Docker in my eyes (2) Image

Docker installation

For details on how to install docker, please refer to the official website: installation or Chinese guide .
However, I recommend curl to install on linux, because the source in apt-get either does not have docker or the version is lower.

$ sudo apt-get install curl
$ sudo curl -sSL https://get.docker.com/ | sh
$ sudo docker run hello-world

If the last command is successful, it means that docker can run normally.
However, due to the obvious national conditions in China, it is recommended to use the DaoCloud service to install it:

# curl -sSL https://get.daocloud.io/docker | sh

After that, it is best to configure DaoCloud's acceleration service (accelerator), that is, set mirror:

$ echo "DOCKER_OPTS=\"\$DOCKER_OPTS --registry-mirror=http://f9495414.m.daocloud.io\"" | sudo tee -a /etc/default/docker
$ sudo service docker restart

Image command

Image is the cornerstone of docker. For the introduction of commands, you can directly see the official documentation: doc
Common commands are:

$ # 列出所有镜像
$ sudo docker images
$ # pull 新镜像 $ sudo docker pull hello-world $ # tag 一个镜像，tag 对于一个镜像就像引用计数一样 $ sudo docker tag hello-world myname/hello-world $ # push 镜像到 docker hub $ sudo docker push myname/hello-world $ # 在 docker hub 搜索镜像 $ sudo docker search ubuntu $ # 删除一个镜像 $ sudo docker rmi hello-world $ # 删除名字为 <none> 的镜像（可能在构建过程或 pull 过程不成功留下的中间镜像） $ sudo docker images | grep "<none>" | tr -s ' ' | cut -f3 -d " " | sudo parallel docker rmi {}

Image composition

Image is a runnable basic unit, so when we run docker images, what are the images displayed?

Inside the image is a layer-by-layer file system, called Union FS, a union file system, which can mount several layers of directories together to become the same virtual file system. The directory structure of the file system is like the directory structure of ordinary linux, and docker provides a linux virtual environment through these files and the kernel of the host. Each layer of file system is called a layer. The joint file system can set three permissions for each layer of file system, readonly, readwrite and whiteout-able, but in the docker image Each layer of the file system is read-only.

When building an image, starting from a most basic operating system, each construction operation is equivalent to making a layer of modification, adding a layer of file system, layer by layer, and layer by layer. Visibility, which is also easy to understand, is like the upper layer obscures the lower layer. When you use it, you only see a complete whole, and you don't know how many layers there are or what the modifications are made to each layer. The structure looks like this:

From a basic point of view, a typical Linux file system consists of two parts: bootfs and rootfs. bootfs (boot file system) mainly includes bootloader and kernel. Bootloader is mainly used to boot and load the kernel. When the kernel is loaded into the memory, the bootfs will be umount off. rootfs (root file system) contains standard directories and files such as /dev, /proc, /bin, /etc in a typical Linux system. See the figure below, which is the most basic two-layer structure in the docker image:
rootfs

Different linux distributions (such as ubuntu and CentOS) will be different at the rootfs layer, reflecting the differences of distributions:
rootfs

When traditional Linux loads bootfs, it will first set rootfs to read-only, and then change rootfs from read-only to read-write after system self-check, and then we can read and write operations on rootfs. But Docker does not change the read-only of rootfs to read-write after the bootfs self-check, but uses union mount (a mounting mechanism of UnionFS) to load other layers in the image to the previous read- Above the only rootfs layer, each layer is a rootfs structure and is read-only. Therefore, we cannot modify the layer in an existing image! Only when we create a container, that is, instantiate the Docker image, the system will allocate an empty read-write rootfs to save our changes. Changes saved by a layer are incremental, just like git.

Image structure

Suppose we have an image of ubuntu:14.04, then we can save it as a tar file and observe:

➜ ~ sudo docker save -o ubuntu_image.tar ubuntu:14.04
➜  ~  tar -tf ubuntu_image.tar 
428b411c28f0c33e561a95400a729552db578aee0553f87053b96fc0008cca6a/
428b411c28f0c33e561a95400a729552db578aee0553f87053b96fc0008cca6a/VERSION 428b411c28f0c33e561a95400a729552db578aee0553f87053b96fc0008cca6a/json 428b411c28f0c33e561a95400a729552db578aee0553f87053b96fc0008cca6a/layer.tar 435050075b3f881611b0f4c141bb723f38603caacd31a13a185c1a38acfb4ade/ 435050075b3f881611b0f4c141bb723f38603caacd31a13a185c1a38acfb4ade/VERSION 435050075b3f881611b0f4c141bb723f38603caacd31a13a185c1a38acfb4ade/json 435050075b3f881611b0f4c141bb723f38603caacd31a13a185c1a38acfb4ade/layer.tar 6d4946999d4fb403f40e151ecbd13cb866da125431eb1df0cdfd4dc72674e3c6/ 6d4946999d4fb403f40e151ecbd13cb866da125431eb1df0cdfd4dc72674e3c6/VERSION 6d4946999d4fb403f40e151ecbd13cb866da125431eb1df0cdfd4dc72674e3c6/json 6d4946999d4fb403f40e151ecbd13cb866da125431eb1df0cdfd4dc72674e3c6/layer.tar 9fd3c8c9af32dddb1793ccb5f6535e12d735eacae16f8f8c4214f42f33fe3d29/ 9fd3c8c9af32dddb1793ccb5f6535e12d735eacae16f8f8c4214f42f33fe3d29/VERSION 9fd3c8c9af32dddb1793ccb5f6535e12d735eacae16f8f8c4214f42f33fe3d29/json 9fd3c8c9af32dddb1793ccb5f6535e12d735eacae16f8f8c4214f42f33fe3d29/layer.tar repositories

We can see that the image in ubuntu is actually a compressed file with 4 folders, which are actually 4 layers, each layer has a folder, and there is a repositories file. More intuitively, you can unzip it into a folder and view it with the tree command:

➜ ubuntu:14.04 tree 
.
├── 428b411c28f0c33e561a95400a729552db578aee0553f87053b96fc0008cca6a
│   ├── json
│   ├── layer.tar
│   └── VERSION
├── 435050075b3f881611b0f4c141bb723f38603caacd31a13a185c1a38acfb4ade
│   ├── json
│   ├── layer.tar │ └── VERSION ├── 6d4946999d4fb403f40e151ecbd13cb866da125431eb1df0cdfd4dc72674e3c6 │ ├── json │ ├── layer.tar │ └── VERSION ├── 9fd3c8c9af32dddb1793ccb5f6535e12d735eacae16f8f8c4214f42f33fe3d29 │ ├── json │ ├── layer.tar │ └── VERSION └── repositories 4 directories, 13 files

It can be said that the structure of each folder is the same, which means that the organization of each layer is also the same, represented by json, layer.tar, VERSION. Let's first look at the repositories file, which is a JSON definition that saves three pieces of information: image name, tag, and the layer corresponding to the tag (this layer is the summary of the top layer of ubuntu: 14.04).

➜  ~  cat repositories 
{"ubuntu":{"14.04":"6d4946999d4fb403f40e151ecbd13cb866da125431eb1df0cdfd4dc72674e3c6"}}

Enter a certain folder and view the json file, which is a json definition that saves a lot of information, mainly about the configuration information of the mirror. The brief structure is as follows:

the layer of json

And layer.tar is also a packaged file. As you can see below, it is a Linux-like file directory structure, which saves the modifications made by the layer:

➜  435050075b3f881611b0f4c141bb723f38603caacd31a13a185c1a38acfb4ade  tar -tf layer.tar 
etc/
etc/apt/
etc/apt/apt.conf.d/
etc/apt/apt.conf.d/docker-clean etc/apt/apt.conf.d/docker-gzip-indexes etc/apt/apt.conf.d/docker-no-languages etc/dpkg/ etc/dpkg/dpkg.cfg.d/ etc/dpkg/dpkg.cfg.d/docker-apt-speedup sbin/ sbin/initctl sbin/initctl.distrib usr/ usr/sbin/ usr/sbin/policy-rc.d var/ var/lib/ var/lib/dpkg/ var/lib/dpkg/diversions var/lib/dpkg/diversions-old

Finally, it should be noted that layers are shared between mirrors. Between different mirrors, only one copy of the layer with the same abstract is saved, and it is inherited in the form of a tree, which can be docker images -treeviewed with:

➜  ~  sudo docker images -tree                         
Warning: '-tree' is deprecated, it will be removed soon. See usage.
..... #略
├─428b411c28f0 Virtual Size: 188.1 MB │ └─435050075b3f Virtual Size: 188.3 MB │ └─9fd3c8c9af32 Virtual Size: 188.3 MB │ └─6d4946999d4f Virtual Size: 188.3 MB Tags: ubuntu:latest, ubuntu:14.04 │ └─cf73ddbcb12b Virtual Size: 375.1 MB │ └─7cb6f45e653d Virtual Size: 377.6 MB │ └─c624e1a476d0 Virtual Size: 377.6 MB │ └─4b087f2af755 Virtual Size: 389.1 MB │ └─6940f969b4ed Virtual Size: 413.9 MB │ └─1bc2ae3e600b Virtual Size: 414 MB │ └─c35a7b3ee359 Virtual Size: 414 MB │ └─b4696f4e4d61 Virtual Size: 414 MB │ └─7413e661f075 Virtual Size: 414 MB │ └─9a2409206c78 Virtual Size: 414 MB Tags: registry:latest ..... #略

Copyright statement: This article is an original article by the blogger and may not be reproduced without the blogger's permission. https://blog.csdn.net/jcjc918/article/details/46500031