概述OverlayFS(overlay)的鏡像分層與共享:
OverlayFS使用兩個(gè)目錄,把一個(gè)目錄置放于另一個(gè)之上,并且對(duì)外提供單個(gè)統(tǒng)一的視角。這兩個(gè)目錄通常被稱作層,這個(gè)分層的技術(shù)被稱作union mount。術(shù)語上,下層的目錄叫做lowerdir,上層的叫做upperdir。對(duì)外展示的統(tǒng)一視圖稱作merged。
上圖展示了Docker鏡像和Docker容器是如何分層的。鏡像層就是lowerdir,容器層是upperdir。暴露在外的統(tǒng)一視圖就是所謂的merged。
分析一波聯(lián)合文件系統(tǒng),具體概念不再贅述。
首先使用docker info 查看自己主機(jī)上的文件系統(tǒng)驅(qū)動(dòng):
[root@dockcon ~]# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 17.12.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 89623f28b87a6004d4b785663257362d1658a729
runc version: b2567b37d7b75eb4cf325b77297b140ea686ce8f
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-693.2.2.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.796GiB
Name: dockcon
ID: SMEH:O3GP:L26O:MMNZ:VPXN:VE7D:OWYX:RBD4:P3ZO:PI5E:XCHM:PVPU
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
http://3b13d85e.m.daocloud.io/
Live Restore Enabled: false
可以看到Storage Driver: overlay2就是本機(jī)的文件驅(qū)動(dòng),個(gè)人認(rèn)為絕大多數(shù)主機(jī)默認(rèn)Storage Driver: overlay2
overlay中鏡像和容器的磁盤結(jié)構(gòu)
查看下docker目錄有什么文件先:
[root@dockcon ~]# ls /var/lib/docker/
builder containers network plugins swarm trust
containerd image overlay2 runtimes tmp volumes
可以看到有個(gè)overlay2驅(qū)動(dòng)的文件夾
[root@dockcon ~]# ls /var/lib/docker/overlay2/
l
[root@dockcon ~]# ls /var/lib/docker/overlay2/l
[root@dockcon ~]#
overlay2文件夾下只有一個(gè)名為"l"的文件夾,其里面是沒有任何東西的
現(xiàn)在我們pull一個(gè)鏡像看看有什么變化:
docker pull ubuntu:16.04
[root@dockcon ~]# docker pull ubuntu:16.04
16.04: Pulling from library/ubuntu
50aff78429b1: Pull complete
f6d82e297bce: Pull complete
275abb2c8a6f: Pull complete
9f15a39356d6: Pull complete
fc0342a94c89: Pull complete
Digest: sha256:ec0e4e8bf2c1178e025099eed57c566959bb408c6b478c284c1683bc4298b683
Status: Downloaded newer image for ubuntu:16.04
[root@dockcon ~]# ls -lh /var/lib/docker/overlay2/
總用量 24K
drwx------ 3 root root 4.0K 1月 5 18:11 272f388add72722e560f11925bf4ee5a3b3fb664fe3a099a9576798745f85c3d
drwx------ 4 root root 4.0K 1月 5 18:11 27f03471e446d3a55dfd21ebfd8f5dd26f08d530d5c55d47f0118738717060b5
drwx------ 4 root root 4.0K 1月 5 18:11 3856ca6fafc077314aaa5e60cf7950861156fabbe92881bc6bce5e68fcd2226d
drwx------ 4 root root 4.0K 1月 5 18:11 767844cd18e3ca77793b48673198cabbdcf7f2dd45b6f75e707f15595ec1a5e0
drwx------ 4 root root 4.0K 1月 5 18:11 9d7dcb47a9967120ec35c50979356fde3c4c4ec4817f347799ad9f5c2b0852a5
drwx------ 2 root root 4.0K 1月 5 18:11 l
上圖的輸出結(jié)果顯示pull了5個(gè)目錄包含了5個(gè)鏡像層,每一層在/var/lib/docker/overlay/下都有自己的目錄。還是再次提醒下,如你所見,Docker1.10之后,鏡像層和目錄名不再對(duì)應(yīng)。 可以看到下載好鏡像文件后生成了5個(gè)文件夾:
可以細(xì)看下各大文件夾中有什么:
鏡像層目錄中,共享的數(shù)據(jù)使用的是硬鏈接,他們的inode號(hào)大致相同
[root@dockcon ~]# ls -i /var/lib/docker/overlay2/272f388add72722e560f11925bf4ee5a3b3fb664fe3a099a9576798745f85c3d/
524290 diff 524291 link
[root@dockcon ~]# ls -i /var/lib/docker/overlay2/3856ca6fafc077314aaa5e60cf7950861156fabbe92881bc6bce5e68fcd2226d/
529901 diff 529902 link 529904 lower 529903 work
[root@dockcon ~]# ls -i /var/lib/docker/overlay2/27f03471e446d3a55dfd21ebfd8f5dd26f08d530d5c55d47f0118738717060b5/
529855 diff 529856 link 529858 lower 529857 work
[root@dockcon ~]# ls -i /var/lib/docker/overlay2/767844cd18e3ca77793b48673198cabbdcf7f2dd45b6f75e707f15595ec1a5e0/
529824 diff 529825 link 529827 lower 529826 work
[root@dockcon ~]# ls -i /var/lib/docker/overlay2/9d7dcb47a9967120ec35c50979356fde3c4c4ec4817f347799ad9f5c2b0852a5/
529887 diff 529888 link 529890 lower 529889 work
l目錄包含了很多軟連接,使用短名稱指向了其他層。短名稱用于避免mount參數(shù)時(shí)達(dá)到頁面大小的限制。
[root@dockcon ~]# ls -l /var/lib/docker/overlay2/l
總用量 20
lrwxrwxrwx 1 root root 72 1月 5 18:11 3D2CWICPWSIPH7MGMMN547YEBT -> ../27f03471e446d3a55dfd21ebfd8f5dd26f08d530d5c55d47f0118738717060b5/diff
lrwxrwxrwx 1 root root 72 1月 5 18:11 4RXVMMWNWAOS5B2CMTCFXH7BRR -> ../9d7dcb47a9967120ec35c50979356fde3c4c4ec4817f347799ad9f5c2b0852a5/diff
lrwxrwxrwx 1 root root 72 1月 5 18:11 AXSD3MNZKXUUQONMUPF3M2HCEL -> ../3856ca6fafc077314aaa5e60cf7950861156fabbe92881bc6bce5e68fcd2226d/diff
lrwxrwxrwx 1 root root 72 1月 5 18:11 C7FGXOVWEZ6INXOALK3ADGFSA6 -> ../272f388add72722e560f11925bf4ee5a3b3fb664fe3a099a9576798745f85c3d/diff
lrwxrwxrwx 1 root root 72 1月 5 18:11 TF4R7NB3BG3CEC4WXVQ2FRVOXC -> ../767844cd18e3ca77793b48673198cabbdcf7f2dd45b6f75e707f15595ec1a5e0/diff
在最低層中,有個(gè)link文件,包含了前面提到的這個(gè)層對(duì)應(yīng)的短名稱;還有個(gè)diff目錄,包含了這個(gè)鏡像的內(nèi)容。
[root@dockcon ~]# ls /var/lib/docker/overlay2/
272f388add72722e560f11925bf4ee5a3b3fb664fe3a099a9576798745f85c3d 767844cd18e3ca77793b48673198cabbdcf7f2dd45b6f75e707f15595ec1a5e0
27f03471e446d3a55dfd21ebfd8f5dd26f08d530d5c55d47f0118738717060b5 9d7dcb47a9967120ec35c50979356fde3c4c4ec4817f347799ad9f5c2b0852a5
3856ca6fafc077314aaa5e60cf7950861156fabbe92881bc6bce5e68fcd2226d l
[root@dockcon ~]# ls /var/lib/docker/overlay2/272f388add72722e560f11925bf4ee5a3b3fb664fe3a099a9576798745f85c3d/
diff link
[root@dockcon ~]# cat /var/lib/docker/overlay2/272f388add72722e560f11925bf4ee5a3b3fb664fe3a099a9576798745f85c3d/link
C7FGXOVWEZ6INXOALK3ADGFSA6
可以看到這個(gè)link文件和“l(fā)”目錄下的第四個(gè)鏈接
C7FGXOVWEZ6INXOALK3ADGFSA6 -> ../272f388add72722e560f11925bf4ee5a3b3fb664fe3a099a9576798745f85c3d/diff是對(duì)應(yīng)的
查看下diff目錄
[root@dockcon ~]# ls /var/lib/docker/overlay2/272f388add72722e560f11925bf4ee5a3b3fb664fe3a099a9576798745f85c3d/diff/
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
可以看到當(dāng)前鏡像層下也是存在齊全的文件系統(tǒng)的
研究未完成~待續(xù)~
