DOCKER学习_010:Docker的文件系统以及制作镜像
一 文件系统简介
1.1 Linux文件系统
LInux空间组成分为内核空间和用户空间(使用rootfs)
linux文件系统由 bootes和 rootfs组成, bootes主要包含boot1 oader和 kernel, bootloader主要是引导加载 kernel,当 kernel被加载到内存之后 boots就被卸载掉了。 rootfs包含的就是典型1inux系统中的/dev,/proc,/bin,/etc等标准目录
对于docker,只是使用rootfs,因为bootfs是共享的
1.2 docker的base镜像
docker的Base镜像提供的是最小安装的linux发行版
1.3 镜像的分层结构
[root@docker-server3 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
8ec398bc0356: Already exists
465560073b6f: Pull complete
f473f9fd0a8c: Pull complete #镜像的分层
Digest: sha256:b2d89d0a210398b4d1120b3e3a7672c16a4ba09c2c4a0395f18b9f7999b768f2
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
最多不能超过128层,镜像只读,分层
容器就相当于在镜像上加了一个读写层,容器的销毁就是读写层的销毁
读写层的操作,主要基于两种方式:写时复制和用时分配。
dockers的存储驱动查看
[root@docker-server3 ~]# docker info
Client:
Debug Mode: false Server:
Containers:
Running:
Paused:
Stopped:
Images:
Server Version: 19.03.
Storage Driver: overlay2 #存储驱动
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: journald
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.-957.27..el7.x86_64
Operating System: CentOS Linux (Core)
OSType: linux
Architecture: x86_64
CPUs:
Total Memory: .777GiB
Name: docker-server3
ID: YB6S:6D3D:477B:5UMR:IEX2:2PBD:D6BI:GDYI:22MD:GWSX:4TBX:2LLS
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/
Live Restore Enabled: false WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
二 commit制作Docker镜像
2.1 下载基础镜像
[root@docker-server3 ~]# docker pull centos:7
: Pulling from library/centos
ab5ef0e58194: Pull complete
Digest: sha256:4a701376d03f6b39b8c2a8f4a8e499441b0d567f9ab9d58e4991de4472fb813c
Status: Downloaded newer image for centos:
docker.io/library/centos:
[root@docker-server3 ~]# docker run -it centos:7 /bin/bash
[root@20b4b48c4055 /]#
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
20b4b48c4055 centos: "/bin/bash" seconds ago Up seconds admiring_wilbur
[root@20b4b48c4055 /]# ps -ef|grep ssh
2.2 安装一个ssh服务
请参考https://www.cnblogs.com/zyxnhr/p/11809167.html
[root@20b4b48c4055 /]# ps -a
PID TTY TIME CMD
pts/ :: sshd
pts/ :: ps
2.3 修改root密码
[root@20b4b48c4055 /]# echo 123456|passwd --stdin root
2.4 从宿主机连接
[root@docker-server3 ~]# docker inspect 20b4b48c4055 |grep IP
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": ,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"IPAddress": "192.168.0.2",
"IPPrefixLen": ,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "192.168.0.2",
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
[root@docker-server3 ~]# ssh root@192.168.0.2
The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f::e8:5f:ed:3f:6b:dd:3f:cb::ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.2' (ECDSA) to the list of known hosts.
root@192.168.0.2's password:123456
[root@20b4b48c4055 ~]#
连接进入
[root@20b4b48c4055 ~]# ps -a
PID TTY TIME CMD
pts/ :: sshd
pts/ :: ps
[root@20b4b48c4055 ~]# exit
2.5 向容器拷贝文件
[root@docker-server3 ~]# docker cp /etc/sysconfig/network-scripts/ifcfg-ens33 20b4b48c4055:/tmp/
[root@20b4b48c4055 /]# cat /tmp/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="be414379-7791-472c-9a0a-bf732fe9d484"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.132.133
GATEWAY=192.168.132.2
2.6 安装vim
[root@20b4b48c4055 /]# yum -y install vim
2.7 创建镜像
[root@docker-server3 ~]# docker commit -m "install sshd and vim" 20b4b48c4055 openssh:v1.0
sha256:d98ba06569f3ed7c00e1371b71a0ab328bacd57f5717bb4066b425c7b12abc3a
[root@docker-server3 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
openssh v1. d98ba06569f3 seconds ago 361MB
nginx latest f7bb5701a33c days ago 126MB
busybox latest 6d5fcfe5ff17 days ago .22MB
hub.darren.com/library/alpine 3.7 cc0abc535e36 days ago .59MB
centos 5e35e350aded weeks ago 203MB
三 镜像的测试使用修改
3.1 使用刚创建的镜像,起一个容器
[root@docker-server3 ~]# docker run -it -d openssh:v1.0
d865deaee6e83724a76a5eae88d8e356b5fe7416b5a8dbf9e1a9dd077ed7731a
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d865deaee6e8 openssh:v1. "/bin/bash" seconds ago Up seconds sleepy_feistel
20b4b48c4055 centos: "/bin/bash" minutes ago Up minutes admiring_wil
[root@docker-server3 ~]# docker inspect d865deaee6e8|grep IP
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": ,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"IPAddress": "192.168.0.3",
"IPPrefixLen": ,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "192.168.0.3",
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
[root@docker-server3 ~]# docker exec -it d865deaee6e8 /bin/bash
[root@d865deaee6e8 /]# /usr/sbin/sshd -D
3.2 测试连接
[root@docker-server3 ~]# ssh root@192.168.0.3
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f::e8:5f:ed:3f:6b:dd:3f:cb::ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.3' (ECDSA) to the list of known hosts.
root@192.168.0.3's password:123456
3.3 检验容器内容
[root@d865deaee6e8 ~]# cat /tmp/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="be414379-7791-472c-9a0a-bf732fe9d484"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=192.168.132.133
GATEWAY=192.168.132.2
[root@d865deaee6e8 ~]# rpm -qa|grep vim
vim-minimal-7.4.-.el7.x86_64
vim-common-7.4.-.el7.x86_64
vim-enhanced-7.4.-.el7.x86_64
vim-filesystem-7.4.-.el7.x86_64
[root@d865deaee6e8 ~]# rpm -qa|grep openssh
openssh-.4p1-.el7.x86_64
openssh-server-.4p1-.el7.x86_64
3.4 修改容器的默认前台进程
容器的默认主进程是PID问1的主进程,所以刚才的镜像在启动后,主进程是/bin/bash
[root@20b4b48c4055 /]# ps -ef
root : pts/ :: /bin/bash
root : pts/ :: /usr/sbin/sshd -D
root : pts/ :: ps -ef
需要再启动之前,使用/usr/sbin/sshd -D 替换/bin/bash
[root@docker-server3 ~]# docker run -it -d openssh:v1.0 /usr/sbin/sshd -D
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
395c705716a5 openssh:v1. "/usr/sbin/sshd -D" seconds ago Up seconds laughing_edison
d865deaee6e8 openssh:v1. "/bin/bash" minutes ago Up minutes sleepy_feistel
20b4b48c4055 centos: "/bin/bash" minutes ago Up minutes admiring_w
[root@docker-server3 ~]# docker inspect 395c705716a5|grep IP
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": ,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"IPAddress": "192.168.0.4",
"IPPrefixLen": ,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "192.168.0.4",
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
[root@docker-server3 ~]# ssh root@192.168.0.4
The authenticity of host '192.168.0.4 (192.168.0.4)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f::e8:5f:ed:3f:6b:dd:3f:cb::ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.4' (ECDSA) to the list of known hosts.
root@192.168.0.4's password:
Last login: Tue Dec :: from gateway
[root@395c705716a5 ~]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 17:41 pts/0 00:00:00 /usr/sbin/sshd -D
root : ? :: sshd: root@pts/
root : pts/ :: -bash
root : pts/ :: ps -ef
3.5 修改镜像
因为这个容器的PID为1的进程是/usr/sbin/sshd -D,在这个容器的基础上,制作一个新的镜像,让这个镜像的容器的默认前台进程为/usr/sbin/sshd -D
[root@docker-server3 ~]# docker commit -m "new default front process" 395c705716a5 openssh:v1.2
[root@docker-server3 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
openssh v1. c399a750ed03 seconds ago 361MB
openssh v1. d98ba06569f3 minutes ago 361MB
nginx latest f7bb5701a33c days ago 126MB
busybox latest 6d5fcfe5ff17 days ago .22MB
hub.darren.com/library/alpine 3.7 cc0abc535e36 days ago .59MB
centos
3.7 测试检验
[root@docker-server3 ~]# docker run -d openssh:v1.2
08359e84c3a1f1cfe3742ba9a2348719ca9818e3d56c5817fbde70c31e27f714
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
08359e84c3a1 openssh:v1. "/usr/sbin/sshd -D" seconds ago Up seconds intelligent_williams
395c705716a5 openssh:v1. "/usr/sbin/sshd -D" minutes ago Up minutes laughing_edison
d865deaee6e8 openssh:v1. "/bin/bash" minutes ago Up minutes sleepy_feistel
20b4b48c4055 centos: "/bin/bash" minutes ago Up minutes admiring_wilbur
[root@docker-server3 ~]# docker inspect 08359e84c3a1|grep IP
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": ,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
"IPAddress": "192.168.0.5",
"IPPrefixLen": ,
"IPv6Gateway": "",
"IPAMConfig": null,
"IPAddress": "192.168.0.5",
"IPPrefixLen": ,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": ,
[root@docker-server3 ~]# ssh root@192.168.0.5
The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established.
ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak.
ECDSA key fingerprint is MD5:dd:5f::e8:5f:ed:3f:6b:dd:3f:cb::ca:cc:5d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.5' (ECDSA) to the list of known hosts.
root@192.168.0.5's password:
Last login: Tue Dec :: from gateway
[root@08359e84c3a1 ~]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root : ? :: /usr/sbin/sshd -D
root : ? :: sshd: root@pts/
root : pts/ :: -bash
root : pts/ :: ps -ef
博主声明:本文的内容来源主要来自誉天教育晏威老师,由本人实验完成操作验证,需要的博友请联系誉天教育(http://www.yutianedu.com/),获得官方同意或者晏老师(https://www.cnblogs.com/breezey/)本人同意即可转载,谢谢!
DOCKER学习_010:Docker的文件系统以及制作镜像的更多相关文章
- Docker学习之Docker容器基本使用
Docker学习之Docker容器基本使用 新建容器并启动 命令格式:docker run --options repository:tag 后台运行 命令格式:-d 已存在的容器相关操作 启动:do ...
- Docker学习之Docker镜像基本使用
Docker学习之Docker镜像基本使用 获取镜像 命令格式:docker pull [选项] [Docker Registry 地址[:端口号]/]仓库名[:标签] 例如: docker pull ...
- Docker学习笔记 — Docker私有仓库搭建
Docker学习笔记 — Docker私有仓库搭建 目录(?)[-] 环境准备 搭建私有仓库 测试 管理仓库中的镜像 查询 删除 Registry V2 和Mavan的管理一样,Dockers ...
- Docker学习(六)Dockerfile构建自定义镜像
Docker学习(六)Dockerfile构建自定义镜像 前言 通过前面一篇文章可以知道怎么去使用一个镜像搭建服务,但是,如何构造自己的一个镜像呢,docker提供了dockerfile可以让我们自己 ...
- Docker 学习3 Docker镜像管理基础
一.docker 常用操作及原理 1.docker 常用操作 2.docker 机制 1.docker client端是通过http或者https与server端通信的.个 2.docker 镜像可以 ...
- Docker学习笔记 - Docker部署nginx网站
一.制作 nginx 镜像 1.下载配置文件 mkdir /opt/nginx_docker && cd /opt/nginx_docker mkdir nginx && ...
- Docker学习笔记 - Docker容器内部署redis
Docker学习笔记(2-4)Docker应用实验-redist server 和client的安装使用 一.获取redis容器(含客户端和服务端) 二.创建服务端容器 1.在终端A中运行redis- ...
- Docker学习笔记 - Docker的基本概念
一.cs架构 Docker客户端:本地或远程 Docker服务端:守护进程Docker Daemon 二.基本概念 Docker镜像:打包阶段,层叠的只读文件系统,引导->root(ubuntu ...
- Docker学习笔记 - Docker的守护进程
学习目标: 查看Docker守护进程的运行状态 启动.停止.重启Docker守护进程 Docker守护进程的启动选项 修改和查看Docker守护进程的启动选项 1.# 查看docker运行状态 方 ...
随机推荐
- java对象转化为json字符串并传到前台
package cc.util; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; import ...
- 2018-3-22-win10-uwp-设置-HttpClient-浏览器标识
title author date CreateTime categories win10 uwp 设置 HttpClient 浏览器标识 lindexi 2018-3-22 9:1:55 +0800 ...
- 使用HSV色彩空间遮罩绿色区域
HSV 颜色空间 导入资源 In []: import matplotlib.pyplot as plt import matplotlib.image as mpimg import numpy ...
- day5_python之hashlib模块
用来校验文本内容hash:一种算法 ,3.x里代替了md5模块和sha模块,主要提供 SHA1, SHA224, SHA256, SHA384, SHA512 ,MD5 算法三个特点:1.内容相同则h ...
- js利用select标签生成简易计算功能
html中使用select option作为运算符的承接容器,输入值,选择不同运算符,计算结果. 文章地址 https://www.cnblogs.com/sandraryan/ <!DOCTY ...
- 用adblock过滤页面上固定位置的悬浮窗
现在各种网站都喜欢加入position:fixed的悬浮窗,这些悬浮窗可以是分享按钮,可以是二维码,可以是各种烦人的按钮. 因为这些悬浮窗未必是广告,所以adblock很少自动屏蔽它们. 可这些悬浮窗 ...
- no_expand优化案例
bond 来看一个烂语句: select a.*,b.dn from temp_allcrmuser a, phs_smc_user b where a.USERNUMBER=b.dn and ( ...
- JPA+Postgresql+Spring Data Page分页失败
按照示例进行如下代码编写 Repository Page<DeviceEntity> findByTenantId(int tenantId, Pageable pageable); se ...
- 21个项目玩转深度学习:基于TensorFlow的实践详解02—CIFAR10图像识别
cifar10数据集 CIFAR-10 是由 Hinton 的学生 Alex Krizhevsky 和 Ilya Sutskever 整理的一个用于识别普适物体的小型数据集.一共包含 10 个类别的 ...
- JQ ajaxFileUpload的一些问题
1.input之后没法再次获得响应事件,change无效 解决办法,对file这个Input的父级做响应事件. <div class="lineBox lineBox0_24 line ...