Exploring Image Layers

Create Required Directories

# vi create-overlay.sh
mkdir -p /podman/overlay/images/image1
mkdir -p /podman/overlay/container/upperdir/container1
mkdir -p /podman/overlay/container/workdir/container1
mkdir -p /podman/overlay/container/merged/container1

cd /podman/overlay/images/image1
mkdir layer-1 layer-2 layer-3 layer-4
mkdir layer-1/{bin,boot,dev,etc}
mkdir layer-2/{home,lib,lib64,media,mnt}
mkdir layer-3/{opt,proc,root,run,sbin}
mkdir layer-4/{srv,sys,tmp,usr,var}
mkdir layer-4/var/{adm,cache,lib,log}
mkdir layer-4/var/lib/mysql

# chmod +x create-overlay.sh
# ./create-overlay.sh

The lowerdir Structure

# tree /podman/overlay/images/image1/
/podman/overlay/images/image1/
├── layer-1
│ ├── bin
│ ├── boot
│ ├── dev
│ └── etc
├── layer-2
│ ├── home
│ ├── lib
│ ├── lib64
│ ├── media
│ └── mnt
├── layer-3
│ ├── opt
│ ├── proc
│ ├── root
│ ├── run
│ └── sbin
└── layer-4
├── srv
├── sys
├── tmp
├── usr
└── var
├── adm
├── cache
├── lib
│ └── mysql
└── log
28 directories, 0 files

 Mount the lowerdir, upperdir & workdir Directories to the Merged Directory
# vi mount-overlay.sh
mount -t overlay container1-overlay \
-o lowerdir=/podman/overlay/images/image1/layer-1:/podman/overlay/images/image1/
layer-2:/podman/overlay/images/image1/layer-3:/podman/overlay/images/image1/
layer-4,upperdir=/podman/overlay/container/upperdir/container1,workdir=/podman/overlay/
container/workdir/container1 \
/podman/overlay/container/merged/container1

Note:

• The working directory (workdir) needs to be an empty directory on the same lesystem mount as the
upper directory.

• The lower directory (lowerdir) can be read-only or could be an overlay itself.

• The upper directory (upperdir) is normally writable.

• The workdir is used to prepare les as they are switched between the layers.

• The lower directory can actually be a list of directories separated by : , all changes in the merged
directory are still re ected in upper.

# chmod +x mount-overlay.sh
# ./mount-overlay.sh

# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 462M 0 462M 0% /dev
tmpfs 482M 0 482M 0% /dev/shm
tmpfs 482M 6.6M 475M 2% /run
tmpfs 482M 0 482M 0% /sys/fs/cgroup
/dev/mapper/cs-root 61G 2.3G 59G 4% /
/dev/sda1 1014M 176M 839M 18% /boot
tmpfs 97M 0 97M 0% /run/user/1000
container1-overlay 61G 2.3G 59G 4% /podman/overlay/container/merged/container1

# mount|grep overlay
container1-overlay on /podman/overlay/container/merged/container1 type overlay
(rw,relatime,seclabel,lowerdir=/podman/overlay/images/image1/layer-1:/podman/overlay/
images/image1/layer-2:/podman/overlay/images/image1/layer-3:/podman/overlay/images/
image1/layer-4,upperdir=/podman/overlay/container/upperdir/container1,workdir=/podman/
overlay/container/workdir/container1)

fl

fi

fi

 The Merged Directory Structure

# tree /podman/overlay/container/merged/container1/
/podman/overlay/container/merged/container1/
├── bin
├── boot
├── dev
├── etc
├── home
├── lib
├── lib64
├── media
├── mnt
├── opt
├── proc
├── root
├── run
├── sbin
├── srv
├── sys
├── tmp
├── usr
└── var
├── adm
├── cache
├── lib
│ └── mysql
└── log

Changing the Merged Directory Directory

# cd /podman/overlay/container/merged/container1
# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin
srv sys tmp usr var

# touch etc/{passwd,group,shadow}
# touch var/log/messages
# touch var/lib/mysql/mydata1.db
# mkdir home/{furqan,irfan}
# tree
.
├── bin
├── boot
├── dev
├── etc
│ ├── group
│ ├── passwd
│ └── shadow
├── home
│ ├── furqan
│ └── irfan
├── lib
├── lib64
├── media

 ├── mnt
├── opt
├── proc
├── root
├── run
├── sbin
├── srv
├── sys
├── tmp
├── usr
└── var
├── adm
├── cache
├── lib
│ └── mysql
│ └── mydata1.db
└── log
└── messages

26 directories, 5 files

All Changes are Stored in the upperdir Directory

# tree /podman/overlay/container/upperdir/container1/
/podman/overlay/container/upperdir/container1/
├── etc
│ ├── group
│ ├── passwd
│ └── shadow
├── home
│ ├── furqan
│ └── irfan
└── var
├── lib
│ └── mysql
│ └── mydata1.db
└── log
└── messages

8 directories, 5 files

There is no change on the lowerdir Directory

# tree /podman/overlay/images/image1/
/podman/overlay/images/image1/
├── layer-1
│ ├── bin
│ ├── boot
│ ├── dev
│ └── etc
├── layer-2
│ ├── home
│ ├── lib
│ ├── lib64
│ ├── media
│ └── mnt
├── layer-3
│ ├── opt
│ ├── proc
│ ├── root
│ ├── run
│ └── sbin
└── layer-4
├── srv
├── sys
├── tmp
├── usr
└── var
├── adm
├── cache
├── lib
│ └── mysql
└── log

28 directories, 0 files

 Exploring httpd Image

# podman pull docker.io/library/httpd

Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob acb3e3b931b8 done
Copying blob 3a141a09d1d0 done
Copying blob 6f28985ad184 done
Copying blob 1633384edb75 done
Copying blob f6dc6b8b1d70 done
Copying config ae15ff2bdc done
Writing manifest to image destination
Storing signatures
ae15ff2bdcb44d66199dc364b273ab5b108fb120bb95f022cedabbfab3253701

# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest ae15ff2bdcb4 2 weeks ago 142 MB

# podman image inspect docker.io/library/httpd

...
"GraphDriver": {
"Name": "overlay",
"Data": {

"LowerDir":
"/var/lib/containers/storage/overlay/0a8a.../diff:
/var/lib/containers/storage/overlay/7c98.../diff:
/var/lib/containers/storage/overlay/9e3f.../diff:
/var/lib/containers/storage/overlay/14a1.../diff",

"UpperDir":
"/var/lib/containers/storage/overlay/fbd5.../diff",

"WorkDir":
"/var/lib/containers/storage/overlay/fbd5.../work"
}