This article brings you relevant knowledge about docker file layering. This article uses a docker container example to describe some principles of docker file layering. I hope it will be helpful to everyone.
Knowledge Preparation
- Docker actually uses some features of the Linux Kernel to achieve resource isolation, and the file system is one of them. However, in order to enable resources to be utilized more efficiently, Docker adopts a hierarchical file system structure to implement the container's file system.
- Personally, I think the principle is a bit like the concept of parallel universes. Some people believe that there are parallel universes in our universe, that is, the different choices we make will distribute different universes and continue to run. To dream is to travel among these parallel universes. It is somewhat similar here. After we package an image and run it through docker run, a different universe is actually created on this basis. As the container continues to run, the content of the container will be the same as that of the original image. Things will have many deviations and diffs, and gradually form a universe of their own.
Docker file system
The file system layering status of each container can be obtained from docker inspect [container-id] --format={{.GraphDriver}}
{map[LowerDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b-init/diff:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff MergedDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/merged UpperDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/diff WorkDir:/var/lib/docker/overlay2/52f456f455215e56b77087495a5d35323fbf1c0e0391f45349f386006c75865b/work] overlay2}
There are mainly four types
LowerDir
This is that all containers based on this image will point to the same file system, which is the image layer, and all containers will use it. this layer.
So where does this layer come from? We can look at the image we use
MergedDir
This is a different container that combines the Lower layer and the Upper layer , to provide the final file system in the container
UpperDir
This is to record the operations of different containers, and then through the comparison of the Lower layer, a Merge layer can be generated
WorkDir
Not yet understood in depth
Example
docker run -d alpine:latest
View the file system information of the mirror layer
docker inspect alpine --format={{.GraphDriver}}
{map[MergedDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/merged UpperDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff WorkDir:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/work] overlay2}
Notice UpperDir, this is the upper layer of the mirror , that is, we can make modifications at this level, which will affect the container created later
View the file system information of the container
docker inspect 9a118484ba --format={{.GraphDriver}}
{map[LowerDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14-init/diff:/var/lib/docker/overlay2/e4b90240aa77212dde6499a49c421d26977ed9fe8a1f6fcbaaaf77d85c67654e/diff MergedDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/merged UpperDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/diff WorkDir:/var/lib/docker/overlay2/3d3f32727c4f7867d43c1e61d635ac0ed22e95ff39c66240166dd6614b81fe14/work] overlay2}
You can see the Lower layer of the container, which is the mirror In the upper layer, the modifications we make to the container will be reflected in the upper layer, and the merged layer will be organized and displayed to the container.
We can use the command line to check the changes in the container file system
docker diff 9a118484ba
Since we have not operated the container, there is no difference between the container and the image now
We Start another container and let it sleep for 300 seconds, and then go into the container to modify some file information
# docker exec -it ca91bb /bin/sh / # echo "helloWorld" > /tmp/hello.txt
Check the changes in the container file system
docker diff ca91bbffb801 C /root C /root/.ash_history C /tmp A /tmp/hello.txt
You can see that we have done something to the file system These changes have been recorded
These contents are actually in the directory of UpperDir
tree -L 1 diff/ diff/ ├── root └── tmp2 directories, 0 files
Modify the container content from the host
-
From From the above experiment, we can know that the upper layer is the added content. It is merged with the lower layer to reflect the changes in the container. So can we directly modify the upper layer to operate the container?
We add a directory demo in the directory where upper is located, and touch a file in it
# tree -L 2 ./ ./ ├── demo │ └── mytest.log ├── root └── tmp └── hello.txt
We see if we can see the file we created from the container
/demo # pwd /demo /demo # ls mytest.log
You can see that it has taken effect, so if we want to initialize this container, we can directly delete all the contents of the upper layer.
Application
-
Find software installation traces
In the process of previous projects, customers always needed us to provide, We have never found a better way to provide customers with exactly what content our agent software will modify. Judging from the application of this docker layered file, we can deploy the agent on a container, and then it can be seen clearly at a glance Discover which directories and files the software will modify.
Quickly restore container
Quickly interact with the container file system
Protect the underlying file system Not destroyed
Save host space
Recommended study: "docker video tutorial"
The above is the detailed content of An in-depth analysis of docker file layering (detailed examples). For more information, please follow other related articles on the PHP Chinese website!

docker中rm和rmi的区别:rm命令用于删除一个或者多个容器,而rmi命令用于删除一个或者多个镜像;rm命令的语法为“docker rm [OPTIONS] CONTAINER [CONTAINER...]”,rmi命令的语法为“docker rmi [OPTIONS] IMAGE [IMAGE...]”。

docker官方镜像有:1、nginx,一个高性能的HTTP和反向代理服务;2、alpine,一个面向安全应用的轻量级Linux发行版;3、busybox,一个集成了三百多个常用Linux命令和工具的软件;4、ubuntu;5、PHP等等。

docker容器重启后数据会丢失的;但是可以利用volume或者“data container”来实现数据持久化,在容器关闭之后可以利用“-v”或者“–volumes-from”重新使用以前的数据,docker也可挂载宿主机磁盘目录,用来永久存储数据。

docker对于小型企业、个人、教育和非商业开源项目来说是免费的;2021年8月31日,docker宣布“Docker Desktop”将转变“Docker Personal”,将只免费提供给小型企业、个人、教育和非商业开源项目使用,对于其他用例则需要付费订阅。

docker能安装oracle。安装方法:1、拉取Oracle官方镜像,可以利用“docker images”查看镜像;2、启动容器后利用“docker exec -it oracle11g bash”进入容器,并且编辑环境变量;3、利用“sqlplus /nolog”进入oracle命令行即可。

解决方法:1、停止docker服务后,利用“rsync -avz /var/lib/docker 大磁盘目录/docker/lib/”将docker迁移到大容量磁盘中;2、编辑“/etc/docker/daemon.json”添加指定参数,将docker的目录迁移绑定;3、重载和重启docker服务即可。

有类似docker的软件:1、Podman,是一个无守护程序的开源Linux原生容器引擎;2、LXD,是一个专为LXC Linux容器设计的开源容器引擎;3、Buildah,是是红帽为容器化系统开发的一个OCI镜像构建工具;4、RunC等。

容器管理ui工具有:1、Portainer,是一个轻量级的基于Web的Docker管理GUI;2、Kitematic,是一个GUI工具,可以更快速、更简单的运行容器;3、LazyDocker,基于终端的一个可视化查询工具;4、DockStation,一款桌面应用程序;5、Docker Desktop,能为Docker设置资源限制,比如内存,CPU,磁盘镜像大小;6、Docui。


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

WebStorm Mac version
Useful JavaScript development tools

SublimeText3 Linux new version
SublimeText3 Linux latest version

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

SublimeText3 Mac version
God-level code editing software (SublimeText3)

SublimeText3 English version
Recommended: Win version, supports code prompts!
