是否“安全”在码头处理一个运行的容器？ [英] Is it "safe" to commit a running container in docker?

问题描述

如标题所示，安全意味着...正确的方式

As the title goes, safe means... the proper way?

安全=一致，无数据丢失，专业，合法的方式。

Safe = consistent, no data loss, professional, legit way.

希望与专业泊坞员用户分享一些经验。

Hope to share some experiences with pro docker users.

Q。提交对于运行docker容器是安全的（除了快速变化的实时内容和数据库的东西，您自己的评论是赞赏。）

Q. Commit is safe for running docker containers (with the exception of rapidly changing realtime stuff and database stuff, your own commentary is appreciated.)

是或否否接受评论。谢谢。

Yes or No answer is accepted with comment. Thanks.

推荐答案

所有内存和硬盘存储都保存在容器实例中。只要您不使用任何外部安装/码头服务器卷和服务器（外部连接的数据库？），就不会有麻烦停止/重新启动和接收坞站。请仔细阅读，以便更深入地了解这一主题。

All memory and harddisk storage is saved inside the container instance. You should, as long as you don't use any external mounts/docker volumes and servers (externally connected DBs?) never get in trouble for stopping/restarting and comitting dockers. Please read on to go more in depth on this topic.

您最初可能会问自己的问题是，Docker如何存储对其磁盘所做的更改在运行时？什么是真正的甜蜜的检查，码头工作人员真正设法使这项工作。容器硬盘的原始状态是从图像中给出的。它可以不写入此图像。而不是写入图像，与在docker图像中的内容相比，容器内部状态的变化是一个差异。
Docker使用一种名为 Union Filesystem 的技术，它会在泊坞窗图像的初始状态的顶部。

A question that you might want to ask yourself initially, is how does docker store changes that it makes to its disk on runtime? What is really sweet to check out, is how docker actually manages to get this working. The original state of the container's hard disk is what is given to it from the image. It can NOT write to this image. Instead of writing to the image, a diff is made of what is changed in the containers internal state in comparison to what is in the docker image. Docker uses a technology called "Union Filesystem", which creates a diff layer on top of the initial state of the docker image.

下面图片中的这个diff（引用为可写容器）存储在内存中，当您删除容器时，它将消失。当您使用docker commit时，保留在容器的临时状态中的可写容器存储在新映像中，但是我不推荐这样做。您的新泊坞窗图像的状态不会在docker文件中表示，并且不能轻易地从重建中重新生成。制作新的码头文件不应该很困难。所以这是我个人的方式。

This "diff" (referenced as the writable container in the image below) is stored in memory and disappears when you delete your container. When you use docker commit, the writable container that is retained in the temporary "state" of the container is stored inside a new image, however: I don't recommend this. The state of your new docker image is not represented in a dockerfile and can not easily be regenerated from a rebuild. Making a new dockerfile should not be hard. So that is alway the way-to-go for me personally.

当您的Docker使用安装卷，外部服务器/ DB时，您可能需要确保不要失去同步，并暂时停止在Docker容器内的服务。当您使用docker文件时，您可以在容器内启动一个引导shell脚本来启动连接，执行检查并初始化正在运行的进程，以使应用程序能够持久地设置。再次，运行一个承诺的容器使得更难做这样的事情。

When your docker is working with mounted volumes, external servers/DBs, you might want to make sure you don't get out of sync and temporary stop your services inside the docker container. When you would use a dockerfile you can start up a bootstrap shell script inside your container to start up connections, perform checks and initialize the running process to get your application durably set up. Again, running a committed container makes it harder to do something like this.

这篇关于是否“安全”在码头处理一个运行的容器？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！