Aufs
aufs全称advanced multi-layered unification filesystem,中文为高级多层统一(联合)文件系统。
用于为Linux文件系统实现"联合挂载"。
Aufs是之前UnionFS的重新实现,2006年由Junjiro Okajima(日本人)开发。
Docker最初使用aufs作为容器文件系统层,它目前仍作为存除后端之一来支持。
aufs的竞争产品是OverlayFS,后者自从3.18版本开始被合并到Linux内核。
Docker的分层镜像除了aufs,还支持btrfs、devicemapper(dm)和vfs等。在Ubuntu系统上默认是aufs,在CentOS 7系统上默认是devicemapper。
Docker Registry
启动容器时,Docker daemon会试图以本地获取相关的镜像,本地镜像不存在时,将从Registry中下载该镜像并保存到本地。
Registry用于保存Docker镜像,包括镜像的层次结构和元数据。
用户可自建Registry,也可以使用官方的Docker Hub。
Sponsor Registry:第三方的registry,供客户和Docker社区使用。
Mirror Registry:第三方的registry,只让客户使用。
Vendor Registry:由发布Docker镜像的供应商提供的registry。
Private Registry:通过没有防火墙和额外的安全层的私有实体提供的registry。
pull镜像
[root@localhost ~]# docker pull -h Flag shorthand -h has been deprecated, please use --help Usage: docker pull [OPTIONS] NAME[:TAG|@DIGEST] Pull an image or a repository from a registry Options: -a, --all-tags Download all tagged images in the repository --disable-content-trust Skip image verification (default true) --platform string Set platform if server is multi-platform capable -q, --quiet Suppress verbose output
puch镜像
[root@localhost ~]# docker push -h Flag shorthand -h has been deprecated, please use --help Usage: docker push [OPTIONS] NAME[:TAG] Push an image or a repository to a registry Options: --disable-content-trust Skip image signing (default true)
基于容器制作镜像
在busybox容器上配置httpd的首页,再制作成镜像:
1. 配置httpd的首页
[root@localhost ~]# docker run --name b1_web -it busybox WARNING: IPv4 forwarding is disabled. Networking will not work. / # mkdir -p /data/html / # vi /data/html/index.html / # cat /data/html/index.htmlbusybox httpd server
/ # #不能退出喔,退出刚做的配置就不见了
2. 再开一个终端来基于刚刚配置好的容器做镜像
[root@localhost ~]# docker commit -p b1_web #-p表示暂停镜像,这样可以确保镜像的完整性 sha256:e85c75f6a3bfc08576524ed3654a2144b72cdf76d1395ddbbfef437d859ed78a [root@localhost ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZEe85c75f6a3bf 6 seconds ago 1.22MB #这就是制作的镜像 busybox latest c7c37e472d31 5 days ago 1.22MB
3. 可以将制作的镜像打标签,以方便往后使用 (提示:可以在制作时就直接打标签→docker commit -p b1_web test/busybox/httpd:v0.1-1)
[root@localhost ~]# docker tag e85c75f6a3bf test/busybox/httpd:v0.1-1 [root@localhost ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE test/busybox/httpd v0.1-1 e85c75f6a3bf 8 minutes ago 1.22MB busybox latest c7c37e472d31 5 days ago 1.22MB quay.io/coreos/flannel v0.12.0-arm64 7cf4a417daaa 3 months ago 53.6MB
4. 一个镜像可以打多个标签,但一个标签只属于一个镜像
[root@localhost ~]# docker tag e85c75f6a3bf test/busybox/httpd:latest [root@localhost ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE test/busybox/httpd latest e85c75f6a3bf 13 minutes ago 1.22MB test/busybox/httpd v0.1-1 e85c75f6a3bf 13 minutes ago 1.22MB busybox latest c7c37e472d31 5 days ago 1.22MB
5. 若要制作的镜像不要默认执行命令是sh而是httpd的话,加上-c (提示:执行docker inspect busybox | grep -A 5 Cmd可以看默认运行的CMD)
[root@localhost ~]# docker commit -a "" -c 'CMD ["/bin/httpd","-f","-h","/data/html"]' -p b1_web test/busybox/httpd:v0.1-2 #-a是设定作者,-c是改变默认运行的CMD sha256:03faa1b4d4bcc2a4a19145d146d8964ac3636ac9ea0d65d559cd5f3c02e077bb [root@localhost ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE test/busybox/httpd v0.1-2 03faa1b4d4bc 32 seconds ago 1.22MB test/busybox/httpd latest e85c75f6a3bf 3 hours ago 1.22MB test/busybox/httpd v0.1-1 e85c75f6a3bf 3 hours ago 1.22MB busybox latest c7c37e472d31 5 days ago 1.22MB
8. 使用test/busybox/httpd:v0.1-2镜像创建容器
[root@localhost ~]# docker run --name t1 test/busybox/httpd:v0.1-2 WARNING: IPv4 forwarding is disabled. Networking will not work. #httpd运行在前台了,如果要让其运行在后台则加-d
9. 另开终端执行docker container ls可以看到t1的COMMAND运行的是/bin/httpd -f -h /d...,而不是sh了
[root@localhost ~]# docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ac69f548637d test/busybox/httpd:v0.1-2 "/bin/httpd -f -h /d…" 4 minutes ago Up 4 minutes t1 c9c7298bb3fb busybox "sh" 3 hours ago Up 3 hours b1_web
10. 另开终端访问t1 (提示:t1的ip可以使用docker inspect t1来查看)
[root@localhost ~]# curl 172.17.0.3 #t1的ip可以使用docker inspect t1来查看busybox httpd server
镜像的导入和导出
1. 导出
[root@localhost ~]# docker save -h Flag shorthand -h has been deprecated, please use --help Usage: docker save [OPTIONS] IMAGE [IMAGE...] Save one or more images to a tar archive (streamed to STDOUT by default) Options: -o, --output string Write to a file, instead of STDOUT
[root@localhost ~]# docker save -o myimages.gz test/busybox/httpd:v0.1-1 test/busybox/httpd:v0.1-2 [root@localhost ~]# ls anaconda-ks.cfg myimages.gz
2. 导入
[root@localhost ~]# docker load -h Flag shorthand -h has been deprecated, please use --help Usage: docker load [OPTIONS] Load an image from a tar archive or STDIN Options: -i, --input string Read from tar archive file, instead of STDIN -q, --quiet Suppress the load output
[root@localhost ~]# ls anaconda-ks.cfg myimages.gz [root@localhost ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE [root@localhost ~]# docker load -i myimages.gz 50761fe126b6: Loading layer [==================================================>] 1.442MB/1.442MB a32c30a48289: Loading layer [==================================================>] 5.12kB/5.12kB Loaded image: test/busybox/httpd:v0.1-1 Loaded image: test/busybox/httpd:v0.1-2 [root@localhost ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE test/busybox/httpd v0.1-2 03faa1b4d4bc 54 minutes ago 1.22MB test/busybox/httpd v0.1-1 e85c75f6a3bf 4 hours ago 1.22MB