关于docker包存储结构说明

前段时间与同事交流docker的安装包层次结构,并沟通相关每个文件的作用,但是一直没有进行文字备份,过去已经一月有余,还是将其记录下来,供后续工作参考

默认docker启动会将目录安装在/var/lib/docker中,不过建议可以修改 --graph="/path/docker"安装目录.

防止系统盘空间占用过大,最好选择存储空间较大的分区.

 

docker目录:

containers  当前容器的集合(相当于docker ps -a)

目录是容器的配置信息及当前状态.

常用的包括容器配置信息, 网络信息,日志,都是来源于此,默认存储方式json

我们平时使用的docker inspect , docker logs, docker ps 都是来自于文件夹

 一般用于docker容器重启时,恢复配置使用的依据,由于挂起方式是基础环境,没有办法像VM软件的挂起可以冻结进程,也是docker类似半虚拟容器很难实现真正的将运行容器进行分发,故此如果想实现有状态的运行容器漂移是仍是十分困难.

hostname 主机名称

hosts 容器重启

resolv.conf是DNS服务,默认是拷贝/etc/resolv.conf的配置

hostconfig.json是核心配置之一, 包括网络, CPU, MEM等,dockerrun选项配置形成的容器设置都可以在此处查询到.

config.json是核心docker状态管理文件, 由她加载上述所有文件

config.json 是核心docker状态管理文件, 由她加载上述所有文件

{    "State": {        "Running": false,        "Paused": false,        "Restarting": false,        "OOMKilled": false,        "Dead": false,        "Pid": 0,        "ExitCode": 0,        "Error": "",        "StartedAt": "2015-10-10T07:36:31.250795069Z",        "FinishedAt": "2015-10-10T07:37:09.587772608Z"    },    "ID": "02bbc65a5c2a285c34565fd9b0b3b485772faaf968a2f2eb3df1fff649119def",    "Created": "2015-10-10T07:36:30.400677786Z",    "Path": "/bin/bash",    "Args": [],    "Config": {        "Hostname": "02bbc65a5c2a",        "Domainname": "",        "User": "",        "AttachStdin": true,        "AttachStdout": true,        "AttachStderr": true,        "PortSpecs": null,        "ExposedPorts": null,        "Tty": true,        "OpenStdin": true,        "StdinOnce": true,        "Env": null,        "Cmd": [            "/bin/bash"        ],        "Image": "docker.io/coreos/apache",        "Volumes": {            "/data0": {}        },        "VolumeDriver": "",        "WorkingDir": "",        "Entrypoint": null,        "NetworkDisabled": false,        "MacAddress": "",        "OnBuild": null,        "Labels": {}    },    "Image": "87026dcb00443eb7f1725b1c9f4fb8210027a19364103854a1e5f606b95019ff",    "NetworkSettings": {        "Bridge": "",        "EndpointID": "",        "Gateway": "",        "GlobalIPv6Address": "",        "GlobalIPv6PrefixLen": 0,        "HairpinMode": false,        "IPAddress": "",        "IPPrefixLen": 0,        "IPv6Gateway": "",        "LinkLocalIPv6Address": "",        "LinkLocalIPv6PrefixLen": 0,        "MacAddress": "",        "NetworkID": "",        "PortMapping": null,        "Ports": null,        "SandboxKey": "",        "SecondaryIPAddresses": null,        "SecondaryIPv6Addresses": null    },    "ResolvConfPath": "/var/lib/docker/containers/02bbc65a5c2a285c34565fd9b0b3b485772faaf968a2f2eb3df1fff649119def/resolv.conf",    "HostnamePath": "/var/lib/docker/containers/02bbc65a5c2a285c34565fd9b0b3b485772faaf968a2f2eb3df1fff649119def/hostname",    "HostsPath": "/var/lib/docker/containers/02bbc65a5c2a285c34565fd9b0b3b485772faaf968a2f2eb3df1fff649119def/hosts",    "LogPath": "/var/lib/docker/containers/02bbc65a5c2a285c34565fd9b0b3b485772faaf968a2f2eb3df1fff649119def/02bbc65a5c2a285c34565fd9b0b3b485772faaf968a2f2eb3df1fff649119def-json.log",    "Name": "/determined_poincare",    "Driver": "devicemapper",    "ExecDriver": "native-0.2",    "MountLabel": "",    "ProcessLabel": "",    "RestartCount": 0,    "UpdateDns": false,    "MountPoints": {        "/data0": {            "Name": "53938b2752dc6f84475657a57ce87d45a329d3815426c1f0988c18b6bbf2df86",            "Destination": "/data0",            "Driver": "local",            "RW": true,            "Source": "",            "Relabel": ""        }    },    "Volumes": {},    "VolumesRW": {},    "AppArmorProfile": ""}

XXX.log  是容器log日志,也仅有启动容器时,运行命令的日志,其他如后台程序的日志并不在此日志中.

devicemapper 是以ID为标识存储镜像和容器,可以说devicemapper是最核心的部分,同时也是最容易存储超标的部分,其是lvm的软件之docker主要用了他的快照功能,完成image的思想基石,containers和image的json文件都是描述,真正存储数据的则是devicemapper/data.

 

其中包括临时容器和镜像文件, 尽管我们是容器内部的文件拷贝,也会促使data文件的增大,后续打算找个专题来解释他吧,docker的封装devicemapper的API是很不错,有兴趣可以参考/github.com/docker/docker/daemon/graphdriver/devmapper/driver.go , 仅仅对外暴漏数个接口,具体实现deviceset.go中.

 

graph 存储镜像信息,使用json方式存储描述,真正数据也是存储在devicemapper中,镜像ID则是devicemapper存储的ID.

 

devicemapper , 具体可参考:graph.go的Register(img*image.Image,layerDataio.Reader)函数

镜像内容包括:镜像ID,父镜像ID,父镜像的容器,另每个镜像都有一个初始镜像,可以追溯

// Create creates a new image and registers it in the graph.// 创建一个新的镜像func (graph *Graph) Create(layerData io.Reader, containerID, containerImage, comment, author string, containerConfig, config *runconfig.Config) (*image.Image, error) {    // 初始化镜像实例    img := &image.Image{        ID:            stringid.GenerateRandomID(), // 生成镜像ID        Comment:       comment,  // 命令        Created:       time.Now().UTC(), // 时间        DockerVersion: dockerversion.VERSION, // docker版本        Author:        author, // 作者        Config:        config, // 相关container配置, 请查看graph/**/json        Architecture:  runtime.GOARCH,        OS:            runtime.GOOS,    }    // 非初始镜像,则设置镜像父子关系    if containerID != "" {        img.Parent = containerImage        img.Container = containerID        img.ContainerConfig = *containerConfig    }    // 注册镜像    if err := graph.Register(img, layerData); err != nil {        return nil, err    }    return img, nil}

 

vfs 是我们使用不定向挂载时引用,比如说我们-v /data0 ,则默认使用vfs做为挂载路径,使用dockerfile时较为常用

 

volumes 是挂载使用的映射关系,对应挂载源与挂载路径的关系,同时拥有ID,用于可以多个容器使用一个挂在源

 

linkgraph.db  是graph存储镜像之间的关联关系,是初始化graph对象的依据.同时,graph文件夹的信息与linkgraph.db是数据重合的.