docker internals

docker internals
1.6.2.1 -- docker internals

cgoups

docker cgoups
1.6.2.2 -- docker cgoups

namespace

docker namespace
1.6.2.3 -- docker namespace

docker daemon

[!TIP|label:references:]

init

[!NOTE|label:references:]

install

  • environment cleanup
    $ sudo dnf remove docker \
                      docker-client \
                      docker-client-latest \
                      docker-common \
                      docker-latest \
                      docker-latest-logrotate \
                      docker-logrotate \
                      docker-engine
    
  • repo setup

    $ sudo dnf install -y yum-utils
    $ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    $ sudo dnf makecache
    
  • install

    $ sudo dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
    # or
    $ sudo dnf install -y docker-ce docker-ce-cli containerd.io
    
    # or
    $ sudo dnf install -y docker-ce-19.03.15-3.el8 docker-ce-cli-19.03.15-3.el8 containerd.io
    
    # or
    $ sudo dnf install -y docker-ce-19.03.15-3.el8 \
                          docker-ce-cli-19.03.15-3.el8 \
                          containerd.io \
                          docker-compose-plugin-2.16.0-1.el8 \
                          docker-scan-plugin-0.23.0-3.el8 \
                          docker-buildx-plugin-0.10.2-1.el8
    
    • to get available version:
      $ sudo dnf list docker-ce --showduplicates | grep 19\.03
      docker-ce.x86_64               3:19.03.15-3.el8                @docker-ce-stable
      docker-ce.x86_64               3:19.03.13-3.el8                docker-ce-stable
      docker-ce.x86_64               3:19.03.14-3.el8                docker-ce-stable
      docker-ce.x86_64               3:19.03.15-3.el8                docker-ce-stable
      
  • enable service

    $ sudo systemctl enable --now docker
    Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/local/lib/systemd/system/docker.service.
    
  • account settings

    $ sudo usermod -aG docker $(whoami)
    
  • teardown

    $ sudo dnf remove -y docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-scan-plugin docker-buildx-plugin
    

troubleshooting

problem with installed package podman

  • issue

    $ sudo yum install docker-ce-19.03.15-3.el8 \
                       docker-ce-cli-19.03.15-3.el8 \
                       containerd.io \
                       docker-buildx-plugin \
                       docker-compose-plugin
    Docker CE Stable - x86_64                                                              272 kB/s |  43 kB     00:00
    Error:
     Problem 1: problem with installed package podman-1.6.4-10.module_el8.2.0+305+5e198a41.x86_64
      - package podman-1.6.4-10.module_el8.2.0+305+5e198a41.x86_64 requires runc >= 1.0.0-57, but none of the providers can be installed
      - package podman-3.3.1-9.module_el8.5.0+988+b1f0b741.x86_64 requires runc >= 1.0.0-57, but none of the providers can be installed
      - package containerd.io-1.6.21-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.0-65.rc10.module_el8.2.0+305+5e198a41.x86_64
      - package containerd.io-1.6.21-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.0-65.rc10.module_el8.2.0+305+5e198a41.x86_64
      - package containerd.io-1.6.21-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.2-1.module_el8.5.0+911+f19012f9.x86_64
      - package containerd.io-1.6.21-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.2-1.module_el8.5.0+911+f19012f9.x86_64
      - cannot install the best candidate for the job
      - package runc-1.0.0-66.rc10.module_el8.5.0+1004+c00a74f5.x86_64 is filtered out by modular filtering
      - package runc-1.0.0-72.rc92.module_el8.5.0+1006+8d0e68a2.x86_64 is filtered out by modular filtering
     Problem 2: problem with installed package buildah-1.11.6-7.module_el8.2.0+305+5e198a41.x86_64
      - package buildah-1.11.6-7.module_el8.2.0+305+5e198a41.x86_64 requires runc >= 1.0.0-26, but none of the providers can be installed
      ...
      - package buildah-1.11.6-7.module_el8.2.0+305+5e198a41.x86_64 requires runc >= 1.0.0-26, but none of the providers can be installed
      - package buildah-1.22.3-2.module_el8.5.0+911+f19012f9.x86_64 requires runc >= 1.0.0-26, but none of the providers can be installed
      - package containerd.io-1.3.7-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.0-65.rc10.module_el8.2.0+305+5e198a41.x86_64
      ...
    
  • solution : remove podman

    $ sudo dnf remove buildah skopeo podman containers-common atomic-registries docker container-tools
    $ sudo rm -rf /etc/containers/* /var/lib/containers/* /etc/docker /etc/subuid* /etc/subgid*
    $ cd ~ && rm -rf /.local/share/containers/
    

Error: Transaction test error

  • issue

    $ sudo dnf install -y docker-ce-19.03.15-3.el8 docker-ce-cli-19.03.15-3.el8 containerd.io docker-compose-plugin-2.16.0-1.el8 docker-scan-plugin-0.23.0-3.el8 docker-buildx-plugin-0.10.2-1.el8
    Error: Transaction test error:
      file /usr/libexec/docker/cli-plugins/docker-buildx from install of docker-buildx-plugin-0:0.10.2-1.el8.x86_64 conflicts with file from package docker-ce-cli-1:19.03.15-3.el8.x86_64
    
  • solution: using latest docker-ce-cli

    $ sudo dnf install -y docker-ce-19.03.15-3.el8 docker-ce-cli containerd.io docker-compose-plugin docker-scan-plugin docker-buildx-plugin
    CentOS Stream 8 - AppStream                                              14 MB/s |  34 MB     00:02
    CentOS Stream 8 - BaseOS                                                6.4 MB/s |  53 MB     00:08
    CentOS Stream 8 - Extras                                                 31 kB/s |  18 kB     00:00
    CentOS Stream 8 - Extras common packages                                9.6 kB/s | 6.9 kB     00:00
    Docker CE Stable - x86_64                                               289 kB/s |  51 kB     00:00
    Dependencies resolved.
    ========================================================================================================
     Package                  Arch      Version                                   Repository           Size
    ========================================================================================================
    Installing:
     containerd.io            x86_64    1.6.24-3.1.el8                            docker-ce-stable     34 M
     docker-buildx-plugin     x86_64    0.11.2-1.el8                              docker-ce-stable     13 M
     docker-ce                x86_64    3:19.03.15-3.el8                          docker-ce-stable     24 M
     docker-ce-cli            x86_64    1:24.0.7-1.el8                            docker-ce-stable    7.2 M
     docker-compose-plugin    x86_64    2.21.0-1.el8                              docker-ce-stable     13 M
     docker-scan-plugin       x86_64    0.23.0-3.el8                              docker-ce-stable    3.8 M
    Installing dependencies:
     container-selinux        noarch    2:2.224.0-1.module_el8+712+4cd1bd69       appstream            70 k
     libcgroup                x86_64    0.41-19.el8                               baseos               70 k
    
    Transaction Summary
    ========================================================================================================
    Install  8 Packages
    
    Total download size: 95 M
    Installed size: 376 M
    Downloading Packages:
    (1/8): containerd.io-1.6.24-3.1.el8.x86_64.rpm                           24 MB/s |  34 MB     00:01
    (2/8): container-selinux-2.224.0-1.module_el8+712+4cd1bd69.noarch.rpm    49 kB/s |  70 kB     00:01
    (3/8): libcgroup-0.41-19.el8.x86_64.rpm                                  48 kB/s |  70 kB     00:01
    (4/8): docker-buildx-plugin-0.11.2-1.el8.x86_64.rpm                      30 MB/s |  13 MB     00:00
    (5/8): docker-compose-plugin-2.21.0-1.el8.x86_64.rpm                     31 MB/s |  13 MB     00:00
    (6/8): docker-ce-cli-24.0.7-1.el8.x86_64.rpm                            7.2 MB/s | 7.2 MB     00:00
    (7/8): docker-scan-plugin-0.23.0-3.el8.x86_64.rpm                        12 MB/s | 3.8 MB     00:00
    (8/8): docker-ce-19.03.15-3.el8.x86_64.rpm                               14 MB/s |  24 MB     00:01
    --------------------------------------------------------------------------------------------------------
    Total                                                                    26 MB/s |  95 MB     00:03
    Running transaction check
    Transaction check succeeded.
    Running transaction test
    Transaction test succeeded.
    Running transaction
      Preparing        :                                                                                1/1
      Installing       : docker-compose-plugin-2.21.0-1.el8.x86_64                                      1/8
      Running scriptlet: docker-compose-plugin-2.21.0-1.el8.x86_64                                      1/8
      Running scriptlet: container-selinux-2:2.224.0-1.module_el8+712+4cd1bd69.noarch                   2/8
      Installing       : container-selinux-2:2.224.0-1.module_el8+712+4cd1bd69.noarch                   2/8
      Running scriptlet: container-selinux-2:2.224.0-1.module_el8+712+4cd1bd69.noarch                   2/8
      Installing       : containerd.io-1.6.24-3.1.el8.x86_64                                            3/8
      Running scriptlet: containerd.io-1.6.24-3.1.el8.x86_64                                            3/8
      Installing       : docker-scan-plugin-0.23.0-3.el8.x86_64                                         4/8
      Running scriptlet: docker-scan-plugin-0.23.0-3.el8.x86_64                                         4/8
      Installing       : docker-buildx-plugin-0.11.2-1.el8.x86_64                                       5/8
      Running scriptlet: docker-buildx-plugin-0.11.2-1.el8.x86_64                                       5/8
      Installing       : docker-ce-cli-1:24.0.7-1.el8.x86_64                                            6/8
      Running scriptlet: docker-ce-cli-1:24.0.7-1.el8.x86_64                                            6/8
      Running scriptlet: libcgroup-0.41-19.el8.x86_64                                                   7/8
      Installing       : libcgroup-0.41-19.el8.x86_64                                                   7/8
      Running scriptlet: libcgroup-0.41-19.el8.x86_64                                                   7/8
    /sbin/ldconfig: /usr/lib64/llvm15/lib/libclang.so.15 is not a symbolic link
    
      Installing       : docker-ce-3:19.03.15-3.el8.x86_64                                              8/8
      Running scriptlet: docker-ce-3:19.03.15-3.el8.x86_64                                              8/8
      Running scriptlet: container-selinux-2:2.224.0-1.module_el8+712+4cd1bd69.noarch                   8/8
      Running scriptlet: docker-ce-3:19.03.15-3.el8.x86_64                                              8/8
    /sbin/ldconfig: /usr/lib64/llvm15/lib/libclang.so.15 is not a symbolic link
    
      Verifying        : container-selinux-2:2.224.0-1.module_el8+712+4cd1bd69.noarch                   1/8
      Verifying        : libcgroup-0.41-19.el8.x86_64                                                   2/8
      Verifying        : containerd.io-1.6.24-3.1.el8.x86_64                                            3/8
      Verifying        : docker-buildx-plugin-0.11.2-1.el8.x86_64                                       4/8
      Verifying        : docker-ce-3:19.03.15-3.el8.x86_64                                              5/8
      Verifying        : docker-ce-cli-1:24.0.7-1.el8.x86_64                                            6/8
      Verifying        : docker-compose-plugin-2.21.0-1.el8.x86_64                                      7/8
      Verifying        : docker-scan-plugin-0.23.0-3.el8.x86_64                                         8/8
    
    Installed:
      container-selinux-2:2.224.0-1.module_el8+712+4cd1bd69.noarch
      containerd.io-1.6.24-3.1.el8.x86_64
      docker-buildx-plugin-0.11.2-1.el8.x86_64
      docker-ce-3:19.03.15-3.el8.x86_64
      docker-ce-cli-1:24.0.7-1.el8.x86_64
      docker-compose-plugin-2.21.0-1.el8.x86_64
      docker-scan-plugin-0.23.0-3.el8.x86_64
      libcgroup-0.41-19.el8.x86_64
    Complete!
    
    $ sudo dnf list --installed | grep -E 'docker|container'
    container-selinux.noarch                           2:2.224.0-1.module_el8+712+4cd1bd69                   @appstream
    containerd.io.x86_64                               1.6.24-3.1.el8                                        @docker-ce-stable
    containernetworking-plugins.x86_64                 1:1.3.0-2.module_el8+461+0c6b54ea                     @AppStream
    docker-buildx-plugin.x86_64                        0.11.2-1.el8                                          @docker-ce-stable
    docker-ce.x86_64                                   3:19.03.15-3.el8                                      @docker-ce-stable
    docker-ce-cli.x86_64                               1:24.0.7-1.el8                                        @docker-ce-stable
    docker-compose-plugin.x86_64                       2.21.0-1.el8                                          @docker-ce-stable
    docker-scan-plugin.x86_64                          0.23.0-3.el8                                          @docker-ce-stable
    systemd-container.x86_64                           239-76.el8                                            @anaconda
    

enable tcp port 2375 for external connection to docker

[!TIP]

  • to check service
    $ sudo systemd-analyze verify <name.service>
    
  • enable service if necessary
    $ sudo systemctl enable containerd.service
    Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /usr/lib/systemd/system/containerd.service
    
# prepare
$ sudo systemctl stop docker.service
$ sudo systemctl stop docker.socket
  • via daemon.json

    $ cat /etc/docker/daemon.json
    {
      "hosts": ["unix:///var/run/docker.sock", "tcp://127.0.0.1:2375"]
    }
    # or
    $ cat /etc/docker/daemon.json
    {
      "hosts": ["unix:///var/run/docker.sock", "fd://", "tcp://127.0.0.1:2375"]
    }
    
    $ sudo systemctl edit docker.service
    
  • via override.conf

    $ cat /etc/systemd/system/docker.service.d/override.conf
    [Service]
    ExecStart=
    ExecStart=/usr/bin/dockerd -H fd:// -H tcp://127.0.0.1:2375 [--containerd=/run/containerd/containerd.sock] [--config-file /etc/docker/daemon.json]
    
    $ sudo systemctl daemon-reload
    $ sudo systemctl restart docker.service
    
    # result
    $ sudo netstat -lntp | grep dockerd
    tcp6       0      0 :::2375                 :::*                    LISTEN      5649/dockerd
    
  • result

    $ sudo cat /etc/docker/daemon.json
    {
      "hosts": ["unix:///var/run/docker.sock", "fd://", "tcp://0.0.0.0:2375"]
    }
    
    $ sudo cat /etc/systemd/system/docker.service.d/docker.conf
    [Service]
    ExecStart=
    ExecStart=/usr/bin/dockerd
    
    $ docker -H tcp://0.0.0.0:2376 pull ubuntu:18.04
    18.04: Pulling from library/ubuntu
    a404e5416296: Pull complete
    Digest: sha256:ca70a834041dd1bf16cc38dfcd24f0888ec4fa431e09f3344f354cf8d1724499
    Status: Downloaded newer image for ubuntu:18.04
    
    • verify

      $ ip -4 a s en1
      5: en1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
          inet x.x.x.x/24 brd x.x.x.255 scope global noprefixroute en1
             valid_lft forever preferred_lft forever
      
      $ nc -zv <target.ip.address> 2375
      Connection to target.ip.address 2375 port [tcp/*] succeeded!
      
      $ docker -H tcp://<target.ip.address>:2375 images
      REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
      ubuntu       18.04     71eaf13299f4   2 weeks ago   63.1MB
      
  • or modify in /lib/systemd/system/docker.service

    # Replacing this line:
    ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
    #                          |      |
    #                           ------
    #                       remove `-H fd://`
    
    # With this line:
    ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock [--tls=false]
    
  • or via socat

    exec socat -d TCP-LISTEN:2375,fork UNIX-CONNECT:/var/run/docker.sock
    
cat /usr/lib/systemd/system/docker.service
$ sudo cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service time-set.target
Wants=network-online.target containerd.service
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
#         remove if enable remote access in /etc/docker/daemon.json
#                           ---+--
#                          |      |
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500

[Install]
WantedBy=multi-user.target

docker completion

  • linux universal solution

    $ curl -o /etc/bash_completion.d/docker \
           -fsSL https://github.com/docker/docker-ce/raw/master/components/cli/contrib/completion/bash/docker
    
  • ubuntu

    # check completion file location
    $ dpkg -L docker-ce-cli |grep completion
    /usr/share/bash-completion
    /usr/share/bash-completion/completions
    /usr/share/bash-completion/completions/docker
    /usr/share/fish/vendor_completions.d
    /usr/share/fish/vendor_completions.d/docker.fish
    /usr/share/zsh/vendor-completions
    /usr/share/zsh/vendor-completions/_docker
    
    # link file to `/etc/bash_completion.d`
    $ ln -sf /usr/share/bash-completion/completions/docker /etc/bash_completion.d/docker
    

complete alias

Linux

$ curl -fsSL https://raw.githubusercontent.com/docker/cli/master/contrib/completion/bash/docker \
       -o /etc/bash_completion.d/docker
  • load completion

    $ grep 'bash_completion' /etc/bashrc
    if [ -f /usr/share/bash-completion/bash_completion ]; then
      source /usr/share/bash-completion/bash_completion
    fi
    
    $ cat /usr/share/bash-completion/bash_completion
    ...
    2070 # source compat completion directory definitions
    2071 compat_dir=${BASH_COMPLETION_COMPAT_DIR:-/etc/bash_completion.d}
    2072 if [[ -d $compat_dir && -r $compat_dir && -x $compat_dir ]]; then
    2073     for i in "$compat_dir"/*; do
    2074         [[ ${i##*/} != @($_backup_glob|Makefile*|$_blacklist_glob) \
    2075             && -f $i && -r $i ]] && . "$i"
    2076     done
    2077 fi
    2078 unset compat_dir i _blacklist_glob
    2079
    2080 # source user completion file
    2081 user_completion=${BASH_COMPLETION_USER_FILE:-~/.bash_completion}
    2082 [[ ${BASH_SOURCE[0]} != $user_completion && -r $user_completion ]] \
    2083     && . $user_completion
    2084 unset user_completion
    ...
    

OSX

bashComp="$(brew --prefix)/etc/bash_completion.d"
bashComp2="$(brew --prefix)/etc/profile.d/bash_completion.sh"
dApp="/Applications/Docker.app"
dmver='0.16.2'
gitcontent='https://raw.githubusercontent.com'
dm="${gitcontent}/docker/machine/v${dmver}/contrib/completion/bash/docker-machine.bash"
curlOpt='-x 127.0.0.1:1087 -fsSL'

brew install bash-completion@2
sudo curl ${curlOpt} ${dm} --output ${bashComp}/docker-machine.bash
for _i in docker.bash-completion docker-compose.bash-completion; do
  ln -s ${dApp}/Contents/Resources/etc/${_i} ${bashComp}/${_i}
done

cat > ~/.bash_profile << EOF
if command -v brew > /dev/null; then
  # bash-completion
  [ -f "${bashComp}" ] && export BASH_COMPLETION_COMPAT_DIR="${bashComp}" && source "${bashComp}";
  # bash-completion@2
  [ -f "${bashComp2}" ] && source "${bashComp2}";
fi
EOF
  • result

    $ complete -p d
    complete -F _complete_alias d
    $ complete -p dls
    complete -F _complete_alias dls
    
    # others:
    $ complete -p k
    complete -F _complete_alias k
    $ complete -p git
    complete -o bashdefault -o default -o nospace -F __git_wrap__git_main git
    

docker build

Best practices for writing Dockerfiles Create a base image Dockerfile reference

$ docker build \
         --no-cache \
         --build-arg REPO=<private.registry.com> \
         --build-arg TAG=1.4-bionic \
         -t <private.registry.com>/devops/jnlp.bionic \
         -f devops-jnlp .

docker ps

references:

list without wrap

$ docker ps -a --no-trunc
  • or

    $ curl --unix-socket /var/run/docker.sock 'http://localhost/containers/json'
    
  • i.e.:

    $ docker ps -a --no-trunc --filter name=marslo*
    

list full container id

$ docker ps -aq --no-trunc
  • or

    $ docker inspect --format="{{.Id}}" d40df87b2f87
    d40df87b2f87261152d2541b870c6b801c031f8df969e4bd3e9b3c607e6c1698
    

filter

[!NOTE|label:references:]

FILTER DESCRIPTION
id Container's ID
name Container's name
label An arbitrary string representing either a key or a key-value pair. Expressed as or =
exited An integer representing the container's exit code. Only useful with --all.
status One of created, restarting, running, removing, paused, exited, or dead
ancestor Filters containers which share a given image as an ancestor. Expressed as [:], , or image@digest
before or since Filters containers created before or after a given container ID or name
volume Filters running containers which have mounted a given volume or bind mount.
network Filters running containers connected to a given network.
publish or expose Filters containers which publish or expose a given port. Expressed as [/] or /[]
health Filters containers based on their healthcheck status. One of starting, healthy, unhealthy or none.
isolation Windows daemon only. One of default, process, or hyperv.
is-task Filters containers that are a "task" for a service. Boolean option (true or false)
  • via name
    $ docker ps -aqf "name=mycontainer"
    77745046363d
    
  • filter with image
  $ docker ps -a --no-trunc --filter ancestor='busybox:latest'

  # for jenkins/jenkins
  $ docker ps -a --filter ancestor=jenkins/jenkins:2.401.2-lts-jdk11 --format "{{.ID}}"
  • filter with exit code
    $ docker ps -a --filter 'exited=0'
    
  • filter with status
    $ docker ps --filter status=running
    
  • filter with tag
    $ docker images --filter "reference=*/*/*/*:1.4-bionic-dind"
    

ps format

docker stats

docker inspect

docker proxy

check docker layer

references:

$ docker history [--no-trunc=true] <image>:<tag>
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
af73a9899a8f        6 months ago        /bin/sh -c #(nop) WORKDIR /home/devops          0B
e96534e326ed        6 months ago        /bin/sh -c #(nop)  VOLUME [/home/devops/.ssh]   0B
4d3392929105        6 months ago        |5 VERSION=1.6 gid=1000 group=devops uid=100…   884B
8abbc25a66a4        6 months ago        |5 VERSION=1.6 gid=1000 group=devops uid=100…   812B
4cf413ae805e        6 months ago        /bin/sh -c #(nop)  USER devops                  0B
d1d88d88e61b        6 months ago        |5 VERSION=1.6 gid=1000 group=devops uid=1001.45GB
4b305ec8942c        6 months ago        /bin/sh -c #(nop) COPY file:c19a45386e5be7e4…   411B
a36e97b18597        6 months ago        |5 VERSION=1.6 gid=1000 group=devops uid=100…   398kB
7abf758ac126        6 months ago        /bin/sh -c #(nop)  USER root                    0B
b7cc7e6545cf        6 months ago        /bin/sh -c #(nop)  ENV DEBIAN_FRONTEND=nonin…   0B
4aa2bff1261d        6 months ago        /bin/sh -c #(nop)  ENV HOME=/home/devops        0B
97c1260a833a        6 months ago        /bin/sh -c #(nop)  ARG gid=1000                 0B
1641eb4e6b1a        6 months ago        /bin/sh -c #(nop)  ARG uid=1000                 0B
f550761577d3        6 months ago        /bin/sh -c #(nop)  ARG group=devops             0B
25f225d7fdaa        6 months ago        /bin/sh -c #(nop)  ARG user=devops              0B
ea3b83e6ee69        6 months ago        /bin/sh -c #(nop)  ARG VERSION=1.6              0B
cf8ee6149a83        6 months ago        /bin/sh -c #(nop)  LABEL description=specifi…   0B
3c8433a403ad        6 months ago        /bin/sh -c #(nop)  LABEL maintainer=marslo@x…   0B
e7d65936ff5d        6 months ago        /bin/sh -c #(nop)  LABEL version=1.6            0B
ac9cd6bdb0cf        6 months ago        /bin/sh -c #(nop)  MAINTAINER marslo <marslo…   0B
ad080923604a        7 months ago        /bin/sh -c #(nop)  CMD ["bash"]                 0B
<missing>           7 months ago        /bin/sh -c #(nop) ADD file:40290d9a94ae76c35…   63.1MB

media type

[!TIP] references:

manifest.v2+json

[!NOTE] mediaType in manifest should be 'application/vnd.docker.distribution.manifest.v2+json' not 'application/vnd.oci.image.manifest.v1+json'

  • docker version
    $ docker -v
    Docker version 19.03.2, build 6a30dfc
    
  • solution

    [!TIP] One way to upgrade an image from image manifest version 2, schema 1 to schema 2 is to docker pull the image and then docker push the image with a current version of Docker. Doing so will automatically convert the image to use the latest image manifest specification. Converting an image to image manifest version 2, schema 2 converts the manifest format, but does not update the contents within the image. Images using manifest version 2, schema 1 may contain unpatched vulnerabilities. We recommend looking for an alternative image or rebuilding it.

sample json

application/vnd.docker.distribution.manifest.v2+json
$ docker manifest inspect artifactory.domain.com/docker/devops/jenkins:2.387.1-lts
WARN[0000] Conmon at /usr/libexec/podman/conmon invalid: outdated conmon version
WARN[0000] Warning! The manifest type application/vnd.docker.distribution.manifest.v2+json is not a manifest list but a single image.
{
    "schemaVersion": 2,
    "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
    "config": {
        "mediaType": "application/vnd.docker.container.image.v1+json",
        "size": 13129,
        "digest": "sha256:d5ed2ceef0ec08e9044ebb39812f211d64dbcdfce775cc6b0460ca289193416f"
    },
    "layers": [
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 55045922,
            "digest": "sha256:32fb02163b6bb519a30f909008e852354dae10bdfd6b34190dbdfe8f15403ea0"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 51628196,
            "digest": "sha256:c09d5e9e1188f3fff7a4f8c3c7c330fde5184cba1c6f0c92526b8b7bd0ac7c26"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 8929986,
            "digest": "sha256:a56533012712c1db623da3e5e9c2d0276301c82db0a2e7a82debfb57e5d916f2"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 1244,
            "digest": "sha256:7936e107ffe73b406a0d02edf9bb02b983534d803bb06fd03dc38dac4b6cfe2a"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 189,
            "digest": "sha256:3ca683058265b99b65bbc69b9e8fa4c46e830db35aad614706200e6cf0c30d8a"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 98119982,
            "digest": "sha256:c2ecd304b4b84ef6154bd85e13360f0b015e39057a329698617ce0a53ed6cf32"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 202,
            "digest": "sha256:be3512d810d65f00f28af0885e2f30833263ee061528e20c7fee21664f1572b8"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 5841675,
            "digest": "sha256:56b37d7c2a7a3c93fd013cb1ad5652f8cea3910ecc0274d73064bba27ab57864"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 76925753,
            "digest": "sha256:99ed1e723e52507ce2d615e1682d673c3ffcec5f5b68c266db70d829ef4be208"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 1932,
            "digest": "sha256:256db5485b1399ecbd58c2558388fc9a4ff1caaaeacbdfe23127c7f13b1ee98b"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 1170,
            "digest": "sha256:ee8c7eaf5e6bd8c45e503756da48e80137def6765017148ce9f2af66ce97244b"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 374,
            "digest": "sha256:509f66c2f3174642f0eb3e3b2e8a70da698f613042ec65f525c476afe0b6b7d5"
        },
        {
            "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
            "size": 271,
            "digest": "sha256:820296a845d636be13276fdf3bdae7fdf2ac00d401182632d1ab450e26353674"
        }
    ]
}
application/vnd.docker.distribution.manifest.list.v2+json
$ docker manifest inspect docker.io/jenkins/jenkins:2.387.1-lts
WARN[0000] Conmon at /usr/libexec/podman/conmon invalid: outdated conmon version
{
    "schemaVersion": 2,
    "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
    "manifests": [
        {
            "mediaType": "application/vnd.oci.image.manifest.v1+json",
            "size": 2765,
            "digest": "sha256:005fcb5c3017ef120d0d9d8d8925e9248ff6e2cf2b5e18b527b01459c7b2b3f4",
            "platform": {
                "architecture": "amd64",
                "os": "linux"
            }
        },
        {
            "mediaType": "application/vnd.oci.image.manifest.v1+json",
            "size": 2765,
            "digest": "sha256:023fd7da56df685064940ff19c03c835e5fc3643ced00cc2bd792e2379cad2c3",
            "platform": {
                "architecture": "arm64",
                "os": "linux"
            }
        },
        {
            "mediaType": "application/vnd.oci.image.manifest.v1+json",
            "size": 2765,
            "digest": "sha256:4b5c14cabb880c1080ac6d07bcefb379fbf31f821556073205ac28f14ed55cf2",
            "platform": {
                "architecture": "s390x",
                "os": "linux"
            }
        },
        {
            "mediaType": "application/vnd.oci.image.manifest.v1+json",
            "size": 566,
            "digest": "sha256:797e205c02212b0ee424969f3441dd23fca9a1157add0211e5f63eab440254ea",
            "platform": {
                "architecture": "unknown",
                "os": "unknown"
            }
        },
        {
            "mediaType": "application/vnd.oci.image.manifest.v1+json",
            "size": 566,
            "digest": "sha256:150e17c6e040dcb86dbb29144a330a4c48be97949bc74ba270796b8bda419b49",
            "platform": {
                "architecture": "unknown",
                "os": "unknown"
            }
        },
        {
            "mediaType": "application/vnd.oci.image.manifest.v1+json",
            "size": 566,
            "digest": "sha256:d4dcd45f608ade71e0c6d4ac68ff8aa4f34826f8181d2e18797101c55eb6ea77",
            "platform": {
                "architecture": "unknown",
                "os": "unknown"
            }
        }
    ]
}
Copyright © marslo 2020-2023 all right reserved,powered by GitbookLast Modified: 2024-03-22 12:21:38

results matching ""

    No results matching ""