Docker学习笔记・03

这篇讲讲docker的各种文件在Fedora中的位置。

以下是docker这个包的核心文件：

$ rpm -ql docker | grep -v man  | grep -v share
/etc/docker
/etc/docker/certs.d
/etc/docker/certs.d/redhat.com
/etc/docker/certs.d/redhat.com/redhat-ca.crt
/etc/docker/certs.d/redhat.io
/etc/docker/certs.d/redhat.io/redhat-ca.crt
/etc/sysconfig/docker-network
/etc/sysconfig/docker-storage
/etc/sysconfig/docker-storage-setup
/usr/bin/docker-current
/usr/bin/docker-storage-setup
/usr/bin/dockerd-current
/usr/lib/docker-storage-setup
/usr/lib/docker-storage-setup/docker-storage-setup
/usr/lib/docker-storage-setup/dss-child-read-write
/usr/lib/docker-storage-setup/libdss.sh
/usr/lib/systemd/system/docker-containerd.service
/usr/lib/systemd/system/docker-storage-setup.service
/usr/lib/systemd/system/docker.service
/usr/lib/udev/rules.d/80-docker.rules
/usr/libexec/docker/docker-containerd-current
/usr/libexec/docker/docker-containerd-shim-current
/usr/libexec/docker/docker-ctr-current
/usr/libexec/docker/docker-proxy-current
/usr/libexec/docker/docker-runc-current
/var/lib/docker

docker的默认存储位置位于/var/lib/docker：

$ pwd
/var/lib/docker
$ ls -l
total 32
drwx------ 10 root root 4096 Jan  5 22:44 containers
drwx------  5 root root 4096 Jan  5 21:19 devicemapper
drwx------  3 root root 4096 Jan  4 00:08 image
drwxr-x---  3 root root 4096 Jan  4 00:08 network
drwx------  2 root root 4096 Jan  4 00:08 swarm
drwx------  2 root root 4096 Jan  5 21:29 tmp
drwx------  2 root root 4096 Jan  4 00:08 trust
drwx------  2 root root 4096 Jan  4 00:08 volumes

其中「containers」里面包含了容器的信息：

$ pwd
/var/lib/docker/containers
$ ls -l
total 32
drwx------ 4 root root 4096 Jan  5 21:46 0036e9d0788249562268287f4bda5351d36b4dca62e1936a9b1e3eefd537d80b
drwx------ 4 root root 4096 Jan  5 22:42 1df9c3cd8f95d35373813d4d62149e46723c7f9e2133285d1720da54560b5648
drwx------ 4 root root 4096 Jan  5 21:31 3107159e0fabad4b4af9076f135ae74d3834b6568909d252d489a862a4638419
drwx------ 4 root root 4096 Jan  5 21:47 3125d511be3a675c9a7ca8ca17f0be386fb56072a2074c43ce8c61ea31d85970
drwx------ 4 root root 4096 Jan  5 21:19 33b17fbc6ffcc17da91ed3039e713351fec101c8f6150b3a665731c14e658b32
drwx------ 4 root root 4096 Jan  5 21:31 8f993b7308b2913789ee797f1ee2023d2646fb09d37d840ac1bc28d03902b313
drwx------ 4 root root 4096 Jan  5 22:44 c17ce8cb0de3f05d10eee83672a03c14963befb60379585cbcd6572e8df9e528
drwx------ 4 root root 4096 Jan  5 21:45 caedccb3c1b09f7f7c85a041e751b67d2fac9b785eb90173256507224d3cb253
$

可以看看其中一个容器里面的内容：

$ ls 0036e9d0788249562268287f4bda5351d36b4dca62e1936a9b1e3eefd537d80b
config.v2.json  hostconfig.json  hostname  hosts  resolv.conf  resolv.conf.hash  secrets  shm

如上所示，每一个容器里面有这个容器的一些配置文件。主要看config.v2.json这个文件的内容：

{
  "StreamConfig": {},
  "State": {
    "Running": false,
    "Paused": false,
    "Restarting": false,
    "OOMKilled": false,
    "RemovalInProgress": false,
    "Dead": false,
    "Pid": 0,
    "ExitCode": 127,
    "Error": "invalid header field value \"oci runtime error: container_linux.go:247: starting container process caused \\\"exec: \\\\\\\"bash\\\\\\\": executable file not found in $PATH\\\"\\n\"",
    "StartedAt": "0001-01-01T00:00:00Z",
    "FinishedAt": "0001-01-01T00:00:00Z",
    "Health": null
  },
  "ID": "0036e9d0788249562268287f4bda5351d36b4dca62e1936a9b1e3eefd537d80b",
  "Created": "2018-01-05T13:46:49.695891865Z",
  "Managed": false,
  "Path": "bash",
  "Args": [],
  "Config": {
    "Hostname": "0036e9d07882",
    "Domainname": "",
    "User": "",
    "AttachStdin": true,
    "AttachStdout": true,
    "AttachStderr": true,
    "Tty": true,
    "OpenStdin": true,
    "StdinOnce": true,
    "Env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
    ],
    "Cmd": [
      "bash"
    ],
    "Image": "hello-world",
    "Volumes": null,
    "WorkingDir": "",
    "Entrypoint": null,
    "OnBuild": null,
    "Labels": {}
  },
  "Image": "sha256:f2a91732366c0332ccd7afd2a5c4ff2b9af81f549370f7a19acd460f87686bc7",
  "NetworkSettings": {
    "Bridge": "",
    "SandboxID": "a56b00fc2d904a2bcacb6e2e84adbf4d90c2f9c1c8ce1808eb5f1d8a42aff944",
    "HairpinMode": false,
    "LinkLocalIPv6Address": "",
    "LinkLocalIPv6PrefixLen": 0,
    "Networks": {
      "bridge": {
        "IPAMConfig": null,
        "Links": null,
        "Aliases": null,
        "NetworkID": "2429ef9d3c2b11cc55f64658a217809810ea164b8ece01629e4102eaa22d32f9",
        "EndpointID": "996aa17d758445e1e1043702c02355c7f79c720ad1d7e59d6aa6c74296c37614",
        "Gateway": "172.17.0.1",
        "IPAddress": "172.17.0.2",
        "IPPrefixLen": 16,
        "IPv6Gateway": "",
        "GlobalIPv6Address": "",
        "GlobalIPv6PrefixLen": 0,
        "MacAddress": "02:42:ac:11:00:02"
      }
    },
    "Service": null,
    "Ports": {},
    "SandboxKey": "/var/run/docker/netns/a56b00fc2d90",
    "SecondaryIPAddresses": null,
    "SecondaryIPv6Addresses": null,
    "IsAnonymousEndpoint": true
  },
  "LogPath": "",
  "Name": "/compassionate_bohr",
  "Driver": "devicemapper",
  "MountLabel": "",
  "ProcessLabel": "",
  "RestartCount": 0,
  "HasBeenStartedBefore": false,
  "HasBeenManuallyStopped": false,
  "MountPoints": {},
  "AppArmorProfile": "",
  "HostnamePath": "/var/lib/docker/containers/0036e9d0788249562268287f4bda5351d36b4dca62e1936a9b1e3eefd537d80b/hostname",
  "HostsPath": "/var/lib/docker/containers/0036e9d0788249562268287f4bda5351d36b4dca62e1936a9b1e3eefd537d80b/hosts",
  "ShmPath": "/var/lib/docker/containers/0036e9d0788249562268287f4bda5351d36b4dca62e1936a9b1e3eefd537d80b/shm",
  "ResolvConfPath": "/var/lib/docker/containers/0036e9d0788249562268287f4bda5351d36b4dca62e1936a9b1e3eefd537d80b/resolv.conf",
  "SeccompProfile": "",
  "NoNewPrivileges": false
}

上面的配置文件里面包含了容器的核心信息。比如告诉了我们容器对应的image id：

"Image": "sha256:f2a91732366c0332ccd7afd2a5c4ff2b9af81f549370f7a19acd460f87686bc7"

我们可以在「/var/lib/docker/」里面搜索这个id：

[root@f64 docker]# find . | grep f2a91732366c0332ccd7afd2a5c4ff2b9af81f549370f7a19acd460f87686bc7
./image/devicemapper/imagedb/content/sha256/f2a91732366c0332ccd7afd2a5c4ff2b9af81f549370f7a19acd460f87686bc7

可以看到容器对应的image文件录是：

/var/lib/docker/image/devicemapper/imagedb/content/sha256/f2a91732366c0332ccd7afd2a5c4ff2b9af81f549370f7a19acd460f87686bc7

注意保存image所使用的文件系统是devicemapper。docker支持多种文件系统¹，而「devicemapper」是其中之一。

关于device mapper，可以查看wikipedia的相关文档²。

以下是「IO_stack_of_the_Linux_kernel」³：

\[\blacksquare\]

https://docs.docker.com/engine/userguide/storagedriver/selectadriver/ ↩
https://en.wikipedia.org/wiki/Device_mapper ↩
https://upload.wikimedia.org/wikipedia/commons/3/30/IO_stack_of_the_Linux_kernel.svg ↩

阿男的小窝 / Published on Jan 06, 2018