table of Contents
Docker image loading principle
Docker image explanation
What is mirroring?
- Mirror is a lightweight, executable, independent software package used to package the software operating environment and software developed based on the operating environment. It contains all the content required to run a certain software , including code, runtime, library, and environment Variables and configuration files
- All applications can be run directly by directly packaging the docker image.
- So how to get the mirror?
- Download from remote warehouse
- Friend copy
- Make a mirror Dockerfile yourself
Docker image loading principle
UnionFS (Union File System)
The layer upon layer that we saw when downloading is this:
UnionFS (Union File System)
It is a hierarchical, lightweight and high-performance file system . It supports the modification of the file system , which is superimposed layer by layer as a submission . At the same time, different directories can be mounted under the same virtual file system (unite directories into a single virtual filesystem).
UnionFS is the basis of Docker mirroring. The mirroring can be inherited through layers. Based on the basic mirroring (the mirror without the parent mirror), various specific application mirrors can be made
Features Load multiple file systems at the same time , but only one file system can be seen from the outside. Joint loading will superimpose each layer of file systems, so that the final file system will contain all the underlying files and directories
Example: For example, both mysql and tomcat need centos environment. If mysql is installed first, there will be a centos environment. Then install tomcat to share this layer of centos without downloading centos.
Docker image loading principle
Docker's image is actually composed of a layered file system, this layered file system UnionFS.
BootFS (Boot file system) mainly includes bootloader and kernel. Bootloader is mainly the bootloader kernel. When Linux starts, it loads the BootFS file system. The bottom layer of the Docker image is BootFS. This layer is the same as our typical Linux/Unix system, including the boot loader and the kernel. When the boot load is complete, the entire kernel is in the memory. At this time, the right to use the memory has been transferred from BootFS to the kernel. At this time, the system will also unload BootFS.
RootFS (Root File System) , on top of BootFS, includes standard directories and files such as /dev, /proc, /bin, /etc in a typical Linux system. RootFS is a variety of different operating system distributions, such as Ubuntu CentOS and so on.
- Question: Usually the CentOS we install into the virtual machine are several G, why is Docker only 200M here?
- That's because for a streamlined OS, RootFS can be very small, and it only needs to include the most basic commands, tools, and libraries. Because the bottom layer directly uses the Host's kernel, you only need to provide RootFS. This shows that For different Linux distributions, BootFS is basically the same, but RootFS will be different, so different distributions can share BootFS.
- This is why the virtual machine starts at the minute level and the container starts at the second level.
Layered understanding
- Layered mirror
- You can observe the log output when downloading a mirror, you will find that it is downloading layer by layer
- The following first layer already exists, no need to download
- Why does Docker image adopt this layered structure?
- The biggest benefit is resource sharing . For example, if multiple images are built from the same base image, then the host only needs to keep one base image on disk, and only one base image needs to be loaded in the memory, so that it can serve all containers , And each layer of the mirror can be shared.
- We can view the image layering from the docker inspect command
- All Docker images start from a basic image layer. When modification or new content is added, a new image layer will be created on top of the current image layer.
- The first layer image: Create a new image based on Ubuntu Linux 16.04; if you add a Python package to this image, a second image layer will be created on the base image layer; if you continue to add a security patch, a third image layer will be created A mirror layer, as shown below.
- While adding additional mirror layers, the mirror always keeps the current combination of all mirrors. It is very important to understand this. The following figure shows a simple example. Each mirror layer contains 3 files, and the mirror contains two files from 6 files in one mirror layer
- The mirror layer in the above picture is slightly different from the previous picture, the main purpose is to facilitate the display of files.
- The following figure shows a slightly more complicated three-layer image. From the outside, the entire image has only six files. This is because file 7 in the top layer is an updated version of file 5.
- In this case, the files in the upper mirror layer overwrite the files in the lower mirror layer. This allows the updated version of the file to be added to the mirror as a new mirror layer.
- Docker uses a storage engine (the new version adopts a snapshot mechanism) to implement the mirror layer stack, and ensures that multiple mirror layers are externally displayed as a unified file system.
- The storage engines available on Linux are AUFS, OverLay2, Device Mapper, Btrfs, and ZFS. As the name implies, each storage engine is based on the corresponding file system or block device technology in Linux, and each storage engine has its own unique performance characteristics.
- Docker only supports windows filter storage engine on Windows, which implements layering and CoW based on the NTFS file system
- The following figure shows the same three-layer mirror as the system display. All mirror layers are stacked and merged to provide a unified view to the outside.
- Features
- Docker images are read-only . When the container starts , a new writable layer is loaded on top of the image
- This layer is what we usually call the container layer, and all under the container is called the mirror layer
commit mirror
- docker commit submits the container to become a new copy
docker commit -m="提交的描述信息" -a="作者" 容器id 目标镜像名[tag]
- Case:
- Problem : There are no files under the webapps of the tomcat container. The contents of the webapps.dist directory must be copied to the webapps directory each time it is started (cp -r webapps.dist/* webapps/)
- Solution : package a mirror by yourself for later use
docker commit -a="add apps" -m="add webapps app" 3c5af7b82a6c tomcatnew:1.0
- View mirror
- If you want to save the state of the current container, you can submit it through commit to obtain an image . Next time, you can start the container directly with this image, just like a snapshot of a virtual machine.
