澳门至尊网站-首页

您的位置:澳门至尊网站 > 黑客安全 > Docker的蕴藏驱动

Docker的蕴藏驱动

2019-11-04 00:05

Docker存款和储蓄驱动

1. Docker存款和储蓄驱动历史

Docker近来支持的greph driver蕴涵:

  • AUFS
  • device-mapper
  • btrfs
  • overlayfs(重点)

关于各存款和储蓄驱的亲力亲为介绍参照Docker各样存款和储蓄驱动原理及接收场景和总体性测量试验对照

2. Docker overlayfs driver

1) 介绍

docker使用overlaysf的牵线如下:

  • lowerdir指向image layer;
  • upperdir指向container layer;
  • merged整合lowerdir与upperdir提统统一视图给容器作为根文件系统

如下图:
图片 1

2卡塔 尔(英语:State of Qatar)容器内文件的读写优先级处境

I. read file
  • upperdir存在,从container layer读取;
  • upperdir不存在,从lowerdir,即 image layer读取;
II. write file
  • upperdir存在,直接在upperdir写;
  • upperdir不存在,overlay发起copy_up操作,从lowerdir拷贝文件到upperdir进行写,拷贝只会在首先次展开时发生。
III. deleting files and directories
  • 删除文件时,upperdir会成立一个witheout文件,会隐敝lowerdir的文件(非删除卡塔尔;
  • 剔除目录时,upperdir会创设一个opaque diectory,隐瞒lowerdir的目录;

3). overlayfs driver实践

  • 指定overlay driver启动:
$dockerd --storage-driver=overlay
$docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 17.06.0-ce
Storage Driver: overlay
 Backing Filesystem: extfs
 Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfb82a876ecc11b5ca0977d1733adbe58599088a
runc version: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
init version: 949e6fa
  • 下载多少个镜像:
$docker pull centos:centos6
$docker images -a
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos              centos6             7ea307891843        4 weeks ago         194MB
  • 查阅镜像的对应目录
$ls /var/lib/docker/overlay/
8c2dc4e8a8bb0bca70b6304984089f9f6fcf6e093ce9cf9818af3316ad7fb0d7
$ls /var/lib/docker/overlay/8c2dc4e8a8bb0bca70b6304984089f9f6fcf6e093ce9cf9818af3316ad7fb0d7/root/
bin  etc  home  lib  lib64  lost+found  media  mnt  opt  root  sbin  selinux  srv  tmp  usr  var
  • 成立容器
$docker run -it centos:centos6 /bin/bash
#在host里查看
$ls /var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/
lower-id  merged/   upper/    work/
cat /var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/lower-id
8c2dc4e8a8bb0bca70b6304984089f9f6fcf6e093ce9cf9818af3316ad7fb0d7
$cat /proc/mounts
overlay /var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/merged overlay rw,relatime,lowerdir=/var/lib/docker/overlay/8c2dc4e8a8bb0bca70b6304984089f9f6fcf6e093ce9cf9818af3316ad7fb0d7/root,upperdir=/var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/upper,workdir=/var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/work 0 0

可以看来,容器对应的目录有三个(merged, upper, work卡塔 尔(英语:State of Qatar), work用于overlayfs实现copy_up操作, lower-id保存images ID。

  • 容器内创造文件
$echo "hello" > /root/f1.txt
$ls /root/
anaconda-ks.cfg  f1.txt  install.log  install.log.syslog

Host上overlay目录变化

$ls /var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/merged/root/
anaconda-ks.cfg  f1.txt  install.log  install.log.syslog
$ls /var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/upper/root/
f1.txt
$ls /var/lib/docker/overlay/8c2dc4e8a8bb0bca70b6304984089f9f6fcf6e093ce9cf9818af3316ad7fb0d7/root/root/
anaconda-ks.cfg  install.log  install.log.syslog
  • 容器内去除文件
$rm /root/install.log
$ls /root/

Host上overlay目录变化

$ls /var/lib/docker/overlay/8c2dc4e8a8bb0bca70b6304984089f9f6fcf6e093ce9cf9818af3316ad7fb0d7/root/root/
anaconda-ks.cfg  install.log  install.log.syslog

$ls /var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/merged/root/
anaconda-ks.cfg  f1.txt  install.log.syslog

$ls /var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/upper/root/* -l
-rw-r--r-- 1 root root    6 Sep  3 22:17 /var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/upper/root/f1.txt
#发现upperdir多了一下instll.log文件
c--------- 1 root root 0, 0 Sep  3 22:24 /var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/upper/root/install.log

$cat /var/lib/docker/overlay/12e6cab3449f07e2eeb8441ec366c214a9550130ea1367bd5e58b6375b00d9e8/lower-id
8c2dc4e8a8bb0bca70b6304984089f9f6fcf6e093ce9cf9818af3316ad7fb0d7

$ls /var/lib/docker/overlay/8c2dc4e8a8bb0bca70b6304984089f9f6fcf6e093ce9cf9818af3316ad7fb0d7/root/root/
anaconda-ks.cfg  install.log  install.log.syslog

本文由澳门至尊网站发布于黑客安全,转载请注明出处:Docker的蕴藏驱动

关键词: