docker 反向工程

今天参加了一个meetup,演讲者介绍了一个可以模拟docker 命令的工具,可以在不安装docker 的情况下,体验下载镜像,启动容器的功能。 这

今天参加了一个meetup,演讲者介绍了一个可以模拟docker 命令的工具,可以在不安装docker 的情况下,体验下载镜像,启动容器的功能。

这个工具使用python写的,如果有兴趣花些时间去理解一下,对docker 的深层次理解会有很大的帮助。

卸载 docker engine

当然你可以在虚拟机里做这个测试。

mocker工具的环境安装

$ git clone https://github.com/tonybaloney/mocker.git

$ cd mocker

$ pip install virtualenv

$ virtualenv ENV

$ source ENV/bin/activate

$ pip install -r requirements.txt

$ ./mocker.py help

Usage:

mocker pull <name>[<tag>]

mocker run <name>

mocker images

mocker (-h | --help)

mocker --version

体验 pull 命令

$ ./mocker.py pull nginx

Starting new HTTPS connection (1): auth.docker.io

"GET /token?service=registry.docker.io&scope=repository:library/nginx:pull HTTP/1.1" 200 1442

Fetching manifest for nginx:latest...

Starting new HTTPS connection (1): registry-1.docker.io

"GET /v2/library/nginx/manifests/latest HTTP/1.1" 200 6938

Fetching layer sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4..

Starting new HTTPS connection (1): registry-1.docker.io

"GET /v2/library/nginx/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 HTTP/1.1" 307 432

Starting new HTTPS connection (1): dseasb33srnrn.cloudfront.net

"GET /registry-v2/docker/registry/v2/blobs/sha256/a3/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4/data?Expires=1476787299&Signature=P0typ2UZrgFdGd4SrfBvKdKefSC8JkkNWxTExzZYTE6luS8R0ZbjCWWBHbwEj5v-q668Vf-y11WBULC7O~SWcYycly7ek0Eemlmr4eGphP-zdEJqCn9Nol~YSqrI4BX~MHFoWgIc9uXUJ1HM8VnTaMXIVELt5lNT9wDRz7OuzU8_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q HTTP/1.1" 200 32

...

Fetching layer sha256:6a5a5368e0c2d3e5909184fa28ddfd56072e7ff3ee9a945876f7eee5896ef5bb..

Starting new HTTPS connection (1): registry-1.docker.io

"GET /v2/library/nginx/blobs/sha256:6a5a5368e0c2d3e5909184fa28ddfd56072e7ff3ee9a945876f7eee5896ef5bb HTTP/1.1" 307 432

Starting new HTTPS connection (1): dseasb33srnrn.cloudfront.net

"GET /registry-v2/docker/registry/v2/blobs/sha256/6a/6a5a5368e0c2d3e5909184fa28ddfd56072e7ff3ee9a945876f7eee5896ef5bb/data?Expires=1476787301&Signature=d1jSz7Z9Syjlk9OPjzYgFk37f-g9d1OK--2fi4FdotZwbmFTLDrj~TyRFx9WZA10W7DUJ7vL-GFb5WjOIoHWe1CR2dm9NewjvzI-k7gI6CmPeG0F0ZRseaYzanmoYYSIUSPbn2hsbq57pl43i3pJ2NLKbGb2eGuL~YBgjUFsEq0_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q HTTP/1.1" 200 51354364

- bin

- bin/bash

- bin/cat

- bin/chacl

- bin/chgrp

- bin/chmod

- bin/chown

- bin/cp

- bin/dash

- bin/date

...

Fetching layer sha256:2fbd37c8684bca3df2090b8b8acce020837d560ec8917f25714e45e7d1f4611e..

Starting new HTTPS connection (1): registry-1.docker.io

"GET /v2/library/nginx/blobs/sha256:2fbd37c8684bca3df2090b8b8acce020837d560ec8917f25714e45e7d1f4611e HTTP/1.1" 307 432

Starting new HTTPS connection (1): dseasb33srnrn.cloudfront.net

"GET /registry-v2/docker/registry/v2/blobs/sha256/2f/2fbd37c8684bca3df2090b8b8acce020837d560ec8917f25714e45e7d1f4611e/data?Expires=1476787399&Signature=DNXOXyA9an018bG25GtQMaErpQwOtZUgMVW2Czur1DbwqJLe-w-5ETapnDVlz7WksCXNZ9JaO-hMBv~UjOOwQD1cjnpm3-QVMWGsnS4TBHLA9YZGx8wUMlUyQonSvHRTZKI2vr-SMlPDe91WgUzA-OrywSNvAXEqdIm-sn5qvPE_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q HTTP/1.1" 200 195

- var

- var/log

- var/log/nginx

- var/log/nginx/access.log

- var/log/nginx/error.log

...

Fetching layer sha256:20a0fbbae14864e06e14f89126551d004555d9e2c13591105862ca1f9a418e9d..

Starting new HTTPS connection (1): registry-1.docker.io

"GET /v2/library/nginx/blobs/sha256:20a0fbbae14864e06e14f89126551d004555d9e2c13591105862ca1f9a418e9d HTTP/1.1" 307 432

Starting new HTTPS connection (1): dseasb33srnrn.cloudfront.net

"GET /registry-v2/docker/registry/v2/blobs/sha256/20/20a0fbbae14864e06e14f89126551d004555d9e2c13591105862ca1f9a418e9d/data?Expires=1476787401&Signature=H-52MjpIcEpNWHyikqDB50rrv1nj-4wPON6jW0gK5OeLlguxAv2iSUZpnQ1ImL-ixTxhD0iLdCpzMNDLsZ2lagJOVM6Susd1Jn-l7N8EgXUBkwQWAejbsJTjV89O6cI7T60OzaWsBPQCbM2jPYyFsfMPCjb8jLahSGuu95Wy2iw_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q HTTP/1.1" 200 20134306

- etc

- etc/alternatives

- etc/alternatives/rename

- etc/alternatives/rename.1.gz

- etc/apt

- etc/apt/sources.list

- etc/apt/trusted.gpg

- etc/apt/trusted.gpg.d

- etc/apt/trusted.gpg~

- etc/ca-certificates

...

你可以看到,作者在pull 镜像的时候,给出很多有用的信息。 给出每个docker 层的sha码,每层的文件列表,等等

#列出镜像

$ ./mocker.py images

+---------------+---------+---------+--------------------+

| name | version | size | file |

+---------------+---------+---------+--------------------+

| library/nginx | latest | 68.2MiB | library_nginx.json |

+---------------+---------+---------+--------------------+

运行 容器

未登录用户
全部评论0
到底啦