Docker1-容器内核-CSDN博客
1~2章节见Docker1
Docker2-容器应用工具及docker命令-CSDN博客
3章节见Docker2
4、docker
镜像 容器 仓库
镜像 模板 (静态表现形式) 镜像的分层 镜像联合系统
容器 可以运行的模板(动态表现形式)
仓库 docker公司自己提供的仓库是 register harbor仓库 -----VMware公司的 使用更广泛
容器镜像介绍
1:docker image
Docker 镜像是只读的容器模板,是Docker容器基础
为Docker容器提供了静态文件系统运行环境(rootfs)
是容器的静止状态
容器是镜像的运行状态
2:联合文件系统
1:联合文件系统定义
联合文件系统(union filesystem)
联合文件系统是实现联合挂载技术的文件系统
联合挂载技术可以实现在一个挂载点同时挂载多个文件系统,将挂载点的原目录与被挂载内容进行整合,使得最终可见的文件系统包含整合之后的各层文件和目录
2:图解
3:Docker Overlay2
容器文件系统有多种存储驱动实现方式:aufs(联合文件系统),devicemapper(物理设备的映射),
overlay,overlay2等,本次以overlay2为例进行说明。
概念
registry/repository: registry是repository的集合,repository是镜像的集合。
image:image 是存储镜像相关的元数据,包括镜像的架构,镜像默认配置信息,镜像的容器配置信息等等。它是“逻辑”上的概念,并无物理上的镜像文件与之对应。
layer:layer(镜像层) 组成了镜像,单个 layer 可以被多个镜像共享,
查看docker host 存储驱动方式
[root@centen7-10-hehe ~ 13:54:56]$ docker info | grep overlay
Storage Driver: overlay2
Network: bridge host ipvlan macvlan null overlay
images分层
[root@localhost ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
3da95a905ed5: Pull complete
037111f539a0: Pull complete
1e537b66692c: Pull complete
d3618cedc15e: Pull complete
63b1ad245775: Pull complete
40c013bb3d47: Pull complete
ec5daaed1d0a: Pull complete
Digest: sha256:f5c017fb33c6db484545793ffb67db51cdd7daebee472104612f73a85063f889
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
分为7层,首先查看nginx镜像
[root@centen7-10-hehe ~ 13:56:02]$ cd /var/lib/docker/image/overlay2
[root@centen7-10-hehe overlay2 13:57:54]$ ls
distribution imagedb layerdb repositories.json
/var/lib/docker/image/overlay2
/var/lib/docker/image/overlay2
/var/lib/docker/image/overlay2
这个目录是查找的入口,非常重要。它存储了镜像管理的元数据。
repositories.json 记录了 repo 与镜像 ID 的映射关系。
imagedb 记录了镜像架构,操作系统,构建镜像的容器 ID 和配置以及 rootfs 等信息。
layerdb 记录了每层镜像层的元数据。
通过短 ID 査找 repositories.json 文件,找到镜像 nginx 的长 ID,通过长ID 在 imagedb 中找到该镜像的元数据
查看docker images 短id 进行grep搜索
[root@centen7-10-hehe overlay2 14:00:41]$ docker images
[root@centen7-10-hehe overlay2 14:00:41]$ pwd
/var/lib/docker/image/overlay2
[root@centen7-10-hehe overlay2 14:35:57]$ cat repositories.json |grep 22bd15417453
{"Repositories":{"centos":{"centos:7":"sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9","centos@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4":"sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9"},"nginx":{"nginx:latest":"sha256:22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698","nginx@sha256:f5c017fb33c6db484545793ffb67db51cdd7daebee472104612f73a85063f889":"sha256:22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698"}}}
镜像分层id:22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698
这里仅保留我们想要的元数据 rootfs。在 rootfs 中看到layers 有7层,这7层即对应镜像的7层镜像层。
并且,自上而下分别映射到容器的底层到顶层。找到了镜像的7层,接下来的问题是每层的文件内容在哪
里呢?
layerdb 元数据会给我们想要的信息,通过底层 我们省到最底层镜像层的 cache_id,通过 cache_id
即可查找到镜像层的文件内容:
[root@centen7-10-hehe overlay2 14:36:08]$ cat /var/lib/docker/image/overlay2/imagedb/content/sha256/22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698
{"architecture":"amd64","config":{"ExposedPorts":{"80/tcp":{}},"Env":
......
"rootfs":{"type":"layers","diff_ids":["sha256:1bb35e8b4de116e84b2ccf614cce4e309b6043bf2cd35543d8394edeaeb587e3","sha256:cff9e7c67fbb49f4a3d39a66187b50cb525ac501d92b8a921b6877270b6f4ae5","sha256:c29414fee8ae39b813dd7a744a2acf3e6d755fc70b2ea2bff9b707171a9fd41b","sha256:05afaee498cfc72f71eb89da7586190efa6370883fbb51f1f8e1aab1942aa7a0","sha256:2649de4780441086779fb6d6f7645e257f90fb1729b0a36898b8b5faba0f7d86","sha256:215876b36153585516505977b46790e7f44f693f7473c1efaf8b2c7dac4f241a","sha256:f3cecf76da4f34560262476c610533206d0f8e3344f896cc2fb0e59efcc0516a"]}}
通过返回的rootfs 找到cache_id 分层缓存id 可以看到有7个sha256
[root@centen7-10-hehe overlay2 14:23:59]$ cat layerdb/sha256/1bb35e8b4de116e84b2ccf614cce4e309b6043bf2cd35543d8394edeaeb587e3/cache-id
cda809fd2369aae7c56517e4b60aae0360211978e5b03faffe2ca9e520e7c492
找到文件目录中对应的内容
[root@centen7-10-hehe overlay2 14:33:18]$ ls /var/lib/docker/overlay2/cda809fd2369aae7c56517e4b60aae0360211978e5b03faffe2ca9e520e7c492
committed diff link
[root@centen7-10-hehe overlay2 14:41:20]$ ls /var/lib/docker/overlay2/cda809fd2369aae7c56517e4b60aae0360211978e5b03faffe2ca9e520e7c492/diff/
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
上述实例中,镜像元数据的镜像层内容是分开存储的。通过cache-id,需要到/var/lib/docker/overlay2目录下查看镜像内容,它就存在diff目录中,其中link存储的是镜像层对应的短ID。
中间层
找到镜像层的最底层,接着查找镜像层的“中间层”。
因为 docker 引入了内容寻址机制,该机制会根据文件内容来索引镜像和镜像层。docker利用rootfs 中的 dif_id 计算出内容寻址的chainlD,通过 chainID 获取 layer 相关信息,最终索引到镜像层文件内容。
对于最底层镜像层其 diff_id即是 chainID,因此我们可以查找到它的文件内容。除最底层外,chainlD需通过公式
chainlD(n)=SHA256(chain(n-1) diffID(n))
计算得到,计算“中间层" chainID:
[root@centen7-10-hehe overlay2 14:41:37]$ cat /var/lib/docker/image/overlay2/imagedb/content/sha256/22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698
"rootfs":{"type":"layers","diff_ids":["sha256:1bb35e8b4de116e84b2ccf614cce4e309b6043bf2cd35543d8394edeaeb587e3","sha256:cff9e7c67fbb49f4a3d39a66187b50cb525ac501d92b8a921b6877270b6f4ae5","sha256:c29414fee8ae39b813dd7a744a2acf3e6d755fc70b2ea2bff9b707171a9fd41b","sha256:05afaee498cfc72f71eb89da7586190efa6370883fbb51f1f8e1aab1942aa7a0","sha256:2649de4780441086779fb6d6f7645e257f90fb1729b0a36898b8b5faba0f7d86","sha256:215876b36153585516505977b46790e7f44f693f7473c1efaf8b2c7dac4f241a","sha256:f3cecf76da4f34560262476c610533206d0f8e3344f896cc2fb0e59efcc0516a"]
中间层(取第2个):"sha256:cff9e7c67fbb49f4a3d39a66187b50cb525ac501d92b8a921b6877270b6f4ae5"
再结合底层"sha256:1bb35e8b4de116e84b2ccf614cce4e309b6043bf2cd35543d8394edeaeb587e3"得到chainID
[root@centen7-10-hehe overlay2 14:48:09]$ echo -n "sha256:1bb35e8b4de116e84b2ccf614cce4e309b6043bf2cd35543d8394edeaeb587e3 sha256:cff9e7c67fbb49f4a3d39a66187b50cb525ac501d92b8a921b6877270b6f4ae5" |sha256sum -
c48247a077eb9c2db74e784dce13198fac9ea62484b6073f1a553ab43feeb39b -
根据“中间层” chainID 查找文件内容:
[root@centen7-10-hehe overlay2 14:48:39]$ ls /var/lib/docker/image/overlay2/layerdb/sha256/
0a7841a283ece9e7e95603090fa7059e7850e1014b9c893d78a876ce1236efc8/
174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02/
1bb35e8b4de116e84b2ccf614cce4e309b6043bf2cd35543d8394edeaeb587e3/
32aca3b86eb2d4e257a2a132c0cbb9958aeba1cd85d25ee6a393fd08f6c2288f/
4ef9cda1abb71e48d04cc35b0aeec61e7409e2dcb71326373e07623dc8a9f07f/
7de008c056b4fc3bdd6011aaaf2c82c0f5e96faa9b5a038e9329662b4444dd5b/
bac9c7cf98543a3f0091df2dbca2cdf87a1cb80d6d4c623d6c059b658562937e/
c48247a077eb9c2db74e784dce13198fac9ea62484b6073f1a553ab43feeb39b/
[root@centen7-10-hehe overlay2 14:48:39]$ ls /var/lib/docker/image/overlay2/layerdb/sha256/c48247a077eb9c2db74e784dce13198fac9ea62484b6073f1a553ab43feeb39b/
cache-id diff parent size tar-split.json.gz
[root@centen7-10-hehe overlay2 14:50:54]$ cat /var/lib/docker/image/overlay2/layerdb/sha256/c48247a077eb9c2db74e784dce13198fac9ea62484b6073f1a553ab43feeb39b/cache-id
7edba14a9c84c1fe468f2d6756e54d854f9f29e475d3be39b546c3e6b27cdb1b
[root@centen7-10-hehe overlay2 14:52:32]$ ls /var/lib/docker/overlay2/7edba14a9c84c1fe468f2d6756e54d854f9f29e475d3be39b546c3e6b27cdb1b
committed diff link lower work
中间层文件内容
[root@centen7-10-hehe overlay2 14:52:46]$ ls /var/lib/docker/overlay2/7edba14a9c84c1fe468f2d6756e54d854f9f29e475d3be39b546c3e6b27cdb1b/diff/
docker-entrypoint.d etc usr var
[root@centen7-10-hehe overlay2 14:52:56]$
完整流程如图
4:docker容器与镜像
通过docker run 命令启动一个镜像为nginx的容器
[root@centen7-10-hehe overlay2 15:04:53]$ docker run -itd nginx
fcd3051c72228b5a986e8b1f1994112135caca240df5bfa9c113213d3b32313e
[root@centen7-10-hehe overlay2 15:05:27]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fcd3051c7222 nginx "/docker-entrypoint.…" 3 seconds ago Up 2 seconds 80/tcp clever_swirles
[root@centen7-10-hehe overlay2 15:05:30]$ mount |grep overlay
overlay on /var/lib/docker/overlay2/28732cc4ec2f7148fecc40df21f2c6eb8086139301f6d86303644d20c53065d7/merged type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/D2OF6L2IF75QLXWYEYQLQXAKIZ:/var/lib/docker/overlay2/l/2KT7BPCMXBJ7IDT4QKQKZ3OVIL:/var/lib/docker/overlay2/l/6VRTP4LVXHITSOQJQIHB2O4FOV:/var/lib/dockeroverlay2/l/5OWKVYAA4DJVOTU7DRFKOG3PIJ:/var/lib/docker/overlay2/l/2KVSRWPFFZNIEZDMJ6JEWAFFJX:/var/lib/docker/overlay2/l/LNTAWVVXG2HTLUDOTUFHILMZAT:/var/lib/docker/overlay2/l/67HKPUORVSGMOOKFOKGPY6I4XV:/var/lib/docker/overlay2/l/BXWQOMDUSXOO7X6K4XAECYB37G,upperdir=/var/lib/docker/overlay2/28732cc4ec2f7148fecc40df21f2c6eb8086139301f6d86303644d20c53065d7/diff,workdir=/var/lib/docker/overlay2/28732cc4ec2f7148fecc40df21f2c6eb8086139301f6d86303644d20c53065d7/work)
可以看到,启动容器会 mount 一个overlay 的联合文件系统到容器内。这个文件系统由三层组成:
- lowerdir:只读层,即为镜像的镜像层。
- upperdir:读写层,该层是容器的读写层,对容器的读写操作将反映在读写层。
- workdir:overlayfs 的内部层,用于实现从只读层到读写层的copy_up 操作。
- merge:容器内作为同一视图联合挂载点的目录。
这里需要着重介绍的是容器的 lowerdir 镜像只读层,查看只读层的短ID:
[root@centen7-10-hehe overlay2 15:06:06]$ ls /var/lib/docker/overlay2/l/
2KT7BPCMXBJ7IDT4QKQKZ3OVIL 6LAGBVYHRQVRYABOTBE6MMDTWS LNTAWVVXG2HTLUDOTUFHILMZAT
2KVSRWPFFZNIEZDMJ6JEWAFFJX 6VRTP4LVXHITSOQJQIHB2O4FOV WI4EZYSIPE2JK57F44A7JR4SHR
5OWKVYAA4DJVOTU7DRFKOG3PIJ BXWQOMDUSXOO7X6K4XAECYB37G
67HKPUORVSGMOOKFOKGPY6I4XV D2OF6L2IF75QLXWYEYQLQXAKIZ
[root@centen7-10-hehe overlay2 15:11:17]$ ls -l /var/lib/docker/overlay2/l/
总用量 0
lrwxrwxrwx. 1 root root 72 7月 21 16:02 2KT7BPCMXBJ7IDT4QKQKZ3OVIL -> ../d9005e610f6ed2de414ddc4265beaf39295d05515c05221dd31a8abffe437627/diff
lrwxrwxrwx. 1 root root 72 7月 21 16:02 2KVSRWPFFZNIEZDMJ6JEWAFFJX -> ../0a640f2716b0688e01cfc0e394722c9f10ce532a14dbf8456bdb5c9d6d199f8f/diff
lrwxrwxrwx. 1 root root 72 7月 21 16:02 5OWKVYAA4DJVOTU7DRFKOG3PIJ -> ../ad02db6cac45a15fddc5cef5219e7c32490e69e8f486bb0ab3732601f3918b7d/diff
lrwxrwxrwx. 1 root root 72 7月 21 16:02 67HKPUORVSGMOOKFOKGPY6I4XV -> ../7edba14a9c84c1fe468f2d6756e54d854f9f29e475d3be39b546c3e6b27cdb1b/diff
lrwxrwxrwx 1 root root 72 7月 22 11:10 6LAGBVYHRQVRYABOTBE6MMDTWS -> ../7a0f09b3bf7d8b444935506874457904f7906bd07ff52a596fcb50087aa04e2c/diff
lrwxrwxrwx. 1 root root 72 7月 21 16:02 6VRTP4LVXHITSOQJQIHB2O4FOV -> ../70a753dc48c32dcadf68717696f1d613ba3dca295812a0425004064147d081a1/diff
lrwxrwxrwx. 1 root root 72 7月 21 16:02 BXWQOMDUSXOO7X6K4XAECYB37G -> ../cda809fd2369aae7c56517e4b60aae0360211978e5b03faffe2ca9e520e7c492/diff
lrwxrwxrwx 1 root root 77 7月 22 15:05 D2OF6L2IF75QLXWYEYQLQXAKIZ -> ../28732cc4ec2f7148fecc40df21f2c6eb8086139301f6d86303644d20c53065d7-init/diff
lrwxrwxrwx. 1 root root 72 7月 21 16:02 LNTAWVVXG2HTLUDOTUFHILMZAT -> ../b6f4804f8bdf8be7cb10852c0d69c8c7bb9f95af6bfdcc0dda641273febfae13/diff
lrwxrwxrwx 1 root root 72 7月 22 15:05 WI4EZYSIPE2JK57F44A7JR4SHR -> ../28732cc4ec2f7148fecc40df21f2c6eb8086139301f6d86303644d20c53065d7/diff
init是基础层 其他diff是中间层
映射的是容器的初始化层init,该层内容和容器配置相关的文件内容,它是只读的,而其余ID层分别对应镜像的层文件内容,分别映射到镜像层的diff目录。
5:容器内写文件
在容器中写文件其实是将文件写入到 overlay 的可读写层
。
可以做以下几个测试:
- 读写层不存在该文件,只读层存在。
- 读写层存在该文件,只读层不存在。
- 读写层和只读层都不存在该文件。
简单构建一种读写层和只读层都不存在的场景:
1:查看镜像的变化
[root@centen7-10-hehe overlay2 15:12:36]$ docker run -it centos:7 bash
[root@2b79aeaa77bc /]# ls
anaconda-post.log dev home lib64 mnt proc run srv tmp var
bin etc lib media opt root sbin sys usr
[root@2b79aeaa77bc /]# touch test.txt
[root@2b79aeaa77bc /]# ls
anaconda-post.log dev home lib64 mnt proc run srv test.txt usr
bin etc lib media opt root sbin sys tmp var
[root@2b79aeaa77bc /]# 'Ctrl+p+q 运行容器并退出'
[root@centen7-10-hehe overlay2 15:21:58]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b79aeaa77bc centos:7 "bash" 42 seconds ago Up 41 seconds lucid_moser
fcd3051c7222 nginx "/docker-entrypoint.…" 16 minutes ago Up 16 minutes 80/tcp clever_swirles
[root@centen7-10-hehe overlay2 15:22:07]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 22bd15417453 7 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@centen7-10-hehe overlay2 15:22:40]$ ls /var/
account/ crash/ games/ lib/ log/ opt/ spool/ .updated
adm/ db/ gopher/ local/ mail/ preserve/ target/ yp/
cache/ empty/ kerberos/ lock/ nis/ run/ tmp/
[root@centen7-10-hehe overlay2 15:22:40]$ cat /var/lib/docker/image/overlay2/repositories.json |grep eeb6ee3f44bd
{"Repositories":{"centos":{"centos:7":"sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9","centos@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4":"sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9"},"nginx":{"nginx:latest":"sha256:22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698","nginx@sha256:f5c017fb33c6db484545793ffb67db51cdd7daebee472104612f73a85063f889":"sha256:22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698"}}}
长ID:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9
查看分层id
[root@centen7-10-hehe overlay2 15:24:37]$ cat /var/lib/docker/image/overlay2/imagedb/content/sha256/eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9
{"architecture":"amd64","config":
......
"rootfs":{"type":"layers","diff_ids":["sha256:174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02"]}}
查看缓存id位置
[root@centen7-10-hehe overla0a1c0f5570b8663732189b327007e47ff13d2ca59673db02layerdb/sha256/174f5685490326fc
cache-id diff size tar-split.json.gz
获取缓存id
[root@centen7-10-hehe overlay2 15:26:44]$ cat /var/lib/docker/image/overlay2/layerdb/sha256/174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02/cache-id
7a0f09b3bf7d8b444935506874457904f7906bd07ff52a596fcb50087aa04e2c
查看是否有新增文件test.txt
[root@centen7-10-hehe overlay2 15:27:29]$
[root@centen7-10-hehe overlay2 15:27:49]$ ls /var/lib/docker/overlay2/7a0f09b3bf7d8b444935506874457904f7906bd07ff52a596fcb50087aa04e2c/diff/
anaconda-post.log dev home lib64 mnt proc run srv tmp var
bin etc lib media opt root sbin sys usr
此时,看不到创建的test.txt文件,说明后期创建的文件,对镜像本身无任何影响。
2:查看容器变化
可以直接查看到有刚刚创建的test.txt文件
[root@centen7-10-hehe overlay2 15:28:22]$ mount | grep overlay
overlay on /var/lib/docker/overlay2/28732cc4ec2f7148fecc40df21f2c6eb8086139301f6d86303644d20c53065d7/merged type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/D2OF6L2IF75QLXWYEYQLQXAKIZ:/var/lib/docker/overlay2/l/2KT7BPCMXBJ7IDT4QKQKZ3OVIL:/var/lib/docker/overlay2/l/6VRTP4LVXHITSOQJQIHB2O4FOV:/var/lib/dockeroverlay2/l/5OWKVYAA4DJVOTU7DRFKOG3PIJ:/var/lib/docker/overlay2/l/2KVSRWPFFZNIEZDMJ6JEWAFFJX:/var/lib/docker/overlay2/l/LNTAWVVXG2HTLUDOTUFHILMZAT:/var/lib/docker/overlay2/l/67HKPUORVSGMOOKFOKGPY6I4XV:/var/lib/docker/overlay2/l/BXWQOMDUSXOO7X6K4XAECYB37G,upperdir=/var/lib/docker/overlay2/28732cc4ec2f7148fecc40df21f2c6eb8086139301f6d86303644d20c53065d7/diff,workdir=/var/lib/docker/overlay2/28732cc4ec2f7148fecc40df21f2c6eb8086139301f6d86303644d20c53065d7/work)
overlay on /var/lib/docker/overlay2/c822db2a4b5fcc9c644b8df7658ee1fe0f648dcab51e7b09fb3b6e8931c3006c/merged type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/3HG3XNUEPQUU4ZNZ7WTNUK66W7:/var/lib/docker/overlay2/l/6LAGBVYHRQVRYABOTBE6MMDTWS,upperdir=/var/lib/docker/overlay2/c822db2a4b5fcc9c644b8df7658ee1fe0f648dcab51e7b09fb3b6e8931c3006c/diff,workdir=/var/lib/docker/overlay2/c822db2a4b5fcc9c644b8df7658ee1fe0f648dcab51e7b09fb3b6e8931c3006c/work)
因为开了两个容器 所以mount有2个挂载内容
[root@centen7-10-hehe overlay2 15:59:34]$ ls /var/lib/docker/overlay2/c822db2a4b5fcc9c644b8df7658ee1fe0f648dcab51e7b09fb3b6e8931c3006c/merged
anaconda-post.log dev home lib64 mnt proc run srv test.txt usr
bin etc lib media opt root sbin sys tmp var
6:查看本地容器镜像
1:使用docker images命令查看
[root@centen7-10-hehe overlay2 16:35:59]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos test e06036673477 21 minutes ago 204MB
nginx latest 22bd15417453 7 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
2:使用docker image命令查看
[root@centen7-10-hehe overlay2 16:36:04]$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
centos test e06036673477 22 minutes ago 204MB
nginx latest 22bd15417453 7 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@centen7-10-hehe overlay2 16:36:26]$ docker image --help
Usage: docker image COMMAND
Manage images
Commands:
build Build an image from a Dockerfile
history Show the history of an image
import Import the contents from a tarball to create a filesystem image
inspect Display detailed information on one or more images
load Load an image from a tar archive or STDIN
ls List images
prune Remove unused images
pull Download an image from a registry
push Upload an image to a registry
rm Remove one or more images
save Save one or more images to a tar archive (streamed to STDOUT by default)
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
Run 'docker image COMMAND --help' for more information on a command.
3:查看docker容器镜像本地存储位置
考虑到docker容器镜像会占用本地存储空间,建议搭建其他存储系统挂载到本地以便于解决占用大量本地存储的问题。
[root@centen7-10-hehe overlay2 16:36:31]$ ls /var/lib/docker/
buildkit containers engine-id image network overlay2 plugins runtimes swarm tmp volumes
7:搜索Docker Hub容器镜像
1:命令行搜索
此时需要魔法,方可执行
[root@localhost ~]# docker search centos
NAME DESCRIPTION
STARS OFFICIAL
centos DEPRECATED; The official build of CentOS.
7777 [OK]
corpusops/centos centos corpusops baseimage
0
eclipse/centos CentOS based minimal stack with only git and… 1
dockette/centos My Custom CentOS Dockerfiles
1
centos/postgresql-10-centos7 PostgreSQL is an advanced Object-Relational …
21
centos/redis-5-centos8
0
centos/httpd-24-centos8
32:Docker Hub Web界面搜索
可以查看镜像及下载等
3:容器镜像下载
[root@centen7-10-hehe overlay2 16:37:15]$ docker pull mysql:5.7
4:镜像删除
正在运行容器停止才可以删除镜像
按照ID或者名称删除镜像
docker stop 容器id
docker rm 容器id8:docker容器镜像制作命令
1、docker commit
容器内写文件会反应在overlay的可读写层,读写层的文件内容可以做成镜像
docker 通过 commit 和 build 操作实现镜像的构建。
commit 将容器提交为一个镜像,build 在一个镜像的基础上构建镜像。
使用 commit 将容器提交为一个镜像:
[root@centen7-10-hehe overlay2 16:13:12]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b79aeaa77bc centos:7 "bash" 51 minutes ago Up 51 minutes lucid_moser
fcd3051c7222 nginx "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp clever_swirles
#当前centos内存在test.txt文件 提交会一起存成镜像
[root@centen7-10-hehe overlay2 16:13:17]$ docker commit 2b79aeaa77bc centos:test
sha256:e0603667347780eb6866bebb1380420eff00c88cc7615dd2564cda111f4d5f4f
[root@centen7-10-hehe overlay2 16:14:10]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos test e06036673477 9 seconds ago 204MB
nginx latest 22bd15417453 7 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
查看两个镜像之间的关系
查看centos:test
[root@centen7-10-hehe overlay2 16:15:33]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos test e06036673477 About a minute ago 204MB
nginx latest 22bd15417453 7 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@centen7-10-hehe overlay2 16:15:39]$ cat /var/lib/docker/image/overlay2/repositories.json |grep e06036673477
{"Repositories":{"centos":{"centos:7":"sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9","centos:test":"sha256:e0603667347780eb6866bebb1380420eff00c88cc7615dd2564cda111f4d5f4f","centos@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4":"sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9"},"nginx":{"nginx:latest":"sha256:22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698","nginx@sha256:f5c017fb33c6db484545793ffb67db51cdd7daebee472104612f73a85063f889":"sha256:22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698"}}}
[root@centen7-10-hehe overlay2 16:16:03]$ cat /var/lib/docker/image/overlay2/imagedb/content/sha256/e0603667347780eb6866bebb1380420eff00c88cc7615dd2564cda111f4d5f4f
{"architecture":"amd64","config":
......
"rootfs":{"type":"layers","diff_ids":["sha256:174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02","sha256:b6f04317756746d77962b67142f7b62957507d85b7d1f9b23867c556ea868534"]}}
再看centos:7
[root@centen7-10-hehe overlay2 16:19:28]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos test e06036673477 7 minutes ago 204MB
nginx latest 22bd15417453 7 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@centen7-10-hehe overlay2 16:21:52]$ cat /var/lib/docker/image/overlay2/repositories.json |grep eeb6ee3f44bd
{"Repositories":{"centos":{"centos:7":"sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9","centos:test":"sha256:e0603667347780eb6866bebb1380420eff00c88cc7615dd2564cda111f4d5f4f","centos@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4":"sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9"},"nginx":{"nginx:latest":"sha256:22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698","nginx@sha256:f5c017fb33c6db484545793ffb67db51cdd7daebee472104612f73a85063f889":"sha256:22bd1541745359072c06a72a23f4f6c52dbb685424e0d5b29008ae4eb2683698"}}}
[root@centen7-10-hehe overlay2 16:22:15]$ cat /var/lib/docker/image/overlay2/imagedb/content/sha256/eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9
{"architecture":"amd64","config":
......
"rootfs":{"type":"layers","diff_ids":["sha256:174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02"]}}
总结:发现centos:test和centos:7,共享同一个基础层
174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02
。
那么多出来的b6f04317756746d77962b67142f7b62957507d85b7d1f9b23867c556ea868534
层内容,就是写入文件的内容。 找到test.txt文件位置
[root@centen7-10-hehe overlay2 16:27:21]$ echo -n "sha256:174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02 sha256:b6f04317756746d77962b67142f7b62957507d85b7d1f9b23867c556ea868534" | sha256sum -
d35fb962224413183c3afa175d8f75a00837899accec39fd0ca800d054a8afac -
[root@centen7-10-hehe overlay2 16:28:09]$ cat /var/lib/docker/image/overlay2/layerdb/sha256/d35fb962224413183c3afa175d8f75a00837899accec39fd0ca800d054a8afac/cache-id
0dff029a8d2e85948f998229a4f270fcddf10b5cfde23f3c96050aa0237bde12[root@centen7-10-hehe overlay2 16:28:39]$
[root@centen7-10-hehe overlay2 16:28:44]$ ls /var/lib/docker/overlay2/0dff029a8d2e85948f998229a4f270fcddf10b5cfde23f3c96050aa0237bde12/diff/
test.txt
2、docker save 配合3使用
导出容器镜像,可以方便scp直接拷贝到其他节点使用
[root@centen7-10-hehe ~ 09:33:05]$ docker save -o centos_test.tar centos:test
[root@centen7-10-hehe ~ 09:33:39]$ ll
总用量 206756
-rw-------. 1 root root 1930 7月 17 14:14 anaconda-ks.cfg
-rw------- 1 root root 211703296 7月 23 09:33 centos_test.tar
......
传输给20机器
[root@centen7-10-hehe ~ 09:49:26]$ scp centos_* root@10.1.8.20:/root/
root@10.1.8.20's password:
centos_new.tar 100% 202MB 215.6MB/s 00:00
centos_test.tar 100% 202MB 169.0MB/s 00:01 3、docker load
把scp拷贝过来的文件包导入到本地,这通常是镜像分发方式
[root@localhost-hehe ~ 09:51:59]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost-hehe ~ 09:52:16]$ docker load -i centos_test.tar
174f56854903: Loading layer 211.7MB/211.7MB
b6f043177567: Loading layer 1.536kB/1.536kB
Loaded image: centos:test
[root@localhost-hehe ~ 09:52:34]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos test e06036673477 18 hours ago 204MB
加载为容器,查看是否包含test.txt文件 包含
[root@localhost-hehe ~ 09:52:37]$ docker run -it centos:test bash
[root@0eb99ac05f7d /]# ll
total 12
........
-rw-r--r--. 1 root root 0 Jul 22 07:21 test.txt
drwxrwxrwt. 7 root root 132 Nov 13 2020 tmp
drwxr-xr-x. 13 root root 155 Nov 13 2020 usr
drwxr-xr-x. 18 root root 238 Nov 13 2020 var
4、docker export 配合5使用
把正在运行的容器导出
[root@centen7-10-hehe ~ 09:33:43]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b79aeaa77bc centos:7 "bash" 18 hours ago Exited (255) 48 minutes ago lucid_moser
fcd3051c7222 nginx "/docker-entrypoint.…" 19 hours ago Exited (255) 48 minutes ago 80/tcp clever_swirles
[root@centen7-10-hehe ~ 09:48:01]$ docker start 2b79aeaa77bc
2b79aeaa77bc
[root@centen7-10-hehe ~ 09:48:10]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b79aeaa77bc centos:7 "bash" 18 hours ago Up 3 seconds lucid_moser
fcd3051c7222 nginx "/docker-entrypoint.…" 19 hours ago Exited (255) 48 minutes ago 80/tcp clever_swirles
[root@centen7-10-hehe ~ 09:48:14]$ docker export -o centos_new.tar 2b79aeaa77bc
[root@centen7-10-hehe ~ 09:49:24]$ ll
总用量 413484
-rw-------. 1 root root 1930 7月 17 14:14 anaconda-ks.cfg
-rw------- 1 root root 211688448 7月 23 09:49 centos_new.tar
-rw------- 1 root root 211703296 7月 23 09:33 centos_test.tar
......
传输给20机器
[root@centen7-10-hehe ~ 09:49:26]$ scp centos_* root@10.1.8.20:/root/
root@10.1.8.20's password:
centos_new.tar 100% 202MB 215.6MB/s 00:00
centos_test.tar 100% 202MB 169.0MB/s 00:01 5、docker import
导入使用docker import导入的容器作为本地容器镜像
[root@localhost-hehe ~ 09:54:50]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos test e06036673477 18 hours ago 204MB
[root@localhost-hehe ~ 09:54:51]$ docker import centos_new.tar centos:new
docksha256:de84366eae5512bef37df0836ec153979e262c5080347c0057d2839bcee0aaa5
[root@localhost-hehe ~ 09:55:08]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos new de84366eae55 9 seconds ago 204MB
centos test e06036673477 18 hours ago 204MB
补充知识:本地镜像空间占用比较大的情况 解决方法
方法1:host本地存储挂载NFS,GFS,CEPH(企业级)
方法2:host本地镜像生成文件,上传到FTP站点保存
使用频次高
方式3:harbor存储镜像文件
使用频次高
方式4:把镜像文件存储到对象数据库中(mongoDB 可以快速查找)
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
