[Docker series] docker learning four, mirror related principles

[Docker series] docker learning four, mirror related principles

What is mirroring?

Mirror is a lightweight, executable independent software package.

Mirror image is used to package the operating environment of the software and the software developed based on the operating environment. It contains all the content needed to run certain software, such as: code, runtime library, environment variables and configuration files, etc.

All applications can be directly packaged docker image, one-click deployment, one-click operation

What are the ways to get the mirror image?

• Copy other docker images directly
• Make a mirror DockerFile yourself
• Download from remote warehouse, such as dockerhub

Docker image loading principle

UnionFS

UnionFS, is a joint file system. Remember the hierarchical download when we install redis in docker learning two?

This is the joint file system

UnionFS is a hierarchical, lightweight and high-performance file system

It supports the modification of the file system as one submission to superimpose layer by layer, and at the same time, different directories can be mounted under a virtual file system

The UnionFS joint file system is the basis of Docker mirroring. The mirroring can also be inherited through layers. Based on the basic mirroring, we can make various application mirrors.

features:

The joint file system loads multiple file systems at the same time, and the joint load will superimpose the file systems of each layer, and the final file system will contain all the underlying files and directories

What is the principle of Docker image loading?

The picture comes from the Internet

The Docker image is composed of a layered file system. This layered file system is called a joint file system. Generally, the underlying layers are shared.

Generally, system startup is a process of loading. This process is the bootloader boot loading kernel. The bootfs file system is also loaded when the linux operating system is just started. The bottom layer of our Docker image is bootfs.

bootfs

boot file system is a file system, mainly including bootloader and kernel

After the boot is loaded, the entire kernel is running in the memory. At this time, the right to use the memory has been transferred from the bootfs to the kernel. At this time, the system will uninstall the bootfs

rootfs

Let’s talk about rootfs, root file system, root file system, which is on top of bootfs, which includes the /dev, /proc, /bin, /etc and other directories and files in the linux operating system

For example, the rootfs we know include centos, ubuntu, etc.

Principle of stratification

Let's download a redis to see the effect

Docker downloads according to the level, the level downloaded before will not be downloaded again, we can view the details of redis through docker inspect

# docker inspect redis:latest
...
"RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:814bff7343242acfd20a2c841e041dd57c50f0cf844d4abd2329f78b992197f4",
                "sha256:dd1ebb1f5319785e34838c7332a71e5255bda9ccf61d2a0bf3bff3d2c3f4cdb4",
                "sha256:11f99184504048b93dc2bdabf1999d6bc7d9d9ded54d15a5f09e36d8c571c32d",
                "sha256:e461360755916af80821289b1cbc503692cf63e4e93f09b35784d9f7a819f7f2",
                "sha256:45f6df6342536d948b07e9df6ad231bf17a73e5861a84fc3c9ee8a59f73d0f9f",
                "sha256:262de04acb7e0165281132c876c0636c358963aa3e0b99e7fbeb8aba08c06935"
            ]
        },
...

From the above results, we can see that the level of redis is the same as the level when we pull the mirror.

So why does Docker use hierarchical download?

Mainly to share resources

For example, many of our images are built from the basic image, then the host only needs to keep a basic image on the machine, and only one basic image needs to be loaded in the memory to provide all the required containers. Services, and each layer of the image can also be shared

We can understand it like this:

All Docker images are derived from the basic image. When we add or modify the content of the image, we will create a new image layer on top of the current image layer, such as a security patch in windows

As shown in the figure above:

We place file1 and file2 on the first layer of the mirror, file3 and file4 on the second layer of the mirror, and file3.1 on the third layer of the mirror (file3.1 is a new version of file3)

Then, when we package the image, it will merge into one image, there are 4 files, here is 4 layers

When we download this final merged image, we will download the 4 layers mentioned above at once

Docker image:

Docker images are read-only by default. When the container starts, a new writable layer is loaded on top of the image

The layer mentioned above is our container layer. Below the container layer is the mirroring layer, as shown in the figure below

How to submit our mirror

Docker submission principles and commands are similar to Git

docker commit

Submit the current container to become a new version

We usually use it like this

docker commit -m="描述信息" -a="作者" 容器ID 目标镜像名:[TAG]

give an example:

Let's modify the nginx mirror and use it as our own mirror

Start nginx and set the port mapping to -p 8888:80

docker run -d -p 8888:80 nginx

Enter nginx interactively

# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                  NAMES
30841a3a26cb   nginx     "/docker-entrypoint.…"   4 seconds ago   Up 2 seconds   0.0.0.0:8888->80/tcp   strange_hugle

# docker exec -it 30841a3a26cb /bin/bash

Enter the html directory of nginx, replace the index.html file, and reload the configuration of nginx

#cd /usr/share/nginx/html
#ls
50x.html  index.html
#mv index.html index.html.bak
#mv 50x.html index.html
#/usr/sbin/nginx -s reload

At this time, we visit port 8888 of a server to check the effect (we replaced the normal index.html page with a page that displays an error)

As shown in the picture above, the replacement was successful

Let's make a commit

docker commit -a="xiaomotong" -m="modify index.html" 30841a3a26cb nginx01:1.0

~# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                  NAMES
30841a3a26cb   nginx     "/docker-entrypoint.…"   10 minutes ago   Up 10 minutes   0.0.0.0:8888->80/tcp   strange_hugle
root@iZuf66y3tuzn4wp3h02t7pZ:~# docker commit -a="xiaomotong" -m="modify index.html" 30841a3a26cb nginx01:1.0
sha256:1d072fa616573ba67a103925c6114e40171eb1d14ca573f146a28b8c51e5fdff
root@iZuf66y3tuzn4wp3h02t7pZ:~# docker images
REPOSITORY            TAG       IMAGE ID       CREATED         SIZE
nginx01               1.0       1d072fa61657   3 seconds ago   133MB
ubuntu                latest    1318b700e415   7 days ago      72.8MB
redis                 latest    aa4d65e670d6   11 days ago     105MB
nginx                 latest    08b152afcfae   12 days ago     133MB
portainer/portainer   latest    580c0e4e98b0   4 months ago    79.1MB

If we want to save the current state of our container, we can submit through commit to obtain a desired image, which is a bit like using a virtual machine to take a snapshot

Reference materials:

docker docs

Welcome to like, follow, favorite

Friends, your support and encouragement are my motivation to keep sharing and improve quality

Okay, that's it for this time

Technology is open, and our mindset should be more open. Embrace the change, live toward the sun, and work hard to move forward.

I am Nezha , welcome to like and follow the collection, see you next time~