Shulou(Shulou.com)06/03 Report--

I. the infrastructure form of Docker

The client (docker run | create, etc.) communicates with a host (docker daemon) running the docker host daemon via httpd or https.

When docker daemon receives a command from the client to create or start a container, it looks for an image locally to create or start a container (multiple containers can be started on a docker host).

If there is no image locally, docker host will connect to the configured remote repository (usually the default repo is docker hub) and download the image to a dedicated local file system. Overlay2 is used in docker1.18, and aufs/btrfs/lxc is previously used. The mirror itself is read-only.

Then start creating or running the container according to the client command.

1.1.The docker image

According to the above architecture, the docker image is an important component of the docker running container. The docker image contains the file system and its contents needed to boot the container. Therefore, the role of the mirror is to create and launch the docker container, which is characterized by

1. Hierarchical construction mechanism is adopted. The lowest layer is bootfs, followed by rootfs.

Bootfs: file systems used for system booting, including bootloader and kernel, are unmounted after the container system is started to save memory resources

Rootfs: located on top of bootfs and represented as the root file system of the docker container. Every time a software is added, it is a separate layer.

In the traditional linux mode, when the system starts up and the kernel mounts the rootfs, it will first be mounted in "read-only" mode (the file will be deleted in order to avoid errors encountered by the self-test), and then it will be mounted in read-write mode after the integrity self-test is completed.

In docker, rootfs is mounted to "read-only mode" by the kernel, and then an additional "writable layer" is mounted through the "joint mount" technology.

When the container starts, it must load according to the hierarchy. First, mount the bootfs. After the system starts, delete the bootfs from memory, mount the rootfs, and then mount the image layer above. Each application is a layer, and all the layers below are read-only. Then, a writable layer is mounted on the top layer. For a container, its write operations can only be implemented in this writable layer. They are mounted on top of each other, so it is called joint mount.

When a container is destroyed (performing a docker container rm operation) its writable layer is also deleted.

1.2.The docker file system

1. Hierarchical construction of docker image, joint mount depends on the support of proprietary file system. In the early days, the proprietary file system used is aufs (advanced multi-layered unification filesystem): advanced multi-tier unified file system. Aufs is the earliest linux file system used by docker to achieve joint mount. It is a re-implementation of UnionFS and was developed by junjiro Okajima in 2006. Because the centos kernel does not support aufs, the early use of docker can only use the Ubuntu operating system.

2. Aufs's competitive product is overlayfs, which has been merged into the linux kernel since version 3.18.

3. Besides aufs,docker, btrfs,devicemapper and vfs are also supported.

On Ubuntu, docker uses aufs by default, while in the early days, in centos7, it used devicemapper, and now the latest version of dockercentos uses the second version of overlayfs; overlay2 (overlay2 is an abstract secondary file system that requires the help of a local file system; xfs)

1.3 、 docker registry

When we go to build an image, after the image is done, there should be a unified storage location, which is called docker registry

1. Docker registry classification

Sponsor Registry: third-party registry for use by customers and the Docker community

Mirror Registry: third-party registry, only for customers to use, such as docker cn acceleration, Ali Cloud's docker accelerator

Vendor Registry: the registry provided by the vendor that publishes the Docker image, such as Red Hat, is only available to customers who have purchased the service

Private Registry: private docker repository, which refers to the docker repository built by users, which can only be used internally.

Public docker registry: public docker repository, which usually has no additional configuration, which refers to docker hub

Since most of the third-party registry images do not meet our requirements, we all have to build our own registry.

2. The composition of registry

Registry:

An image repository consisting of all iterative versions of a particular docker image

There can be multiple Repository in a Registry

Repository can be divided into "top-level warehouse" and "user warehouse"

User warehouse name format is "user name / warehouse name"

Each repository can contain multiple Tag, and each Tag corresponds to an image

Index:

Maintain user accounts, image verification, and public namespace information

It is equivalent to providing a retrieval interface for Registry to complete user authentication and other functions.

3. Pull registry

Use the docker pull command to pull a mirror

Docker pull [:] / [/]:

Registry, port and namespace can be omitted

Registry: the web address of a warehouse. If you do not use the default docker hub warehouse, you need to specify the warehouse address.

Port: the port number of the web address of the warehouse. Default is 443.

Namespace: represents which user's repository. If the image is a top-level repository, namespace can be omitted. Namespace is divided into three categories.

Name: the name of the repository, which together with tag identifies a unique image

Tag: the label of the image. No, it means the latest version of the image.

Where nginx is the top-level warehouse and jwilder/nginx-proxy is the user's warehouse

For example:

Docker pull nginx:1.14 # does not refer to the repository address. By default, download the nginx1.14 version from docker hub to the local docker pull quay.io/coreos/flannel:v0.10.0-amd64 # pull the image from quay. Coreos is the name of the repository, and v0.10.0-amd64 is the name of the repository.

4. The making of the mirror image

There are three ways to generate a mirror image.

Dockerfile

Based on container production

Docker Hub automated builds

4.1. create an image based on the container (install httpd in a centos image and set the startup container to execute the httpd command)

First, to start a container, I went to docker hub to download an image of centos

1. Download centos image and run it

[root@localhost ~] # docker image pull centos:6.66.6: Pulling from library/centosf9f73d801f05: Pull complete Digest: sha256:74727b849f5169d0de21848f8da9d47ea241757d6f89434f312813f723451ebdStatus: Downloaded newer image for centos:6.6 [root@localhost ~] # [root@localhost ~] # docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEnginx stable ecc98fc2f376 2 weeks ago 109MBcentos 6 .6 4e1ad2ce7f78 3 weeks ago 203MBredis 4-alpine 05097a3a0549 4 weeks ago 30MB [root@localhost ~] # docker container run-p 5000 Vol 5000-- name centos1-it centos:6.6 / bin/shsh-4.1# sh-4.1#

2. Install httpd in the container

Sh-4.1# yum install httpd.Installed: httpd.x86_64 0virtual 2.2.15-69.el6.centos Dependency Installed: apr.x86_64 0 : 1.3.9-5.el6_9.1 apr-util.x86_64 0vl 1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0vl 1.3.9-3.el6_0.1 httpd-tools.x86_64 0Ru 2.2.15-69.el6.centos mailcap.noarch 0Rl 2.1.31-2.el6 redhat-logos.noarch 0 : 60.0.14-12.el6.centos Completesian shmur4.

3. Edit the httpd home page file and start httpd

Sh-4.1# echo "Welcom To My Httpd" > / var/www/html/index.htmlsh-4.1# / usr/sbin/apachectl-D FOREGROUNDsh-4.1# curl 127.0.0.1Welcom To My Httpd

4. Modify the command started by the container and create an image

[root@bogon] # docker commit-p-c 'CMD ["/ usr/sbin/apachectl", "- D" "FOREGROUND"] 'centos1 httpd:1.1sha256:bbffcf779dd42e070d52a4661dcd3eaba2bed898bed8bbfe41768506f063ad32 [root@bogon ~] # [root@bogon ~] # [root@bogon ~] # docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEhttpd 1.1 bbffcf779dd4 6 seconds ago 264MB # this is the httpd image just made Nginx stable ecc98fc2f376 2 weeks ago 109MBcentos 6.6 4e1ad2ce7f78 3 weeks ago 203MBredis 4-alpine 05097a3a0549 4 weeks ago 30MB

5. Directly start the image you just made and verify whether httpd can access it.

[root@localhost] # docker container run-- name centos2-d httpd:1.1868410465faaa3c3b89d84890e2fa8f76fe4d645075b6796299a24ccfb80be48 [root@bogon ~] # curl 172.17.0.2Welcom To My Httpd

6. View the details of the container of the running centos2

[root@localhost] # docker container inspect centos2 [... "Cmd": ["/ usr/sbin/apachectl", "- D", "FOREGROUND"], "ArgsEscaped": true, "Image": "httpd:1.1", "Volumes": null, "WorkingDir": "", "Entrypoint": null "OnBuild": null, "Labels": {}} "Networks": {"bridge": {"IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "bb55b61b005b7191dd2c5dc67f58dbf5be6cd7d2b29b01fc9cee56fc97166920", "EndpointID": "c4e1d785b5c463d9c99bf323ec07508fef364ff4be91f148e6f0ed7a9f96c4d6", "Gateway": "172.17.0.1" "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "," GlobalIPv6Address ":", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02" "DriverOpts": null}}]

As you can see, CMD has changed from running / bin/sh to running httpd services instead. So far, the container-based image has been successfully built.

5. Import and export of images

If the image we made cannot be push to registry, then we can use the import and export of the image to share it with others

5.1. Package image

The docker save command can package your image into a compressed file and share it with others.

[root@localhost ~] # docker image ls # Image REPOSITORY TAG IMAGE ID CREATED SIZEhttpd 1.1 bbffcf779dd4 19 minutes ago 264MBnginx stable before Packaging Ecc98fc2f376 2 weeks ago 109MBcentos 6.6 4e1ad2ce7f78 3 weeks ago 203MBredis 4-alpine 05097a3a0549 4 weeks ago 30MB [root@localhost] # [root@localhost] # [root@localhost] # docker save-o myimages.gz httpd:1.1 nginx:stable centos:6.6 redis:4 -alpine [root@localhost ~] # ls myimages.gz myimages.gz

5.2. Delete an existing image

[root@localhost ~] # docker image rm httpd:1.1 nginx:stable centos:6.6 redis:4-alpineUntagged: httpd:1.1Deleted: sha256:bbffcf779dd42e070d52a4661dcd3eaba2bed898bed8bbfe41768506f063ad32Deleted: sha256:dd73969752ff69c74c52136379013cff46f6cc2055e0bf46f64be5d336270dfdUntagged: nginx:stableUntagged: nginx@sha256:8b600a4d029481cc5b459f1380b30ff6cb98e27544fc02370de836e397e34030Deleted: sha256:ecc98fc2f376d6560311b66d6958e4350a5a485ee07aa2d1235842d0bce440daDeleted: sha256:1113e327b1235b943bc1e68ae9afa1fb663b4eb7527759ed28af36e0d2c2943eDeleted: sha256:639da82d77d23ee8dedd6291b14f715af416d9cbf311b6f3ad982d7ce5a37c07Deleted: sha256:237472299760d6726d376385edd9e79c310fe91d794bc9870d038417d448c2d5Untagged: centos:6.6Untagged: centos@sha256:74727b849f5169d0de21848f8da9d47ea241757d6f89434f312813f723451ebdDeleted: sha256:4e1ad2ce7f78a77d914f18887130acd55778fbdd1bd3288f026ebd29181ec365Deleted: sha256:da6517724f67fd4133a5bf508f7c79e20d8e2741c5b3264790d49db5e97c0e2e [root@localhost] # [root@localhost ~] # docker image lsREPOSITORY TAG IMAGE ID CREATED SIZE [root@localhost ~] #

5.3. re-load to return to the previous image

[root@localhost ~] # docker load-I myimages.gz da6517724f67: Loading layer [= = >] 213.2MB/213.2MBddcb568d3d1e: Loading layer [= = >] 61.56MB/61.56MBLoaded image: httpd:1.1237472299760: Loading layer [= = >] 58.44MB/58.44MBf4a5f8f59caa: Loading layer [= = >] 54.2MB/54.2MB19c605f267f4: Loading layer [= = >] 3.584kB/3.584kBLoaded image: nginx:stableLoaded image: centos:6.6df64d3292fd6: Loading layer [= = >] 4.672MB/4.672MB04c8ef03e935: Loading Layer [= = >] 11.78kB/11.78kB169a281fff0f: Loading layer [= = >] 2.192MB/2.192MB742e4d74cbf8: Loading layer [= = >] 24.32MB/24.32MB9e8211b509e6: Loading layer [= = >] 1.536kB/1.536kBc51fc5b2384b: Loading layer [= = >] 3.584kB/3.584kBLoaded image: redis:4-alpine [root@localhost ~] # docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEhttpd 1.1 bbffcf779dd4 28 minutes ago 264MBnginx stable ecc98fc2f376 2 weeks ago 109MBcentos 6.6 4e1ad2ce7f78 3 weeks ago 203MBredis 4-alpine 05097a3a0549 4 weeks ago 30MB

5.4. Rerun the image to verify that the container can be started

[root@localhost ~] # docker container run-- name myhttpd-d httpd:1.1ae29e544fbe614bca3109b94ec77afd55a29bd637280c88e703191edd80751fc [root@localhost ~] # [root@localhost ~] # docker container lsCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESae29e544fbe6 httpd:1.1 "/ usr/sbin/apachectl?? 8 seconds ago Up 7 seconds 5000 / tcp myhttpd [root@localhost ~] # curl 172.17.0.2Welcom To My Httpd

Upload the image to registry and add it later.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.