Where are Docker images stored? (杂译)

2015-02-07 wcdj

原文：Where are Docker images stored?

Written by Troy Howard

译者：delphiwcdj (gerryyang)

如果你已经了解了Dockert的基本用法，包括如何写一个Dockerfile来生成自己的镜像，那么下来你一定开始关心另一个问题，我的Docker镜像是在哪里存储的？在了解这个之前，我们先看几个重要的概念。

Image vs Dockerfile

Docker通过加载镜像来执行你在制作镜像时内置的功能，而镜像又是通过事先编写好的Dockerfile然后使用docker build命令来编译创建的。当你使用docker push命令想发布一个镜像时，我们的源码不会一起提交，而只会提交我们制作的镜像。

Registry vs Index

Index是一个公开的web接口，管理着使用者的账户，权限，镜像查询，镜像标签等等内容。而registry存储和提供实际的镜像资源，并通过Index来管理授权。

例如，当使用docker search命令时，会查询Index上的镜像资源，而不是某一个registry上的。打个比方，Index相当于一个总管家，registry相当于一个房间，而镜像相当于房间里的一个物品，总管家可以管理着多个房间以及那个物品归属哪个房间，用户想查询和获取某个物品时，只需要询问总管家即可，而由总管家来负责从哪个房间获取用户想要的物品，所有这些细节都对用户透明。

Repository

Docker中的Repository概念与Github比较类似。下面有个问题需要我们关心：
(1) repository与registry的关系？
(2) repository与image的关系？
(3) repository与index username的关系？
答案：实际上，repository是以上这些元素的一个集合，而并非其中某一个。通过docker images命令可以进行验证。

$ docker imagesREPOSITORY          TAG                 IMAGE ID            CREATED             SIZEubuntu              12.04               8dbd9e392a96        8 months ago        131.3 MB (virtual 131.3 MB)ubuntu              latest              8dbd9e392a96        8 months ago        131.3 MB (virtual 131.3 MB)ubuntu              precise             8dbd9e392a96        8 months ago        131.3 MB (virtual 131.3 MB)ubuntu              12.10               b750fe79269d        8 months ago        24.65 kB (virtual 179.7 MB)ubuntu              quantal             b750fe79269d        8 months ago        24.65 kB (virtual 179.7 MB)

输出的本地镜像的列表，仿佛更像一个repository的列表。实际上每个镜像都对应一个GUID。

当使用docker build或者docker commit命令时，我们需要为要创建的镜像指定一个名字，格式为：username/image_name:tag（实际上，可以使用任何我们喜欢的名字）。然而，当需要提交镜像执行docker push命令时，Index将会查找我们要提交的image_name，并核实是否有匹配的repository，如果有则进一步核实我们是否具备提交权限，权限校验通过后才会允许我们这次要push的新镜像提交成功。因此，
a registry holds a collection of named repositories, which themselves are a collection of images tracked by GUIDs.

即，一个注册服务器可以存放多个仓库，每个仓库中通常又存储着某一类镜像，每个镜像都对应全局的一个GUID。

于此同时，我们还可以对相同的image_name标注不同的tag，虽然这些镜像有可能是同一个。

Local Storage on the Docker Host

使用docker images命令可以显示本地镜像的一个列表，那么问题来了，这些本地镜像是如何存放的？

第一个地方：/var/lib/docker/，下面是译者本机的输出信息，可以发现输出的格式和内容和docker images是一样的：

root@gerryyang:~# cat /var/lib/docker/repositories-aufs | python -mjson.tool{    "Repositories": {        "dl.dockerpool.com:5000/ubuntu": {            "14.04": "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5",            "latest": "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5"        },        "dockerpool_ubuntu_gerry": {            "v14.04": "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5"        },        "gcc": {            "latest": "28d1ad755d5ee4d3251dcfba8930d645debeddcd2740e02a60c1806e536a41c7"        },        "gcc_latest_gerry": {            "demo": "ada7ef168150440190db57776e307430c61c46840b4b11975d29a7ba4f4f98d0"        },        "mysql": {            "5": "310c359af360b506e44a73a1141bf133de7be5ec00ba8d14f215591d5e5370b2",            "5.5": "3f631c0ca341baa6253f6548fcf97b221b32645caf8f08e8dfedab922b63973c",            "5.5.40": "8866e0a8765030c6916fbe232b3ea9e88e0dc26eb924cbf6cb512303d91451bd",            "5.5.41": "3f631c0ca341baa6253f6548fcf97b221b32645caf8f08e8dfedab922b63973c",            "5.6": "310c359af360b506e44a73a1141bf133de7be5ec00ba8d14f215591d5e5370b2",            "5.6.17": "36e732ca26106f3e286b9f9500ef17803430d3b5a044d25c64b66988fd198d59",            "5.6.20": "722147135e89b2082ec729ce12266614ee573ae910c0ea8f85ffb3b3b568a587",            "5.6.21": "dc376b561957c5a1b70603f246cde89696042f8b8d1ff7dc768eb1303b316e13",            "5.6.22": "310c359af360b506e44a73a1141bf133de7be5ec00ba8d14f215591d5e5370b2",            "5.7": "8419f2b0e48698e3127020de477fbc770c29f468537fd6545274585ada16e042",            "5.7.5": "8419f2b0e48698e3127020de477fbc770c29f468537fd6545274585ada16e042",            "5.7.5-m15": "8419f2b0e48698e3127020de477fbc770c29f468537fd6545274585ada16e042",            "latest": "310c359af360b506e44a73a1141bf133de7be5ec00ba8d14f215591d5e5370b2"        },        "php": {            "latest": "022910f2a8262a5c0ee4b81de1ac769a575bde99abadb2bc6dff60fb34006b03"        },        "registry": {            "latest": "7b4ee0b17c992e16dd1f21dad898cbf4ca92e7fdef8fd0c5468a6fc88e1cbaa1"        },        "tutum/lamp": {            "latest": "b84edafb1623c81ae7a230bfee1b6bace0bf8397c0a69f0dafb153e8809c1fb2"        },        "tutum_lamp_golang_gerry": {            "1.0": "6b660dc40f2bc56eefdc867429742019240054eac681b8d94cb6f3452f2fd9f5"        },        "ubuntu": {            "14.04": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",            "14.04.1": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",            "14.10": "bf49414948acef83f1cb8b8d3148f5e8dbc388ccea03a4ae23f1dbeb3dd61b11",            "15.04": "b12dbb6f7084464e54a0b642367fe76f6530f635385b35496b7fd5e251159b13",            "latest": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",            "trusty": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",            "utopic": "bf49414948acef83f1cb8b8d3148f5e8dbc388ccea03a4ae23f1dbeb3dd61b11",            "vivid": "b12dbb6f7084464e54a0b642367fe76f6530f635385b35496b7fd5e251159b13"        },        "ubuntu_sshd_dockerfile_gerry": {            "14.04": "7c46169e819247e40b7412dcc875b39f6dabf67966f172c30015d89869785bad"        },        "ubuntu_sshd_gcc_apache_gerry": {            "14.04": "9265b0c6d3146503a3e38796ccbe7da5cd72f55c310a6b3e44867c9785a622d7"        },        "ubuntu_sshd_gcc_apache_php_gerry": {            "14.04": "d84f2513f7778fa4fb27639d3cdeea422c8330ba37ec3f33e35560bc45a6222e"        },        "ubuntu_sshd_gcc_gerry": {            "14.04": "f0e3262ed6617896b306852c923e4c0e1d359b58b29a02ef849c4b8978c73c65"        },        "ubuntu_sshd_gcc_golang_gerry": {            "14.04": "16a3c68c1f44b3bd260df713df942e92323b42db39ba625357acd0f87c5c1775"        },        "ubuntu_sshd_gcc_mysql_gerry": {            "14.04": "3628ab96ba35d72512f7ac3e1baa8b16171deba00ee3409aa0e1ba68cff404e2"        },        "ubuntu_sshd_gcc_nginx_gerry": {            "14.04": "30ee28dd0d953864b4c2a5cfdf6056c2af8fe4417053c21de6512943c06bbbea"        },        "vcarl/cakephp": {            "latest": "f58d081026b1963adb95726b61c94e61efe12f28626c8eb95640833b008aaf28"        },        "wordpress": {            "latest": "62751144a0a07ec7fa9ac08f2b74061694b12489ea9b06ccc6c25e3ec1c8b24b"        }    }}root@gerryyang:~# docker imagesREPOSITORY                         TAG                 IMAGE ID            CREATED             VIRTUAL SIZEgcc_latest_gerry                   demo                ada7ef168150        10 days ago         1.201 GBubuntu_sshd_gcc_apache_php_gerry   14.04               d84f2513f777        10 days ago         407.3 MBubuntu_sshd_gcc_mysql_gerry        14.04               3628ab96ba35        10 days ago         617.1 MBtutum_lamp_golang_gerry            1.0                 6b660dc40f2b        11 days ago         661.4 MBubuntu_sshd_gcc_golang_gerry       14.04               16a3c68c1f44        11 days ago         499.7 MBwordpress                          latest              62751144a0a0        11 days ago         473.2 MBphp                                latest              022910f2a826        11 days ago         390 MBubuntu_sshd_gcc_nginx_gerry        14.04               30ee28dd0d95        11 days ago         352.7 MBubuntu_sshd_gcc_apache_gerry       14.04               9265b0c6d314        12 days ago         351.2 MBgcc                                latest              28d1ad755d5e        2 weeks ago         1.201 GBubuntu_sshd_dockerfile_gerry       14.04               7c46169e8192        2 weeks ago         230.3 MBubuntu_sshd_gcc_gerry              14.04               f0e3262ed661        2 weeks ago         334.3 MBmysql                              5.7                 8419f2b0e486        4 weeks ago         322.8 MBmysql                              5.7.5               8419f2b0e486        4 weeks ago         322.8 MBmysql                              5.7.5-m15           8419f2b0e486        4 weeks ago         322.8 MBmysql                              5                   310c359af360        4 weeks ago         282.6 MBmysql                              5.6                 310c359af360        4 weeks ago         282.6 MBmysql                              5.6.22              310c359af360        4 weeks ago         282.6 MBmysql                              latest              310c359af360        4 weeks ago         282.6 MBmysql                              5.5                 3f631c0ca341        4 weeks ago         214.5 MBmysql                              5.5.41              3f631c0ca341        4 weeks ago         214.5 MBregistry                           latest              7b4ee0b17c99        4 weeks ago         414.2 MBubuntu                             vivid               b12dbb6f7084        5 weeks ago         117.2 MBubuntu                             15.04               b12dbb6f7084        5 weeks ago         117.2 MBubuntu                             utopic              bf49414948ac        5 weeks ago         194.4 MBubuntu                             14.10               bf49414948ac        5 weeks ago         194.4 MBubuntu                             trusty              8eaa4ff06b53        5 weeks ago         188.3 MBubuntu                             14.04               8eaa4ff06b53        5 weeks ago         188.3 MBubuntu                             14.04.1             8eaa4ff06b53        5 weeks ago         188.3 MBubuntu                             latest              8eaa4ff06b53        5 weeks ago         188.3 MBmysql                              5.6.21              dc376b561957        12 weeks ago        235.9 MBmysql                              5.5.40              8866e0a87650        12 weeks ago        215.2 MBvcarl/cakephp                      latest              f58d081026b1        3 months ago        476.9 MBtutum/lamp                         latest              b84edafb1623        3 months ago        436.7 MBdl.dockerpool.com:5000/ubuntu      14.04               5506de2b643b        3 months ago        199.3 MBdl.dockerpool.com:5000/ubuntu      latest              5506de2b643b        3 months ago        199.3 MBdockerpool_ubuntu_gerry            v14.04              5506de2b643b        3 months ago        199.3 MBmysql                              5.6.20              722147135e89        4 months ago        235.6 MBmysql                              5.6.17              36e732ca2610        7 months ago        458.7 MB

那么第二个问题来了，这里到底存放的是什么？
以译者，ubuntu_sshd_gcc_gerry:14.04镜像为例：

total 52drwx------   2 root root  4096 Jan 18 19:57 .drwx------ 311 root root 36864 Jan 28 19:47 ..-rw-------   1 root root  1428 Jan 18 19:57 json-rw-------   1 root root     8 Jan 18 19:57 layersize

每个子目录的含义如下：

• json - holds metadata about the image
• layersize - just a number, indicating the size of the layer
• layer/ - sub-directory that holds the rootfs for the container image（译者环境，并未存在此目录）
  

root@gerryyang:~# cat /var/lib/docker/graph/f0e3262ed6617896b306852c923e4c0e1d359b58b29a02ef849c4b8978c73c65/json | python -mjson.tool{    "Size": 83548377,    "architecture": "amd64",    "checksum": "tarsum.dev+sha256:bf493f9113f3fb79c26de28346628eff3c62b19b64ee3242582e2abb343aab30",    "config": {        "AttachStderr": false,        "AttachStdin": false,        "AttachStdout": false,        "Cmd": [            "/run.sh"        ],        "CpuShares": 0,        "Cpuset": "",        "Domainname": "",        "Entrypoint": null,        "Env": [            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"        ],        "ExposedPorts": {            "22/tcp": {}        },        "Hostname": "",        "Image": "",        "MacAddress": "",        "Memory": 0,        "MemorySwap": 0,        "NetworkDisabled": false,        "OnBuild": null,        "OpenStdin": false,        "PortSpecs": null,        "StdinOnce": false,        "Tty": false,        "User": "",        "Volumes": null,        "WorkingDir": ""    },    "container": "e50b72dfaae7afcd2afc31eb33ff39b8450937d8058b276c7e4e23c9854a06b2",    "container_config": {        "AttachStderr": false,        "AttachStdin": false,        "AttachStdout": false,        "Cmd": [            "/run.sh"        ],        "CpuShares": 0,        "Cpuset": "",        "Domainname": "",        "Entrypoint": null,        "Env": [            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"        ],        "ExposedPorts": {            "22/tcp": {}        },        "Hostname": "e50b72dfaae7",        "Image": "ubuntu_sshd_gerryv2:14.04",        "MacAddress": "",        "Memory": 0,        "MemorySwap": 0,        "NetworkDisabled": false,        "OnBuild": null,        "OpenStdin": false,        "PortSpecs": null,        "StdinOnce": false,        "Tty": false,        "User": "",        "Volumes": null,        "WorkingDir": ""    },    "created": "2015-01-18T11:56:58.108518707Z",    "docker_version": "1.4.1",    "id": "f0e3262ed6617896b306852c923e4c0e1d359b58b29a02ef849c4b8978c73c65",    "os": "linux",    "parent": "a45787b0222f955d68d9db34fb18033144b8a78015d9e306a1613894da0fd86e"}root@gerryyang:~# cat /var/lib/docker/graph/f0e3262ed6617896b306852c923e4c0e1d359b58b29a02ef849c4b8978c73c65/layersize 83548377

DIY Dockerfiles

OK, 让我们手动创建一个Dockerfile吧。

FROM ubuntu

这句命令的含义就是，把ubuntu镜像作为我们的基础层镜像。没错，就这么简单，到此为止Dockerfile编写完毕。
第二步，使用命令编译此Dockerfile：
docker build -t gerry_image_from_ubuntu .
这句命令的含义是，docker通过我们指定的目录（.），即当前目录，查找Dockerfile，然后编译它。并且我们指定了编译后的repository名字是gerry_image_from_ubuntu。

root@gerryyang:~/Docker/DIY_Dockerfile# lsbuild.sh  Dockerfileroot@gerryyang:~/Docker/DIY_Dockerfile# cat build.sh #!/bin/bashdocker build -t gerry_image_from_ubuntu .root@gerryyang:~/Docker/DIY_Dockerfile# sh build.sh Sending build context to Docker daemon 3.072 kBSending build context to Docker daemon Step 0 : FROM ubuntu ---> 8eaa4ff06b53Successfully built 8eaa4ff06b53root@gerryyang:~/Docker/DIY_Dockerfile# docker images | grep gerry_image*gerry_image_from_ubuntu            latest              8eaa4ff06b53        5 weeks ago         188.3 MBroot@gerryyang:~/Docker/DIY_Dockerfile# cat /var/lib/docker/repositories-aufs | python -mjson.tool | grep gerry_image* -3        "gcc_latest_gerry": {            "demo": "ada7ef168150440190db57776e307430c61c46840b4b11975d29a7ba4f4f98d0"        },        "gerry_image_from_ubuntu": {            "latest": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a"        },        "mysql": {<pre name="code" class="plain">root@gerryyang:~/Docker/DIY_Dockerfile#

使用docker images可以看到，Docker非常聪明，我们新生成的gerry_image_from_ubuntu镜像ID和ubuntu镜像ID是一样的，因为没有任何改变的操作。

gerry_image_from_ubuntu            latest              8eaa4ff06b53        5 weeks ago         188.3 MBubuntu                             14.04               8eaa4ff06b53        5 weeks ago         188.3 MB

OK，通过RUN指令添加一个改变的操作：

root@gerryyang:~/Docker/DIY_Dockerfile# lsbuild.sh  Dockerfileroot@gerryyang:~/Docker/DIY_Dockerfile# cat Dockerfile FROM ubuntuRUN touch hello.txtroot@gerryyang:~/Docker/DIY_Dockerfile# ./build.sh Sending build context to Docker daemon 3.072 kBSending build context to Docker daemon Step 0 : FROM ubuntu ---> 8eaa4ff06b53Step 1 : RUN touch hello.txt ---> Running in 6246fbfc6249 ---> 2fefd58a4a83Removing intermediate container 6246fbfc6249Successfully built 2fefd58a4a83

然后再对比下，镜像ID是否有变化。可以看到，新生成的gerry_image_from_ubuntu镜像的ID已经和ubuntu镜像的ID不同。Yes, Our tiny change had a big impact!

gerry_image_from_ubuntu            latest              2fefd58a4a83        2 minutes ago       188.3 MBubuntu                             14.04               8eaa4ff06b53        5 weeks ago         188.3 MBroot@gerryyang:~/Docker/DIY_Dockerfile# ls -la /var/lib/docker/graph/2fefd58a4a8385981742202e41e234df18c0547ba6cb80074b9f2fbef57d32bc/total 52drwx------   2 root root  4096 Feb  7 20:48 .drwx------ 312 root root 36864 Feb  7 20:48 ..-rw-------   1 root root  1539 Feb  7 20:48 json-rw-------   1 root root     1 Feb  7 20:48 layersizeroot@gerryyang:~/Docker/DIY_Dockerfile# cat /var/lib/docker/graph/2fefd58a4a8385981742202e41e234df18c0547ba6cb80074b9f2fbef57d32bc/json | python -mjson.tool{    "Size": 0,    "architecture": "amd64",    "checksum": "tarsum.dev+sha256:72d843b4be6cf2c6a5322a90405d9ca32b1112a8f93130d0e9e008def27f39e3",    "config": {        "AttachStderr": false,        "AttachStdin": false,        "AttachStdout": false,        "Cmd": [            "/bin/bash"        ],        "CpuShares": 0,        "Cpuset": "",        "Domainname": "",        "Entrypoint": null,        "Env": [            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"        ],        "ExposedPorts": null,        "Hostname": "8c41fcbc2d07",        "Image": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",        "MacAddress": "",        "Memory": 0,        "MemorySwap": 0,        "NetworkDisabled": false,        "OnBuild": [],        "OpenStdin": false,        "PortSpecs": null,        "StdinOnce": false,        "Tty": false,        "User": "",        "Volumes": null,        "WorkingDir": ""    },    "container": "6246fbfc6249aea9d27631bcdd94e3047b0192425b685d2bfa43a27a7740cccd",    "container_config": {        "AttachStderr": false,        "AttachStdin": false,        "AttachStdout": false,        "Cmd": [            "/bin/sh",            "-c",            "touch hello.txt"        ],        "CpuShares": 0,        "Cpuset": "",        "Domainname": "",        "Entrypoint": null,        "Env": [            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"        ],        "ExposedPorts": null,        "Hostname": "8c41fcbc2d07",        "Image": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",        "MacAddress": "",        "Memory": 0,        "MemorySwap": 0,        "NetworkDisabled": false,        "OnBuild": [],        "OpenStdin": false,        "PortSpecs": null,        "StdinOnce": false,        "Tty": false,        "User": "",        "Volumes": null,        "WorkingDir": ""    },    "created": "2015-02-07T12:48:10.905653013Z",    "docker_version": "1.4.1",    "id": "2fefd58a4a8385981742202e41e234df18c0547ba6cb80074b9f2fbef57d32bc",    "os": "linux",    "parent": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a"}

Run it!

现在可以运行我们新创建的镜像了。先通过bash交互的方式来运行我们的镜像：

root@gerryyang:~/Docker/DIY_Dockerfile# lsbuild.sh  debug.sh  Dockerfileroot@gerryyang:~/Docker/DIY_Dockerfile# cat debug.sh #!/bin/bashdocker run -it gerry_image_from_ubuntu /bin/bashroot@gerryyang:~/Docker/DIY_Dockerfile# ./debug.sh root@544fb9b56a23:/# uname -aLinux 544fb9b56a23 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linuxroot@544fb9b56a23:/# cat /etc/issueUbuntu 14.04.1 LTS \n \lroot@544fb9b56a23:/# lsbin  boot  dev  etc  hello.txt  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

进入镜像后可以看到，在Dockerfile文件中指定创建的hello.txt文件。

Publish it!

到目前为止，我们已经把本地要做的工作完成了，现在可以发布新的镜像给外部了。要发布到Docker Index，需要事先创建好账户，然后通过docker push命令提交新的镜像。

root@gerryyang:~/Docker/DIY_Dockerfile# docker push gerry/gerry_image_from_ubuntuThe push refers to a repository [gerry/gerry_image_from_ubuntu] (len: 1)Sending image listPlease login prior to push:Username: gerryyangPassword: Email: diggwcdj@gmail.comLogin SucceededThe push refers to a repository [gerry/gerry_image_from_ubuntu] (len: 1)Sending image listFATA[0032] Error: Status 403 trying to push repository gerry/gerry_image_from_ubuntu: "Access Denied: Not allowed to create Repo at given location" 

Oops. Docker Index won't let us publish without our username in the repository name.

注意：Docker Index不允许提交没有用户名的镜像，因此正确地提交方式是，在编译镜像时指定Docker Index的用户名，比如，gerryyang：

docker build -t gerryyang/gerry_image_from_ubuntu .

root@gerryyang:~/Docker/DIY_Dockerfile# docker push gerryyang/gerry_image_from_ubuntuThe push refers to a repository [gerryyang/gerry_image_from_ubuntu] (len: 1)Sending image listPushing repository gerryyang/gerry_image_from_ubuntu (1 tags)511136ea3c5a: Image already pushed, skipping 3b363fd9d7da: Image already pushed, skipping 607c5d1cca71: Image already pushed, skipping f62feddc05dc: Image already pushed, skipping 8eaa4ff06b53: Image already pushed, skipping 2fefd58a4a83: Image successfully pushed Pushing tag for rev [2fefd58a4a83] on {https://cdn-registry-1.docker.io/v1/repositories/gerryyang/gerry_image_from_ubuntu/tags/latest}root@gerryyang:~/Docker/DIY_Dockerfile# docker search gerryyangNAME             DESCRIPTION   STARS     OFFICIAL   AUTOMATEDgerryyang/ping                 0                    root@gerryyang:~/Docker/DIY_Dockerfile# docker search gerry_image_from_ubuntuNAME      DESCRIPTION   STARS     OFFICIAL   AUTOMATEDroot@gerryyang:~/Docker/DIY_Dockerfile# docker search gerryyang/gerry_image_from_ubuntuNAME      DESCRIPTION   STARS     OFFICIAL   AUTOMATED

译者注：向Docker Index提交镜像成功后，使用docker search并没有查询到，可能还没有被缓存，因此查询不到。

Also, to be honest, this is not a very interesting image to share publicly, and we don't want to look like n00bs, so let's delete it as well.

如果要删除一个本地镜像，可以使用命令：docker rmi image_name:tag，但是，如何删除外部Docker Index上的镜像呢？

Deleting a Published Repository

很不幸，要从index/registry删除我们提交的镜像，必须在web页面操作，而不能通过command-line的方式。

镜像删除不可怕，因为我们还有Dockerfile！

Important Security Lesson

此部分摘录原文。

It's really important to consider the security implications of what we just saw though.

Even if a Docker image is deleted from the Docker Index it may still be out there on someones machine. There's no way to change that.

Also, as we saw when looking at the files we have locally, it's not quite an "opaque binary" image. All the information from the Dockerfile was in theJSON file for the image, and the artifacts of those commands are in the layer, as accessible as a filesystem. If you accidentally published a password or key, or some other critical secret, there's no getting it back, and people can find as easily as they can find anything else in a published open source code base.

Be very careful about what you're publishing. If you do accidentally publish a secret, take it down right away and update credentials on whatever systems it might have compromised.

Conclusion

同上，原汁原味。

Docker can be a bit confusing with its terminology, but once you wrap your head around the basic workflow described here, it should be very easy to be in-control of what you're building, knowing exactly when and how you share that with the world.

More:

[1] where-are-docker-images-stored-on-the-host-machine

[2] how-to-delete-dockers-images

[3] how-to-change-the-docker-image-installation-directory

[4] DOCKER_OPTS in /etc/default/docker ignored