剑客
关注科技互联网

docker 反向工程

今天参加了一个meetup,演讲者介绍了一个可以模拟docker 命令的工具,可以在不安装docker 的情况下,体验下载镜像,启动容器的功能。

这个工具使用python写的,如果有兴趣花些时间去理解一下,对docker 的深层次理解会有很大的帮助。

卸载 docker engine

当然你可以在虚拟机里做这个测试。

mocker工具的环境安装

$ git clone https://github.com/tonybaloney/mocker.git
$ cd mocker
$ pip install virtualenv
$ virtualenv ENV
$ source ENV/bin/activate
$ pip install -r requirements.txt
$ ./mocker.py help
Usage:
mocker pull <name>[<tag>]
mocker run <name>
mocker images
mocker (-h | --help)
mocker --version

体验 pull 命令

$ ./mocker.py pull nginx
Starting new HTTPS connection (1): auth.docker.io
"GET /token?service=registry.docker.io&scope=repository:library/nginx:pull HTTP/1.1" 200 1442
Fetching manifest for nginx:latest...
Starting new HTTPS connection (1): registry-1.docker.io
"GET /v2/library/nginx/manifests/latest HTTP/1.1" 200 6938
Fetching layer sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4..
Starting new HTTPS connection (1): registry-1.docker.io
"GET /v2/library/nginx/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 HTTP/1.1" 307 432
Starting new HTTPS connection (1): dseasb33srnrn.cloudfront.net
"GET /registry-v2/docker/registry/v2/blobs/sha256/a3/a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4/data?Expires=1476787299&Signature=P0typ2UZrgFdGd4SrfBvKdKefSC8JkkNWxTExzZYTE6luS8R0ZbjCWWBHbwEj5v-q668Vf-y11WBULC7O~SWcYycly7ek0Eemlmr4eGphP-zdEJqCn9Nol~YSqrI4BX~MHFoWgIc9uXUJ1HM8VnTaMXIVELt5lNT9wDRz7OuzU8_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q HTTP/1.1" 200 32
...
Fetching layer sha256:6a5a5368e0c2d3e5909184fa28ddfd56072e7ff3ee9a945876f7eee5896ef5bb..
Starting new HTTPS connection (1): registry-1.docker.io
"GET /v2/library/nginx/blobs/sha256:6a5a5368e0c2d3e5909184fa28ddfd56072e7ff3ee9a945876f7eee5896ef5bb HTTP/1.1" 307 432
Starting new HTTPS connection (1): dseasb33srnrn.cloudfront.net
"GET /registry-v2/docker/registry/v2/blobs/sha256/6a/6a5a5368e0c2d3e5909184fa28ddfd56072e7ff3ee9a945876f7eee5896ef5bb/data?Expires=1476787301&Signature=d1jSz7Z9Syjlk9OPjzYgFk37f-g9d1OK--2fi4FdotZwbmFTLDrj~TyRFx9WZA10W7DUJ7vL-GFb5WjOIoHWe1CR2dm9NewjvzI-k7gI6CmPeG0F0ZRseaYzanmoYYSIUSPbn2hsbq57pl43i3pJ2NLKbGb2eGuL~YBgjUFsEq0_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q HTTP/1.1" 200 51354364
- bin
- bin/bash
- bin/cat
- bin/chacl
- bin/chgrp
- bin/chmod
- bin/chown
- bin/cp
- bin/dash
- bin/date
...
Fetching layer sha256:2fbd37c8684bca3df2090b8b8acce020837d560ec8917f25714e45e7d1f4611e..
Starting new HTTPS connection (1): registry-1.docker.io
"GET /v2/library/nginx/blobs/sha256:2fbd37c8684bca3df2090b8b8acce020837d560ec8917f25714e45e7d1f4611e HTTP/1.1" 307 432
Starting new HTTPS connection (1): dseasb33srnrn.cloudfront.net
"GET /registry-v2/docker/registry/v2/blobs/sha256/2f/2fbd37c8684bca3df2090b8b8acce020837d560ec8917f25714e45e7d1f4611e/data?Expires=1476787399&Signature=DNXOXyA9an018bG25GtQMaErpQwOtZUgMVW2Czur1DbwqJLe-w-5ETapnDVlz7WksCXNZ9JaO-hMBv~UjOOwQD1cjnpm3-QVMWGsnS4TBHLA9YZGx8wUMlUyQonSvHRTZKI2vr-SMlPDe91WgUzA-OrywSNvAXEqdIm-sn5qvPE_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q HTTP/1.1" 200 195
- var
- var/log
- var/log/nginx
- var/log/nginx/access.log
- var/log/nginx/error.log
...
Fetching layer sha256:20a0fbbae14864e06e14f89126551d004555d9e2c13591105862ca1f9a418e9d..
Starting new HTTPS connection (1): registry-1.docker.io
"GET /v2/library/nginx/blobs/sha256:20a0fbbae14864e06e14f89126551d004555d9e2c13591105862ca1f9a418e9d HTTP/1.1" 307 432
Starting new HTTPS connection (1): dseasb33srnrn.cloudfront.net
"GET /registry-v2/docker/registry/v2/blobs/sha256/20/20a0fbbae14864e06e14f89126551d004555d9e2c13591105862ca1f9a418e9d/data?Expires=1476787401&Signature=H-52MjpIcEpNWHyikqDB50rrv1nj-4wPON6jW0gK5OeLlguxAv2iSUZpnQ1ImL-ixTxhD0iLdCpzMNDLsZ2lagJOVM6Susd1Jn-l7N8EgXUBkwQWAejbsJTjV89O6cI7T60OzaWsBPQCbM2jPYyFsfMPCjb8jLahSGuu95Wy2iw_&Key-Pair-Id=APKAJECH5M7VWIS5YZ6Q HTTP/1.1" 200 20134306
- etc
- etc/alternatives
- etc/alternatives/rename
- etc/alternatives/rename.1.gz
- etc/apt
- etc/apt/sources.list
- etc/apt/trusted.gpg
- etc/apt/trusted.gpg.d
- etc/apt/trusted.gpg~
- etc/ca-certificates
...

你可以看到,作者在pull 镜像的时候,给出很多有用的信息。 给出每个docker 层的sha码,每层的文件列表,等等

#列出镜像

$ ./mocker.py images
+---------------+---------+---------+--------------------+
| name | version | size | file |
+---------------+---------+---------+--------------------+
| library/nginx | latest | 68.2MiB | library_nginx.json |
+---------------+---------+---------+--------------------+

运行 容器

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址