2015-02-07 wcdj
原文:Where are Docker images stored?
Written by Troy Howard
译者:delphiwcdj (gerryyang)
如果你已经了解了Dockert的基本用法,包括如何写一个Dockerfile来生成自己的镜像,那么下来你一定开始关心另一个问题,我的Docker镜像是在哪里存储的?在了解这个之前,我们先看几个重要的概念。
Image vs Dockerfile
Docker通过加载镜像来执行你在制作镜像时内置的功能,而镜像又是通过事先编写好的Dockerfile然后使用docker build命令来编译创建的。当你使用docker push命令想发布一个镜像时,我们的源码不会一起提交,而只会提交我们制作的镜像。
Registry vs Index
Index是一个公开的web接口,管理着使用者的账户,权限,镜像查询,镜像标签等等内容。而registry存储和提供实际的镜像资源,并通过Index来管理授权。例如,当使用docker search命令时,会查询Index上的镜像资源,而不是某一个registry上的。打个比方,Index相当于一个总管家,registry相当于一个房间,而镜像相当于房间里的一个物品,总管家可以管理着多个房间以及那个物品归属哪个房间,用户想查询和获取某个物品时,只需要询问总管家即可,而由总管家来负责从哪个房间获取用户想要的物品,所有这些细节都对用户透明。
Repository
Docker中的Repository概念与Github比较类似。下面有个问题需要我们关心:(1) repository与registry的关系?
(2) repository与image的关系?
(3) repository与index username的关系?
答案:实际上,repository是以上这些元素的一个集合,而并非其中某一个。通过docker images命令可以进行验证。
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 12.04 8dbd9e392a96 8 months ago 131.3 MB (virtual 131.3 MB)
ubuntu latest 8dbd9e392a96 8 months ago 131.3 MB (virtual 131.3 MB)
ubuntu precise 8dbd9e392a96 8 months ago 131.3 MB (virtual 131.3 MB)
ubuntu 12.10 b750fe79269d 8 months ago 24.65 kB (virtual 179.7 MB)
ubuntu quantal b750fe79269d 8 months ago 24.65 kB (virtual 179.7 MB)当使用docker build或者docker commit命令时,我们需要为要创建的镜像指定一个名字,格式为:username/image_name:tag(实际上,可以使用任何我们喜欢的名字)。然而,当需要提交镜像执行docker push命令时,Index将会查找我们要提交的image_name,并核实是否有匹配的repository,如果有则进一步核实我们是否具备提交权限,权限校验通过后才会允许我们这次要push的新镜像提交成功。因此,
a registry holds a collection of named repositories, which themselves are a collection of images tracked by GUIDs.
即,一个注册服务器可以存放多个仓库,每个仓库中通常又存储着某一类镜像,每个镜像都对应全局的一个GUID。
于此同时,我们还可以对相同的image_name标注不同的tag,虽然这些镜像有可能是同一个。
Local Storage on the Docker Host
使用docker images命令可以显示本地镜像的一个列表,那么问题来了,这些本地镜像是如何存放的?第一个地方:/var/lib/docker/,下面是译者本机的输出信息,可以发现输出的格式和内容和docker images是一样的:
root@gerryyang:~# cat /var/lib/docker/repositories-aufs | python -mjson.tool
{
"Repositories": {
"dl.dockerpool.com:5000/ubuntu": {
"14.04": "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5",
"latest": "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5"
},
"dockerpool_ubuntu_gerry": {
"v14.04": "5506de2b643be1e6febbf3b8a240760c6843244c41e12aa2f60ccbb7153d17f5"
},
"gcc": {
"latest": "28d1ad755d5ee4d3251dcfba8930d645debeddcd2740e02a60c1806e536a41c7"
},
"gcc_latest_gerry": {
"demo": "ada7ef168150440190db57776e307430c61c46840b4b11975d29a7ba4f4f98d0"
},
"mysql": {
"5": "310c359af360b506e44a73a1141bf133de7be5ec00ba8d14f215591d5e5370b2",
"5.5": "3f631c0ca341baa6253f6548fcf97b221b32645caf8f08e8dfedab922b63973c",
"5.5.40": "8866e0a8765030c6916fbe232b3ea9e88e0dc26eb924cbf6cb512303d91451bd",
"5.5.41": "3f631c0ca341baa6253f6548fcf97b221b32645caf8f08e8dfedab922b63973c",
"5.6": "310c359af360b506e44a73a1141bf133de7be5ec00ba8d14f215591d5e5370b2",
"5.6.17": "36e732ca26106f3e286b9f9500ef17803430d3b5a044d25c64b66988fd198d59",
"5.6.20": "722147135e89b2082ec729ce12266614ee573ae910c0ea8f85ffb3b3b568a587",
"5.6.21": "dc376b561957c5a1b70603f246cde89696042f8b8d1ff7dc768eb1303b316e13",
"5.6.22": "310c359af360b506e44a73a1141bf133de7be5ec00ba8d14f215591d5e5370b2",
"5.7": "8419f2b0e48698e3127020de477fbc770c29f468537fd6545274585ada16e042",
"5.7.5": "8419f2b0e48698e3127020de477fbc770c29f468537fd6545274585ada16e042",
"5.7.5-m15": "8419f2b0e48698e3127020de477fbc770c29f468537fd6545274585ada16e042",
"latest": "310c359af360b506e44a73a1141bf133de7be5ec00ba8d14f215591d5e5370b2"
},
"php": {
"latest": "022910f2a8262a5c0ee4b81de1ac769a575bde99abadb2bc6dff60fb34006b03"
},
"registry": {
"latest": "7b4ee0b17c992e16dd1f21dad898cbf4ca92e7fdef8fd0c5468a6fc88e1cbaa1"
},
"tutum/lamp": {
"latest": "b84edafb1623c81ae7a230bfee1b6bace0bf8397c0a69f0dafb153e8809c1fb2"
},
"tutum_lamp_golang_gerry": {
"1.0": "6b660dc40f2bc56eefdc867429742019240054eac681b8d94cb6f3452f2fd9f5"
},
"ubuntu": {
"14.04": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",
"14.04.1": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",
"14.10": "bf49414948acef83f1cb8b8d3148f5e8dbc388ccea03a4ae23f1dbeb3dd61b11",
"15.04": "b12dbb6f7084464e54a0b642367fe76f6530f635385b35496b7fd5e251159b13",
"latest": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",
"trusty": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",
"utopic": "bf49414948acef83f1cb8b8d3148f5e8dbc388ccea03a4ae23f1dbeb3dd61b11",
"vivid": "b12dbb6f7084464e54a0b642367fe76f6530f635385b35496b7fd5e251159b13"
},
"ubuntu_sshd_dockerfile_gerry": {
"14.04": "7c46169e819247e40b7412dcc875b39f6dabf67966f172c30015d89869785bad"
},
"ubuntu_sshd_gcc_apache_gerry": {
"14.04": "9265b0c6d3146503a3e38796ccbe7da5cd72f55c310a6b3e44867c9785a622d7"
},
"ubuntu_sshd_gcc_apache_php_gerry": {
"14.04": "d84f2513f7778fa4fb27639d3cdeea422c8330ba37ec3f33e35560bc45a6222e"
},
"ubuntu_sshd_gcc_gerry": {
"14.04": "f0e3262ed6617896b306852c923e4c0e1d359b58b29a02ef849c4b8978c73c65"
},
"ubuntu_sshd_gcc_golang_gerry": {
"14.04": "16a3c68c1f44b3bd260df713df942e92323b42db39ba625357acd0f87c5c1775"
},
"ubuntu_sshd_gcc_mysql_gerry": {
"14.04": "3628ab96ba35d72512f7ac3e1baa8b16171deba00ee3409aa0e1ba68cff404e2"
},
"ubuntu_sshd_gcc_nginx_gerry": {
"14.04": "30ee28dd0d953864b4c2a5cfdf6056c2af8fe4417053c21de6512943c06bbbea"
},
"vcarl/cakephp": {
"latest": "f58d081026b1963adb95726b61c94e61efe12f28626c8eb95640833b008aaf28"
},
"wordpress": {
"latest": "62751144a0a07ec7fa9ac08f2b74061694b12489ea9b06ccc6c25e3ec1c8b24b"
}
}
}
root@gerryyang:~# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
gcc_latest_gerry demo ada7ef168150 10 days ago 1.201 GB
ubuntu_sshd_gcc_apache_php_gerry 14.04 d84f2513f777 10 days ago 407.3 MB
ubuntu_sshd_gcc_mysql_gerry 14.04 3628ab96ba35 10 days ago 617.1 MB
tutum_lamp_golang_gerry 1.0 6b660dc40f2b 11 days ago 661.4 MB
ubuntu_sshd_gcc_golang_gerry 14.04 16a3c68c1f44 11 days ago 499.7 MB
wordpress latest 62751144a0a0 11 days ago 473.2 MB
php latest 022910f2a826 11 days ago 390 MB
ubuntu_sshd_gcc_nginx_gerry 14.04 30ee28dd0d95 11 days ago 352.7 MB
ubuntu_sshd_gcc_apache_gerry 14.04 9265b0c6d314 12 days ago 351.2 MB
gcc latest 28d1ad755d5e 2 weeks ago 1.201 GB
ubuntu_sshd_dockerfile_gerry 14.04 7c46169e8192 2 weeks ago 230.3 MB
ubuntu_sshd_gcc_gerry 14.04 f0e3262ed661 2 weeks ago 334.3 MB
mysql 5.7 8419f2b0e486 4 weeks ago 322.8 MB
mysql 5.7.5 8419f2b0e486 4 weeks ago 322.8 MB
mysql 5.7.5-m15 8419f2b0e486 4 weeks ago 322.8 MB
mysql 5 310c359af360 4 weeks ago 282.6 MB
mysql 5.6 310c359af360 4 weeks ago 282.6 MB
mysql 5.6.22 310c359af360 4 weeks ago 282.6 MB
mysql latest 310c359af360 4 weeks ago 282.6 MB
mysql 5.5 3f631c0ca341 4 weeks ago 214.5 MB
mysql 5.5.41 3f631c0ca341 4 weeks ago 214.5 MB
registry latest 7b4ee0b17c99 4 weeks ago 414.2 MB
ubuntu vivid b12dbb6f7084 5 weeks ago 117.2 MB
ubuntu 15.04 b12dbb6f7084 5 weeks ago 117.2 MB
ubuntu utopic bf49414948ac 5 weeks ago 194.4 MB
ubuntu 14.10 bf49414948ac 5 weeks ago 194.4 MB
ubuntu trusty 8eaa4ff06b53 5 weeks ago 188.3 MB
ubuntu 14.04 8eaa4ff06b53 5 weeks ago 188.3 MB
ubuntu 14.04.1 8eaa4ff06b53 5 weeks ago 188.3 MB
ubuntu latest 8eaa4ff06b53 5 weeks ago 188.3 MB
mysql 5.6.21 dc376b561957 12 weeks ago 235.9 MB
mysql 5.5.40 8866e0a87650 12 weeks ago 215.2 MB
vcarl/cakephp latest f58d081026b1 3 months ago 476.9 MB
tutum/lamp latest b84edafb1623 3 months ago 436.7 MB
dl.dockerpool.com:5000/ubuntu 14.04 5506de2b643b 3 months ago 199.3 MB
dl.dockerpool.com:5000/ubuntu latest 5506de2b643b 3 months ago 199.3 MB
dockerpool_ubuntu_gerry v14.04 5506de2b643b 3 months ago 199.3 MB
mysql 5.6.20 722147135e89 4 months ago 235.6 MB
mysql 5.6.17 36e732ca2610 7 months ago 458.7 MB
以译者,ubuntu_sshd_gcc_gerry:14.04镜像为例:
total 52
drwx------ 2 root root 4096 Jan 18 19:57 .
drwx------ 311 root root 36864 Jan 28 19:47 ..
-rw------- 1 root root 1428 Jan 18 19:57 json
-rw------- 1 root root 8 Jan 18 19:57 layersizejson- holds metadata about the imagelayersize- just a number, indicating the size of the layerlayer/- sub-directory that holds the rootfs for the container image(译者环境,并未存在此目录)
root@gerryyang:~# cat /var/lib/docker/graph/f0e3262ed6617896b306852c923e4c0e1d359b58b29a02ef849c4b8978c73c65/json | python -mjson.tool
{
"Size": 83548377,
"architecture": "amd64",
"checksum": "tarsum.dev+sha256:bf493f9113f3fb79c26de28346628eff3c62b19b64ee3242582e2abb343aab30",
"config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"/run.sh"
],
"CpuShares": 0,
"Cpuset": "",
"Domainname": "",
"Entrypoint": null,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"ExposedPorts": {
"22/tcp": {}
},
"Hostname": "",
"Image": "",
"MacAddress": "",
"Memory": 0,
"MemorySwap": 0,
"NetworkDisabled": false,
"OnBuild": null,
"OpenStdin": false,
"PortSpecs": null,
"StdinOnce": false,
"Tty": false,
"User": "",
"Volumes": null,
"WorkingDir": ""
},
"container": "e50b72dfaae7afcd2afc31eb33ff39b8450937d8058b276c7e4e23c9854a06b2",
"container_config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"/run.sh"
],
"CpuShares": 0,
"Cpuset": "",
"Domainname": "",
"Entrypoint": null,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"ExposedPorts": {
"22/tcp": {}
},
"Hostname": "e50b72dfaae7",
"Image": "ubuntu_sshd_gerryv2:14.04",
"MacAddress": "",
"Memory": 0,
"MemorySwap": 0,
"NetworkDisabled": false,
"OnBuild": null,
"OpenStdin": false,
"PortSpecs": null,
"StdinOnce": false,
"Tty": false,
"User": "",
"Volumes": null,
"WorkingDir": ""
},
"created": "2015-01-18T11:56:58.108518707Z",
"docker_version": "1.4.1",
"id": "f0e3262ed6617896b306852c923e4c0e1d359b58b29a02ef849c4b8978c73c65",
"os": "linux",
"parent": "a45787b0222f955d68d9db34fb18033144b8a78015d9e306a1613894da0fd86e"
}
root@gerryyang:~# cat /var/lib/docker/graph/f0e3262ed6617896b306852c923e4c0e1d359b58b29a02ef849c4b8978c73c65/layersize
83548377
DIY Dockerfiles
OK, 让我们手动创建一个Dockerfile吧。
FROM ubuntu这句命令的含义就是,把ubuntu镜像作为我们的基础层镜像。没错,就这么简单,到此为止Dockerfile编写完毕。
第二步,使用命令编译此Dockerfile:
docker build -t gerry_image_from_ubuntu .
这句命令的含义是,docker通过我们指定的目录(.),即当前目录,查找Dockerfile,然后编译它。并且我们指定了编译后的repository名字是gerry_image_from_ubuntu。
root@gerryyang:~/Docker/DIY_Dockerfile# ls
build.sh Dockerfile
root@gerryyang:~/Docker/DIY_Dockerfile# cat build.sh
#!/bin/bash
docker build -t gerry_image_from_ubuntu .
root@gerryyang:~/Docker/DIY_Dockerfile# sh build.sh
Sending build context to Docker daemon 3.072 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu
---> 8eaa4ff06b53
Successfully built 8eaa4ff06b53
root@gerryyang:~/Docker/DIY_Dockerfile# docker images | grep gerry_image*
gerry_image_from_ubuntu latest 8eaa4ff06b53 5 weeks ago 188.3 MB
root@gerryyang:~/Docker/DIY_Dockerfile# cat /var/lib/docker/repositories-aufs | python -mjson.tool | grep gerry_image* -3
"gcc_latest_gerry": {
"demo": "ada7ef168150440190db57776e307430c61c46840b4b11975d29a7ba4f4f98d0"
},
"gerry_image_from_ubuntu": {
"latest": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a"
},
"mysql": {
<pre name="code" class="plain">root@gerryyang:~/Docker/DIY_Dockerfile#gerry_image_from_ubuntu latest 8eaa4ff06b53 5 weeks ago 188.3 MB
ubuntu 14.04 8eaa4ff06b53 5 weeks ago 188.3 MBOK,通过RUN指令添加一个改变的操作:
root@gerryyang:~/Docker/DIY_Dockerfile# ls
build.sh Dockerfile
root@gerryyang:~/Docker/DIY_Dockerfile# cat Dockerfile
FROM ubuntu
RUN touch hello.txt
root@gerryyang:~/Docker/DIY_Dockerfile# ./build.sh
Sending build context to Docker daemon 3.072 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu
---> 8eaa4ff06b53
Step 1 : RUN touch hello.txt
---> Running in 6246fbfc6249
---> 2fefd58a4a83
Removing intermediate container 6246fbfc6249
Successfully built 2fefd58a4a83
然后再对比下,镜像ID是否有变化。可以看到,新生成的gerry_image_from_ubuntu镜像的ID已经和ubuntu镜像的ID不同。Yes, Our tiny change had a big impact!
gerry_image_from_ubuntu latest 2fefd58a4a83 2 minutes ago 188.3 MB
ubuntu 14.04 8eaa4ff06b53 5 weeks ago 188.3 MB
root@gerryyang:~/Docker/DIY_Dockerfile# ls -la /var/lib/docker/graph/2fefd58a4a8385981742202e41e234df18c0547ba6cb80074b9f2fbef57d32bc/
total 52
drwx------ 2 root root 4096 Feb 7 20:48 .
drwx------ 312 root root 36864 Feb 7 20:48 ..
-rw------- 1 root root 1539 Feb 7 20:48 json
-rw------- 1 root root 1 Feb 7 20:48 layersize
root@gerryyang:~/Docker/DIY_Dockerfile# cat /var/lib/docker/graph/2fefd58a4a8385981742202e41e234df18c0547ba6cb80074b9f2fbef57d32bc/json | python -mjson.tool
{
"Size": 0,
"architecture": "amd64",
"checksum": "tarsum.dev+sha256:72d843b4be6cf2c6a5322a90405d9ca32b1112a8f93130d0e9e008def27f39e3",
"config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"/bin/bash"
],
"CpuShares": 0,
"Cpuset": "",
"Domainname": "",
"Entrypoint": null,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"ExposedPorts": null,
"Hostname": "8c41fcbc2d07",
"Image": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",
"MacAddress": "",
"Memory": 0,
"MemorySwap": 0,
"NetworkDisabled": false,
"OnBuild": [],
"OpenStdin": false,
"PortSpecs": null,
"StdinOnce": false,
"Tty": false,
"User": "",
"Volumes": null,
"WorkingDir": ""
},
"container": "6246fbfc6249aea9d27631bcdd94e3047b0192425b685d2bfa43a27a7740cccd",
"container_config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"/bin/sh",
"-c",
"touch hello.txt"
],
"CpuShares": 0,
"Cpuset": "",
"Domainname": "",
"Entrypoint": null,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"ExposedPorts": null,
"Hostname": "8c41fcbc2d07",
"Image": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a",
"MacAddress": "",
"Memory": 0,
"MemorySwap": 0,
"NetworkDisabled": false,
"OnBuild": [],
"OpenStdin": false,
"PortSpecs": null,
"StdinOnce": false,
"Tty": false,
"User": "",
"Volumes": null,
"WorkingDir": ""
},
"created": "2015-02-07T12:48:10.905653013Z",
"docker_version": "1.4.1",
"id": "2fefd58a4a8385981742202e41e234df18c0547ba6cb80074b9f2fbef57d32bc",
"os": "linux",
"parent": "8eaa4ff06b53ff7730c4d7a7e21b4426a4b46dee064ca2d5d90d757dc7ea040a"
}
Run it!
现在可以运行我们新创建的镜像了。先通过bash交互的方式来运行我们的镜像:root@gerryyang:~/Docker/DIY_Dockerfile# ls
build.sh debug.sh Dockerfile
root@gerryyang:~/Docker/DIY_Dockerfile# cat debug.sh
#!/bin/bash
docker run -it gerry_image_from_ubuntu /bin/bash
root@gerryyang:~/Docker/DIY_Dockerfile# ./debug.sh
root@544fb9b56a23:/# uname -a
Linux 544fb9b56a23 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
root@544fb9b56a23:/# cat /etc/issue
Ubuntu 14.04.1 LTS \n \l
root@544fb9b56a23:/# ls
bin boot dev etc hello.txt home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
Publish it!
到目前为止,我们已经把本地要做的工作完成了,现在可以发布新的镜像给外部了。要发布到Docker Index,需要事先创建好账户,然后通过docker push命令提交新的镜像。root@gerryyang:~/Docker/DIY_Dockerfile# docker push gerry/gerry_image_from_ubuntu
The push refers to a repository [gerry/gerry_image_from_ubuntu] (len: 1)
Sending image list
Please login prior to push:
Username: gerryyang
Password:
Email: diggwcdj@gmail.com
Login Succeeded
The push refers to a repository [gerry/gerry_image_from_ubuntu] (len: 1)
Sending image list
FATA[0032] Error: Status 403 trying to push repository gerry/gerry_image_from_ubuntu: "Access Denied: Not allowed to create Repo at given location" Oops. Docker Index won't let us publish without our username in the repository name.
注意:Docker Index不允许提交没有用户名的镜像,因此正确地提交方式是,在编译镜像时指定Docker Index的用户名,比如,gerryyang:
docker build -t gerryyang/gerry_image_from_ubuntu .
root@gerryyang:~/Docker/DIY_Dockerfile# docker push gerryyang/gerry_image_from_ubuntu
The push refers to a repository [gerryyang/gerry_image_from_ubuntu] (len: 1)
Sending image list
Pushing repository gerryyang/gerry_image_from_ubuntu (1 tags)
511136ea3c5a: Image already pushed, skipping
3b363fd9d7da: Image already pushed, skipping
607c5d1cca71: Image already pushed, skipping
f62feddc05dc: Image already pushed, skipping
8eaa4ff06b53: Image already pushed, skipping
2fefd58a4a83: Image successfully pushed
Pushing tag for rev [2fefd58a4a83] on {https://cdn-registry-1.docker.io/v1/repositories/gerryyang/gerry_image_from_ubuntu/tags/latest}
root@gerryyang:~/Docker/DIY_Dockerfile# docker search gerryyang
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
gerryyang/ping 0
root@gerryyang:~/Docker/DIY_Dockerfile# docker search gerry_image_from_ubuntu
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
root@gerryyang:~/Docker/DIY_Dockerfile# docker search gerryyang/gerry_image_from_ubuntu
NAME DESCRIPTION STARS OFFICIAL AUTOMATED译者注:向Docker Index提交镜像成功后,使用docker search并没有查询到,可能还没有被缓存,因此查询不到。
Also, to be honest, this is not a very interesting image to share publicly, and we don't want to look like n00bs, so let's delete it as well.
如果要删除一个本地镜像,可以使用命令:docker rmi image_name:tag,但是,如何删除外部Docker Index上的镜像呢?
Deleting a Published Repository
很不幸,要从index/registry删除我们提交的镜像,必须在web页面操作,而不能通过command-line的方式。镜像删除不可怕,因为我们还有Dockerfile!
Important Security Lesson
此部分摘录原文。It's really important to consider the security implications of what we just saw though.
Even if a Docker image is deleted from the Docker Index it may still be out there on someones machine. There's no way to change that.
Also, as we saw when looking at the files we have locally, it's not quite an "opaque binary" image. All the information from the Dockerfile was in theJSON file for the image, and the artifacts of those commands are in the layer, as accessible as a filesystem. If you accidentally published a password or key, or some other critical secret, there's no getting it back, and people can find as easily as they can find anything else in a published open source code base.
Be very careful about what you're publishing. If you do accidentally publish a secret, take it down right away and update credentials on whatever systems it might have compromised.
Conclusion
同上,原汁原味。Docker can be a bit confusing with its terminology, but once you wrap your head around the basic workflow described here, it should be very easy to be in-control of what you're building, knowing exactly when and how you share that with the world.
More:
[1] where-are-docker-images-stored-on-the-host-machine
[2] how-to-delete-dockers-images
[3] how-to-change-the-docker-image-installation-directory
[4] DOCKER_OPTS in /etc/default/docker ignored
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
