DOCKER学习_010:Docker的文件系统以及制作镜像

一 文件系统简介

1.1 Linux文件系统

LInux空间组成分为内核空间和用户空间(使用rootfs)

linux文件系统由 bootes和 rootfs组成, bootes主要包含boot1 oader和 kernel, bootloader主要是引导加载 kernel,当 kernel被加载到内存之后 boots就被卸载掉了。 rootfs包含的就是典型1inux系统中的/dev,/proc,/bin,/etc等标准目录

DOCKER学习_010:Docker的文件系统以及制作镜像_第1张图片

对于docker,只是使用rootfs,因为bootfs是共享的

1.2 docker的base镜像

docker的Base镜像提供的是最小安装的linux发行版

DOCKER学习_010:Docker的文件系统以及制作镜像_第2张图片

1.3 镜像的分层结构

 DOCKER学习_010:Docker的文件系统以及制作镜像_第3张图片

[root@docker-server3 ~]# docker pull nginx

Using default tag: latest
latest: Pulling from library/nginx
8ec398bc0356: Already exists 
465560073b6f: Pull complete 
f473f9fd0a8c: Pull complete                     #镜像的分层
Digest: sha256:b2d89d0a210398b4d1120b3e3a7672c16a4ba09c2c4a0395f18b9f7999b768f2
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest

最多不能超过128层,镜像只读,分层

容器就相当于在镜像上加了一个读写层,容器的销毁就是读写层的销毁

读写层的操作,主要基于两种方式:写时复制和用时分配。

dockers的存储驱动查看

[root@docker-server3 ~]# docker info

Client:
 Debug Mode: false

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 3
 Server Version: 19.03.4
 Storage Driver: overlay2      #存储驱动
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: journald
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-957.27.2.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 1.777GiB
 Name: docker-server3
 ID: YB6S:6D3D:477B:5UMR:IEX2:2PBD:D6BI:GDYI:22MD:GWSX:4TBX:2LLS
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface

二 commit制作Docker镜像

2.1 下载基础镜像

[root@docker-server3 ~]# docker pull centos:7

7: Pulling from library/centos
ab5ef0e58194: Pull complete 
Digest: sha256:4a701376d03f6b39b8c2a8f4a8e499441b0d567f9ab9d58e4991de4472fb813c
Status: Downloaded newer image for centos:7
docker.io/library/centos:7

[root@docker-server3 ~]# docker run -it centos:7 /bin/bash

[root@20b4b48c4055 /]#

[root@docker-server3 ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
20b4b48c4055        centos:7            "/bin/bash"         21 seconds ago      Up 20 seconds                           admiring_wilbur

[root@20b4b48c4055 /]# ps -ef|grep ssh

2.2 安装一个ssh服务

请参考https://www.cnblogs.com/zyxnhr/p/11809167.html

[root@20b4b48c4055 /]# ps -a

   PID TTY          TIME CMD
    84 pts/0    00:00:00 sshd
    85 pts/0    00:00:00 ps

2.3 修改root密码

[root@20b4b48c4055 /]# echo 123456|passwd --stdin root

2.4 从宿主机连接

[root@docker-server3 ~]# docker inspect 20b4b48c4055 |grep IP

"LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "192.168.0.2",
            "IPPrefixLen": 24,
            "IPv6Gateway": "",
                    "IPAMConfig": null,
                    "IPAddress": "192.168.0.2",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,

[root@docker-server3 ~]# ssh [email protected]

The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.2' (ECDSA) to the list of known hosts.
root@192.168.0.2's password:123456

[root@20b4b48c4055 ~]# 

连接进入

[root@20b4b48c4055 ~]# ps -a
   PID TTY          TIME CMD
    84 pts/0    00:00:00 sshd
   104 pts/1    00:00:00 ps
[root@20b4b48c4055 ~]# exit

2.5 向容器拷贝文件

[root@docker-server3 ~]# docker cp /etc/sysconfig/network-scripts/ifcfg-ens33 20b4b48c4055:/tmp/

[root@20b4b48c4055 /]# cat /tmp/ifcfg-ens33

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="be414379-7791-472c-9a0a-bf732fe9d484"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.132.133
GATEWAY=192.168.132.2

2.6 安装vim

[root@20b4b48c4055 /]# yum -y install vim

2.7 创建镜像

[root@docker-server3 ~]# docker commit -m "install sshd and vim" 20b4b48c4055 openssh:v1.0

sha256:d98ba06569f3ed7c00e1371b71a0ab328bacd57f5717bb4066b425c7b12abc3a

[root@docker-server3 ~]# docker image ls

REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
openssh                         v1.0                d98ba06569f3        32 seconds ago      361MB
nginx                           latest              f7bb5701a33c        3 days ago          126MB
busybox                         latest              6d5fcfe5ff17        4 days ago          1.22MB
hub.darren.com/library/alpine   3.7                 cc0abc535e36        6 days ago          5.59MB
centos                          7                   5e35e350aded        7 weeks ago         203MB

三 镜像的测试使用修改

3.1 使用刚创建的镜像,起一个容器

[root@docker-server3 ~]# docker run -it -d openssh:v1.0 

d865deaee6e83724a76a5eae88d8e356b5fe7416b5a8dbf9e1a9dd077ed7731a

[root@docker-server3 ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
d865deaee6e8        openssh:v1.0        "/bin/bash"         26 seconds ago      Up 25 seconds                           sleepy_feistel
20b4b48c4055        centos:7            "/bin/bash"         31 minutes ago      Up 31 minutes                           admiring_wil

[root@docker-server3 ~]# docker inspect d865deaee6e8|grep IP

"LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "192.168.0.3",
            "IPPrefixLen": 24,
            "IPv6Gateway": "",
                    "IPAMConfig": null,
                    "IPAddress": "192.168.0.3",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,

[root@docker-server3 ~]# docker exec -it d865deaee6e8 /bin/bash

[root@d865deaee6e8 /]# /usr/sbin/sshd -D

3.2 测试连接

[root@docker-server3 ~]# ssh [email protected]

The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.3' (ECDSA) to the list of known hosts.
root@192.168.0.3's password:123456

3.3 检验容器内容

[root@d865deaee6e8 ~]# cat /tmp/ifcfg-ens33 

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="be414379-7791-472c-9a0a-bf732fe9d484"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.132.133
GATEWAY=192.168.132.2

[root@d865deaee6e8 ~]# rpm -qa|grep vim

vim-minimal-7.4.629-6.el7.x86_64
vim-common-7.4.629-6.el7.x86_64
vim-enhanced-7.4.629-6.el7.x86_64
vim-filesystem-7.4.629-6.el7.x86_64

[root@d865deaee6e8 ~]# rpm -qa|grep openssh

openssh-7.4p1-21.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64

3.4 修改容器的默认前台进程

容器的默认主进程是PID问1的主进程,所以刚才的镜像在启动后,主进程是/bin/bash

[root@20b4b48c4055 /]# ps -ef 

root          1      0  0 16:58 pts/0    00:00:00 /bin/bash
root         84      1  0 17:05 pts/0    00:00:00 /usr/sbin/sshd -D
root        122      1  0 17:37 pts/0    00:00:00 ps -ef

需要再启动之前,使用/usr/sbin/sshd -D 替换/bin/bash

[root@docker-server3 ~]# docker run -it -d openssh:v1.0 /usr/sbin/sshd -D

[root@docker-server3 ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS              PORTS               NAMES
395c705716a5        openssh:v1.0        "/usr/sbin/sshd -D"   15 seconds ago      Up 14 seconds                           laughing_edison
d865deaee6e8        openssh:v1.0        "/bin/bash"           12 minutes ago      Up 12 minutes                           sleepy_feistel
20b4b48c4055        centos:7            "/bin/bash"           43 minutes ago      Up 43 minutes                           admiring_w

[root@docker-server3 ~]# docker inspect 395c705716a5|grep IP

            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "192.168.0.4",
            "IPPrefixLen": 24,
            "IPv6Gateway": "",
                    "IPAMConfig": null,
                    "IPAddress": "192.168.0.4",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,

[root@docker-server3 ~]# ssh [email protected]

The authenticity of host '192.168.0.4 (192.168.0.4)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.4' (ECDSA) to the list of known hosts.
root@192.168.0.4's password: 
Last login: Tue Dec 31 17:09:36 2019 from gateway
[root@395c705716a5 ~]# ps -ef
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 17:41 pts/0    00:00:00 /usr/sbin/sshd -D
root          6      1  0 17:43 ?        00:00:00 sshd: root@pts/1
root          8      6  0 17:43 pts/1    00:00:00 -bash
root         23      8  0 17:43 pts/1    00:00:00 ps -ef

3.5 修改镜像

因为这个容器的PID为1的进程是/usr/sbin/sshd -D,在这个容器的基础上,制作一个新的镜像,让这个镜像的容器的默认前台进程为/usr/sbin/sshd -D

[root@docker-server3 ~]# docker commit -m "new default front process"  395c705716a5 openssh:v1.2

[root@docker-server3 ~]# docker image ls  

REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
openssh                         v1.2                c399a750ed03        9 seconds ago       361MB
openssh                         v1.0                d98ba06569f3        27 minutes ago      361MB
nginx                           latest              f7bb5701a33c        3 days ago          126MB
busybox                         latest              6d5fcfe5ff17        4 days ago          1.22MB
hub.darren.com/library/alpine   3.7                 cc0abc535e36        6 days ago          5.59MB
centos 

3.7 测试检验

[root@docker-server3 ~]# docker run -d openssh:v1.2

08359e84c3a1f1cfe3742ba9a2348719ca9818e3d56c5817fbde70c31e27f714

[root@docker-server3 ~]# docker ps -a

CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS              PORTS               NAMES
08359e84c3a1        openssh:v1.2        "/usr/sbin/sshd -D"   5 seconds ago       Up 4 seconds                            intelligent_williams
395c705716a5        openssh:v1.0        "/usr/sbin/sshd -D"   14 minutes ago      Up 14 minutes                           laughing_edison
d865deaee6e8        openssh:v1.0        "/bin/bash"           26 minutes ago      Up 26 minutes                           sleepy_feistel
20b4b48c4055        centos:7            "/bin/bash"           57 minutes ago      Up 57 minutes                           admiring_wilbur

[root@docker-server3 ~]# docker inspect 08359e84c3a1|grep IP

"LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "192.168.0.5",
            "IPPrefixLen": 24,
            "IPv6Gateway": "",
                    "IPAMConfig": null,
                    "IPAddress": "192.168.0.5",
                    "IPPrefixLen": 24,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,

[root@docker-server3 ~]# ssh [email protected]

The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.5' (ECDSA) to the list of known hosts.
root@192.168.0.5's password: 
Last login: Tue Dec 31 17:43:11 2019 from gateway
[root@08359e84c3a1 ~]# ps -ef
UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 17:55 ?        00:00:00 /usr/sbin/sshd -D
root          6      1  0 17:57 ?        00:00:00 sshd: root@pts/0
root          8      6  0 17:57 pts/0    00:00:00 -bash
root         23      8  0 17:58 pts/0    00:00:00 ps -ef

博主声明:本文的内容来源主要来自誉天教育晏威老师,由本人实验完成操作验证,需要的博友请联系誉天教育(http://www.yutianedu.com/),获得官方同意或者晏老师(https://www.cnblogs.com/breezey/)本人同意即可转载,谢谢!

你可能感兴趣的:(DOCKER学习_010:Docker的文件系统以及制作镜像)