PrefaceDocker is an open source, Docker.inc, container engine project based on lightweight virtualization technology that is based on the go language and complies with the Apache 2.0 protocol. With layered mirroring standardization and kernel virtualization technology, Docker enables application developers and operations engineers to publish applications across platforms in a unified manner, and provides resource-isolated application runtimes with virtually no additional overhead. Thanks to its many new features and the openness of the project itself, Docker has been quickly involved with many it vendors in less than two years, including industry leaders such as Google, Microsoft, and VMware. At the same time, Docker in the developer community is also a stone to arouse thousands of waves, many such as my yards began to pay attention to, learning and use Docker, many enterprises, especially the Internet enterprises, also in increasing the investment in Docker, has set off a container revolution.
Docker image naming resolution mirroring is one of the core technologies of Docker and is the standard format for application publishing. Whether you are using
or in Dockerfile, write from image
from Docker official Registry > What the hell was going on back there? Before we answer this question, we need to understand how the Docker image is named, which is a relatively confusing piece of the concept in Docker: Registry,repository, Tag and image.
here is the local machine running
docker images
output of the result:
We can find that the "Ubuntu" image that we often say is not a mirror name, but rather a repository named Ubuntu, and in this repository a series of tag-tagged image,image is a GUID, It can also be referenced by Repository:tag for convenience.
So what is registry? Registry stores mirrored data and provides the ability to pull and upload images. Registry mirrors are organized by repository, and each repository contains several images.
- Registry contains one or more repository
- Repository contains one or more image
- Image is represented by a GUID with one or more tags associated with it
So where do you designate registry? Let's pull a more fully named Image:
Above I tried to pull an Ubuntu image and specified a private registry registry for my native machine. Here is the code snippet for the pull command in the Docker CLI ( docker/api/client/command.go
the CmdPull
function in)
At run time, the above taglessremote variable is passed into the localhost:5000/ubuntu. The above code attempts to parse the registry address from the Taglessremote variable, which in our case is localhost:5000.
So let's go back and look at the story behind this familiar pull command:
We followed the example code above and went further into ResolveRepositoryName
the definition code snippet of the parse function ( docker/registry/registry.go
)
We find that the Docker CLI will determine if the first part of the passed taglessRemote
parameter contains '. ' or ': ' If there is a registry address for the first part, otherwise it will use the official Docker default registry (that is, Index.docker.io is actually an index Server, The difference between the registry and the rest is left behind to delve into it, which is highlighted in the code above. The story behind is not over, if you upload a mirror to Dockerhub, you should remember that the image you uploaded is formatted as user-Name/repository:tag, In this way, user Bob and User Alice can have repository of the same name, separated by the username prefix as namespace, such as Bob/ubuntu and Alice/ubuntu. The official image is distinguished by the user name library, and the specific code snippet is as follows ( docker/api/client/command.go
the CmdPull
function in)
Let's go back and look at the logic in the Docker command line parsing tag ( docker/api/client/command.go
the CmdPull
function in):
The code will try to find the ': ' tag in the image name entered by the user and, if it does not exist, use the default ' DEFAULTTAG
, ' latest '.
That is, in our case, the command will be parsed as follows (note that the following command cannot be run directly because the Docker CLI does not allow the explicit designation of the official registry address)
Configuring Registry Mirror
In addition to its innovative technology, Docker is so appealing that the ecosystem around the official registry (Docker Hub) is also a very attractive place to be. On the Docker hub you can easily download to a large number of well-containerized application images that are ready to use. Some of these images are officially maintained by Docker, and many more are shared by developers who upload them spontaneously. And you can also configure the auto-Generate mirroring feature in your Docker hub with your code hosting system (currently supported for GitHub and BitBucket), so Docker hub will automatically generate the corresponding Docker image when your code is updated, is it convenient?
Unfortunately, the Docker hub does not have a domestic server or a domestic CDN, download a mirror for 20 minutes at the very least, I can not afford to wait for such a long time, the boss is standing behind to urge us to carry the code. In order to overcome the cross-ocean network latency, there are generally two solutions: one is to use private registry, the other is to use registry Mirror, we have a chat below.
The first option is to build or use the existing private registry, by periodically synchronizing the popular image with the Docker hub, and a copy of the image is saved on the private registry, and then you can docker pull private-registry.com/user-name/ubuntu:latest
pull the mirror from the private registry. Because this scenario requires regular synchronization of the Docker hub image, it is more suitable for scenarios where the mirrors used are relatively stable or are private images. And the user needs to explicitly map the official image name to the private image name, and the private registry is more widely used in the enterprise internal scene. Private registry deployments are also convenient, allowing you to download registry images directly from the Docker hub, which can be used as a pull-to-use, with reference to official documentation.
Scenario two uses registry Mirror, which works like a cache, and if the image is hit in Mirror, it is returned directly to the client, otherwise it is pulled from the registry that holds the image and automatically cached in Mirror. The coolest thing is that the use of mirror is transparent to Docker users, that is, after configuring mirror, you can still enter docker pull ubuntu
to pull the Docker hub image, in addition to the speed is faster, and no difference before.
Docking the Docker hub ecosystem in a more convenient way, using registry mirror naturally became my first choice. Next I'll take a look at Docker's process of using mirror to pull the mirror. In the following example, I use the Registry mirror service provided by Daocloud , you will get a mirror address after applying for the mirror service, and then we have to configure this address in Docker In the server startup script, the mirror configuration takes effect after restarting the Docker service (how to obtain the mirror service can refer to the appendix of this article)
The commands for configuring Docker Registry Mirror under Ubuntu are as follows:
sudo echo "docker_opts=\" \ $DOCKER _opts–registry-mirror=http://your-id.m.daocloud.io-d\ "" >>/etc/default/ Docker
sudo service docker restart
If you are using the Boot2docker, the configuration command is:
# Enter the Boot2docker Start Shell and Execute
sudo su
echo "extra_args=\" –registry-mirror=http://your-id.m.daocloud.io\ ">>/var/lib/boot2docker/profile
Exit
# Restart Boot2docker
After configuring the registry mirror, you can pull the Docker image, after I test, using Daocloud mirror, pull the common image speed can reach about 1.5M, the specific speed in your network environment may be slightly different.
Let's take a look at the process of Docker pull mirroring after configuring registry mirror. First, the CLI pulls the image command snippet ( docker/api/client/command.go
the CmdPull
function in)
First, the Docker CLI will attempt to obtain authorization, and in our case it will request authentication to HTTPS://INDEX.DOCKER.IO/V1, and after the authentication is completed, the authentication server will return a corresponding token. Note that the user authentication here is completely unrelated to the configuration of the registry mirror, so we don't have to worry about using the mirror security issue. The Docker CLI then invokes the Create Image command for the Docker server (that is, the Docker daemon program), and the Docker server performs the specific pull-mirroring action, as follows ( docker/graph/pull.go
the function of the code snippet pullRepository
)
As you can see from the code, if the registry Mirror,docker server is configured to pull the mirror from Mirror first, if the Mirror pull failure will fall back and then pull from the registry specified in the image. Everyone can take a breath, even if the configuration of the registry mirror failure, will not affect the user pull the mirror, but the speed is ...
Once the image is pulled down, you can run the container.
Appendix
Below I briefly introduce how to apply for a mirror service in Daocloud, first login Daocloud homepage
Click " Register Now ", simply fill in the personal information, then login and automatically jump to the "console", follow the prompts to click on the " Launch your accelerator " button.
Once successful, you have a dedicated registry mirror address, and the accelerator link is the address you want to set --registry-mirror
. At present, each user has 10G of accelerated traffic (Tips: If the traffic is not enough to invite friends to receive reward traffic, the more the invitation more rewards OH)
Finally, we would like to thank the domestic storage industry leader Seven Cow cloud storage in storage and CDN to provide the strong support, because there are like seven cattle such technology leader and enthusiastic to promote the development of the Internet ecosystem of the active participation, we can provide developers with more high-quality services.
Conclusion
I talked to you today about how Docker resolves mirroring and performs pull actions when mirroring is pulled, and how to speed up the pull process by setting registry mirror to overcome network latency. The code involved is focused only on the Docker CLI and Docker server, and in many ways is not expanded, such as how the registry response and how to link with the index Server, can only be left to discuss with you in detail next time.
About the author
Liang, Daocloud start-up team member, software engineer, graduate student of computer Science major, Zhejiang University. During the study period, we are active in the PAAs and Docker open source community, have deep research and rich practice in cloud Foundry, excel at the bottom platform code analysis, have some experience on the architecture of distributed platform, write a lot of deep technical blog. Joined the Daocloud team as a partner at the end of 2014, working to spread the technology of Docker-based containers to facilitate the containerized pace of Internet applications.
To play a Docker image