Docker映象管理基礎
Docker映象分層技術
Docker映象管理
1.映象分層技術
2.建立映象
3.下載映象到主機
4.刪除映象
5.上傳映象到registry
docker映象:
早在集裝箱沒有出現的時候,碼頭上還有許多搬運的工人在搬運貨物,在集裝箱出現以後,碼頭上看到更多的不是工人,而且集裝箱的搬運模式更加單一,更加高效,還有其他的好處,比如:貨物多打包在集裝箱裡面,可以防止貨物之前相互影響。並且到了另外一個碼頭需要轉運的話,有了在集裝箱以後,直接把它運送到另一個容器內即可,完全可以保證裡面的貨物是整體的搬遷,並且不會損壞貨物本身。那麼docker 映象在IT行業中也扮演著非常重要的形象。
什麼是docker 映象
就是把業務程式碼,可執行環境進行整體的打包
如何建立docker映象:
現在docker官方公有倉庫裡面有大量的映象,所以最基礎的映象,我們可以在公有倉庫直接拉取,因為這些映象都是原廠維護,可以得到及時的更新和修護。
Dockerfile:
我們如果想去定製這些映象,我們可以去編寫Dockerfile,然後重新bulid,最後把它打包成一個映象,這種方式是最為推薦的方式包括我們以後去企業當中去實踐應用的時候也是推薦這種方式。
Commit :
當然還有另外一種方式,就是通過映象啟動一個容器,然後進行操作,最終通過commit這個命令commit一個映象,但是不推薦這種方式,雖然說通過commit這個命令像是操作虛擬機器的模式,但是容器畢竟是容器,它不是虛擬機器,所以大家還是要去適應用Dockerfile去定製這些映象這種習慣。
映象的概念主要就是把把執行環境和業務程式碼進行映象的打包,我們這個課重點是瞭解映象的分層技術,我們先來看一個Ubuntu系統的映象。
我們看見映象可以分層很多個layer,並且他們都有大小和ID,我們可以看到這裡有4個layer ID號,最終這個映象是由他們layer組合而成,並且這個映象它是隻讀的,它不能往裡面寫資料,如果想寫資料怎麼辦呢?我們會在映象上啟一層contain layer,其實就是相當於把映象啟動成一個容器,那麼在容器這一層,我們是可寫的。
比如我們想在Ubuntu這個系統上加一層,只能在上面繼續疊加,這些工作其實都是由cow,寫字型檔下的機制來實現的。
子映象
下載的時候只會下載子映象最上面的一層,因為其它層已經有了,那麼它可以起到一個節約空間的作用。
父映象
最為典型的就是映象的分層技術——aufs
Aufs是Another Union File System的縮寫,支援將多個目錄掛載到同一個虛擬目錄下。
已構建的映象會設定成只讀模式,read-write寫操作是在read-only上的一種增量操作,固不影響read-only層。
這個研究有一個好處,比如我們現在可以看到手機裡面的APP,在命令裡面都會用APP欄位下回來,在下回來之前它就是一個靜態的,我們沒有往裡面寫東西,但是我們啟動起來以後,我們就可以往裡面寫東西,進行各種各樣的操作。但是如果我們把它關掉了以後,或者刪除了以後,它的這個映象是存在遠端的,所以在這個映象裡面是不會去修改的。並且這樣也會有一個非常好的地方,這個場景非常適合我們去實現測試環境,因為我們的測試環境經常會有一個操作就是灌資料,我們可以提前把這個映象資料打包到測試裡面,那麼這個映象軟體裡面包含了,最上面是nginx,比如它裡面會有一些資料,我們可以在往上面打一層資料,打完之後把它起成一個容器就可以去測試,測試完之後這個容器裡面會生成各種各樣的資料,也就是髒資料,這樣的話,我們就可以把這個容器刪掉,刪掉以後我們映象裡面的容器是不會受影響的。如果說它想再建立一套,我們可以把這個映象再啟一個容器,就可以是一個一模一樣的,並且是一個乾淨的環境。
上述轉載於:http://www.maiziedu.com/wiki/cloud/dockerupload/
Docker Registry分類
Registry用於儲存docker映象,包括映象的層次結構和元資料
使用者有可自建Registry,也可使用官方的Docker Hub
分類
Sponsor Registry: 第三方的registry,供客戶和Docker社群使用
Mirror Registry: 第三方的registry,只讓客戶使用
Vendor Registry: 由釋出Docker映象的供應商提供的registry
Private Registry: 通過設有防火牆和額外的安全層的私有實體提供的registry
Registry(repository and index)
Docker Regist
Docker Hub
下載映象
此次下載映象站點:https://quay.io
下載映象:flannel
檢視映象
映象相關的操作
基於容器製作映象
[[email protected] ~]# docker run --name b1 -it busybox
/ # ls /
bin dev etc home proc root sys tmp usr var
/ # mkdir -p /data/html
/ # vi /data/html/index.html
/ # cat /data/html/index.html
<h1> Busybox httpd server.</h1>
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 59788edf1f3e 3 weeks ago 1.15MB
[[email protected] ~]# docker commit -h //製作映象
-a, --author string Author (e.g., "John Hannibal Smith <[email protected]>")
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
[[email protected] ~]# docker commit -p b1 //製作完成
sha256:8845554479c155727900149ea8e988423421a83292f919fbed71d1d05c9627ae
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 8845554479c1 4 seconds ago 1.15MB
[[email protected] ~]# docker tag --help //打標籤
Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
[[email protected] ~]# docker tag 8845554479c1 zisefeizhu/httpd:v0.1-1
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.1-1 8845554479c1 About a minute ago 1.15MB
[[email protected] ~]# docker tag zisefeizhu/httpd:v0.1-1 zhujingxing/httpd:latest //還可以根據已有標籤再做,相當於硬連結
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zhujingxing/httpd latest 8845554479c1 2 minutes ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 2 minutes ago 1.15MB
[[email protected] ~]# docker image rm zhujingxing/httpd:latest //刪除映象
Untagged: zhujingxing/httpd:latest
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.1-1 8845554479c1 4 minutes ago 1.15MB
[[email protected] ~]# docker tag zisefeizhu/httpd:v0.1-1 zhujingxing/httpd:latest
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zhujingxing/httpd latest 8845554479c1 4 minutes ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 4 minutes ago 1.15MB
[[email protected] ~]# docker inspect busybox
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"sh\"]"
],
//啟動映象預設執行的命令
[[email protected] ~]# docker inspect nginx:1.14-alpine
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
[[email protected] ~]# docker inspect zisefeizhu/httpd:v0.1-1
"Cmd": [
"sh"
],
[[email protected] ~]# docker run --name t1 -it zisefeizhu/httpd:v0.1-1
/ # ls /
bin data dev etc home proc root sys tmp usr var
/ # cat /data/html/index.html
<h1> Busybox httpd server.</h1>
//修改原有預設執行的命令
[[email protected] ~]# docker commit -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Create a new image from a container's changes
Options:
-a, --author string Author (e.g., "John Hannibal Smith <[email protected]>")
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
[[email protected] ~]# docker commit -a "zisefeizhu <[email protected]>" -c 'CMD ["/bin/httpd","-f","-h","/data/html"]' -p b1 zisefeizhu/httpd:v0.2
sha256:7a7ec147af347119f298e7fee394a2fb4550f2f464bf54e572cecb27afab7989
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.2 7a7ec147af34 4 seconds ago 1.15MB
zhujingxing/httpd latest 8845554479c1 5 hours ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 5 hours ago 1.15MB
[[email protected] ~]# docker run --name t2 zisefeizhu/httpd:v0.2
[[email protected] ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
99383dc328f6 zisefeizhu/httpd:v0.2 "/bin/httpd -f -h /d…" 10 seconds ago Up 9 seconds t2
585a259d5bae busybox "sh" 5 hours ago Up 7 minutes b1
[[email protected] ~]# docker inspect t2
"Cmd": [
"/bin/httpd",
"-f",
"-h",
"/data/html"
],
"IPAddress": "172.17.0.3",
[[email protected] ~]# curl 172.17.0.3
<h1> Busybox httpd server.</h1>
共享映象
推到Docker Hub 上
[[email protected] ~]# docker login -u zisefeizhu
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[[email protected] ~]# docker push zisefeizhu/httpd
The push refers to repository [docker.io/zisefeizhu/httpd]
推到阿里雲上
阿里雲:https://cr.console.aliyun.com/cn-qingdao/mirrors
映象加速: 阿里雲映象加速有詳細使用方法
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{ "registry-mirrors": ["https://llpuz83z.mirror.aliyuncs.com"] }
systemctl daemon-reload
systemctl restart docker
操作指南里有詳解
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.2 7a7ec147af34 28 minutes ago 1.15MB
zhujingxing/httpd latest 8845554479c1 5 hours ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 5 hours ago 1.15MB
[[email protected] ~]# docker tag zisefeizhu/httpd:v0.2 registry.cn-qingdao.aliyuncs.com/zisefeizhu/httpd:v0.2
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.2 7a7ec147af34 29 minutes ago 1.15MB
registry.cn-qingdao.aliyuncs.com/zisefeizhu/httpd v0.2 7a7ec147af34 29 minutes ago 1.15MB
zhujingxing/httpd latest 8845554479c1 5 hours ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 5 hours ago 1.15MB
[[email protected] ~]# docker logout
Removing login credentials for https://index.docker.io/v1/
[[email protected] ~]# docker login --username=zisefeizhu registry.cn-qingdao.aliyuncs.com
Password: //此出的密碼是您單獨設定的密碼
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[[email protected] ~]# docker push registry.cn-qingdao.aliyuncs.com/zisefeizhu/httpd:v0.2
The push refers to repository [registry.cn-qingdao.aliyuncs.com/zisefeizhu/httpd]
21dd534cb929: Pushed
8a788232037e: Pushed
v0.2: digest: sha256:5e21ef98f8c05f2481b5aea1ff7d7569bc512520c05a1051d9af4f1bc8c80d9e size: 734
映象的匯入和匯出
[[email protected] ~]# docker save --help //save 儲存打包檔案,映象匯入
Usage: docker save [OPTIONS] IMAGE [IMAGE...]
Save one or more images to a tar archive (streamed to STDOUT by default)
Options:
-o, --output string Write to a file, instead of STDOUT
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.2 7a7ec147af34 36 minutes ago 1.15MB
registry.cn-qingdao.aliyuncs.com/zisefeizhu/httpd v0.2 7a7ec147af34 36 minutes ago 1.15MB
zhujingxing/httpd latest 8845554479c1 6 hours ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 6 hours ago 1.15MB
[[email protected] ~]# docker save -o myimages.gz zisefeizhu/httpd:v0.1-1 zisefeizhu/httpd:v0.2
[[email protected] ~]# ls
64F}O]`Y)AND)}NTYBWIH8B.png bootime.avg myimages.gz
anaconda-ks.cfg bootime.svg ystemd-analyze plot >bootime.avg
[[email protected] ~]# scp myimages.gz 10.0.0.220:/root/
The authenticity of host '10.0.0.220 (10.0.0.220)' can't be established.
ECDSA key fingerprint is SHA256:2RnaJ3JTvB2b5DS4AeWaSlE8Sbh5VJleZFovpaCM6s0.
ECDSA key fingerprint is MD5:93:71:83:c1:20:46:d2:36:bb:67:2f:c7:dc:77:9d:83.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.220' (ECDSA) to the list of known hosts.
[email protected]'s password:
myimages.gz 100% 1367KB 10.8MB/s 00:00
[[email protected] ~]# cd /etc/yum.repos.d/
[[email protected] yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo docker-ce.repo.cp
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo docker-ce.repo epel.repo
[[email protected] yum.repos.d]# scp docker-ce.repo 10.0.0.220:/etc/yum.repos.d/
[email protected]'s password:
docker-ce.repo 100% 2880 25.0KB/s 00:00
[[email protected] yum.repos.d]# scp /etc/docker/daemon.json 10.0.0.220:/etc/docker/
[email protected]'s password:
daemon.json 100% 100 43.1KB/s 00:00
[[email protected] ~]# yum install docker-ce
[[email protected] ~]# systemctl start docker.service
[[email protected] ~]# docker info
Registry Mirrors: //兩個加速器了
https://llpuz83z.mirror.aliyuncs.com/
https://registry.docker-cn.com/
[[email protected] ~]# docker load --help //映象匯出
[[email protected] ~]# docker load -i myimages.gz
8a788232037e: Loading layer 1.37MB/1.37MB
21dd534cb929: Loading layer 5.12kB/5.12kB
Loaded image: zisefeizhu/httpd:v0.2
37fad082c85f: Loading layer 5.12kB/5.12kB
Loaded image: zisefeizhu/httpd:v0.1-1
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.2 7a7ec147af34 About an hour ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 6 hours ago 1.15MB
