摘要: Docker Notes系列为学习Docker笔记,本文是Docker存储介绍
由上篇文章的镜像管理可知Docker以分层形式存储镜像,元数据与镜像文件的存储也是完全隔离开来
repository 由具有某个功能的Docker镜像的所有迭代版本构成的镜像库,其本地持久化文件存放于/var/lib/docker/image/{Storage Driver}/repositories.json
中,结构如下:
[root@cf /]# docker info | grep 'Storage Driver'
Storage Driver: overlay2
[root@cf /]# cat /var/lib/docker/image/overlay2/repositories.json
{
"Repositories": {
"busybox": {
"busybox:latest": "sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a",
"busybox:test": "sha256:357bb11d2c366a4c60bcb20580407694f2f66f091452c8680dadf2761dc3cba0",
"busybox@sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df416dea4f41046e0f37d47": "sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a"
},
"centos": {
"centos:7": "sha256:49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5",
"centos@sha256:b67d21dfe609ddacf404589e04631d90a342921e81c40aeaf3391f6717fa5322": "sha256:49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5"
}
...
}
}
Docker 默认采用SHA256算法根据镜像元数据配置文件计算出镜像ID
image 元数据包括了如下内容:
[root@cf /]# cat /var/lib/docker/image/overlay2/imagedb/content/sha256/8c811b4aec35f25...
{
"architecture": "amd64",
"config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"sh"
],
"ArgsEscaped": true,
"Image": "sha256:3e8a1c5213eb57c6ea8ddb27d86a241698741ce60d9053b641f57a7e455f6842",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"container": "617bfbb850a66642161d4925e0c00f77caa46e22057409788207e7b2edb86c3e",
"container_config": {
"Hostname": "617bfbb850a6",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"sh\"]"
],
"ArgsEscaped": true,
"Image": "sha256:3e8a1c5213eb57c6ea8ddb27d86a241698741ce60d9053b641f57a7e455f6842",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
}
},
"created": "2018-05-23T21:19:31.132152818Z",
"docker_version": "17.06.2-ce",
"history": [
{
"created": "2018-05-23T21:19:30.902651601Z",
"created_by": "/bin/sh -c #(nop) ADD file:5f0439d8328ab58c087cd067c91ce92765da98916d91b083df6590477b7b9f19 in / "
},
{
"created": "2018-05-23T21:19:31.132152818Z",
"created_by": "/bin/sh -c #(nop) CMD [\"sh\"]",
"empty_layer": true
}
],
"os": "linux",
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:432b65032b9466b4dadcc5c7b11701e71d21c18400aae946b101ad16be62333a"
]
}
}
由上文可知layer负责与镜像层和容器层元数据有关的增删改查,并将其增删改查操作映射到实际存储镜像层文件系统的graphdriver模块。
用户在Docker宿主机上下载了某个镜像层之后,Docker会在宿主机上基于镜像层文件包和image元数据,构建本地的layer元数据,如diff、size等,
[root@cf /]# cat /var/lib/docker/image/overlay2/layerdb/sha256/432b65032b9466b4d.../
cache-id diff size tar-split.json.gz
为了支持镜像的分层(只读层、读写层)与写时复制等特性,Docker提供了存储驱动的接口。存储驱动根据操作系统底层的支持提供了针对某种文件系统的初始化操作以及对镜像层的增删改查和差异比较等操作
[root@cf /]# cd /var/lib/docker/aufs
如上图所示,映射设备是内核向外提供的逻辑设备,而目标设备即可以是物理设备也可以同样是映射设备
[root@cf /]# cd /var/lib/docker/devicemapper
[root@cf overlay2]# tree -L 2
.
├── 05f14d2b45bfa0ff20f...
│ ├── diff
│ ├── link
│ ├── lower
│ └── work