This is the fourth day of my participation in the August More text Challenge. For details, see: August More Text Challenge
An image is a lightweight, executable standalone package used to package a software runtime and software developed based on the runtime. It contains everything a software needs, including code, runtime libraries, environment variables, and configuration files.
UnionFs (federated file system)
UnionFS (federated file system) : The Union file system (UnionFS) is a hierarchical, lightweight, and high-performance file system that allows changes to the file system to be layered on top of each other as a single commit. You can also mount several directories into a single virtual filesystem. The Union file system is the foundation of Docker mirroring. Images can be inherited through layers, and specific application images can be made based on the base image (no parent image). Feature: Multiple file systems are loaded at once, but only one file system can be seen from the outside. Joint loading adds layers of file systems together, so that the final file system contains all the underlying files and directories
When downloading the Docker image, layer by layer is actually the embodiment of the federated file system
Docker image loading principle
Docker’s image is actually made up of layers of file systems called UnionFS. Bootfs (Boot File system) mainly includes bootloader and kernel. Bootloader mainly loads kernel. When Linux is just started, the bootFS file system is loaded. This layer is the same as our typical Linux/Unix system, containing the boot loader and the kernel. After the boot is loaded, the entire kernel is in memory. At this time, the memory usage is transferred from bootfs to the kernel. In this case, the system will uninstall bootfs.
Rootfs (root file system) is on top of bootfs. These are the standard directories and files found on typical Linux systems, such as /dev//proc, /bin, /etc. Rootfs are the various operating system distributions, such as Ubuntu, Centos, and so on.
Usually we install virtual machine CentOs is several G, why docker only a few hundred M
For a compact OS, rootfs can be small and only need to include the most basic commands, tools, and libraries, because the underlying Host kernel is directly used, and you only need to provide rootfs. It can be seen that for different Linux distributions, bootFS are basically the same, but rootFS can be different, so different distributions can share bootFS.
Layered understanding
When downloading Docker image, layer by layer is actually the most intuitive embodiment of layer (it has been downloaded and will not be downloaded again).
$ docker pull redis
Using default tag: latest
latest: Pulling from library/redis
33847f680f63: Already exists
26a746039521: Pull complete
18d87da94363: Pull complete
5e118a708802: Pull complete
ecf0dbe7c357: Pull complete
46f280ba52da: Pull complete
Digest: sha256:cd0c68c5479f2db4b9e2c5fbfdb7a8acb77625322dd5b474578515422d3ddb59
Status: Downloaded newer image for redis:latest
docker.io/library/redis:latest
Copy the codeWe can also use the inspect command mentioned in the previous article
docker image inspect redis:latest
Copy the codeYou can view the specific layers of the image. There are six layers corresponding to the six layers when the image is downloaded
"RootFS": {
"Type": "layers"."Layers": [
"sha256:814bff7343242acfd20a2c841e041dd57c50f0cf844d4abd2329f78b992197f4"."sha256:dd1ebb1f5319785e34838c7332a71e5255bda9ccf61d2a0bf3bff3d2c3f4cdb4"."sha256:11f99184504048b93dc2bdabf1999d6bc7d9d9ded54d15a5f09e36d8c571c32d"."sha256:e461360755916af80821289b1cbc503692cf63e4e93f09b35784d9f7a819f7f2"."sha256:45f6df6342536d948b07e9df6ad231bf17a73e5861a84fc3c9ee8a59f73d0f9f"."sha256:262de04acb7e0165281132c876c0636c358963aa3e0b99e7fbeb8aba08c06935"]},Copy the codeBenefits of layering:
One of the biggest benefits – sharing resources
For example, if multiple images are built from the same base image, Docker Host only needs to save one base image on disk. At the same time, you only need to load a base image in memory to serve all containers. And each layer of the mirror can be shared.
If multiple containers share a base image, if one container changes the contents of the base image, such as a file in /etc, will the other containers’ /etc be changed as well? Answer: No! Because the changes would be confined to a single container.
That’s the container copy-on-write feature we’re going to learn next
Writable layer of a container
When the container starts, a new writable layer is loaded onto the top of the image. This layer is often referred to as the “container layer”, and everything below the “container layer” is called the “mirror layer”. All operations are directed to the container layer. Only the container layer is writable. All mirror layers below the container layer are read-only.
Commit the mirror
The Docker commit container becomes a new copyCopy the codeLet’s illustrate this with an example
I have downloaded the Tomcat image before
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 710ec5c56683 7 days ago 668MB
redis latest aa4d65e670d6 3 weeks ago 105MB
mysql latest c60d96bd2b77 3 weeks ago 514MB
centos centos7 8652b9f0cb4c 9 months ago 204MB
Copy the codeStart Tomcat
Docker run -it -p 8080:8080 tomcat docker run -it -p 8080:8080 tomcatCopy the codeTomcat is running on the other side of creating the container that is currently running under the command view
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8b294cd7074e tomcat "catalina.sh run" 29 seconds ago The Up 28 seconds 0.0.0.0:8080 - > 8080 / TCP, :::8080->8080/tcp zealous_cohen f42ae22e4b72 centos:centos7 "/bin/bash" 3 weeks ago Up 46 hours centos-testCopy the codeThen let’s go into the Tomcat container and have a look
docker exec -it 8b294cd7074e /bin/bash
Copy the code$ docker exec -it 8b294cd7074e /bin/bash
root@8b294cd7074e:/usr/local/tomcat# ls
BUILDING.txt CONTRIBUTING.md LICENSE NOTICE README.md RELEASE-NOTES RUNNING.txt bin conf lib logs native-jni-lib temp webapps webapps.dist work
Copy the codeThen go to WebApp (project file location), and you can see that webApp is empty
root@8b294cd7074e:/usr/local/tomcat# cd webapps
root@8b294cd7074e:/usr/local/tomcat/webapps# ls
root@8b294cd7074e:/usr/local/tomcat/webapps#
Copy the codeThen we visit Tomcat. 404 indicates that Tomcat started normally, but no corresponding page was found, which is easy to understand because the wabapp is empty
So let’s try to make our own image of the content in the WebApp
We copy the files from webapps.dist into wabApp
root@8b294cd7074e:/usr/local/tomcat# cp -r webapps.dist/* webapps
root@8b294cd7074e:/usr/local/tomcat# cd webapps
root@8b294cd7074e:/usr/local/tomcat/webapps# ls
ROOT docs examples host-manager manager
Copy the codeAfter the modification, tomcat is accessible
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8b294cd7074e tomcat "catalina.sh run" 27 minutes ago Up 27 minutes 0.0.0.0:8080->8080/ TCP, :::8080->8080/ TCP Zealous_CohenCopy the codeNow we have made some simple modifications to this Tomcat, and I think my Tomcat is a little better than the official one, so I will submit my image
$docker commit -a="cb" -m "add init file" 8b294CD7074e newtomcat:1.0 sha256:44cf4d44be664d9704a3fc38ddef1f03fa7f113ad83f4049cced322a14dc216bCopy the codeDocker images shows that the new image is created, and a closer look shows that the newtomcat we submitted is a little larger than the official tomcat
$docker images REPOSITORY TAG IMAGE ID CREATED SIZE newtomcat 1.0 44cf4d44be66 46 seconds ago 673MB tomcat latest 710ec5c56683 7 days ago 668MB redis latest aa4d65e670d6 3 weeks ago 105MB mysql latest c60d96bd2b77 3 weeks ago 514MB centos centos7 8652b9f0cb4c 9 months ago 204MBCopy the codeThen you can use your own image directly, or you can publish it for others to use, which I’ll talk about later
To review the hierarchical idea above, newTomcat is an image that we have created after making changes to the container layer. This image is similar to an image snapshot of a virtual machine
So much for the image of Docker. Docker is now a simple door. We will continue to learn the content related to Docker.
On the arch of a pawn without all, the tang donation to the sea