Docker镜像管理
1. 架构
1)Index
存储镜像元数据,包括用户账户信息、镜像的校验码、镜像名称等。
镜像包括四大功能模块:
Web UI
Meta-data store (comments, stars, list public repositories)
Authentication service
Tokenization
Index是dotCloud提供的服务,未公开源码
2)Registry
Registry功能是存储容器镜像,可以依赖于Index运行,也可以独立运行。
2. 镜像管理流程
1)下载镜像
Contact the Index to know where I should download “samalba/busybox”
- Index replies: a. “samalba/busybox” is on Registry A b. here are the checksums for “samalba/busybox” (for all layers) c. token
- Contact Registry A to receive the layers for “samalba/busybox” (all of them to the base image). Registry A is authoritative for “samalba/busybox” but keeps a copy of all inherited layers and serve them all from the same location.
- registry contacts index to verify if token/user is allowed to download images
- Index returns true/false lettings registry know if it should proceed or error out
- Get the payload for all layers
2)上传镜像
- Contact the index to allocate the repository name “samalba/busybox” (authentication required with user credentials)
- If authentication works and namespace available, “samalba/busybox” is allocated and a temporary token is returned (namespace is marked as initialized in index)
- Push the image on the registry (along with the token)
- Registry A contacts the Index to verify the token (token must corresponds to the repository name)
- Index validates the token. Registry A starts reading the stream pushed by docker and store the repository (with its images)
- docker contacts the index to give checksums for upload images
3)镜像存储
本地直接存储为目录。
3. 镜像管理接口参考文档
http://docs.docker.io/en/latest/api/registry_index_spec/
Docker配置管理接口
HTTP方法 | HTTP Location | 对应命令行 | 接口说明 |
GET | /auth | ||
/version | version | ||
/info | info | ||
/images/viz | images | ||
/images/json | images | ||
/images/search | search | ||
/images/{name:.*}/history | history | ||
/images/{name:.*}/json | inspect | ||
/containers/ps | |||
/containers/json | ps | ||
/containers/{name:.*}/export | export | ||
/containers/{name:.*}/changes | diff | ||
/containers/{name:.*}/json | inspect/attach | ||
POST | /auth | login | |
/commit | commit | ||
/build | build | ||
/images/create | import/pull/run | ||
/images/{name:.*}/insert | insert | ||
/images/{name:.*}/push | push | ||
/images/{name:.*}/tag | tag | ||
/images/getCache | |||
/containers/create | run | ||
/containers/{name:.*}/kill | kill | ||
/containers/{name:.*}/restart | restart | ||
/containers/{name:.*}/start | start/run | ||
/containers/{name:.*}/stop | stop | stop 和 kill的区别是stop先尝试发送SIGTERM,在发送SIGKILL; | |
/containers/{name:.*}/wait | wait | ||
/containers/{name:.*}/resize | attach | ||
/containers/{name:.*}/attach | logs/attach/run | ||
DELETE | /containers/{name:.*} | rm | |
/images/{name:.*} | rmi | ||
OPTIONS |