DOCKER學習_010:Docker的文件系統以及製做鏡像

一 文件系統簡介

1.1 Linux文件系統

LInux空間組成分爲內核空間和用戶空間(使用rootfs)html

linux文件系統由 bootes和 rootfs組成, bootes主要包含boot1 oader和 kernel, bootloader主要是引導加載 kernel,當 kernel被加載到內存以後 boots就被卸載掉了。 rootfs包含的就是典型1inux系統中的/dev,/proc,/bin,/etc等標準目錄linux

對於docker,只是使用rootfs,由於bootfs是共享的nginx

1.2 docker的base鏡像

docker的Base鏡像提供的是最小安裝的linux發行版docker

1.3 鏡像的分層結構

 

[root@docker-server3 ~]# docker pull nginxjson

Using default tag: latest
latest: Pulling from library/nginx
8ec398bc0356: Already exists 465560073b6f: Pull complete f473f9fd0a8c: Pull complete                     #鏡像的分層
Digest: sha256:b2d89d0a210398b4d1120b3e3a7672c16a4ba09c2c4a0395f18b9f7999b768f2
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest

最多不能超過128層,鏡像只讀,分層vim

容器就至關於在鏡像上加了一個讀寫層,容器的銷燬就是讀寫層的銷燬centos

讀寫層的操做,主要基於兩種方式:寫時複製和用時分配。bash

dockers的存儲驅動查看ssh

[root@docker-server3 ~]# docker info測試

Client:
 Debug Mode: false

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 3
 Server Version: 19.03.4
 Storage Driver: overlay2      #存儲驅動
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: journald
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-957.27.2.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 1.777GiB
 Name: docker-server3
 ID: YB6S:6D3D:477B:5UMR:IEX2:2PBD:D6BI:GDYI:22MD:GWSX:4TBX:2LLS
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface

二 commit製做Docker鏡像

2.1 下載基礎鏡像

[root@docker-server3 ~]# docker pull centos:7

7: Pulling from library/centos
ab5ef0e58194: Pull complete 
Digest: sha256:4a701376d03f6b39b8c2a8f4a8e499441b0d567f9ab9d58e4991de4472fb813c
Status: Downloaded newer image for centos:7
docker.io/library/centos:7

[root@docker-server3 ~]# docker run -it centos:7 /bin/bash

[root@20b4b48c4055 /]#

[root@docker-server3 ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
20b4b48c4055        centos:7            "/bin/bash"         21 seconds ago      Up 20 seconds                           admiring_wilbur

[root@20b4b48c4055 /]# ps -ef|grep ssh

2.2 安裝一個ssh服務

請參考http://www.javashuo.com/article/p-cntmkmmo-bm.html

[root@20b4b48c4055 /]# ps -a

   PID TTY          TIME CMD
    84 pts/0    00:00:00 sshd
    85 pts/0    00:00:00 ps

2.3 修改root密碼

[root@20b4b48c4055 /]# echo 123456|passwd --stdin root

2.4 從宿主機鏈接

[root@docker-server3 ~]# docker inspect 20b4b48c4055 |grep IP

"LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "192.168.0.2",
            "IPPrefixLen": 24,
            "IPv6Gateway": "",
                    "IPAMConfig": null,
                    "IPAddress": "192.168.0.2",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,

[root@docker-server3 ~]# ssh root@192.168.0.2

The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.2' (ECDSA) to the list of known hosts.
root@192.168.0.2's password:123456

[root@20b4b48c4055 ~]# 

鏈接進入

[root@20b4b48c4055 ~]# ps -a
   PID TTY          TIME CMD
    84 pts/0    00:00:00 sshd
   104 pts/1    00:00:00 ps
[root@20b4b48c4055 ~]# exit

2.5 向容器拷貝文件

[root@docker-server3 ~]# docker cp /etc/sysconfig/network-scripts/ifcfg-ens33 20b4b48c4055:/tmp/

[root@20b4b48c4055 /]# cat /tmp/ifcfg-ens33

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="be414379-7791-472c-9a0a-bf732fe9d484"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.132.133
GATEWAY=192.168.132.2

2.6 安裝vim

[root@20b4b48c4055 /]# yum -y install vim

2.7 建立鏡像

[root@docker-server3 ~]# docker commit -m "install sshd and vim" 20b4b48c4055 openssh:v1.0

sha256:d98ba06569f3ed7c00e1371b71a0ab328bacd57f5717bb4066b425c7b12abc3a

[root@docker-server3 ~]# docker image ls

REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
openssh                         v1.0                d98ba06569f3        32 seconds ago      361MB
nginx                           latest              f7bb5701a33c        3 days ago          126MB
busybox                         latest              6d5fcfe5ff17        4 days ago          1.22MB
hub.darren.com/library/alpine   3.7                 cc0abc535e36        6 days ago          5.59MB
centos                          7                   5e35e350aded        7 weeks ago         203MB

三 鏡像的測試使用修改

3.1 使用剛建立的鏡像,起一個容器

[root@docker-server3 ~]# docker run -it -d openssh:v1.0 

d865deaee6e83724a76a5eae88d8e356b5fe7416b5a8dbf9e1a9dd077ed7731a

[root@docker-server3 ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
d865deaee6e8        openssh:v1.0        "/bin/bash"         26 seconds ago      Up 25 seconds                           sleepy_feistel
20b4b48c4055        centos:7            "/bin/bash"         31 minutes ago      Up 31 minutes                           admiring_wil

[root@docker-server3 ~]# docker inspect d865deaee6e8|grep IP

"LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "192.168.0.3",
            "IPPrefixLen": 24,
            "IPv6Gateway": "",
                    "IPAMConfig": null,
                    "IPAddress": "192.168.0.3",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,

[root@docker-server3 ~]# docker exec -it d865deaee6e8 /bin/bash

[root@d865deaee6e8 /]# /usr/sbin/sshd -D

3.2 測試鏈接

[root@docker-server3 ~]# ssh root@192.168.0.3

The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.3' (ECDSA) to the list of known hosts.
root@192.168.0.3's password:123456

3.3 檢驗容器內容

[root@d865deaee6e8 ~]# cat /tmp/ifcfg-ens33 

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="be414379-7791-472c-9a0a-bf732fe9d484"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.132.133
GATEWAY=192.168.132.2

[root@d865deaee6e8 ~]# rpm -qa|grep vim

vim-minimal-7.4.629-6.el7.x86_64
vim-common-7.4.629-6.el7.x86_64
vim-enhanced-7.4.629-6.el7.x86_64
vim-filesystem-7.4.629-6.el7.x86_64

[root@d865deaee6e8 ~]# rpm -qa|grep openssh

openssh-7.4p1-21.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64

3.4 修改容器的默認前臺進程

容器的默認主進程是PID問1的主進程,因此剛纔的鏡像在啓動後,主進程是/bin/bash

[root@20b4b48c4055 /]# ps -ef 

root          1      0  0 16:58 pts/0    00:00:00 /bin/bash
root         84      1  0 17:05 pts/0    00:00:00 /usr/sbin/sshd -D
root        122      1  0 17:37 pts/0    00:00:00 ps -ef

須要再啓動以前,使用/usr/sbin/sshd -D 替換/bin/bash

[root@docker-server3 ~]# docker run -it -d openssh:v1.0 /usr/sbin/sshd -D

[root@docker-server3 ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS              PORTS               NAMES
395c705716a5        openssh:v1.0        "/usr/sbin/sshd -D"   15 seconds ago      Up 14 seconds                           laughing_edison
d865deaee6e8        openssh:v1.0        "/bin/bash"           12 minutes ago      Up 12 minutes                           sleepy_feistel
20b4b48c4055        centos:7            "/bin/bash"           43 minutes ago      Up 43 minutes                           admiring_w

[root@docker-server3 ~]# docker inspect 395c705716a5|grep IP

            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "192.168.0.4",
            "IPPrefixLen": 24,
            "IPv6Gateway": "",
                    "IPAMConfig": null,
                    "IPAddress": "192.168.0.4",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,

[root@docker-server3 ~]# ssh root@192.168.0.4

The authenticity of host '192.168.0.4 (192.168.0.4)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.4' (ECDSA) to the list of known hosts.
root@192.168.0.4's password: 
Last login: Tue Dec 31 17:09:36 2019 from gateway
[root@395c705716a5 ~]# ps -ef
UID         PID   PPID  C STIME TTY          TIME CMD
root 1      0  0 17:41 pts/0    00:00:00 /usr/sbin/sshd -D
root          6      1  0 17:43 ?        00:00:00 sshd: root@pts/1
root          8      6  0 17:43 pts/1    00:00:00 -bash
root         23      8  0 17:43 pts/1    00:00:00 ps -ef

3.5 修改鏡像

由於這個容器的PID爲1的進程是/usr/sbin/sshd -D,在這個容器的基礎上,製做一個新的鏡像,讓這個鏡像的容器的默認前臺進程爲/usr/sbin/sshd -D

[root@docker-server3 ~]# docker commit -m "new default front process"  395c705716a5 openssh:v1.2

[root@docker-server3 ~]# docker image ls  

REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
openssh                         v1.2                c399a750ed03        9 seconds ago       361MB
openssh                         v1.0                d98ba06569f3        27 minutes ago      361MB
nginx                           latest              f7bb5701a33c        3 days ago          126MB
busybox                         latest              6d5fcfe5ff17        4 days ago          1.22MB
hub.darren.com/library/alpine   3.7                 cc0abc535e36        6 days ago          5.59MB
centos 

3.7 測試檢驗

[root@docker-server3 ~]# docker run -d openssh:v1.2

08359e84c3a1f1cfe3742ba9a2348719ca9818e3d56c5817fbde70c31e27f714

[root@docker-server3 ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS              PORTS               NAMES
08359e84c3a1        openssh:v1.2        "/usr/sbin/sshd -D"   5 seconds ago       Up 4 seconds                            intelligent_williams
395c705716a5        openssh:v1.0        "/usr/sbin/sshd -D"   14 minutes ago      Up 14 minutes                           laughing_edison
d865deaee6e8        openssh:v1.0        "/bin/bash"           26 minutes ago      Up 26 minutes                           sleepy_feistel
20b4b48c4055        centos:7            "/bin/bash"           57 minutes ago      Up 57 minutes                           admiring_wilbur

[root@docker-server3 ~]# docker inspect 08359e84c3a1|grep IP

"LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "192.168.0.5",
            "IPPrefixLen": 24,
            "IPv6Gateway": "",
                    "IPAMConfig": null,
                    "IPAddress": "192.168.0.5",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,

[root@docker-server3 ~]# ssh root@192.168.0.5

The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.5' (ECDSA) to the list of known hosts.
root@192.168.0.5's password: 
Last login: Tue Dec 31 17:43:11 2019 from gateway
[root@08359e84c3a1 ~]# ps -ef
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 17:55 ?        00:00:00 /usr/sbin/sshd -D
root          6      1  0 17:57 ?        00:00:00 sshd: root@pts/0
root          8      6  0 17:57 pts/0    00:00:00 -bash
root         23      8  0 17:58 pts/0    00:00:00 ps -ef

博主聲明:本文的內容來源主要來自譽天教育晏威老師,由本人實驗完成操做驗證,須要的博友請聯繫譽天教育(http://www.yutianedu.com/),得到官方贊成或者晏老師(https://www.cnblogs.com/breezey/)本人贊成便可轉載,謝謝!

相關文章
相關標籤/搜索