Docker 分析(2)

Docker镜像管理

1. 架构

1)Index

存储镜像元数据,包括用户账户信息、镜像的校验码、镜像名称等。

镜像包括四大功能模块:

Web UI

Meta-data store (comments, stars, list public repositories)

Authentication service

Tokenization

Index是dotCloud提供的服务,未公开源码

2)Registry

Registry功能是存储容器镜像,可以依赖于Index运行,也可以独立运行。

2. 镜像管理流程

1)下载镜像

Contact the Index to know where I should download “samalba/busybox”

  1. Index replies: a. “samalba/busybox” is on Registry A b. here are the checksums for “samalba/busybox” (for all layers) c. token
  2. Contact Registry A to receive the layers for “samalba/busybox” (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location.
  3. registry contacts index to verify if token/user is allowed to download images
  4. Index returns true/false lettings registry know if it should proceed or error out
  5. Get the payload for all layers

2)上传镜像

upload

  1. Contact the index to allocate the repository name “samalba/busybox” (authentication required with user credentials)
  2. If authentication works and namespace available, “samalba/busybox” is allocated and a temporary token is returned (namespace is marked as initialized in index)
  3. Push the image on the registry (along with the token)
  4. Registry A contacts the Index to verify the token (token must corresponds to the repository name)
  5. Index validates the token. Registry A starts reading the stream pushed by docker and store the repository (with its images)
  6. docker contacts the index to give checksums for upload images

3)镜像存储

本地直接存储为目录。

3. 镜像管理接口参考文档

http://docs.docker.io/en/latest/api/registry_index_spec/

 

Docker配置管理接口

HTTP方法 HTTP Location 对应命令行 接口说明
GET /auth    
  /version version  
  /info info  
  /images/viz images  
  /images/json images  
  /images/search search  
  /images/{name:.*}/history history  
  /images/{name:.*}/json inspect  
  /containers/ps    
  /containers/json ps  
  /containers/{name:.*}/export export  
  /containers/{name:.*}/changes diff  
  /containers/{name:.*}/json inspect/attach  
POST /auth login  
  /commit commit  
  /build build  
  /images/create import/pull/run  
  /images/{name:.*}/insert insert  
  /images/{name:.*}/push push  
  /images/{name:.*}/tag tag  
  /images/getCache    
  /containers/create run  
  /containers/{name:.*}/kill kill  
  /containers/{name:.*}/restart restart  
  /containers/{name:.*}/start start/run  
  /containers/{name:.*}/stop stop stop 和 kill的区别是stop先尝试发送SIGTERM,在发送SIGKILL;
  /containers/{name:.*}/wait wait  
  /containers/{name:.*}/resize attach  
  /containers/{name:.*}/attach logs/attach/run  
DELETE /containers/{name:.*} rm  
  /images/{name:.*} rmi  
OPTIONS      

 

 

发表评论

电子邮件地址不会被公开。 必填项已用*标注