一 文件系统简介
1.1 Linux文件系统
LInux空间组成分为内核空间和用户空间(使用rootfs)
linux文件系统由 bootes和 rootfs组成, bootes主要包含boot1 oader和 kernel, bootloader主要是引导加载 kernel,当 kernel被加载到内存之后 boots就被卸载掉了。 rootfs包含的就是典型1inux系统中的/dev,/proc,/bin,/etc等标准目录
对于docker,只是使用rootfs,因为bootfs是共享的
1.2 docker的base镜像
docker的Base镜像提供的是最小安装的linux发行版
1.3 镜像的分层结构
[root@docker-server3 ~]# docker pull nginx
Using default tag: latest latest: Pulling from library/nginx 8ec398bc0356: Already exists 465560073b6f: Pull complete f473f9fd0a8c: Pull complete #镜像的分层 Digest: sha256:b2d89d0a210398b4d1120b3e3a7672c16a4ba09c2c4a0395f18b9f7999b768f2 Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest
最多不能超过128层,镜像只读,分层
容器就相当于在镜像上加了一个读写层,容器的销毁就是读写层的销毁
读写层的操作,主要基于两种方式:写时复制和用时分配。
dockers的存储驱动查看
[root@docker-server3 ~]# docker info
Client: Debug Mode: false Server: Containers: 1 Running: 0 Paused: 0 Stopped: 1 Images: 3 Server Version: 19.03.4 Storage Driver: overlay2 #存储驱动 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: journald Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-957.27.2.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 1.777GiB Name: docker-server3 ID: YB6S:6D3D:477B:5UMR:IEX2:2PBD:D6BI:GDYI:22MD:GWSX:4TBX:2LLS Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: API is accessible on http://0.0.0.0:2375 without encryption. Access to the remote API is equivalent to root access on the host. Refer to the 'Docker daemon attack surface' section in the documentation for more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
二 commit制作Docker镜像
2.1 下载基础镜像
[root@docker-server3 ~]# docker pull centos:7
7: Pulling from library/centos ab5ef0e58194: Pull complete Digest: sha256:4a701376d03f6b39b8c2a8f4a8e499441b0d567f9ab9d58e4991de4472fb813c Status: Downloaded newer image for centos:7 docker.io/library/centos:7
[root@docker-server3 ~]# docker run -it centos:7 /bin/bash
[root@20b4b48c4055 /]#
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 20b4b48c4055 centos:7 "/bin/bash" 21 seconds ago Up 20 seconds admiring_wilbur
[root@20b4b48c4055 /]# ps -ef|grep ssh
2.2 安装一个ssh服务
请参考https://www.cnblogs.com/zyxnhr/p/11809167.html
[root@20b4b48c4055 /]# ps -a
PID TTY TIME CMD 84 pts/0 00:00:00 sshd 85 pts/0 00:00:00 ps
2.3 修改root密码
[root@20b4b48c4055 /]# echo 123456|passwd --stdin root
2.4 从宿主机连接
[root@docker-server3 ~]# docker inspect 20b4b48c4055 |grep IP
"LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "192.168.0.2", "IPPrefixLen": 24, "IPv6Gateway": "", "IPAMConfig": null, "IPAddress": "192.168.0.2", "IPPrefixLen": 24, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0,
[root@docker-server3 ~]# ssh root@192.168.0.2
The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established. ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak. ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.2' (ECDSA) to the list of known hosts. root@192.168.0.2's password:123456
[root@20b4b48c4055 ~]#
连接进入
[root@20b4b48c4055 ~]# ps -a PID TTY TIME CMD 84 pts/0 00:00:00 sshd 104 pts/1 00:00:00 ps
[root@20b4b48c4055 ~]# exit
2.5 向容器拷贝文件
[root@docker-server3 ~]# docker cp /etc/sysconfig/network-scripts/ifcfg-ens33 20b4b48c4055:/tmp/
[root@20b4b48c4055 /]# cat /tmp/ifcfg-ens33
TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="ens33" UUID="be414379-7791-472c-9a0a-bf732fe9d484" DEVICE="ens33" ONBOOT="yes" IPADDR=192.168.132.133 GATEWAY=192.168.132.2
2.6 安装vim
[root@20b4b48c4055 /]# yum -y install vim
2.7 创建镜像
[root@docker-server3 ~]# docker commit -m "install sshd and vim" 20b4b48c4055 openssh:v1.0
sha256:d98ba06569f3ed7c00e1371b71a0ab328bacd57f5717bb4066b425c7b12abc3a
[root@docker-server3 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE openssh v1.0 d98ba06569f3 32 seconds ago 361MB nginx latest f7bb5701a33c 3 days ago 126MB busybox latest 6d5fcfe5ff17 4 days ago 1.22MB hub.darren.com/library/alpine 3.7 cc0abc535e36 6 days ago 5.59MB centos 7 5e35e350aded 7 weeks ago 203MB
三 镜像的测试使用修改
3.1 使用刚创建的镜像,起一个容器
[root@docker-server3 ~]# docker run -it -d openssh:v1.0
d865deaee6e83724a76a5eae88d8e356b5fe7416b5a8dbf9e1a9dd077ed7731a
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d865deaee6e8 openssh:v1.0 "/bin/bash" 26 seconds ago Up 25 seconds sleepy_feistel 20b4b48c4055 centos:7 "/bin/bash" 31 minutes ago Up 31 minutes admiring_wil
[root@docker-server3 ~]# docker inspect d865deaee6e8|grep IP
"LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "192.168.0.3", "IPPrefixLen": 24, "IPv6Gateway": "", "IPAMConfig": null, "IPAddress": "192.168.0.3", "IPPrefixLen": 24, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0,
[root@docker-server3 ~]# docker exec -it d865deaee6e8 /bin/bash
[root@d865deaee6e8 /]# /usr/sbin/sshd -D
3.2 测试连接
[root@docker-server3 ~]# ssh root@192.168.0.3
The authenticity of host '192.168.0.3 (192.168.0.3)' can't be established. ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak. ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.3' (ECDSA) to the list of known hosts. root@192.168.0.3's password:123456
3.3 检验容器内容
[root@d865deaee6e8 ~]# cat /tmp/ifcfg-ens33
TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="ens33" UUID="be414379-7791-472c-9a0a-bf732fe9d484" DEVICE="ens33" ONBOOT="yes" IPADDR=192.168.132.133 GATEWAY=192.168.132.2
[root@d865deaee6e8 ~]# rpm -qa|grep vim
vim-minimal-7.4.629-6.el7.x86_64 vim-common-7.4.629-6.el7.x86_64 vim-enhanced-7.4.629-6.el7.x86_64 vim-filesystem-7.4.629-6.el7.x86_64
[root@d865deaee6e8 ~]# rpm -qa|grep openssh
openssh-7.4p1-21.el7.x86_64 openssh-server-7.4p1-21.el7.x86_64
3.4 修改容器的默认前台进程
容器的默认主进程是PID问1的主进程,所以刚才的镜像在启动后,主进程是/bin/bash
[root@20b4b48c4055 /]# ps -ef
root 1 0 0 16:58 pts/0 00:00:00 /bin/bash root 84 1 0 17:05 pts/0 00:00:00 /usr/sbin/sshd -D root 122 1 0 17:37 pts/0 00:00:00 ps -ef
需要再启动之前,使用/usr/sbin/sshd -D 替换/bin/bash
[root@docker-server3 ~]# docker run -it -d openssh:v1.0 /usr/sbin/sshd -D
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 395c705716a5 openssh:v1.0 "/usr/sbin/sshd -D" 15 seconds ago Up 14 seconds laughing_edison d865deaee6e8 openssh:v1.0 "/bin/bash" 12 minutes ago Up 12 minutes sleepy_feistel 20b4b48c4055 centos:7 "/bin/bash" 43 minutes ago Up 43 minutes admiring_w
[root@docker-server3 ~]# docker inspect 395c705716a5|grep IP
"LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "192.168.0.4", "IPPrefixLen": 24, "IPv6Gateway": "", "IPAMConfig": null, "IPAddress": "192.168.0.4", "IPPrefixLen": 24, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0,
[root@docker-server3 ~]# ssh root@192.168.0.4
The authenticity of host '192.168.0.4 (192.168.0.4)' can't be established. ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak. ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.4' (ECDSA) to the list of known hosts. root@192.168.0.4's password: Last login: Tue Dec 31 17:09:36 2019 from gateway [root@395c705716a5 ~]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 17:41 pts/0 00:00:00 /usr/sbin/sshd -D root 6 1 0 17:43 ? 00:00:00 sshd: root@pts/1 root 8 6 0 17:43 pts/1 00:00:00 -bash root 23 8 0 17:43 pts/1 00:00:00 ps -ef
3.5 修改镜像
因为这个容器的PID为1的进程是/usr/sbin/sshd -D,在这个容器的基础上,制作一个新的镜像,让这个镜像的容器的默认前台进程为/usr/sbin/sshd -D
[root@docker-server3 ~]# docker commit -m "new default front process" 395c705716a5 openssh:v1.2
[root@docker-server3 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE openssh v1.2 c399a750ed03 9 seconds ago 361MB openssh v1.0 d98ba06569f3 27 minutes ago 361MB nginx latest f7bb5701a33c 3 days ago 126MB busybox latest 6d5fcfe5ff17 4 days ago 1.22MB hub.darren.com/library/alpine 3.7 cc0abc535e36 6 days ago 5.59MB centos
3.7 测试检验
[root@docker-server3 ~]# docker run -d openssh:v1.2
08359e84c3a1f1cfe3742ba9a2348719ca9818e3d56c5817fbde70c31e27f714
[root@docker-server3 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 08359e84c3a1 openssh:v1.2 "/usr/sbin/sshd -D" 5 seconds ago Up 4 seconds intelligent_williams 395c705716a5 openssh:v1.0 "/usr/sbin/sshd -D" 14 minutes ago Up 14 minutes laughing_edison d865deaee6e8 openssh:v1.0 "/bin/bash" 26 minutes ago Up 26 minutes sleepy_feistel 20b4b48c4055 centos:7 "/bin/bash" 57 minutes ago Up 57 minutes admiring_wilbur
[root@docker-server3 ~]# docker inspect 08359e84c3a1|grep IP
"LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "192.168.0.5", "IPPrefixLen": 24, "IPv6Gateway": "", "IPAMConfig": null, "IPAddress": "192.168.0.5", "IPPrefixLen": 24, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0,
[root@docker-server3 ~]# ssh root@192.168.0.5
The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established. ECDSA key fingerprint is SHA256:e+hudnmpzwhC6r++fc+Nsps/8f9jOKCjjErm79GPvak. ECDSA key fingerprint is MD5:dd:5f:46:e8:5f:ed:3f:6b:dd:3f:cb:59:ca:cc:5d:ff. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.5' (ECDSA) to the list of known hosts. root@192.168.0.5's password: Last login: Tue Dec 31 17:43:11 2019 from gateway [root@08359e84c3a1 ~]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 17:55 ? 00:00:00 /usr/sbin/sshd -D root 6 1 0 17:57 ? 00:00:00 sshd: root@pts/0 root 8 6 0 17:57 pts/0 00:00:00 -bash root 23 8 0 17:58 pts/0 00:00:00 ps -ef
博主声明:本文的内容来源主要来自誉天教育晏威老师,由本人实验完成操作验证,需要的博友请联系誉天教育(http://www.yutianedu.com/),获得官方同意或者晏老师(https://www.cnblogs.com/breezey/)本人同意即可转载,谢谢!