 : ENV MIG_DIR=./mig
 ---> Running in fb049b6cec08
Removing intermediate container fb049b6cec08
 ---> 3ede465cc893
Step 4/17 : ENV CFG_DIR=${MNT_DIR}/cfg
 ---> Running in 730023c0f16d
Removing intermediate container 730023c0f16d
 ---> 94647a1a6121
Step 5/17 : ENV EXE_DIR=${MNT_DIR}/exe
 ---> Running in 635c5c603937
Removing intermediate container 635c5c603937
 ---> 7216499d357c
Step 6/17 : ENV WEB_SRC_DIR=${MIG_DIR}/src
 ---> Running in 5bb81917ef86
Removing intermediate container 5bb81917ef86
 ---> b8aef9c6bd86
Step 7/17 : ENV WEB_TAR_DIR=/var/www/html/
 ---> Running in fa22b224fbc4
Removing intermediate container fa22b224fbc4
 ---> b89be21c121b
Step 8/17 : ENV AP_SRC_DIR=${MNT_DIR}/src/ap
 ---> Running in 1947eb1ebc25
Removing intermediate container 1947eb1ebc25
 ---> 4a4de410b234
Step 9/17 : ENV TAR_DIR=/mnt
 ---> Running in 68e8925cd16f
Removing intermediate container 68e8925cd16f
 ---> d2c301f00930
Step 10/17 : COPY ${MIG_DIR}/ ${TAR_DIR}/
 ---> a8bf32fe19f5
Step 11/17 : RUN source ${CFG_DIR}/*.sh
 ---> Running in cefd6b416e23
Removing intermediate container cefd6b416e23
 ---> 0911856bb5bc
Step 12/17 : COPY ${WEB_SRC_DIR}/*.html ${WEB_TAR_DIR}
 ---> 4a052d13ccef
Step 13/17 : RUN find ${TAR_DIR} -name "*.sh"
 ---> Running in d1b12abd8166
/mnt/cfg/inst.sh
/mnt/cfg/env.sh
/mnt/exe/pre.sh
Removing intermediate container d1b12abd8166
 ---> 6ef3c419c176
Step 14/17 : RUN chmod u+x ${CFG_DIR}/*.sh && find ${CFG_DIR} -name "*.sh" | while read line;do bash -c ${line};done
 ---> Running in e465add73fb4
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
 * base: ftp-srv2.kddilabs.jp
 * extras: ftp-srv2.kddilabs.jp
 * updates: ftp-srv2.kddilabs.jp
No package   available.
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-89.el7.centos will be installed
--> Processing Dependency: httpd-tools = 2.4.6-89.el7.centos for package: httpd-2.4.6-89.el7.centos.x86_64
--> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-89.el7.centos.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-89.el7.centos.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-89.el7.centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-89.el7.centos.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7_4.1 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed
---> Package httpd-tools.x86_64 0:2.4.6-89.el7.centos will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package            Arch         Version                    Repository     Size
================================================================================
Installing:
 httpd              x86_64       2.4.6-89.el7.centos        updates       2.7 M
Installing for dependencies:
 apr                x86_64       1.4.8-3.el7_4.1            base          103 k
 apr-util           x86_64       1.5.2-6.el7                base           92 k
 centos-logos       noarch       70.0.6-3.el7.centos        base           21 M
 httpd-tools        x86_64       2.4.6-89.el7.centos        updates        90 k
 mailcap            noarch       2.1.41-2.el7               base           31 k

Transaction Summary
================================================================================
Install  1 Package (+5 Dependent packages)

Total download size: 24 M
Installed size: 31 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/apr-util-1.5.2-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for apr-util-1.5.2-6.el7.x86_64.rpm is not installed
Public key for httpd-tools-2.4.6-89.el7.centos.x86_64.rpm is not installed
--------------------------------------------------------------------------------
Total                                              3.1 MB/s |  24 MB  00:07     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) "
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-6.1810.2.el7.centos.x86_64 (@CentOS)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : apr-1.4.8-3.el7_4.1.x86_64                                   1/6 
  Installing : apr-util-1.5.2-6.el7.x86_64                                  2/6 
  Installing : httpd-tools-2.4.6-89.el7.centos.x86_64                       3/6 
  Installing : centos-logos-70.0.6-3.el7.centos.noarch                      4/6 
  Installing : mailcap-2.1.41-2.el7.noarch                                  5/6 
  Installing : httpd-2.4.6-89.el7.centos.x86_64                             6/6 
  Verifying  : httpd-tools-2.4.6-89.el7.centos.x86_64                       1/6 
  Verifying  : mailcap-2.1.41-2.el7.noarch                                  2/6 
  Verifying  : apr-util-1.5.2-6.el7.x86_64                                  3/6 
  Verifying  : httpd-2.4.6-89.el7.centos.x86_64                             4/6 
  Verifying  : apr-1.4.8-3.el7_4.1.x86_64                                   5/6 
  Verifying  : centos-logos-70.0.6-3.el7.centos.noarch                      6/6 

Installed:
  httpd.x86_64 0:2.4.6-89.el7.centos                                            

Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7_4.1                                                  
  apr-util.x86_64 0:1.5.2-6.el7                                                 
  centos-logos.noarch 0:70.0.6-3.el7.centos                                     
  httpd-tools.x86_64 0:2.4.6-89.el7.centos                                      
  mailcap.noarch 0:2.1.41-2.el7                                                 

Complete!
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: ftp-srv2.kddilabs.jp
 * extras: ftp-srv2.kddilabs.jp
 * updates: ftp-srv2.kddilabs.jp
Package iputils-20160308-10.el7.x86_64 already installed and latest version
Package yum-3.4.3-161.el7.centos.noarch already installed and latest version
No package install available.
Package yum-3.4.3-161.el7.centos.noarch already installed and latest version
No package install available.
Package yum-3.4.3-161.el7.centos.noarch already installed and latest version
No package install available.
Package yum-3.4.3-161.el7.centos.noarch already installed and latest version
No package install available.
Package yum-3.4.3-161.el7.centos.noarch already installed and latest version
No package install available.
Resolving Dependencies
--> Running transaction check
---> Package iproute.x86_64 0:4.11.0-14.el7_6.2 will be installed
--> Processing Dependency: libmnl.so.0(LIBMNL_1.0)(64bit) for package: iproute-4.11.0-14.el7_6.2.x86_64
--> Processing Dependency: libxtables.so.10()(64bit) for package: iproute-4.11.0-14.el7_6.2.x86_64
--> Processing Dependency: libmnl.so.0()(64bit) for package: iproute-4.11.0-14.el7_6.2.x86_64
---> Package lsof.x86_64 0:4.87-6.el7 will be installed
---> Package net-tools.x86_64 0:2.0-0.24.20131004git.el7 will be installed
---> Package tree.x86_64 0:1.6.0-10.el7 will be installed
---> Package vim-enhanced.x86_64 2:7.4.160-5.el7 will be installed
--> Processing Dependency: vim-common = 2:7.4.160-5.el7 for package: 2:vim-enhanced-7.4.160-5.el7.x86_64
--> Processing Dependency: which for package: 2:vim-enhanced-7.4.160-5.el7.x86_64
--> Processing Dependency: perl(:MODULE_COMPAT_5.16.3) for package: 2:vim-enhanced-7.4.160-5.el7.x86_64
--> Processing Dependency: libperl.so()(64bit) for package: 2:vim-enhanced-7.4.160-5.el7.x86_64
--> Processing Dependency: libgpm.so.2()(64bit) for package: 2:vim-enhanced-7.4.160-5.el7.x86_64
--> Running transaction check
---> Package gpm-libs.x86_64 0:1.20.7-5.el7 will be installed
---> Package iptables.x86_64 0:1.4.21-28.el7 will be installed
--> Processing Dependency: libnfnetlink.so.0()(64bit) for package: iptables-1.4.21-28.el7.x86_64
--> Processing Dependency: libnetfilter_conntrack.so.3()(64bit) for package: iptables-1.4.21-28.el7.x86_64
---> Package libmnl.x86_64 0:1.0.3-7.el7 will be installed
---> Package perl.x86_64 4:5.16.3-294.el7_6 will be installed
--> Processing Dependency: perl(Socket) >= 1.3 for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Scalar::Util) >= 1.10 for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl-macros for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(threads::shared) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(threads) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(constant) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Time::Local) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Time::HiRes) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Storable) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Socket) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Scalar::Util) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Pod::Simple::XHTML) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Pod::Simple::Search) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Getopt::Long) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Filter::Util::Call) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(File::Temp) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(File::Spec::Unix) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(File::Spec::Functions) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(File::Spec) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(File::Path) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Exporter) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Cwd) for package: 4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: perl(Carp) for package: 4:perl-5.16.3-294.el7_6.x86_64
---> Package perl-libs.x86_64 4:5.16.3-294.el7_6 will be installed
---> Package vim-common.x86_64 2:7.4.160-5.el7 will be installed
--> Processing Dependency: vim-filesystem for package: 2:vim-common-7.4.160-5.el7.x86_64
---> Package which.x86_64 0:2.20-7.el7 will be installed
--> Running transaction check
---> Package libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3 will be installed
---> Package libnfnetlink.x86_64 0:1.0.1-4.el7 will be installed
---> Package perl-Carp.noarch 0:1.26-244.el7 will be installed
---> Package perl-Exporter.noarch 0:5.68-3.el7 will be installed
---> Package perl-File-Path.noarch 0:2.09-2.el7 will be installed
---> Package perl-File-Temp.noarch 0:0.23.01-3.el7 will be installed
---> Package perl-Filter.x86_64 0:1.49-3.el7 will be installed
---> Package perl-Getopt-Long.noarch 0:2.40-3.el7 will be installed
--> Processing Dependency: perl(Pod::Usage) >= 1.14 for package: perl-Getopt-Long-2.40-3.el7.noarch
--> Processing Dependency: perl(Text::ParseWords) for package: perl-Getopt-Long-2.40-3.el7.noarch
---> Package perl-PathTools.x86_64 0:3.40-5.el7 will be installed
---> Package perl-Pod-Simple.noarch 1:3.28-4.el7 will be installed
--> Processing Dependency: perl(Pod::Escapes) >= 1.04 for package: 1:perl-Pod-Simple-3.28-4.el7.noarch
--> Processing Dependency: perl(Encode) for package: 1:perl-Pod-Simple-3.28-4.el7.noarch
---> Package perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 will be installed
---> Package perl-Socket.x86_64 0:2.010-4.el7 will be installed
---> Package perl-Storable.x86_64 0:2.45-3.el7 will be installed
---> Package perl-Time-HiRes.x86_64 4:1.9725-3.el7 will be installed
---> Package perl-Time-Local.noarch 0:1.2300-2.el7 will be installed
---> Package perl-constant.noarch 0:1.27-2.el7 will be installed
---> Package perl-macros.x86_64 4:5.16.3-294.el7_6 will be installed
---> Package perl-threads.x86_64 0:1.87-4.el7 will be installed
---> Package perl-threads-shared.x86_64 0:1.43-6.el7 will be installed
---> Package vim-filesystem.x86_64 2:7.4.160-5.el7 will be installed
--> Running transaction check
---> Package perl-Encode.x86_64 0:2.51-7.el7 will be installed
---> Package perl-Pod-Escapes.noarch 1:1.04-294.el7_6 will be installed
---> Package perl-Pod-Usage.noarch 0:1.63-3.el7 will be installed
--> Processing Dependency: perl(Pod::Text) >= 3.15 for package: perl-Pod-Usage-1.63-3.el7.noarch
--> Processing Dependency: perl-Pod-Perldoc for package: perl-Pod-Usage-1.63-3.el7.noarch
---> Package perl-Text-ParseWords.noarch 0:3.29-4.el7 will be installed
--> Running transaction check
---> Package perl-Pod-Perldoc.noarch 0:3.20-4.el7 will be installed
--> Processing Dependency: perl(parent) for package: perl-Pod-Perldoc-3.20-4.el7.noarch
--> Processing Dependency: perl(HTTP::Tiny) for package: perl-Pod-Perldoc-3.20-4.el7.noarch
--> Processing Dependency: groff-base for package: perl-Pod-Perldoc-3.20-4.el7.noarch
---> Package perl-podlators.noarch 0:2.5.1-3.el7 will be installed
--> Running transaction check
---> Package groff-base.x86_64 0:1.22.2-8.el7 will be installed
---> Package perl-HTTP-Tiny.noarch 0:0.033-3.el7 will be installed
---> Package perl-parent.noarch 1:0.225-244.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                  Arch     Version                      Repository
                                                                           Size
================================================================================
Installing:
 iproute                  x86_64   4.11.0-14.el7_6.2            updates   764 k
 lsof                     x86_64   4.87-6.el7                   base      331 k
 net-tools                x86_64   2.0-0.24.20131004git.el7     base      306 k
 tree                     x86_64   1.6.0-10.el7                 base       46 k
 vim-enhanced             x86_64   2:7.4.160-5.el7              base      1.0 M
Installing for dependencies:
 gpm-libs                 x86_64   1.20.7-5.el7                 base       32 k
 groff-base               x86_64   1.22.2-8.el7                 base      942 k
 iptables                 x86_64   1.4.21-28.el7                base      433 k
 libmnl                   x86_64   1.0.3-7.el7                  base       23 k
 libnetfilter_conntrack   x86_64   1.0.6-1.el7_3                base       55 k
 libnfnetlink             x86_64   1.0.1-4.el7                  base       26 k
 perl                     x86_64   4:5.16.3-294.el7_6           updates   8.0 M
 perl-Carp                noarch   1.26-244.el7                 base       19 k
 perl-Encode              x86_64   2.51-7.el7                   base      1.5 M
 perl-Exporter            noarch   5.68-3.el7                   base       28 k
 perl-File-Path           noarch   2.09-2.el7                   base       26 k
 perl-File-Temp           noarch   0.23.01-3.el7                base       56 k
 perl-Filter              x86_64   1.49-3.el7                   base       76 k
 perl-Getopt-Long         noarch   2.40-3.el7                   base       56 k
 perl-HTTP-Tiny           noarch   0.033-3.el7                  base       38 k
 perl-PathTools           x86_64   3.40-5.el7                   base       82 k
 perl-Pod-Escapes         noarch   1:1.04-294.el7_6             updates    51 k
 perl-Pod-Perldoc         noarch   3.20-4.el7                   base       87 k
 perl-Pod-Simple          noarch   1:3.28-4.el7                 base      216 k
 perl-Pod-Usage           noarch   1.63-3.el7                   base       27 k
 perl-Scalar-List-Utils   x86_64   1.27-248.el7                 base       36 k
 perl-Socket              x86_64   2.010-4.el7                  base       49 k
 perl-Storable            x86_64   2.45-3.el7                   base       77 k
 perl-Text-ParseWords     noarch   3.29-4.el7                   base       14 k
 perl-Time-HiRes          x86_64   4:1.9725-3.el7               base       45 k
 perl-Time-Local          noarch   1.2300-2.el7                 base       24 k
 perl-constant            noarch   1.27-2.el7                   base       19 k
 perl-libs                x86_64   4:5.16.3-294.el7_6           updates   688 k
 perl-macros              x86_64   4:5.16.3-294.el7_6           updates    44 k
 perl-parent              noarch   1:0.225-244.el7              base       12 k
 perl-podlators           noarch   2.5.1-3.el7                  base      112 k
 perl-threads             x86_64   1.87-4.el7                   base       49 k
 perl-threads-shared      x86_64   1.43-6.el7                   base       39 k
 vim-common               x86_64   2:7.4.160-5.el7              base      5.9 M
 vim-filesystem           x86_64   2:7.4.160-5.el7              base       10 k
 which                    x86_64   2.20-7.el7                   base       41 k

Transaction Summary
================================================================================
Install  5 Packages (+36 Dependent packages)

Total download size: 21 M
Installed size: 68 M
Downloading packages:
--------------------------------------------------------------------------------
Total                                              3.8 MB/s |  21 MB  00:05     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libnfnetlink-1.0.1-4.el7.x86_64                             1/41 
  Installing : libmnl-1.0.3-7.el7.x86_64                                   2/41 
  Installing : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64                 3/41 
  Installing : iptables-1.4.21-28.el7.x86_64                               4/41 
  Installing : 2:vim-filesystem-7.4.160-5.el7.x86_64                       5/41 
  Installing : 2:vim-common-7.4.160-5.el7.x86_64                           6/41 
  Installing : gpm-libs-1.20.7-5.el7.x86_64                                7/41 
  Installing : groff-base-1.22.2-8.el7.x86_64                              8/41 
  Installing : 1:perl-parent-0.225-244.el7.noarch                          9/41 
  Installing : perl-HTTP-Tiny-0.033-3.el7.noarch                          10/41 
  Installing : perl-podlators-2.5.1-3.el7.noarch                          11/41 
  Installing : perl-Pod-Perldoc-3.20-4.el7.noarch                         12/41 
  Installing : 1:perl-Pod-Escapes-1.04-294.el7_6.noarch                   13/41 
  Installing : perl-Encode-2.51-7.el7.x86_64                              14/41 
  Installing : perl-Text-ParseWords-3.29-4.el7.noarch                     15/41 
  Installing : perl-Pod-Usage-1.63-3.el7.noarch                           16/41 
  Installing : 4:perl-libs-5.16.3-294.el7_6.x86_64                        17/41 
  Installing : 4:perl-macros-5.16.3-294.el7_6.x86_64                      18/41 
  Installing : 4:perl-Time-HiRes-1.9725-3.el7.x86_64                      19/41 
  Installing : perl-Exporter-5.68-3.el7.noarch                            20/41 
  Installing : perl-constant-1.27-2.el7.noarch                            21/41 
  Installing : perl-Time-Local-1.2300-2.el7.noarch                        22/41 
  Installing : perl-Socket-2.010-4.el7.x86_64                             23/41 
  Installing : perl-Carp-1.26-244.el7.noarch                              24/41 
  Installing : perl-Storable-2.45-3.el7.x86_64                            25/41 
  Installing : perl-PathTools-3.40-5.el7.x86_64                           26/41 
  Installing : perl-Scalar-List-Utils-1.27-248.el7.x86_64                 27/41 
  Installing : 1:perl-Pod-Simple-3.28-4.el7.noarch                        28/41 
  Installing : perl-File-Temp-0.23.01-3.el7.noarch                        29/41 
  Installing : perl-File-Path-2.09-2.el7.noarch                           30/41 
  Installing : perl-threads-shared-1.43-6.el7.x86_64                      31/41 
  Installing : perl-threads-1.87-4.el7.x86_64                             32/41 
  Installing : perl-Filter-1.49-3.el7.x86_64                              33/41 
  Installing : perl-Getopt-Long-2.40-3.el7.noarch                         34/41 
  Installing : 4:perl-5.16.3-294.el7_6.x86_64                             35/41 
  Installing : which-2.20-7.el7.x86_64                                    36/41 
install-info: No such file or directory for /usr/share/info/which.info.gz
  Installing : 2:vim-enhanced-7.4.160-5.el7.x86_64                        37/41 
  Installing : iproute-4.11.0-14.el7_6.2.x86_64                           38/41 
  Installing : net-tools-2.0-0.24.20131004git.el7.x86_64                  39/41 
  Installing : tree-1.6.0-10.el7.x86_64                                   40/41 
  Installing : lsof-4.87-6.el7.x86_64                                     41/41 
  Verifying  : perl-HTTP-Tiny-0.033-3.el7.noarch                           1/41 
  Verifying  : libmnl-1.0.3-7.el7.x86_64                                   2/41 
  Verifying  : iproute-4.11.0-14.el7_6.2.x86_64                            3/41 
  Verifying  : 2:vim-enhanced-7.4.160-5.el7.x86_64                         4/41 
  Verifying  : perl-threads-shared-1.43-6.el7.x86_64                       5/41 
  Verifying  : 4:perl-Time-HiRes-1.9725-3.el7.x86_64                       6/41 
  Verifying  : 1:perl-Pod-Escapes-1.04-294.el7_6.noarch                    7/41 
  Verifying  : lsof-4.87-6.el7.x86_64                                      8/41 
  Verifying  : perl-Exporter-5.68-3.el7.noarch                             9/41 
  Verifying  : perl-constant-1.27-2.el7.noarch                            10/41 
  Verifying  : perl-PathTools-3.40-5.el7.x86_64                           11/41 
  Verifying  : libnetfilter_conntrack-1.0.6-1.el7_3.x86_64                12/41 
  Verifying  : 1:perl-parent-0.225-244.el7.noarch                         13/41 
  Verifying  : which-2.20-7.el7.x86_64                                    14/41 
  Verifying  : 4:perl-libs-5.16.3-294.el7_6.x86_64                        15/41 
  Verifying  : groff-base-1.22.2-8.el7.x86_64                             16/41 
  Verifying  : perl-File-Temp-0.23.01-3.el7.noarch                        17/41 
  Verifying  : 1:perl-Pod-Simple-3.28-4.el7.noarch                        18/41 
  Verifying  : tree-1.6.0-10.el7.x86_64                                   19/41 
  Verifying  : perl-Time-Local-1.2300-2.el7.noarch                        20/41 
  Verifying  : gpm-libs-1.20.7-5.el7.x86_64                               21/41 
  Verifying  : 2:vim-common-7.4.160-5.el7.x86_64                          22/41 
  Verifying  : 4:perl-macros-5.16.3-294.el7_6.x86_64                      23/41 
  Verifying  : perl-Socket-2.010-4.el7.x86_64                             24/41 
  Verifying  : perl-Carp-1.26-244.el7.noarch                              25/41 
  Verifying  : net-tools-2.0-0.24.20131004git.el7.x86_64                  26/41 
  Verifying  : perl-Storable-2.45-3.el7.x86_64                            27/41 
  Verifying  : perl-Scalar-List-Utils-1.27-248.el7.x86_64                 28/41 
  Verifying  : perl-Pod-Usage-1.63-3.el7.noarch                           29/41 
  Verifying  : iptables-1.4.21-28.el7.x86_64                              30/41 
  Verifying  : perl-Encode-2.51-7.el7.x86_64                              31/41 
  Verifying  : libnfnetlink-1.0.1-4.el7.x86_64                            32/41 
  Verifying  : perl-Pod-Perldoc-3.20-4.el7.noarch                         33/41 
  Verifying  : perl-podlators-2.5.1-3.el7.noarch                          34/41 
  Verifying  : perl-File-Path-2.09-2.el7.noarch                           35/41 
  Verifying  : perl-threads-1.87-4.el7.x86_64                             36/41 
  Verifying  : perl-Filter-1.49-3.el7.x86_64                              37/41 
  Verifying  : perl-Getopt-Long-2.40-3.el7.noarch                         38/41 
  Verifying  : perl-Text-ParseWords-3.29-4.el7.noarch                     39/41 
  Verifying  : 4:perl-5.16.3-294.el7_6.x86_64                             40/41 
  Verifying  : 2:vim-filesystem-7.4.160-5.el7.x86_64                      41/41 

Installed:
  iproute.x86_64 0:4.11.0-14.el7_6.2              lsof.x86_64 0:4.87-6.el7      
  net-tools.x86_64 0:2.0-0.24.20131004git.el7     tree.x86_64 0:1.6.0-10.el7    
  vim-enhanced.x86_64 2:7.4.160-5.el7            

Dependency Installed:
  gpm-libs.x86_64 0:1.20.7-5.el7                                                
  groff-base.x86_64 0:1.22.2-8.el7                                              
  iptables.x86_64 0:1.4.21-28.el7                                               
  libmnl.x86_64 0:1.0.3-7.el7                                                   
  libnetfilter_conntrack.x86_64 0:1.0.6-1.el7_3                                 
  libnfnetlink.x86_64 0:1.0.1-4.el7                                             
  perl.x86_64 4:5.16.3-294.el7_6                                                
  perl-Carp.noarch 0:1.26-244.el7                                               
  perl-Encode.x86_64 0:2.51-7.el7                                               
  perl-Exporter.noarch 0:5.68-3.el7                                             
  perl-File-Path.noarch 0:2.09-2.el7                                            
  perl-File-Temp.noarch 0:0.23.01-3.el7                                         
  perl-Filter.x86_64 0:1.49-3.el7                                               
  perl-Getopt-Long.noarch 0:2.40-3.el7                                          
  perl-HTTP-Tiny.noarch 0:0.033-3.el7                                           
  perl-PathTools.x86_64 0:3.40-5.el7                                            
  perl-Pod-Escapes.noarch 1:1.04-294.el7_6                                      
  perl-Pod-Perldoc.noarch 0:3.20-4.el7                                          
  perl-Pod-Simple.noarch 1:3.28-4.el7                                           
  perl-Pod-Usage.noarch 0:1.63-3.el7                                            
  perl-Scalar-List-Utils.x86_64 0:1.27-248.el7                                  
  perl-Socket.x86_64 0:2.010-4.el7                                              
  perl-Storable.x86_64 0:2.45-3.el7                                             
  perl-Text-ParseWords.noarch 0:3.29-4.el7                                      
  perl-Time-HiRes.x86_64 4:1.9725-3.el7                                         
  perl-Time-Local.noarch 0:1.2300-2.el7                                         
  perl-constant.noarch 0:1.27-2.el7                                             
  perl-libs.x86_64 4:5.16.3-294.el7_6                                           
  perl-macros.x86_64 4:5.16.3-294.el7_6                                         
  perl-parent.noarch 1:0.225-244.el7                                            
  perl-podlators.noarch 0:2.5.1-3.el7                                           
  perl-threads.x86_64 0:1.87-4.el7                                              
  perl-threads-shared.x86_64 0:1.43-6.el7                                       
  vim-common.x86_64 2:7.4.160-5.el7                                             
  vim-filesystem.x86_64 2:7.4.160-5.el7                                         
  which.x86_64 0:2.20-7.el7                                                     

Complete!
Removing intermediate container e465add73fb4
 ---> 5f7600975a99
Step 15/17 : RUN chmod u+x ${EXE_DIR}/*.sh && find ${EXE_DIR} -name "*.sh" | while read line;do bash -c ${line};done
 ---> Running in bc9dd63c0c32
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: ftp-srv2.kddilabs.jp
 * extras: ftp-srv2.kddilabs.jp
 * updates: ftp-srv2.kddilabs.jp
Resolving Dependencies
--> Running transaction check
---> Package dbus.x86_64 1:1.10.24-12.el7 will be updated
---> Package dbus.x86_64 1:1.10.24-13.el7_6 will be an update
---> Package dbus-libs.x86_64 1:1.10.24-12.el7 will be updated
---> Package dbus-libs.x86_64 1:1.10.24-13.el7_6 will be an update
---> Package device-mapper.x86_64 7:1.02.149-10.el7_6.3 will be updated
---> Package device-mapper.x86_64 7:1.02.149-10.el7_6.7 will be an update
---> Package device-mapper-libs.x86_64 7:1.02.149-10.el7_6.3 will be updated
---> Package device-mapper-libs.x86_64 7:1.02.149-10.el7_6.7 will be an update
---> Package glibc.x86_64 0:2.17-260.el7_6.3 will be updated
---> Package glibc.x86_64 0:2.17-260.el7_6.4 will be an update
---> Package glibc-common.x86_64 0:2.17-260.el7_6.3 will be updated
---> Package glibc-common.x86_64 0:2.17-260.el7_6.4 will be an update
---> Package libblkid.x86_64 0:2.23.2-59.el7 will be updated
---> Package libblkid.x86_64 0:2.23.2-59.el7_6.1 will be an update
---> Package libgcc.x86_64 0:4.8.5-36.el7 will be updated
---> Package libgcc.x86_64 0:4.8.5-36.el7_6.2 will be an update
---> Package libmount.x86_64 0:2.23.2-59.el7 will be updated
---> Package libmount.x86_64 0:2.23.2-59.el7_6.1 will be an update
---> Package libsmartcols.x86_64 0:2.23.2-59.el7 will be updated
---> Package libsmartcols.x86_64 0:2.23.2-59.el7_6.1 will be an update
---> Package libssh2.x86_64 0:1.4.3-12.el7 will be updated
---> Package libssh2.x86_64 0:1.4.3-12.el7_6.2 will be an update
---> Package libstdc++.x86_64 0:4.8.5-36.el7 will be updated
---> Package libstdc++.x86_64 0:4.8.5-36.el7_6.2 will be an update
---> Package libuuid.x86_64 0:2.23.2-59.el7 will be updated
---> Package libuuid.x86_64 0:2.23.2-59.el7_6.1 will be an update
---> Package nss-pem.x86_64 0:1.0.3-5.el7 will be updated
---> Package nss-pem.x86_64 0:1.0.3-5.el7_6.1 will be an update
---> Package openssl-libs.x86_64 1:1.0.2k-16.el7 will be updated
---> Package openssl-libs.x86_64 1:1.0.2k-16.el7_6.1 will be an update
---> Package python.x86_64 0:2.7.5-76.el7 will be updated
---> Package python.x86_64 0:2.7.5-77.el7_6 will be an update
---> Package python-libs.x86_64 0:2.7.5-76.el7 will be updated
---> Package python-libs.x86_64 0:2.7.5-77.el7_6 will be an update
---> Package shadow-utils.x86_64 2:4.1.5.1-25.el7 will be updated
---> Package shadow-utils.x86_64 2:4.1.5.1-25.el7_6.1 will be an update
---> Package systemd.x86_64 0:219-62.el7_6.5 will be updated
---> Package systemd.x86_64 0:219-62.el7_6.6 will be an update
---> Package systemd-libs.x86_64 0:219-62.el7_6.5 will be updated
---> Package systemd-libs.x86_64 0:219-62.el7_6.6 will be an update
---> Package tzdata.noarch 0:2018i-1.el7 will be updated
---> Package tzdata.noarch 0:2019a-1.el7 will be an update
---> Package util-linux.x86_64 0:2.23.2-59.el7 will be updated
---> Package util-linux.x86_64 0:2.23.2-59.el7_6.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                Arch       Version                    Repository   Size
================================================================================
Updating:
 dbus                   x86_64     1:1.10.24-13.el7_6         updates     245 k
 dbus-libs              x86_64     1:1.10.24-13.el7_6         updates     169 k
 device-mapper          x86_64     7:1.02.149-10.el7_6.7      updates     293 k
 device-mapper-libs     x86_64     7:1.02.149-10.el7_6.7      updates     320 k
 glibc                  x86_64     2.17-260.el7_6.4           updates     3.7 M
 glibc-common           x86_64     2.17-260.el7_6.4           updates      12 M
 libblkid               x86_64     2.23.2-59.el7_6.1          updates     181 k
 libgcc                 x86_64     4.8.5-36.el7_6.2           updates     102 k
 libmount               x86_64     2.23.2-59.el7_6.1          updates     182 k
 libsmartcols           x86_64     2.23.2-59.el7_6.1          updates     140 k
 libssh2                x86_64     1.4.3-12.el7_6.2           updates     135 k
 libstdc++              x86_64     4.8.5-36.el7_6.2           updates     305 k
 libuuid                x86_64     2.23.2-59.el7_6.1          updates      82 k
 nss-pem                x86_64     1.0.3-5.el7_6.1            updates      74 k
 openssl-libs           x86_64     1:1.0.2k-16.el7_6.1        updates     1.2 M
 python                 x86_64     2.7.5-77.el7_6             updates      94 k
 python-libs            x86_64     2.7.5-77.el7_6             updates     5.6 M
 shadow-utils           x86_64     2:4.1.5.1-25.el7_6.1       updates     1.1 M
 systemd                x86_64     219-62.el7_6.6             updates     5.1 M
 systemd-libs           x86_64     219-62.el7_6.6             updates     407 k
 tzdata                 noarch     2019a-1.el7                updates     494 k
 util-linux             x86_64     2.23.2-59.el7_6.1          updates     2.0 M

Transaction Summary
================================================================================
Upgrade  22 Packages

Total download size: 33 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
--------------------------------------------------------------------------------
Total                                              4.8 MB/s |  33 MB  00:06     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : libgcc-4.8.5-36.el7_6.2.x86_64                              1/44 
  Updating   : tzdata-2019a-1.el7.noarch                                   2/44 
  Updating   : glibc-common-2.17-260.el7_6.4.x86_64                        3/44 
  Updating   : glibc-2.17-260.el7_6.4.x86_64                               4/44 
  Updating   : systemd-libs-219-62.el7_6.6.x86_64                          5/44 
  Updating   : libuuid-2.23.2-59.el7_6.1.x86_64                            6/44 
  Updating   : libblkid-2.23.2-59.el7_6.1.x86_64                           7/44 
  Updating   : libmount-2.23.2-59.el7_6.1.x86_64                           8/44 
  Updating   : 2:shadow-utils-4.1.5.1-25.el7_6.1.x86_64                    9/44 
  Updating   : 1:openssl-libs-1.0.2k-16.el7_6.1.x86_64                    10/44 
  Updating   : python-libs-2.7.5-77.el7_6.x86_64                          11/44 
  Updating   : 1:dbus-libs-1.10.24-13.el7_6.x86_64                        12/44 
  Updating   : systemd-219-62.el7_6.6.x86_64                              13/44 
Failed to get D-Bus connection: Operation not permitted
  Updating   : 1:dbus-1.10.24-13.el7_6.x86_64                             14/44 
  Updating   : libsmartcols-2.23.2-59.el7_6.1.x86_64                      15/44 
  Updating   : util-linux-2.23.2-59.el7_6.1.x86_64                        16/44 
  Updating   : 7:device-mapper-libs-1.02.149-10.el7_6.7.x86_64            17/44 
  Updating   : 7:device-mapper-1.02.149-10.el7_6.7.x86_64                 18/44 
  Updating   : python-2.7.5-77.el7_6.x86_64                               19/44 
  Updating   : libssh2-1.4.3-12.el7_6.2.x86_64                            20/44 
  Updating   : nss-pem-1.0.3-5.el7_6.1.x86_64                             21/44 
  Updating   : libstdc++-4.8.5-36.el7_6.2.x86_64                          22/44 
  Cleanup    : 7:device-mapper-1.02.149-10.el7_6.3.x86_64                 23/44 
  Cleanup    : 7:device-mapper-libs-1.02.149-10.el7_6.3.x86_64            24/44 
  Cleanup    : 1:dbus-1.10.24-12.el7.x86_64                               25/44 
  Cleanup    : systemd-219-62.el7_6.5.x86_64                              26/44 
  Cleanup    : util-linux-2.23.2-59.el7.x86_64                            27/44 
  Cleanup    : libmount-2.23.2-59.el7.x86_64                              28/44 
  Cleanup    : python-2.7.5-76.el7.x86_64                                 29/44 
  Cleanup    : python-libs-2.7.5-76.el7.x86_64                            30/44 
  Cleanup    : libblkid-2.23.2-59.el7.x86_64                              31/44 
  Cleanup    : 1:dbus-libs-1.10.24-12.el7.x86_64                          32/44 
  Cleanup    : systemd-libs-219-62.el7_6.5.x86_64                         33/44 
  Cleanup    : libssh2-1.4.3-12.el7.x86_64                                34/44 
  Cleanup    : libstdc++-4.8.5-36.el7.x86_64                              35/44 
  Cleanup    : 1:openssl-libs-1.0.2k-16.el7.x86_64                        36/44 
  Cleanup    : libuuid-2.23.2-59.el7.x86_64                               37/44 
  Cleanup    : libsmartcols-2.23.2-59.el7.x86_64                          38/44 
  Cleanup    : 2:shadow-utils-4.1.5.1-25.el7.x86_64                       39/44 
  Cleanup    : nss-pem-1.0.3-5.el7.x86_64                                 40/44 
  Cleanup    : glibc-common-2.17-260.el7_6.3.x86_64                       41/44 
  Cleanup    : glibc-2.17-260.el7_6.3.x86_64                              42/44 
  Cleanup    : tzdata-2018i-1.el7.noarch                                  43/44 
  Cleanup    : libgcc-4.8.5-36.el7.x86_64                                 44/44 
  Verifying  : nss-pem-1.0.3-5.el7_6.1.x86_64                              1/44 
  Verifying  : libblkid-2.23.2-59.el7_6.1.x86_64                           2/44 
  Verifying  : util-linux-2.23.2-59.el7_6.1.x86_64                         3/44 
  Verifying  : libmount-2.23.2-59.el7_6.1.x86_64                           4/44 
  Verifying  : python-libs-2.7.5-77.el7_6.x86_64                           5/44 
  Verifying  : libstdc++-4.8.5-36.el7_6.2.x86_64                           6/44 
  Verifying  : 2:shadow-utils-4.1.5.1-25.el7_6.1.x86_64                    7/44 
  Verifying  : libssh2-1.4.3-12.el7_6.2.x86_64                             8/44 
  Verifying  : libgcc-4.8.5-36.el7_6.2.x86_64                              9/44 
  Verifying  : tzdata-2019a-1.el7.noarch                                  10/44 
  Verifying  : 1:dbus-libs-1.10.24-13.el7_6.x86_64                        11/44 
  Verifying  : 7:device-mapper-libs-1.02.149-10.el7_6.7.x86_64            12/44 
  Verifying  : 1:openssl-libs-1.0.2k-16.el7_6.1.x86_64                    13/44 
  Verifying  : python-2.7.5-77.el7_6.x86_64                               14/44 
  Verifying  : libsmartcols-2.23.2-59.el7_6.1.x86_64                      15/44 
  Verifying  : 1:dbus-1.10.24-13.el7_6.x86_64                             16/44 
  Verifying  : libuuid-2.23.2-59.el7_6.1.x86_64                           17/44 
  Verifying  : glibc-common-2.17-260.el7_6.4.x86_64                       18/44 
  Verifying  : glibc-2.17-260.el7_6.4.x86_64                              19/44 
  Verifying  : systemd-libs-219-62.el7_6.6.x86_64                         20/44 
  Verifying  : systemd-219-62.el7_6.6.x86_64                              21/44 
  Verifying  : 7:device-mapper-1.02.149-10.el7_6.7.x86_64                 22/44 
  Verifying  : python-2.7.5-76.el7.x86_64                                 23/44 
  Verifying  : libblkid-2.23.2-59.el7.x86_64                              24/44 
  Verifying  : 1:dbus-1.10.24-12.el7.x86_64                               25/44 
  Verifying  : libgcc-4.8.5-36.el7.x86_64                                 26/44 
  Verifying  : libstdc++-4.8.5-36.el7.x86_64                              27/44 
  Verifying  : 1:openssl-libs-1.0.2k-16.el7.x86_64                        28/44 
  Verifying  : glibc-2.17-260.el7_6.3.x86_64                              29/44 
  Verifying  : 7:device-mapper-libs-1.02.149-10.el7_6.3.x86_64            30/44 
  Verifying  : libuuid-2.23.2-59.el7.x86_64                               31/44 
  Verifying  : nss-pem-1.0.3-5.el7.x86_64                                 32/44 
  Verifying  : libssh2-1.4.3-12.el7.x86_64                                33/44 
  Verifying  : systemd-libs-219-62.el7_6.5.x86_64                         34/44 
  Verifying  : 1:dbus-libs-1.10.24-12.el7.x86_64                          35/44 
  Verifying  : systemd-219-62.el7_6.5.x86_64                              36/44 
  Verifying  : 2:shadow-utils-4.1.5.1-25.el7.x86_64                       37/44 
  Verifying  : libmount-2.23.2-59.el7.x86_64                              38/44 
  Verifying  : util-linux-2.23.2-59.el7.x86_64                            39/44 
  Verifying  : libsmartcols-2.23.2-59.el7.x86_64                          40/44 
  Verifying  : python-libs-2.7.5-76.el7.x86_64                            41/44 
  Verifying  : tzdata-2018i-1.el7.noarch                                  42/44 
  Verifying  : glibc-common-2.17-260.el7_6.3.x86_64                       43/44 
  Verifying  : 7:device-mapper-1.02.149-10.el7_6.3.x86_64                 44/44 

Updated:
  dbus.x86_64 1:1.10.24-13.el7_6                                                
  dbus-libs.x86_64 1:1.10.24-13.el7_6                                           
  device-mapper.x86_64 7:1.02.149-10.el7_6.7                                    
  device-mapper-libs.x86_64 7:1.02.149-10.el7_6.7                               
  glibc.x86_64 0:2.17-260.el7_6.4                                               
  glibc-common.x86_64 0:2.17-260.el7_6.4                                        
  libblkid.x86_64 0:2.23.2-59.el7_6.1                                           
  libgcc.x86_64 0:4.8.5-36.el7_6.2                                              
  libmount.x86_64 0:2.23.2-59.el7_6.1                                           
  libsmartcols.x86_64 0:2.23.2-59.el7_6.1                                       
  libssh2.x86_64 0:1.4.3-12.el7_6.2                                             
  libstdc++.x86_64 0:4.8.5-36.el7_6.2                                           
  libuuid.x86_64 0:2.23.2-59.el7_6.1                                            
  nss-pem.x86_64 0:1.0.3-5.el7_6.1                                              
  openssl-libs.x86_64 1:1.0.2k-16.el7_6.1                                       
  python.x86_64 0:2.7.5-77.el7_6                                                
  python-libs.x86_64 0:2.7.5-77.el7_6                                           
  shadow-utils.x86_64 2:4.1.5.1-25.el7_6.1                                      
  systemd.x86_64 0:219-62.el7_6.6                                               
  systemd-libs.x86_64 0:219-62.el7_6.6                                          
  tzdata.noarch 0:2019a-1.el7                                                   
  util-linux.x86_64 0:2.23.2-59.el7_6.1                                         

Complete!
Loaded plugins: fastestmirror, ovl
Cleaning repos: base extras updates
Cleaning up list of fastest mirrors
Removing intermediate container bc9dd63c0c32
 ---> 1f439da4ac76
Step 16/17 : EXPOSE 80
 ---> Running in b4b0eba2f76a
Removing intermediate container b4b0eba2f76a
 ---> fc3b54baa6b6
Step 17/17 : CMD ["/sbin/init"]
 ---> Running in 0f8f69bc2d8f
Removing intermediate container 0f8f69bc2d8f
 ---> 0cebeaa888c4
Successfully built 0cebeaa888c4
Successfully tagged apache/httpd:latest

_________________________________________________________________________________

-->apache/httpd was built

Build completed in 117 seconds.


[oracle@centos tmp]$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
apache/httpd        latest              0cebeaa888c4        3 minutes ago       503MB

[oracle@centos tmp]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                  NAMES
aaf4852dabab        apache/httpd        "/sbin/init"        4 minutes ago       Up 3 minutes        0.0.0.0:8080->80/tcp   test1

Docker imagesの確認

コード表示

[oracle@centos tmp]$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
apache/httpd        latest              0cebeaa888c4        34 minutes ago      503MB

起動コンテナの確認

コード表示

[oracle@centos tmp]$ docker stop $(docker ps -qa) && docker rm $(docker ps -qa)
5edf42a78b62
5edf42a78b62
[oracle@centos tmp]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

コンテナ起動

コード表示

[oracle@centos tmp]$ docker run -p 8080:80 --privileged -it --name test1 -d apache/httpd
055aaa91b9a15429d38b546302a2ffb1032bb8cb5609d753d49fef437c5227e8
[oracle@centos tmp]$ docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                  NAMES
055aaa91b9a1        apache/httpd        "/sbin/init"        5 seconds ago       Up 4 seconds        0.0.0.0:8080->80/tcp   test1

コンテナ中に潜る

コード表示

[oracle@centos tmp]$ docker exec -it test1 /bin/bash
[root@f6f256dd2e99 /]# whoami
root

ここからが結構楽しい

apacheでぐぐる

コード表示

[root@f6f256dd2e99 /]# find . -name *apache* 2>/dev/null
./sys/fs/selinux/booleans/awstats_purge_apache_log_files
./usr/share/vim/vim74/syntax/apachestyle.vim
./usr/share/vim/vim74/syntax/apache.vim
./usr/share/httpd/noindex/images/apache_pb.gif
./usr/share/httpd/icons/apache_pb.png
./usr/share/httpd/icons/apache_pb2.png
./usr/share/httpd/icons/apache_pb.svg
./usr/share/httpd/icons/apache_pb2.gif
./usr/share/httpd/icons/apache_pb.gif
./usr/sbin/apachectl

ここらへんのやつひろう

コード表示

[root@f6f256dd2e99 /]# find . -name *httpd* 2>/dev/null | grep -E "conf|log|bin|service"
./sys/fs/selinux/booleans/httpd_mod_auth_ntlm_winbind
./usr/lib/systemd/system/httpd.service
./usr/lib/tmpfiles.d/httpd.conf
./usr/sbin/httpd
./var/log/httpd
./etc/logrotate.d/httpd
./etc/sysconfig/httpd
./etc/httpd/conf/httpd.conf

プロセス確認する。httpdプロセス起動させた。

コード表示

[root@f6f256dd2e99 /]# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  51288  3340 ?        Ss   12:51   0:00 /sbin/init
root        17  0.0  0.0  39084  5964 ?        Ss   12:51   0:00 /usr/lib/systemd/systemd-journald
root        29  0.0  0.0  35320  2076 ?        Ss   12:51   0:00 /usr/lib/systemd/systemd-udevd
dbus       806  0.0  0.0  58104  2104 ?        Ss   12:51   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root       910  0.0  0.0  24252  1560 ?        Ss   12:51   0:00 /usr/lib/systemd/systemd-logind
root      2713  0.0  0.0  11820  1892 pts/1    Ss   12:51   0:00 /bin/bash
root      3119  1.0  0.0  90264  1896 tty1     Ss+  13:04   0:00 /bin/login --                     
root      3150  0.0  0.0  51740  1740 pts/1    R+   13:05   0:00 ps aux
[root@f6f256dd2e99 /]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:httpd(8)
           man:apachectl(8)
[root@f6f256dd2e99 /]# systemctl start httpd.service
[root@f6f256dd2e99 /]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-04-29 13:08:15 UTC; 2s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 3297 (httpd)
   Status: "Processing requests..."
   CGroup: /docker/f6f256dd2e9999869e12e18a2eee82a56a3260fb69d5fa6aa6f6760575f438b2/system.slice/httpd.service
           ├─3297 /usr/sbin/httpd -DFOREGROUND
           ├─3298 /usr/sbin/httpd -DFOREGROUND
           ├─3299 /usr/sbin/httpd -DFOREGROUND
           ├─3300 /usr/sbin/httpd -DFOREGROUND
           ├─3301 /usr/sbin/httpd -DFOREGROUND
           └─3302 /usr/sbin/httpd -DFOREGROUND
           ‣ 3297 /usr/sbin/httpd -DFOREGROUND

Apr 29 13:08:15 f6f256dd2e99 systemd[1]: Starting The Apache HTTP Server...
Apr 29 13:08:15 f6f256dd2e99 httpd[3297]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
Apr 29 13:08:15 f6f256dd2e99 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@f6f256dd2e99 /]# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  51376  3448 ?        Ss   12:51   0:00 /sbin/init
root        17  0.0  0.0  39084  5992 ?        Ss   12:51   0:00 /usr/lib/systemd/systemd-journald
root        29  0.0  0.0  35320  2076 ?        Ss   12:51   0:00 /usr/lib/systemd/systemd-udevd
dbus       806  0.0  0.0  58104  2104 ?        Ss   12:51   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root       910  0.0  0.0  24252  1560 ?        Ss   12:51   0:00 /usr/lib/systemd/systemd-logind
root      2713  0.0  0.0  11820  1892 pts/1    Ss   12:51   0:00 /bin/bash
root      3297  0.0  0.0 224052  4984 ?        Ss   13:08   0:00 /usr/sbin/httpd -DFOREGROUND
apache    3298  0.0  0.0 224052  2952 ?        S    13:08   0:00 /usr/sbin/httpd -DFOREGROUND
apache    3299  0.0  0.0 224052  2952 ?        S    13:08   0:00 /usr/sbin/httpd -DFOREGROUND
apache    3300  0.0  0.0 224052  2952 ?        S    13:08   0:00 /usr/sbin/httpd -DFOREGROUND
apache    3301  0.0  0.0 224052  2952 ?        S    13:08   0:00 /usr/sbin/httpd -DFOREGROUND
apache    3302  0.0  0.0 224052  2952 ?        S    13:08   0:00 /usr/sbin/httpd -DFOREGROUND
root      3313  0.8  0.0  90264  1984 tty1     Ss+  13:08   0:00 /bin/login --  
root      3352  0.0  0.0  51740  1748 pts/1    R+   13:09   0:00 ps aux

apachectlとかつかえそう

コード表示

[root@055aaa91b9a1 /]# apachectl -h
Usage: /usr/sbin/httpd [-D name] [-d directory] [-f file]
                       [-C "directive"] [-c "directive"]
                       [-k start|restart|graceful|graceful-stop|stop]
                       [-v] [-V] [-h] [-l] [-L] [-t] [-T] [-S] [-X]
Options:
  -D name            : define a name for use in  directives
  -d directory       : specify an alternate initial ServerRoot
  -f file            : specify an alternate ServerConfigFile
  -C "directive"     : process directive before reading config files
  -c "directive"     : process directive after reading config files
  -e level           : show startup errors of level (see LogLevel)
  -E file            : log startup errors to file
  -v                 : show version number
  -V                 : show compile settings
  -h                 : list available command line options (this page)
  -l                 : list compiled in modules
  -L                 : list available configuration directives
  -t -D DUMP_VHOSTS  : show parsed vhost settings
  -t -D DUMP_RUN_CFG : show parsed run settings
  -S                 : a synonym for -t -D DUMP_VHOSTS -D DUMP_RUN_CFG
  -t -D DUMP_MODULES : show all loaded modules 
  -M                 : a synonym for -t -D DUMP_MODULES
  -t                 : run syntax check for config files
  -T                 : start without DocumentRoot(s) check
  -X                 : debug mode (only one worker, do not detach)
[root@055aaa91b9a1 /]# apachectl -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Nov  5 2018 01:47:09
[root@055aaa91b9a1 /]# apachectl -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@055aaa91b9a1 /]# apachectl -T
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
httpd (pid 2733) already running
[root@055aaa91b9a1 /]# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  43180  3440 ?        Ss   13:14   0:00 /sbin/init
root        19  0.0  0.0  39084  5996 ?        Ss   13:14   0:00 /usr/lib/systemd/systemd-journald
root        30  0.0  0.0  35604  2364 ?        Ss   13:14   0:00 /usr/lib/systemd/systemd-udevd
dbus       617  0.0  0.0  58104  2104 ?        Ss   13:14   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root       711  0.0  0.0  24252  1536 ?        Ss   13:14   0:00 /usr/lib/systemd/systemd-logind
root      2713  0.0  0.0  11820  1896 pts/1    Ss   13:15   0:00 /bin/bash
root      2733  0.0  0.0 224052  4980 ?        Ss   13:15   0:00 /usr/sbin/httpd -DFOREGROUND
apache    2734  0.0  0.0 224052  2948 ?        S    13:15   0:00 /usr/sbin/httpd -DFOREGROUND
apache    2735  0.0  0.0 224052  2948 ?        S    13:15   0:00 /usr/sbin/httpd -DFOREGROUND
apache    2736  0.0  0.0 224052  2948 ?        S    13:15   0:00 /usr/sbin/httpd -DFOREGROUND
apache    2737  0.0  0.0 224052  2948 ?        S    13:15   0:00 /usr/sbin/httpd -DFOREGROUND
apache    2738  0.0  0.0 224052  2948 ?        S    13:15   0:00 /usr/sbin/httpd -DFOREGROUND
root      2794  0.0  0.0  21704   788 tty1     Rs+  13:21   0:00 /bin/login --       
root      2795  0.0  0.0  51740  1752 pts/1    R+   13:21   0:00 ps aux

サーバー名とかポート番号とか確認してみる

コード表示

[root@055aaa91b9a1 /]# cat /etc/httpd/conf/httpd.conf | grep -A 20 "Name"
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80

#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other 
#  blocks below.
#

    AllowOverride none
    Require all denied


#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# DocumentRoot: The directory out of which you will serve your

Listen確認

コード表示

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the 
# directive.
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
Include conf.modules.d/*.conf

#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  
#
# User/Group: The name (or #number) of the user/group to run httpd as.
[root@055aaa91b9a1 /]# cat /etc/httpd/conf/httpd.conf | grep -A 10 "ServerRoot"
# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
# with ServerRoot set to '/www' will be interpreted by the
# server as '/www/log/access_log', where as '/log/access_log' will be
# interpreted as '/log/access_log'.

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used.  If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the 
# directive.
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
[root@055aaa91b9a1 /]# cat /etc/httpd/conf/httpd.conf | grep -A 10 "log"
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
# with ServerRoot set to '/www' will be interpreted by the
# server as '/www/log/access_log', where as '/log/access_log' will be
# interpreted as '/log/access_log'.

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used.  If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"

#
--
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a 
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a 
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error_log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn


    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a 
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per- access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    #CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    CustomLog "logs/access_log" combined



    #
    # Redirect: Allows you to tell clients about documents that used to 
    # exist in your server's namespace, but do not anymore. The client 
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar


動作確認

うてばいい

コード表示

http://192.168.1.109:8080とかアドレスバーに入力してEnter。

ログとか見る

コード表示

[root@055aaa91b9a1 /]# cd /etc/httpd
[root@055aaa91b9a1 httpd]# ls -lt
total 12
drwxr-xr-x. 2 root root 4096 Apr 29 12:31 conf
drwxr-xr-x. 2 root root 4096 Apr 29 12:31 conf.d
drwxr-xr-x. 2 root root 4096 Apr 29 12:31 conf.modules.d
lrwxrwxrwx. 1 root root   19 Apr 29 12:31 logs -> ../../var/log/httpd
lrwxrwxrwx. 1 root root   29 Apr 29 12:31 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx. 1 root root   10 Apr 29 12:31 run -> /run/httpd
[root@055aaa91b9a1 httpd]# vi logs
[root@055aaa91b9a1 httpd]# cd logs
[root@055aaa91b9a1 logs]# pwd
/etc/httpd/logs
[root@055aaa91b9a1 logs]# ls
access_log  error_log

[root@055aaa91b9a1 logs]# vi access_log
192.168.1.109 - - [29/Apr/2019:13:30:07 +0000] "GET / HTTP/1.1" 200 125 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"
192.168.1.109 - - [29/Apr/2019:13:30:07 +0000] "GET /favicon.ico HTTP/1.1" 404 209 "http://192.168.1.109:8080/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"
192.168.1.109 - - [29/Apr/2019:13:30:59 +0000] "-" 408 - "-" "-"

[root@055aaa91b9a1 logs]# vi error_log
[Mon Apr 29 13:15:37.766768 2019] [suexec:notice] [pid 2733] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Mon Apr 29 13:15:37.772196 2019] [auth_digest:notice] [pid 2733] AH01757: generating secret for digest authentication ...
[Mon Apr 29 13:15:37.772682 2019] [lbmethod_heartbeat:notice] [pid 2733] AH02282: No slotmem from mod_heartmonitor
[Mon Apr 29 13:15:37.774138 2019] [mpm_prefork:notice] [pid 2733] AH00163: Apache/2.4.6 (CentOS) configured -- resuming normal operations
[Mon Apr 29 13:15:37.774150 2019] [core:notice] [pid 2733] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

curlアタックスクリプト

コード表示

[oracle@centos tmp]$ ll
合計 16
-rw-r--r--. 1 oracle docker 254  4月 29 21:30 Dockerfile
-rwxr--r--. 1 oracle docker 197  4月 29 22:48 atk.sh
-rw-r--r--. 1 oracle docker 125  4月 29 20:20 index.html
-rwxr--r--. 1 oracle docker 570  4月 29 21:06 kick.sh
[oracle@centos tmp]$ cat atk.sh
#!/bin/bash
 
cnt=0
trap 'echo '';echo "try count:${cnt}";exit 1;' INT                                                       
 
while :
do
  curl -o /dev/null $1
  cnt=$((${cnt}+1))
  sleep 1
done

アタックしつつtail -fでログ監査

terminal2つ開いて

コード表示

--one session
[oracle@centos tmp]$ ./atk.sh http://192.168.1.109:8080
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   125  100   125    0     0  70343      0 --:--:-- --:--:-- --:--:--  122k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   125  100   125    0     0   105k      0 --:--:-- --:--:-- --:--:--  122k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   125  100   125    0     0  22253      0 --:--:-- --:--:-- --:--:-- 25000
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   125  100   125    0     0   101k      0 --:--:-- --:--:-- --:--:--  122k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   125  100   125    0     0   105k      0 --:--:-- --:--:-- --:--:--  122k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   125  100   125    0     0   107k      0 --:--:-- --:--:-- --:--:--  122k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   125  100   125    0     0   131k      0 --:--:-- --:--:-- --:--:--  122k
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   125  100   125    0     0   112k      0 --:--:-- --:--:-- --:--:--  122k
^C
try count:8
--another session
[root@055aaa91b9a1 logs]# tail -f access_log
192.168.1.109 - - [29/Apr/2019:13:30:07 +0000] "GET / HTTP/1.1" 200 125 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"
192.168.1.109 - - [29/Apr/2019:13:30:07 +0000] "GET /favicon.ico HTTP/1.1" 404 209 "http://192.168.1.109:8080/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"
192.168.1.109 - - [29/Apr/2019:13:30:59 +0000] "-" 408 - "-" "-"
192.168.1.109 - - [29/Apr/2019:13:49:35 +0000] "GET / HTTP/1.1" 200 125 "-" "curl/7.29.0"
192.168.1.109 - - [29/Apr/2019:13:49:36 +0000] "GET / HTTP/1.1" 200 125 "-" "curl/7.29.0"
192.168.1.109 - - [29/Apr/2019:13:49:37 +0000] "GET / HTTP/1.1" 200 125 "-" "curl/7.29.0"
192.168.1.109 - - [29/Apr/2019:13:49:38 +0000] "GET / HTTP/1.1" 200 125 "-" "curl/7.29.0"
192.168.1.109 - - [29/Apr/2019:13:49:39 +0000] "GET / HTTP/1.1" 200 125 "-" "curl/7.29.0"
192.168.1.109 - - [29/Apr/2019:13:49:40 +0000] "GET / HTTP/1.1" 200 125 "-" "curl/7.29.0"
192.168.1.109 - - [29/Apr/2019:13:49:41 +0000] "GET / HTTP/1.1" 200 125 "-" "curl/7.29.0"
192.168.1.109 - - [29/Apr/2019:13:49:42 +0000] "GET / HTTP/1.1" 200 125 "-" "curl/7.29.0"

Docker便利

awkでログ題材にしてたから、つくったってログファイル生成したかったのが本音でした。

sql oracle MATCH_RECOGNIZE lesson

ことはじめ

MATCH_RECOGNIZE句の動きを始める前より理解を深めたい。

参考文献

DEEP DIVE INTO 12c MATCH_RECOGNIZE  
Overview of Pattern Matching in Data Warehouses  
Pattern Matching (MATCH_RECOGNIZE) in Oracle Database 12c Release 1 (12.1)  
MATCH_RECOGNIZE - SKIP TO where exactly?  
MATCH_RECOGNIZE - Log file sessionization analysis  
Introduction to MATCH_RECOGNIZE

テストデータの準備

oracle_baseさんのデータを拝借。分かりやすいです。とても。

sales_historyを作成。

コード表示

DROP TABLE sales_history PURGE;

CREATE TABLE sales_history (
  id            NUMBER,
  product       VARCHAR2(20),
  tstamp        TIMESTAMP,
  units_sold    NUMBER,
  CONSTRAINT sales_history_pk PRIMARY KEY (id)
);

ALTER SESSION SET nls_timestamp_format = 'DD-MON-YYYY';

INSERT INTO sales_history VALUES ( 1, 'TWINKIES', '01-OCT-2014', 17);
INSERT INTO sales_history VALUES ( 2, 'TWINKIES', '02-OCT-2014', 19);
INSERT INTO sales_history VALUES ( 3, 'TWINKIES', '03-OCT-2014', 23);
INSERT INTO sales_history VALUES ( 4, 'TWINKIES', '04-OCT-2014', 23);
INSERT INTO sales_history VALUES ( 5, 'TWINKIES', '05-OCT-2014', 16);
INSERT INTO sales_history VALUES ( 6, 'TWINKIES', '06-OCT-2014', 10);
INSERT INTO sales_history VALUES ( 7, 'TWINKIES', '07-OCT-2014', 14);
INSERT INTO sales_history VALUES ( 8, 'TWINKIES', '08-OCT-2014', 16);
INSERT INTO sales_history VALUES ( 9, 'TWINKIES', '09-OCT-2014', 15);
INSERT INTO sales_history VALUES (10, 'TWINKIES', '10-OCT-2014', 17);
INSERT INTO sales_history VALUES (11, 'TWINKIES', '11-OCT-2014', 23);
INSERT INTO sales_history VALUES (12, 'TWINKIES', '12-OCT-2014', 30);
INSERT INTO sales_history VALUES (13, 'TWINKIES', '13-OCT-2014', 31);
INSERT INTO sales_history VALUES (14, 'TWINKIES', '14-OCT-2014', 29);
INSERT INTO sales_history VALUES (15, 'TWINKIES', '15-OCT-2014', 25);
INSERT INTO sales_history VALUES (16, 'TWINKIES', '16-OCT-2014', 21);
INSERT INTO sales_history VALUES (17, 'TWINKIES', '17-OCT-2014', 35);
INSERT INTO sales_history VALUES (18, 'TWINKIES', '18-OCT-2014', 46);
INSERT INTO sales_history VALUES (19, 'TWINKIES', '19-OCT-2014', 45);
INSERT INTO sales_history VALUES (20, 'TWINKIES', '20-OCT-2014', 30);
COMMIT;

sales_historyの確認

コード表示

ALTER SESSION SET nls_timestamp_format = 'DD-MON-YYYY';

SET PAGESIZE 50
COLUMN product    FORMAT A10
COLUMN tstamp     FORMAT A11
COLUMN graph      FORMAT A50

SELECT id,
       product,
       tstamp,
       units_sold,
       RPAD('#', units_sold, '#') AS graph
FROM   sales_history
ORDER BY id;
コード表示

           ID PRODUCT    TSTAMP         UNITS_SOLD GRAPH
------------- ---------- ----------- ------------- --------------------------------------------------
            1 TWINKIES   01-OCT-2014            17 #################
            2 TWINKIES   02-OCT-2014            19 ###################
            3 TWINKIES   03-OCT-2014            23 #######################
            4 TWINKIES   04-OCT-2014            23 #######################
            5 TWINKIES   05-OCT-2014            16 ################
            6 TWINKIES   06-OCT-2014            10 ##########
            7 TWINKIES   07-OCT-2014            14 ##############
            8 TWINKIES   08-OCT-2014            16 ################
            9 TWINKIES   09-OCT-2014            15 ###############
           10 TWINKIES   10-OCT-2014            17 #################
           11 TWINKIES   11-OCT-2014            23 #######################
           12 TWINKIES   12-OCT-2014            30 ##############################
           13 TWINKIES   13-OCT-2014            31 ###############################
           14 TWINKIES   14-OCT-2014            29 #############################
           15 TWINKIES   15-OCT-2014            25 #########################
           16 TWINKIES   16-OCT-2014            21 #####################
           17 TWINKIES   17-OCT-2014            35 ###################################
           18 TWINKIES   18-OCT-2014            46 ##############################################
           19 TWINKIES   19-OCT-2014            45 #############################################
           20 TWINKIES   20-OCT-2014            30 ##############################

20 rows selected.

Elapsed: 00:00:00.02

拝借したsqlをそのまま実行

コード表示

SET LINESIZE 110
ALTER SESSION SET nls_timestamp_format = 'DD-MON-YYYY';

COLUMN start_tstamp FORMAT A11
COLUMN peak_tstamp  FORMAT A11
COLUMN end_tstamp   FORMAT A11
COLUMN cls          FORMAT A5
COLUMN units_sold FORMAT 9999
set linesize 200

SELECT *
FROM   sales_history MATCH_RECOGNIZE (
         PARTITION BY product
         ORDER BY tstamp
         MEASURES  STRT.tstamp AS start_tstamp,
                   FINAL LAST(UP.tstamp) AS peak_tstamp,
                   FINAL LAST(DOWN.tstamp) AS end_tstamp,
                   MATCH_NUMBER() AS mno,
                   CLASSIFIER() AS cls
         ALL ROWS PER MATCH
         AFTER MATCH SKIP TO LAST DOWN
         PATTERN (STRT UP+ FLAT* DOWN+)
         DEFINE
           UP AS UP.units_sold > PREV(UP.units_sold),
           DOWN AS DOWN.units_sold < PREV(DOWN.units_sold),
           FLAT AS FLAT.units_sold = PREV(FLAT.units_sold)
       ) MR
ORDER BY MR.product, MR.mno, MR.tstamp;

FINAL LAST(pattern.col_name)は定義したパタンが最後に現れたcol_name値を返却する。パタンマッチした範囲(フレーム)の中で一番大きい値かな。

STRTはパタン変数の定義のみにとどまっているが、これはパタンマッチの開始点として定義している。開始点はのこりのパタン定義より判断できるからだとおもう。

MATCH_NUMBER()に関してはパタンマッチした範囲における通番を返却。どの範囲ないし期間かを判別できる番号を返却。

pattern句に定義した順にパタンマッチをしていくので、定義する順番を変えてしまうと、異なる結果が得られる。パタンを単純に定義するだけでなく、パタンマッチしていく順番も考慮に入れる必要がある。

CLASSIFIER()に関してはパタンマッチした範囲において当該レコードがどのパタンに属しているのかを判別できる値を返却してくれる。

pattern句に定義した最後のパタンを見つけるまで、走査し、今回の例だとDOWN。発見した次のパタンはSTRT。そこでまたDOWNパタンが見つかるまで走査。多分その繰り返し。パタンを定義する際には最初と最後のパタンをまず決めて、そのパタン走査の中で、起こりうるパタンを定義していくイメージが書きやすそう。

AFTER MATCH SKIP TO LAST パタン変数に関してはパタンマッチした範囲において最後に現れたパタン変数はそのパタンとしては認識せず、次のパタンとして認識するように明示的指定できるもの。今回のAFTER MATCH SKIP TO LAST DOWNに関していえばパタンマッチした範囲の中で、最後に現れたDOWNパタンはスキップし、STRTパタンとしてパタンマッチするように促すことができる。2つのパタン定義を満たす1点が存在するときに、そのどちらのパタンを優先させてやるかを指定できる。id列にその観点が表現されている。

PER MATCHで出力する行をサマリ行か明細行も含めたすべてかを指定することができる。以下の資料が参考になる。

AFTER MATCH SKIP: Defining Where to Restart the Matching Process After a Match Is Found  
Tasks and Keywords in Pattern Matching PER MATCH: Choosing Summaries or Details for Each Match

パーティション違いでも効くか試してみる

コード表示

insert into sales_history select max(id) over () + rownum as ID, 'kiwiiiii' as PRODUCT, TSTAMP, UNITS_SOLD from sales_history;
commit;

SET LINESIZE 110
ALTER SESSION SET nls_timestamp_format = 'DD-MON-YYYY';

COLUMN start_tstamp FORMAT A11
COLUMN peak_tstamp  FORMAT A11
COLUMN end_tstamp   FORMAT A11
COLUMN cls          FORMAT A5
COLUMN units_sold FORMAT 9999
set linesize 200

SELECT *
FROM   sales_history MATCH_RECOGNIZE (
         PARTITION BY product
         ORDER BY tstamp
         MEASURES  STRT.tstamp AS start_tstamp,
                   FINAL LAST(UP.tstamp) AS peak_tstamp,
                   FINAL LAST(DOWN.tstamp) AS end_tstamp,
                   MATCH_NUMBER() AS mno,
                   CLASSIFIER() AS cls
         ALL ROWS PER MATCH
         AFTER MATCH SKIP TO LAST DOWN
         PATTERN (STRT UP+ FLAT* DOWN+)
         DEFINE
           UP AS UP.units_sold > PREV(UP.units_sold),
           DOWN AS DOWN.units_sold < PREV(DOWN.units_sold),
           FLAT AS FLAT.units_sold = PREV(FLAT.units_sold)
       ) MR
ORDER BY MR.product, MR.mno, MR.tstamp;

パーティションごとにパタンマッチされている

パタン句の順番を変えてみる

STRT→DOWN→FLAT→UP→STRTの順に。

コード表示

SET LINESIZE 110
ALTER SESSION SET nls_timestamp_format = 'DD-MON-YYYY';

COLUMN start_tstamp FORMAT A11
COLUMN peak_tstamp  FORMAT A11
COLUMN end_tstamp   FORMAT A11
COLUMN cls          FORMAT A5
COLUMN units_sold FORMAT 9999
set linesize 200

SELECT *
FROM   sales_history MATCH_RECOGNIZE (
         PARTITION BY product
         ORDER BY tstamp
         MEASURES  STRT.tstamp AS start_tstamp,
                   FINAL LAST(UP.tstamp) AS peak_tstamp,
                   FINAL LAST(DOWN.tstamp) AS end_tstamp,
                   MATCH_NUMBER() AS mno,
                   CLASSIFIER() AS cls
         ALL ROWS PER MATCH
         AFTER MATCH SKIP TO LAST UP
         PATTERN (STRT DOWN+ FLAT* UP+)
         DEFINE
           UP AS UP.units_sold > PREV(UP.units_sold),
           DOWN AS DOWN.units_sold < PREV(DOWN.units_sold),
           FLAT AS FLAT.units_sold = PREV(FLAT.units_sold)
       ) MR
ORDER BY MR.product, MR.mno, MR.tstamp;

FLATのパタンマッチが見えなくなった。日付をまたいで同じUNITS_SOLDがなくなったから。

LAST()をFIRST()に変えてみる

コード表示

SET LINESIZE 110
ALTER SESSION SET nls_timestamp_format = 'DD-MON-YYYY';

COLUMN start_tstamp FORMAT A11
COLUMN peak_tstamp  FORMAT A11
COLUMN end_tstamp   FORMAT A11
COLUMN cls          FORMAT A5
COLUMN units_sold FORMAT 9999
set linesize 200

SELECT *
FROM   sales_history MATCH_RECOGNIZE (
         PARTITION BY product
         ORDER BY tstamp
         MEASURES  STRT.tstamp AS start_tstamp,
                   FINAL FIRST(UP.tstamp) AS peak_tstamp,
                   FINAL FIRST(DOWN.tstamp) AS end_tstamp,
                   MATCH_NUMBER() AS mno,
                   CLASSIFIER() AS cls
         ALL ROWS PER MATCH
         AFTER MATCH SKIP TO LAST UP
         PATTERN (STRT DOWN+ FLAT* UP+)
         DEFINE
           UP AS UP.units_sold > PREV(UP.units_sold),
           DOWN AS DOWN.units_sold < PREV(DOWN.units_sold),
           FLAT AS FLAT.units_sold = PREV(FLAT.units_sold)
       ) MR
ORDER BY MR.product, MR.mno, MR.tstamp;

パタンマッチした範囲でUPパタン、DOWNパタンが最初に現れた日付を返却している。

FINALをとってみる

コード表示

SET LINESIZE 110
ALTER SESSION SET nls_timestamp_format = 'DD-MON-YYYY';

COLUMN start_tstamp FORMAT A11
COLUMN peak_tstamp  FORMAT A11
COLUMN end_tstamp   FORMAT A11
COLUMN cls          FORMAT A5
COLUMN units_sold FORMAT 9999
set linesize 200

SELECT *
FROM   sales_history MATCH_RECOGNIZE (
         PARTITION BY product
         ORDER BY tstamp
         MEASURES  STRT.tstamp AS start_tstamp,
                   FIRST(UP.tstamp) AS peak_tstamp,
                   FINAL FIRST(DOWN.tstamp) AS end_tstamp,
                   MATCH_NUMBER() AS mno,
                   CLASSIFIER() AS cls
         ALL ROWS PER MATCH
         AFTER MATCH SKIP TO LAST UP
         PATTERN (STRT DOWN+ FLAT* UP+)
         DEFINE
           UP AS UP.units_sold > PREV(UP.units_sold),
           DOWN AS DOWN.units_sold < PREV(DOWN.units_sold),
           FLAT AS FLAT.units_sold = PREV(FLAT.units_sold)
       ) MR
ORDER BY MR.product, MR.mno, MR.tstamp;

FINALがついていない列にnullが現れた。パタンマッチした範囲を最初に枠決めすると思われる。その範囲においてカレント行がUPパタンなのか、DOWNパタンなのかをしていくと思うので、まだ検知されていないから、返却する値が分からず、NULLが現れた。

measures句に集計関数をいれてみる

measures句は対象テーブルのカラムに加えて、確認したい列を定義したパタンを使って独自に指定できる。pattern句には正規表現が使える。

コード表示

SET LINESIZE 110
ALTER SESSION SET nls_timestamp_format = 'DD-MON-YYYY';

COLUMN start_tstamp FORMAT A11
COLUMN peak_tstamp  FORMAT A11
COLUMN end_tstamp   FORMAT A11
COLUMN cls          FORMAT A5
COLUMN units_sold FORMAT 9999
set linesize 200

SELECT *
FROM   sales_history MATCH_RECOGNIZE (
         PARTITION BY product
         ORDER BY tstamp
         MEASURES  STRT.tstamp AS start_tstamp,
                   FINAL LAST(UP.tstamp) AS peak_tstamp,
                   FINAL LAST(DOWN.tstamp) AS end_tstamp,
                   FINAL count(UP.tstamp) AS up_cnt,
                   FINAL count(FLAT.tstamp) AS flat_cnt,
                   FINAL count(DOWN.tstamp) AS down_cnt,
                   RUNNING count(tstamp) AS runnig_cnt,
                   FINAL count(tstamp) AS summury_cnt,
                   units_sold - STRT.units_sold AS diff,
                   MATCH_NUMBER() AS mno,
                   CLASSIFIER() AS cls
         ALL ROWS PER MATCH
         AFTER MATCH SKIP TO LAST DOWN
         PATTERN (STRT UP+ FLAT* DOWN+ )
         DEFINE
           UP AS UP.units_sold > PREV(UP.units_sold),
           DOWN AS DOWN.units_sold < PREV(DOWN.units_sold),
           FLAT AS FLAT.units_sold = PREV(FLAT.units_sold)
       ) MR
ORDER BY MR.product, MR.mno, MR.tstamp;

runningキーワードはパタンマッチした範囲で通番を振ってくれる。集計関数はパタンマッチした範囲の中で、適用される。

ここで、ちょっとグラフ化してみる

対象データはこれにした。

コード表示

insert into sales_history select max(id) over () + rownum as ID, 'kiwiiiii' as PRODUCT, TSTAMP, UNITS_SOLD - 10 as UNITS_SOLD from sales_history;
commit;

エクセルに食わせるデータはこのsqlで生成

コード表示

ALTER SESSION SET nls_timestamp_format = 'YYYYMMDD';

WITH tbl_head AS (
SELECT
	tstamp
	,MIN(twinkies) AS twinkies
	,MIN(kiwiiiii) AS kiwiiiii
FROM
	sales_history
	PIVOT(MIN(units_sold) FOR product IN ('TWINKIES' AS twinkies,'kiwiiiii' AS kiwiiiii))
GROUP BY
	tstamp
ORDER BY
	tstamp
),tbl_side AS (
SELECT
	to_char(dtt,'yyyymmdd') AS dt
FROM
	dual
MODEL
	DIMENSION BY ( 1 AS rn )
	MEASURES ( TO_DATE('20141031') AS dtt )
	RULES ITERATE(31)
	( dtt[iteration_number] = TO_DATE('20141031') - iteration_number )
)
SELECT
	nvl(tstamp,dt) AS tstamp
	,twinkies
	, kiwiiiii
FROM
	tbl_side s1
		LEFT OUTER JOIN tbl_head s2
	ON
		s1.dt = s2.tstamp
ORDER BY
	s1.dt
;

パタン句にパタンを追加してみる

STRT→DOWN+→FLAT*→UP+→DOWN+→FLAT*→UP+。W型パタンあるか。FLATはあれば検知する。

コード表示

SET LINESIZE 110
ALTER SESSION SET nls_timestamp_format = 'DD-MON-YYYY';

COLUMN start_tstamp FORMAT A11
COLUMN peak_tstamp  FORMAT A11
COLUMN end_tstamp   FORMAT A11
COLUMN cls          FORMAT A5
COLUMN units_sold FORMAT 9999
set linesize 200

SELECT *
FROM   sales_history MATCH_RECOGNIZE (
         PARTITION BY product
         ORDER BY tstamp
         MEASURES  STRT.tstamp AS start_tstamp,
                   LAST(DOWN.tstamp) AS cur_bottom_tstamp,
                   FINAL LAST(DOWN.tstamp) AS bottom_tstamp,
                   LAST(UP.tstamp) AS cur_peak_tstamp,
                   FINAL LAST(UP.tstamp) AS peak_tstamp,
                   MATCH_NUMBER() AS mno,
                   CLASSIFIER() AS cls
         ALL ROWS PER MATCH
         AFTER MATCH SKIP TO LAST UP
         PATTERN (STRT DOWN+ FLAT* UP+ DOWN+ FLAT* UP+)
         DEFINE
           UP AS UP.units_sold > PREV(UP.units_sold),
           DOWN AS DOWN.units_sold < PREV(DOWN.units_sold),
           FLAT AS FLAT.units_sold = PREV(FLAT.units_sold)
       ) MR
ORDER BY MR.product, MR.mno, MR.tstamp;

セッションナイズはじめてみる

セッショナイズの定義はいろいろあるみたいだけど、今回は同一のユーザーの連続するアクセスで、アクセス間隔が3秒未満である一連のアクセスを一つのセッションとしてみる。

コード表示

COL NAME FOR a40;
COL VALUE FOR a100;

SELECT NAME, VALUE FROM v$parameter WHERE NAME LIKE '%' || 'timestamp' ||'%';

ALTER SESSION SET nls_timestamp_tz_format = 'YYYY-MM-DD HH24:MI:SS';

DROP TABLE test______ PURGE;

CREATE TABLE test______ AS 
WITH sub AS (
SELECT
	*
FROM
	dual
MODEL
	DIMENSION BY ( 1 AS rn )
	MEASURES ( current_timestamp AS tp )
	RULES ITERATE(30)
	( tp[iteration_number] = current_timestamp - iteration_number/86400 )
ORDER BY
	dbms_random.random()
)
SELECT
	rpad('user0',6,decode(MOD(ROWNUM,6),0,6,MOD(ROWNUM,6))) AS user_id
	,rpad('item',6,CHR(64 + decode(MOD(ROWNUM,4),0,4,MOD(ROWNUM,4)))) AS item
	,TRUNC(ABS(dbms_random.VALUE(1,10)),0) AS qty
	,tp
FROM
	sub
ORDER BY
	1,4
;

SELECT * FROM test______ ORDER BY user_id,tp;

コード表示

[oracle@f285aba0589a ~]$ sqlplus aine/ORACLE_PWD@pdb1

SQL*Plus: Release 18.0.0.0.0 - Production on Fri Feb 22 23:38:47 2019
Version 18.3.0.0.0

Copyright (c) 1982, 2018, Oracle.  All rights reserved.

Last Successful login time: Fri Feb 22 2019 23:35:40 +09:00

Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0

AINE@pdb1> col name for a40;
AINE@pdb1> col value for a100;
AINE@pdb1>
AINE@pdb1> SELECT NAME, VALUE FROM v$parameter WHERE NAME LIKE '%' || 'timestamp' ||'%';

NAME                                     VALUE
---------------------------------------- ----------------------------------------------------------------------------------------------------
uniform_log_timestamp_format             TRUE
nls_timestamp_format
nls_timestamp_tz_format

3 rows selected.

Elapsed: 00:00:00.01
AINE@pdb1> ALTER SESSION SET nls_timestamp_tz_format = 'YYYY-MM-DD HH24:MI:SS';

Session altered.

Elapsed: 00:00:00.00
AINE@pdb1> SELECT NAME, VALUE FROM v$parameter WHERE NAME LIKE '%' || 'timestamp' ||'%';

NAME                                     VALUE
---------------------------------------- ----------------------------------------------------------------------------------------------------
uniform_log_timestamp_format             TRUE
nls_timestamp_format
nls_timestamp_tz_format                  YYYY-MM-DD HH24:MI:SS

3 rows selected.

Elapsed: 00:00:00.01
AINE@pdb1>

サマリ行だけ出力するようにしてみる

コード表示

SELECT
	*
FROM
	test______ MATCH_RECOGNIZE(
		PARTITION BY user_id
		ORDER BY tp
		MEASURES
			match_number() as session_id
			,CLASSIFIER() AS cls
			,COUNT(*) as evt_cnt
			,FIRST(strt.tp) as start_time
			,LAST(dur.tp) as end_time
			,LAST(dur.tp) - FIRST(strt.tp) as session_duration
   ONE ROW PER MATCH
--   ALL ROWS PER MATCH
   PATTERN (strt dur+)
   DEFINE
       dur as (tp - prev(tp) <= INTERVAL '3' SECOND )
 );

明細行も出力するようにしてみる

コード表示

SELECT
	*
FROM
	test______ MATCH_RECOGNIZE(
		PARTITION BY user_id
		ORDER BY tp
		MEASURES
			match_number() as session_id
			,CLASSIFIER() AS cls
			,COUNT(*) as evt_cnt
			,FIRST(strt.tp) as start_time
			,LAST(dur.tp) as end_time
			,LAST(dur.tp) - FIRST(strt.tp) as session_duration
--   ONE ROW PER MATCH
   ALL ROWS PER MATCH
   PATTERN (strt dur+)
   DEFINE
       dur as (tp - prev(tp) <= INTERVAL '3' SECOND )
 );

コード表示

USER_ID                  ITEM                               QTY TP
------------------------ ------------------------ ------------- ---------------------------------------------------------------------------
user01                   itemCC                               9 2019-02-23 01:14:09←★開始行
user01                   itemAA                               9 2019-02-23 01:14:18←★一行前と比べて3秒以内のアクセスではないため、開始行
user01                   itemAA                               6 2019-02-23 01:14:19←★一行前と比べて3秒以内のアクセスであるため、連続行
user01                   itemAA                               4 2019-02-23 01:14:24←★一行前と比べて3秒以内のアクセスではないため、開始行
user01                   itemCC                               6 2019-02-23 01:14:32←★一行前と比べて3秒以内のアクセスではないため、開始行

コード表示

USER_ID                  ITEM                               QTY TP
------------------------ ------------------------ ------------- ---------------------------------------------------------------------------
user04                   itemBB                               4 2019-02-23 01:14:13←★開始行
user04                   itemDD                               4 2019-02-23 01:14:14←★一行前と比べて3秒以内のアクセスであるため、連続行
user04                   itemBB                               2 2019-02-23 01:14:20←★一行前と比べて3秒以内のアクセスではないため、開始行
user04                   itemDD                               7 2019-02-23 01:14:28←★一行前と比べて3秒以内のアクセスではないため、開始行
user04                   itemDD                               7 2019-02-23 01:14:29←★一行前と比べて3秒以内のアクセスであるため、連続行

partition by で区切ったあと、order byで並べて、パタンマッチを先頭行から開始する。COUNT(*)の振る舞いとしてはパタンマッチした範囲で通番を振ってくれる。ここからデフォルトはrunningキーワードをつけたときと同じことがわかる。今回の場合はPATTERN (strt dur+)を1パタンとして認識した場合のこと。パタンごとの回数をみたいときはパタン変数.カラム名を引数に指定して挙動を調べる。

コード表示

SELECT
	*
FROM
	test______ MATCH_RECOGNIZE(
		PARTITION BY user_id
		ORDER BY tp
		MEASURES
			match_number() as session_id
			,CLASSIFIER() AS cls
			,COUNT(*) as evt_cnt
			,COUNT(strt.tp) as evt__cnt
			,COUNT(dur.tp) as evt___cnt
			,FIRST(strt.tp) as start_time
			,LAST(dur.tp) as end_time
			,LAST(dur.tp) - FIRST(strt.tp) as session_duration
   ONE ROW PER MATCH
--   ALL ROWS PER MATCH
   PATTERN (strt dur+)
   DEFINE
       dur as (tp - prev(tp) <= INTERVAL '3' SECOND )
 );

コード表示

SELECT
	*
FROM
	test______ MATCH_RECOGNIZE(
		PARTITION BY user_id
		ORDER BY tp
		MEASURES
			match_number() as session_id
			,CLASSIFIER() AS cls
			,COUNT(*) as evt_cnt
			,COUNT(strt.tp) as evt__cnt
			,COUNT(dur.tp) as evt___cnt
			,FIRST(strt.tp) as start_time
			,LAST(dur.tp) as end_time
			,LAST(dur.tp) - FIRST(strt.tp) as session_duration
--   ONE ROW PER MATCH
   ALL ROWS PER MATCH
   PATTERN (strt dur+)
   DEFINE
       dur as (tp - prev(tp) <= INTERVAL '3' SECOND )
 );

分析関数でも少し掘り下げてみる。cum列の値が連続している行がONE ROW PER MATCHで出力されている行。開始時刻と終了時刻は連続行をサマレば、出力できる。

コード表示

with tmp as (
select
	s1.*
	,case
		when s1.tp - lag(s1.tp) over (partition by user_id order by s1.tp) <= interval '3' second then 0
		else 1
	end as session_start_flg
from
	TEST______ s1
)
select
	s1.*
	,sum(s1.session_start_flg) over (partition by user_id order by tp rows between unbounded preceding and current row) as cum
from
	tmp s1
;

セッションをグラフ化してみる

以下のsqlでEXCELに食わせるデータを作成。nls_timestamp_tz_format型を使っていると、インクリうまくいかなくてあーだーこーだなったので、sysdateでうまくいったやつをあとでのせた。こいつは汎用性ナイ。nls_date_formatのほうがいいね。これはたまたまうまくいった。

コード表示

WITH cal AS (
	SELECT
		tp
	FROM
		test______
),tmp AS (
	SELECT
		s1.*
		,s0.*
	FROM
		cal s1
		LEFT OUTER JOIN 
		test______ MATCH_RECOGNIZE(
			PARTITION BY user_id
			ORDER BY tp
			MEASURES
				match_number() AS session_id
				,classifier() AS cls
				,COUNT(*) AS evt_cnt
				,COUNT(strt.tp) AS evt__cnt
				,COUNT(dur.tp) AS evt___cnt
				,FIRST(strt.tp) AS start_time
				,LAST(dur.tp) AS end_time
				,LAST(dur.tp) - FIRST(strt.tp) AS session_duration
	   ONE ROW PER MATCH
	--   ALL ROWS PER MATCH
	   PATTERN (strt dur+)
	   DEFINE
		   dur AS (tp - prev(tp) <= INTERVAL '3' SECOND )
	)s0 
		ON
			s1.tp BETWEEN s0.start_time AND s0.end_time
)
SELECT
	s1.tp
	, nvl(s1.user01,0) AS user01
	, nvl(s1.user02,0) AS user02
	, nvl(s1.user03,0) AS user03
	, nvl(s1.user04,0) AS user04
	, nvl(s1.user05,0) AS user05
	, nvl(s1.user06,0) AS user06
FROM
	tmp s0
	PIVOT(MIN(s0.evt__cnt) FOR user_id IN ('user01' AS user01,'user02' AS user02,'user03' AS user03,'user04' AS user04,'user05' AS user05,'user06' AS user06)) s1
;

取得できたデータ

グラフにした。本当はパルスで書きたいけど、いろいろねばってもメンテめんどくさすぎて妥協。。簡単にできるやつないかな。エクセルで。時間幅細かくするにもデータ増幅複写しないと実現できないからぜんぜんハンディじゃない。手軽さがほしい。まあ、雰囲気わかるからいっか。いったん。

セッションに対してパタンマッチしてみる

URLへのアクセスをシグネチャに置き換えることでパタンマッチしやすくする。マスタデータみたいなものを用意しておく。

コード表示

DROP TABLE url_sig PURGE;
CREATE TABLE url_sig AS
WITH URL AS (
SELECT
	'/' AS req_path
	,'T' AS sig
	,'top page' AS desp
FROM
	dual
UNION ALL
SELECT
	'search' AS req_path
	,'S' AS sig
	,'item search' AS desp
FROM
	dual
UNION ALL
SELECT
	'items' AS req_path
	,'L' AS sig
	,'item list' AS desp
FROM
	dual
UNION ALL
SELECT
	'items/detail' AS req_path
	,'ID' AS sig
	,'item detail' AS desp
FROM
	dual
UNION ALL
SELECT
	'cart' AS req_path
	,'C' AS sig
	,'cart list' AS desp
FROM
	dual
UNION ALL
SELECT
	'cart/add' AS req_path
	,'CA' AS sig
	,'add item into cart' AS desp
FROM
	dual
UNION ALL
SELECT
	'cart/remove' AS req_path
	,'CR' AS sig
	,'remove item from cart' AS desp
FROM
	dual
UNION ALL
SELECT
	'cart/chkout' AS req_path
	,'CO' AS sig
	,'checkout' AS desp
FROM
	dual
)
SELECT
	*
FROM
	URL
;
コード表示

AINE@pdb1> select * from url_sig;

REQ_PATH      SI DESP
------------- -- ---------------------
/             T  top page
/search       S  item search
/items        L  item list
/items/detail ID item detail
/cart         C  cart list
/cart/add     CA add item into cart
/cart/remove  CR remove item from cart
/cart/chkout  CO checkout

8 rows selected.

Elapsed: 00:00:00.02

セッションに対してパタンマッチしてみるためのトランデータつくる

以下のSQLで生成。

コード表示

DROP TABLE test_________ PURGE;

CREATE TABLE test_________ AS 
WITH sub AS (
SELECT
	rownum as rn
	,tp
FROM(
	SELECT
		DISTINCT tp
	FROM
		dual
	MODEL
		DIMENSION BY ( 1 AS rn )
		MEASURES ( sysdate AS tp )
		RULES ITERATE(100)
		( tp[iteration_number] = sysdate - TRUNC(ABS(dbms_random.VALUE(1, 100)), 0)/86400 )
	)tmp
	WHERE
		ROWNUM <= 30
)
SELECT
	rpad('user0',6,decode(MOD(ROWNUM,6),0,6,MOD(ROWNUM,6))) AS user_id
	,s1.tp
	,s2.req_path
FROM
	sub s1
		inner join (SELECT ROWNUM AS rn ,s1.req_path FROM url_sig s1 ORDER BY dbms_random.random()) s2
			on
				decode(mod(s1.rn,8),0,8,mod(s1.rn,8)) = s2.rn
ORDER BY
	1,2
;

SELECT * FROM test_________ ORDER BY user_id,tp;
コード表示

[oracle@f285aba0589a ~]$ sqlplus aine/ORACLE_PWD@pdb1

SQL*Plus: Release 18.0.0.0.0 - Production on Sat Feb 23 20:42:04 2019
Version 18.3.0.0.0

Copyright (c) 1982, 2018, Oracle.  All rights reserved.

Last Successful login time: Sat Feb 23 2019 19:43:30 +09:00

Connected to:
Oracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production
Version 18.3.0.0.0

AINE@pdb1> ALTER SESSION SET nls_timestamp_tz_format = 'YYYY-MM-DD HH24:MI:SS';

Session altered.

Elapsed: 00:00:00.00
AINE@pdb1> SELECT * FROM test_________ ORDER BY user_id,tp;

USER_ID                  TP                                                                          REQ_PATH
------------------------ --------------------------------------------------------------------------- -------------
user01                   2019-02-23 20:39:50                                                         /
user01                   2019-02-23 20:39:52                                                         /items
user01                   2019-02-23 20:39:58                                                         /cart/remove
user01                   2019-02-23 20:40:22                                                         /cart
user01                   2019-02-23 20:40:27                                                         /cart/add
user02                   2019-02-23 20:40:04                                                         /
user02                   2019-02-23 20:40:07                                                         /items
user02                   2019-02-23 20:40:15                                                         /cart/remove
user02                   2019-02-23 20:40:36                                                         /cart
user02                   2019-02-23 20:40:37                                                         /cart/add
user03                   2019-02-23 20:39:51                                                         /search
user03                   2019-02-23 20:39:54                                                         /items/detail
user03                   2019-02-23 20:40:17                                                         /
user03                   2019-02-23 20:40:20                                                         /items
user03                   2019-02-23 20:40:28                                                         /cart/remove
user04                   2019-02-23 20:40:00                                                         /cart/chkout
user04                   2019-02-23 20:40:06                                                         /search
user04                   2019-02-23 20:40:08                                                         /items/detail
user04                   2019-02-23 20:40:32                                                         /
user04                   2019-02-23 20:40:34                                                         /items
user05                   2019-02-23 20:39:55                                                         /cart
user05                   2019-02-23 20:39:57                                                         /cart/add
user05                   2019-02-23 20:40:16                                                         /cart/chkout
user05                   2019-02-23 20:40:18                                                         /search
user05                   2019-02-23 20:40:21                                                         /items/detail
user06                   2019-02-23 20:40:09                                                         /cart
user06                   2019-02-23 20:40:11                                                         /cart/add
user06                   2019-02-23 20:40:29                                                         /cart/chkout
user06                   2019-02-23 20:40:33                                                         /search
user06                   2019-02-23 20:40:35                                                         /items/detail

30 rows selected.

Elapsed: 00:00:00.00

サマリ行出力してみる

コード表示

alter session set nls_date_format='YYYY/MM/DD HH24:MI:SS';
SELECT
	*
FROM
	test_________ MATCH_RECOGNIZE (
		PARTITION BY user_id
		ORDER BY tp
		MEASURES
			match_number() AS session_id
		, classifier() AS cls
		, COUNT(*) AS evt_cnt
		, COUNT(strt.tp) AS evt__cnt
		, COUNT(dur.tp) AS evt___cnt
		, FIRST(strt.tp) AS start_time
		, LAST(dur.tp) AS end_time
		, round( (LAST(dur.tp) - FIRST(strt.tp) ) * 24 * 60 * 60, 0) AS session_duration
		ONE ROW PER MATCH
	--   ALL ROWS PER MATCH
	PATTERN ( strt dur +) DEFINE
		dur AS ( round( (tp - prev(tp) ) * 24 * 60 * 60, 0) <= 3 )
	);

グラフ化してみる

以下のSQLで生成。

コード表示

alter session set nls_date_format='YYYY/MM/DD HH24:MI:SS';
WITH cal AS (
		SELECT
			 A.date_from + (ROWNUM - 1)/86400 AS tp
		FROM
			(
				SELECT
					MIN(tp) AS date_from
					,MAX(tp) AS date_to
					,round((MAX(tp) - MIN(tp))*24*60*60,0) AS diff
				FROM
					test_________
			) A
		CONNECT BY
			LEVEL <= A.diff + 1
),tmp AS (
	SELECT
		s1.*
		,s0.*
	FROM
		cal s1
		LEFT OUTER JOIN 
		test_________ MATCH_RECOGNIZE(
			PARTITION BY user_id
			ORDER BY tp
			MEASURES
				match_number() AS session_id
				,classifier() AS cls
				,COUNT(*) AS evt_cnt
				,COUNT(strt.tp) AS evt__cnt
				,COUNT(dur.tp) AS evt___cnt
				,FIRST(strt.tp) AS start_time
				,LAST(dur.tp) AS end_time
				,round((LAST(dur.tp) - FIRST(strt.tp))*24*60*60,0) AS session_duration
	   ONE ROW PER MATCH
	--   ALL ROWS PER MATCH
	   PATTERN (strt dur+)
	   DEFINE
		   dur AS (round((tp - prev(tp))*24*60*60,0) <= 3)
	)s0 
		ON
			s1.tp BETWEEN s0.start_time AND s0.end_time
)
SELECT
	s1.tp
	, nvl(s1.user01,0) AS user01
	, nvl(s1.user02,0) AS user02
	, nvl(s1.user03,0) AS user03
	, nvl(s1.user04,0) AS user04
	, nvl(s1.user05,0) AS user05
	, nvl(s1.user06,0) AS user06
FROM
	tmp s0
	PIVOT(MIN(s0.evt__cnt) FOR user_id IN ('user01' AS user01,'user02' AS user02,'user03' AS user03,'user04' AS user04,'user05' AS user05,'user06' AS user06)) s1
ORDER BY
	s1.tp
;
コード表示

TP                         USER01        USER02        USER03        USER04        USER05        USER06
------------------- ------------- ------------- ------------- ------------- ------------- -------------
2019/02/23 21:14:58             0             0             1             0             0             0
2019/02/23 21:14:59             0             0             1             0             0             0
2019/02/23 21:15:00             0             0             0             0             0             0
2019/02/23 21:15:01             0             0             0             0             0             0
2019/02/23 21:15:02             0             0             0             0             0             0
2019/02/23 21:15:03             1             0             0             0             0             0
2019/02/23 21:15:04             1             0             0             0             0             0
2019/02/23 21:15:05             1             0             0             0             0             0
2019/02/23 21:15:06             0             0             0             0             0             0
2019/02/23 21:15:07             0             0             0             0             0             0
2019/02/23 21:15:08             0             0             0             0             0             0
2019/02/23 21:15:09             0             0             0             0             0             0
2019/02/23 21:15:10             0             0             0             1             0             0
2019/02/23 21:15:11             0             0             0             1             0             0
2019/02/23 21:15:12             0             0             0             1             0             0
2019/02/23 21:15:13             0             0             0             1             0             0
2019/02/23 21:15:14             0             0             0             0             0             0
2019/02/23 21:15:15             0             0             0             0             0             0
2019/02/23 21:15:16             0             0             0             0             0             0
2019/02/23 21:15:17             0             1             0             0             0             0
2019/02/23 21:15:18             0             1             0             0             0             0
2019/02/23 21:15:19             0             1             0             0             0             0
2019/02/23 21:15:20             0             0             0             0             0             0
2019/02/23 21:15:21             0             0             0             0             0             0
2019/02/23 21:15:22             0             0             0             0             1             0
2019/02/23 21:15:23             0             0             0             0             1             0
2019/02/23 21:15:24             0             0             0             0             0             0
2019/02/23 21:15:25             0             0             0             0             0             0
2019/02/23 21:15:26             0             0             0             0             0             0
2019/02/23 21:15:27             0             0             0             0             0             0
2019/02/23 21:15:28             0             0             1             0             0             0
2019/02/23 21:15:29             0             0             1             0             0             0
2019/02/23 21:15:30             0             0             1             0             0             0
2019/02/23 21:15:31             0             0             1             0             0             0
2019/02/23 21:15:32             0             0             0             0             0             0
2019/02/23 21:15:33             0             0             0             0             0             0
2019/02/23 21:15:34             0             0             0             0             0             1
2019/02/23 21:15:35             0             0             0             0             0             1
2019/02/23 21:15:36             0             0             0             0             0             0
2019/02/23 21:15:37             0             0             0             0             0             0
2019/02/23 21:15:38             0             0             0             0             0             0
2019/02/23 21:15:39             0             0             0             0             0             0
2019/02/23 21:15:40             0             0             0             0             0             0

43 rows selected.

Elapsed: 00:00:00.01

セッションアクセスパタンを検知してみる

コンバージョン率を求めるときに使える。

コンバージョン率(成約率、コンバージョンレート、CVRともいう)とは、Webサイトの目標に達した数を、目標に達する最初の段階に入った数で割った割合のこと。 インターネット広告やECサイトで、効率を計るために用いる。

コード表示

WITH tmp AS (
SELECT
	s1.user_id
	,s1.session_id
	,MIN(s1.tp) AS start_tp
	,MAX(s1.tp) AS end_tp
	,LISTAGG(s0.sig,'') WITHIN GROUP (ORDER BY s1.tp) AS sig
FROM
	test_________ s1
	MATCH_RECOGNIZE (
		PARTITION BY user_id
		ORDER BY tp
		MEASURES
			match_number() AS session_id
		, classifier() AS cls
		, COUNT(*) AS evt_cnt
		, COUNT(strt.tp) AS evt__cnt
		, COUNT(dur.tp) AS evt___cnt
		, FIRST(strt.tp) AS start_time
		, LAST(dur.tp) AS end_time
		, round( (LAST(dur.tp) - FIRST(strt.tp) ) * 24 * 60 * 60, 0) AS session_duration
--		ONE ROW PER MATCH
	   ALL ROWS PER MATCH
	PATTERN ( strt dur +) DEFINE
		dur AS ( round( (tp - prev(tp) ) * 24 * 60 * 60, 0) <= 3 )
	)s1
	INNER JOIN url_sig s0
		ON
			s1.req_path = s0.req_path
GROUP BY
	s1.user_id
	,s1.session_id
)
SELECT
	s0.*
	,SUM(CASE WHEN REGEXP_LIKE(s0.sig,'T+S+(CA)*(CO)*','i') THEN 1 ELSE 0 END) OVER (PARTITION BY s0.user_id,s0.session_id) AS flg
	,SUM(CASE WHEN REGEXP_LIKE(s0.sig,'T+S+(CA)*(CO)*','i') THEN 1 ELSE 0 END) OVER (PARTITION BY s0.user_id,s0.session_id)
	/ COUNT(*) OVER (PARTITION BY s0.user_id)
	AS cvr
FROM
	tmp s0
;

ことおわり

始める前より理解はすこし深まったとおもう。長くなったので、いったんここで区切る。