DOCKER学习_010:Docker的文件系统以及制作镜像
一 文件系统简介
1.1 Linux文件系统
LInux空间组成分为内核空间和用户空间(使用rootfs)
linux文件系统由 bootes和 rootfs组成, bootes主要包含boot1 oader和 kernel, bootloader主要是引导加载 kernel,当 kernel被加载到内存之后 boots就被卸载掉了。 rootfs包含的就是典型1inux系统中的/dev,/proc,/bin,/etc等标准目录
对于docker,只是使用rootfs,因为bootfs是共享的
1.2 docker的base镜像
docker的Base镜像提供的是最小安装的linux发行版
1.3 镜像的分层结构
[root@docker-server3 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
8ec398bc0356: Already exists
465560073b6f: Pull complete
f473f9fd0a8c: Pull complete #镜像的分层
Digest: sha256:b2d89d0a210398b4d1120b3e3a7672c16a4ba09c2c4a0395f18b9f7999b768f2
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
最多不能超过128层,镜像只读,分层
容器就相当于在镜像上加了一个读写层,容器的销毁就是读写层的销毁
读写层的操作,主要基于两种方式:写时复制和用时分配。
dockers的存储驱动查看
[root@docker-server3 ~]# docker info
Client:
Debug Mode: false Server:
Containers:
Running:
Paused:
Stopped:
Images:
Server Version: 19.03.
Storage Driver: overlay2 #存储驱动
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: journald
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.-957.27..el7.x86_64
Operating System: CentOS Linux (Core)
OSType: linux
Architecture: x86_64
CPUs:
Total Memory: .777GiB
Name: docker-server3
ID: YB6S:6D3D:477B:5UMR:IEX2:2PBD:D6BI:GDYI:22MD:GWSX:4TBX:2LLS
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/
Live Restore Enabled: false WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
二 commit制作Docker镜像
2.1 下载基础镜像
[root@docker-server3 ~]# docker pull centos:7
: Pulling from library/centos
ab5ef0e58194: Pull complete
Digest: sha256:4a701376d03f6b39b8c2a8f4a8e499441b0d567f9ab9d58e4991de4472fb813c
Status: Downloaded newer image for centos:
docker.io/library/centos:
[root@docker-server3 ~]# docker run -it centos:7 /bin/bash
[root@20b4b48c4055 /]#
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
20b4b48c4055 centos: "/bin/bash" seconds ago Up seconds admiring_wilbur
[root@20b4b48c4055 /]# ps -ef|grep ssh
2.2 安装一个ssh服务
请参考https://www.cnblogs.com/zyxnhr/p/11809167.html
[root@20b4b48c4055 /]# ps -a
PID TTY TIME CMD
pts/ :: sshd
pts/ :: ps
2.3 修改root密码
[root@20b4b48c4055 /]# echo 123456|passwd --stdin root
2.4 从宿主机连接
[root@docker-server3 ~]# docker inspect 20b4b48c4055 |grep IP
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": ,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"IPAddress": "192.168.0.2",
"IPPrefixLen": ,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "192.168.0.2",
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
[root@docker-server3 ~]# ssh root@192.168.0.2
The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f::e8:5f:ed:3f:6b:dd:3f:cb::ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.2' (ECDSA) to the list of known hosts.
root@192.168.0.2's password:123456
[root@20b4b48c4055 ~]#
连接进入
[root@20b4b48c4055 ~]# ps -a
PID TTY TIME CMD
pts/ :: sshd
pts/ :: ps
[root@20b4b48c4055 ~]# exit
2.5 向容器拷贝文件
[root@docker-server3 ~]# docker cp /etc/sysconfig/network-scripts/ifcfg-ens33 20b4b48c4055:/tmp/
[root@20b4b48c4055 /]# cat /tmp/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="be414379-7791-472c-9a0a-bf732fe9d484"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.132.133
GATEWAY=192.168.132.2
2.6 安装vim
[root@20b4b48c4055 /]# yum -y install vim
2.7 创建镜像
[root@docker-server3 ~]# docker commit -m "install sshd and vim" 20b4b48c4055 openssh:v1.0
sha256:d98ba06569f3ed7c00e1371b71a0ab328bacd57f5717bb4066b425c7b12abc3a
[root@docker-server3 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
openssh v1. d98ba06569f3 seconds ago 361MB
nginx latest f7bb5701a33c days ago 126MB
busybox latest 6d5fcfe5ff17 days ago .22MB
hub.darren.com/library/alpine 3.7 cc0abc535e36 days ago .59MB
centos 5e35e350aded weeks ago 203MB
三 镜像的测试使用修改
3.1 使用刚创建的镜像,起一个容器
[root@docker-server3 ~]# docker run -it -d openssh:v1.0
d865deaee6e83724a76a5eae88d8e356b5fe7416b5a8dbf9e1a9dd077ed7731a
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d865deaee6e8 openssh:v1. "/bin/bash" seconds ago Up seconds sleepy_feistel
20b4b48c4055 centos: "/bin/bash" minutes ago Up minutes admiring_wil
[root@docker-server3 ~]# docker inspect d865deaee6e8|grep IP
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": ,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"IPAddress": "192.168.0.3",
"IPPrefixLen": ,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "192.168.0.3",
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
[root@docker-server3 ~]# docker exec -it d865deaee6e8 /bin/bash
[root@d865deaee6e8 /]# /usr/sbin/sshd -D
3.2 测试连接
[root@docker-server3 ~]# ssh root@192.168.0.3
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f::e8:5f:ed:3f:6b:dd:3f:cb::ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.3' (ECDSA) to the list of known hosts.
root@192.168.0.3's password:123456
3.3 检验容器内容
[root@d865deaee6e8 ~]# cat /tmp/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="be414379-7791-472c-9a0a-bf732fe9d484"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.132.133
GATEWAY=192.168.132.2
[root@d865deaee6e8 ~]# rpm -qa|grep vim
vim-minimal-7.4.-.el7.x86_64
vim-common-7.4.-.el7.x86_64
vim-enhanced-7.4.-.el7.x86_64
vim-filesystem-7.4.-.el7.x86_64
[root@d865deaee6e8 ~]# rpm -qa|grep openssh
openssh-.4p1-.el7.x86_64
openssh-server-.4p1-.el7.x86_64
3.4 修改容器的默认前台进程
容器的默认主进程是PID问1的主进程,所以刚才的镜像在启动后,主进程是/bin/bash
[root@20b4b48c4055 /]# ps -ef
root : pts/ :: /bin/bash
root : pts/ :: /usr/sbin/sshd -D
root : pts/ :: ps -ef
需要再启动之前,使用/usr/sbin/sshd -D 替换/bin/bash
[root@docker-server3 ~]# docker run -it -d openssh:v1.0 /usr/sbin/sshd -D
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
395c705716a5 openssh:v1. "/usr/sbin/sshd -D" seconds ago Up seconds laughing_edison
d865deaee6e8 openssh:v1. "/bin/bash" minutes ago Up minutes sleepy_feistel
20b4b48c4055 centos: "/bin/bash" minutes ago Up minutes admiring_w
[root@docker-server3 ~]# docker inspect 395c705716a5|grep IP
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": ,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"IPAddress": "192.168.0.4",
"IPPrefixLen": ,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "192.168.0.4",
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
[root@docker-server3 ~]# ssh root@192.168.0.4
The authenticity of host '192.168.0.4 (192.168.0.4)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f::e8:5f:ed:3f:6b:dd:3f:cb::ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.4' (ECDSA) to the list of known hosts.
root@192.168.0.4's password:
Last login: Tue Dec :: from gateway
[root@395c705716a5 ~]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 17:41 pts/0 00:00:00 /usr/sbin/sshd -D
root : ? :: sshd: root@pts/
root : pts/ :: -bash
root : pts/ :: ps -ef
3.5 修改镜像
因为这个容器的PID为1的进程是/usr/sbin/sshd -D,在这个容器的基础上,制作一个新的镜像,让这个镜像的容器的默认前台进程为/usr/sbin/sshd -D
[root@docker-server3 ~]# docker commit -m "new default front process" 395c705716a5 openssh:v1.2
[root@docker-server3 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
openssh v1. c399a750ed03 seconds ago 361MB
openssh v1. d98ba06569f3 minutes ago 361MB
nginx latest f7bb5701a33c days ago 126MB
busybox latest 6d5fcfe5ff17 days ago .22MB
hub.darren.com/library/alpine 3.7 cc0abc535e36 days ago .59MB
centos
3.7 测试检验
[root@docker-server3 ~]# docker run -d openssh:v1.2
08359e84c3a1f1cfe3742ba9a2348719ca9818e3d56c5817fbde70c31e27f714
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
08359e84c3a1 openssh:v1. "/usr/sbin/sshd -D" seconds ago Up seconds intelligent_williams
395c705716a5 openssh:v1. "/usr/sbin/sshd -D" minutes ago Up minutes laughing_edison
d865deaee6e8 openssh:v1. "/bin/bash" minutes ago Up minutes sleepy_feistel
20b4b48c4055 centos: "/bin/bash" minutes ago Up minutes admiring_wilbur
[root@docker-server3 ~]# docker inspect 08359e84c3a1|grep IP
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": ,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"IPAddress": "192.168.0.5",
"IPPrefixLen": ,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "192.168.0.5",
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
[root@docker-server3 ~]# ssh root@192.168.0.5
The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f::e8:5f:ed:3f:6b:dd:3f:cb::ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.5' (ECDSA) to the list of known hosts.
root@192.168.0.5's password:
Last login: Tue Dec :: from gateway
[root@08359e84c3a1 ~]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root : ? :: /usr/sbin/sshd -D
root : ? :: sshd: root@pts/
root : pts/ :: -bash
root : pts/ :: ps -ef
博主声明:本文的内容来源主要来自誉天教育晏威老师,由本人实验完成操作验证,需要的博友请联系誉天教育(http://www.yutianedu.com/),获得官方同意或者晏老师(https://www.cnblogs.com/breezey/)本人同意即可转载,谢谢!
DOCKER学习_010:Docker的文件系统以及制作镜像的更多相关文章
- Docker学习之Docker容器基本使用
Docker学习之Docker容器基本使用 新建容器并启动 命令格式:docker run --options repository:tag 后台运行 命令格式:-d 已存在的容器相关操作 启动:do ...
- Docker学习之Docker镜像基本使用
Docker学习之Docker镜像基本使用 获取镜像 命令格式:docker pull [选项] [Docker Registry 地址[:端口号]/]仓库名[:标签] 例如: docker pull ...
- Docker学习笔记 — Docker私有仓库搭建
Docker学习笔记 — Docker私有仓库搭建 目录(?)[-] 环境准备 搭建私有仓库 测试 管理仓库中的镜像 查询 删除 Registry V2 和Mavan的管理一样,Dockers ...
- Docker学习(六)Dockerfile构建自定义镜像
Docker学习(六)Dockerfile构建自定义镜像 前言 通过前面一篇文章可以知道怎么去使用一个镜像搭建服务,但是,如何构造自己的一个镜像呢,docker提供了dockerfile可以让我们自己 ...
- Docker 学习3 Docker镜像管理基础
一.docker 常用操作及原理 1.docker 常用操作 2.docker 机制 1.docker client端是通过http或者https与server端通信的.个 2.docker 镜像可以 ...
- Docker学习笔记 - Docker部署nginx网站
一.制作 nginx 镜像 1.下载配置文件 mkdir /opt/nginx_docker && cd /opt/nginx_docker mkdir nginx && ...
- Docker学习笔记 - Docker容器内部署redis
Docker学习笔记(2-4)Docker应用实验-redist server 和client的安装使用 一.获取redis容器(含客户端和服务端) 二.创建服务端容器 1.在终端A中运行redis- ...
- Docker学习笔记 - Docker的基本概念
一.cs架构 Docker客户端:本地或远程 Docker服务端:守护进程Docker Daemon 二.基本概念 Docker镜像:打包阶段,层叠的只读文件系统,引导->root(ubuntu ...
- Docker学习笔记 - Docker的守护进程
学习目标: 查看Docker守护进程的运行状态 启动.停止.重启Docker守护进程 Docker守护进程的启动选项 修改和查看Docker守护进程的启动选项 1.# 查看docker运行状态 方 ...
随机推荐
- Android横竖屏切换和灭屏亮屏时Activity的生命周期探究(1)
研究这个问题的初衷在于项目中碰到了一个问题:横屏的时候灭屏再亮屏,亮屏的时候用户能够清晰的看到先启动竖屏(过程1)再切换到横屏的过程,因为灭屏的时候onSaveInstanceState()保存的时横 ...
- Laravel5.1 实现第三方登录认证教程之 - 微信登录
https://laravel-china.org/topics/2451/laravel51-implementation-of-the-third-party-login-authenticati ...
- [\s\S]*?懒惰模式特殊情形
通常理解[\s\S]*?X (X代表任意指定字符) 表示匹配任何字符的懒惰模式,一旦遇到后面出现的X便停止匹配,但实际不是如此,会尽可能的把后面的内容也匹配进去.如: 表达式 <tr[\s\S] ...
- oracle WHERE子句中的连接顺序
ORACLE采用自下而上的顺序解析WHERE子句,根据这个原理,表之间的连接必须写在其他WHERE条件之前, 那些可以过滤掉最大数量记录的条件必须写在WHERE子句的末尾. 例如: (低效,执行时间1 ...
- 认识一下ES6的Reflect和Proxy
Reflect Reflect要替代Object的很多方法, 将Object对象一些明显属于言内部的方法放到了Reflect对象上,有13个方法 Reflect.apply(target, thisA ...
- gradle在build的时候找不到某个jar包的解决办法
前几天公司来新人, 我给他装项目环境的时候遇到一个问题, 在执行gradle build时遇到一系列的错误, 我一个个分析并解决了, 特此记录, 以供他人参考. 一, 首先遇到了找不到spring-b ...
- H3C ISDN BRI和PRI
- set_time_limit(0)是什么意思?
语法 : void set_time_limit (int seconds) 说明 : 设定一个程式所允许执行的秒数,如果到达限制的时间,程式将会传回错误.它预设的限制时间是30秒,max_execu ...
- Group_concat介绍与例子
进公司做的第一个项目就是做一个订单追踪查询,里里外外连接了十一个表,作为公司菜鸡的我麻了爪. 其中有一个需求就是对于多行的数据在一行显示,原谅我才疏学浅 无奈下找到了项目组长 在那学来了这个利器 ( ...
- v-for(:key)绑定index、id、key的区别
Vue 2.0 v-for 响应式key, index及item.id参数对v-bind:key值造成差异研究 在github上阅览README.md以获得最佳阅读体验,点这里 v-for响应式key ...