过程分析"/>
containerd pull过程分析
1. pull镜像下载
# 本实例以一个nginx镜像为例
[~]# ctr image pull daocloud.io/library/nginx:1.12.0-alpine
daocloud.io/library/nginx:1.12.0-alpine: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:6a88bc1398333a1a508824c13cc214119510bf7d5898557640606d5edf5da244: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:30cf39878add9b76abdfccd79b79d1eb76629f7eca924822f6b68df9735a9f00: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:09b2eb12555fd1a51a97f9231f7edefd4e242af42cc6ce73fc94a4fd2014bf1e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ab14e39f58e6d8ba465d2bb577a82a750ec0bcd2342b380920f9e7f307be3c4f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b719aad0065e54869664cc345032763a5ef015431b4b712c55c26d591d2a2281: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:193bc4296e28af74c271e70ffc4456f2f2e39972dd7912dff5a0b542d8f2c3a4: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 15.1s total: 5.9 Mi (399.1 KiB/s)
unpacking linux/amd64 sha256:6a88bc1398333a1a508824c13cc214119510bf7d5898557640606d5edf5da244...
done: 347.589512ms
2. 下载过程中 ingest (下载完成后移至content,并清理 ingest 目录)
注:在上面拉取镜像时可以通过 ctrl+c 中断下载,保持未完成状态,这样可能到下载过程数据断点续传的机制,这也就是 content 服务 ingest 实现
[root@i-ratolcyu ingest]# pwd
/var/lib/containerd/io.containerd.content.v1.content/ingest
[root@i-ratolcyu ingest]# tree
.
└── 640b3de94bbe6f243a26ee8a5ad6edc21997868a961280068a6d48e9504106b6├── data├── ref├── startedat├── total└── updated
1 directory, 5 files
3. 下载完后 content 内容
[root@i-ratolcyu sha256]# pwd
/var/lib/containerd/io.containerd.content.v1.content/blobs/sha256
[root@i-ratolcyu sha256]# ls -alh
总用量 7.3M
drwxr-xr-x 2 root root 4.0K 8月 17 15:52 .
drwxr-xr-x 3 root root 4.0K 5月 25 17:33 ..
-r--r--r-- 1 root root 8.6K 8月 17 15:52 09b2eb12555fd1a51a97f9231f7edefd4e242af42cc6ce73fc94a4fd2014bf1e # config-sha256
-r--r--r-- 1 root root 492 8月 17 15:52 193bc4296e28af74c271e70ffc4456f2f2e39972dd7912dff5a0b542d8f2c3a4 # layer-sha256
-r--r--r-- 1 root root 631 8月 17 15:52 30cf39878add9b76abdfccd79b79d1eb76629f7eca924822f6b68df9735a9f00 # layer-sha256
-r--r--r-- 1 root root 1.2K 8月 17 15:52 6a88bc1398333a1a508824c13cc214119510bf7d5898557640606d5edf5da244 # manifest-sha256
-r--r--r-- 1 root root 1.9M 8月 17 15:52 ab14e39f58e6d8ba465d2bb577a82a750ec0bcd2342b380920f9e7f307be3c4f # layer-sha256
-r--r--r-- 1 root root 4.6M 8月 17 15:52 b719aad0065e54869664cc345032763a5ef015431b4b712c55c26d591d2a2281 # layer-sha256# layer tar files
[root@i-ratolcyu sha256]# file b719aad0065e54869664cc345032763a5ef015431b4b712c55c26d591d2a2281
b719aad0065e54869664cc345032763a5ef015431b4b712c55c26d591d2a2281: gzip compressed data
4. 查看metadb元数据库信息
[~ io.containerd.metadata.v1.bolt]# pwd
/var/lib/containerd/io.containerd.metadata.v1.bolt
[~ io.containerd.metadata.v1.bolt]# ls
meta.db# 查看工具 boltbrowser
===============================================================================================|- v1 | - default | + containers | - content |- blob |+ sha256:09b2eb12555fd1a51a97f9231f7edefd4e242af42cc6ce73fc94a4fd2014bf1e |+ sha256:193bc4296e28af74c271e70ffc4456f2f2e39972dd7912dff5a0b542d8f2c3a4 |+ sha256:30cf39878add9b76abdfccd79b79d1eb76629f7eca924822f6b68df9735a9f00 |+ sha256:6a88bc1398333a1a508824c13cc214119510bf7d5898557640606d5edf5da244 |+ sha256:ab14e39f58e6d8ba465d2bb577a82a750ec0bcd2342b380920f9e7f307be3c4f |+ sha256:b719aad0065e54869664cc345032763a5ef015431b4b712c55c26d591d2a2281 |+ ingests |- images |- daocloud.io/library/nginx:1.12.0-alpine |- target |digest: sha256:6a88bc1398333a1a508824c13cc214119510bf7d5898557640606d5edf5da244 | # manifest-sha256mediatype: application/vnd.docker.distribution.manifest.v2+json |size: 8212 |createdat: 010000000ed8ad61c714c53555ffff |updatedat: 010000000ed8ad61c714c53555ffff |+ leases |+ snapshots |version: 06
5. 镜像层的应用,解压至 snapshot 文件系统
#查看镜像config配置文件 ( 获取关于layer 文件chain_IDs)
[root@i-ratolcyu sha256]# cat 09b2eb12555fd1a51a97f9231f7edefd4e242af42cc6ce73fc94a4fd2014bf1e
{…… 略
"rootfs”:{"type":"layers”,"diff_ids":["sha256:040fd7841192c4f283485d5c7817f4508a774a8fabef8fc265c87f4d2a2ae635”, # layer 文件chain_IDs, sha256sum计算方式,可扩展学习本文最后"sha256:613b41d784fd502fed68d437a35318388828394a9d099dbdac24d4162c79c172","sha256:9854154a6906e0b692131dd23c739a70ef376e32c89a79bc3adb0039c4529355","sha256:96c62e4b6ca4c84a1dc877e7a93408ce41e9d0b25d276d8703ac689e95fbb842"]}
}
# 查看 layers 父子关系链
[root@i-ratolcyu ~]# ctr snapshot treesha256:040fd7841192c4f283485d5c7817f4508a774a8fabef8fc265c87f4d2a2ae635\_ sha256:7ce319e17b0b70ff9abdff5a32d9442a1218f9fd5d38432a9818426577d3836e\_ sha256:5e8742c74622849e0886659428fb6b295edb5e8a3d0808b85b390e62e8c2a7ca\_ sha256:2c01bb519bed0697c239bcef756503e5fe4f308f5297db3527dd1e2b4df7e14f# 查看snapshot的 metadata.db 元数据库
[~ snapshots]# pwd
/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots
[~ io.containerd.snapshotter.v1.overlayfs]# ls
metadata.db snapshots
===============================================================================================|- v1 | - parents | 010003: default/4/demo_lab | 1c001d: default/56/commit_add02 | 1c001e: default/57/activeLayer0 |1d001f: default/58/activeLayer1 |200021: default/62/sha256:7ce319e17b0b70ff9abdff5a32d9442a1218f9fd5d38432a9818426577d3...|210022: default/64/sha256:5e8742c74622849e0886659428fb6b295edb5e8a3d0808b85b390e62e8c2...|220023: default/66/sha256:2c01bb519bed0697c239bcef756503e5fe4f308f5297db3527dd1e2b4df7...|- snapshots |+ default/2/sha256:d0d0905d7be4eff6a63efe4a38647a679de1e024101f67db4fe4b5736c1... |+ default/4/demo_lab |+ default/48/sha256:5b8c72934dfc08c7d2bd707e93197550f06c0751023dabb3a045b723c5... |+ default/54/commit_add01 |+ default/56/commit_add02 |+ default/57/activeLayer0 |+ default/58/activeLayer1 |+ default/60/sha256:040fd7841192c4f283485d5c7817f4508a774a8fabef8fc265c87f4d2a... |+ default/62/sha256:7ce319e17b0b70ff9abdff5a32d9442a1218f9fd5d38432a9818426577... |+ default/64/sha256:5e8742c74622849e0886659428fb6b295edb5e8a3d0808b85b390e62e8... |+ default/66/sha256:2c01bb519bed0697c239bcef756503e5fe4f308f5297db3527dd1e2b4d... |# 查看 snapshots layers的内容
# 注意此文件目录名在元数据库内为 snapshot 的 id (十六进制)号
[~ snapshots]# pwd
/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots
[~ snapshots]# ls -alh
总用量 52K
drwx------ 13 root root 4.0K 8月 17 15:52 .
drwx------ 3 root root 4.0K 8月 17 16:06 ..
drwx------ 4 root root 4.0K 5月 25 17:33 1
drwx------ 4 root root 4.0K 6月 18 18:39 25
drwx------ 4 root root 4.0K 6月 28 09:40 28
drwx------ 4 root root 4.0K 6月 28 09:41 29
drwx------ 4 root root 4.0K 5月 25 17:53 3
drwx------ 4 root root 4.0K 6月 28 09:59 30
drwx------ 4 root root 4.0K 6月 28 10:01 31
drwx------ 4 root root 4.0K 8月 17 15:52 32
drwx------ 4 root root 4.0K 8月 17 15:52 33
drwx------ 4 root root 4.0K 8月 17 15:52 34
drwx------ 4 root root 4.0K 8月 17 15:52 35[root@i-ratolcyu snapshots]# ls 32
fs work
[root@i-ratolcyu snapshots]# ls 32/fs
bin dev etc home lib media mnt proc root run sbin srv sys tmp usr var
[root@i-ratolcyu snapshots]# ls 33/fs
etc lib tmp usr var
[root@i-ratolcyu snapshots]# ls 34/fs
etc
[root@i-ratolcyu snapshots]# ls 35/fs
etc
6. 当镜像下载后就可以作为容器的基础来运行一个 container ,这样我们可通看文件来查看一下容器的 rootfs
/run/containerd/io.containerd.runtime.v2.task/default/[~]# ls /run/containerd/io.containerd.runtime.v2.task/default/demo_lab/
address config.json init.pid log log.json options.json rootfs runtime work[root@i-ratolcyu containerd]# ls /run/containerd/io.containerd.runtime.v2.task/default/demo_lab/rootfs
bin dev etc home proc root run sys tmp usr var# rootfs通过挂载overlay文件系统实现
[~]# mount | grep /run/containerd/io.containerd.runtime.v2.task/default/demo_lab/rootfs
overlay on /run/containerd/io.containerd.runtime.v2.task/default/demo_lab/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/1/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/3/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/3/work)#底层
[~]# ls /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/1/fs/
bin dev etc home root tmp usr var
#上层
[~]# ls /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/3/fs/
proc root run sys
7. 从镜像的diff_ids计算出chain-id扩展学习
"os": "linux","rootfs": {"type": "layers","diff_ids": ["sha256:c1eac31e742f9787152adeb8d82dbff43882214993210f684a432ec5b8f276ec”, //base_image"sha256:9161a60cc9644083de5cafc67d0efe1d03aeabe6159f1df397dcccf2a049e533","sha256:6872307367a6d0aef099e87420442dc2b75e73244f2e00cd55747e9440e84c09"]}最顶层为 base_image ,作为下一层的 “父”
需要使用 echo -n ,因为默认命令为加上’\n’等字符,计算将出错第一次计算:
#echo -n 'sha256:c1eac31e742f9787152adeb8d82dbff43882214993210f684a432ec5b8f276ec sha256:9161a60cc9644083de5cafc67d0efe1d03aeabe6159f1df397dcccf2a049e533' | sha256sum
318d73f100e4c2697a545df715b171afc9774b7a37944c684a6f67c6c1cd0397 -第二次计算:
# echo -n 'sha256:318d73f100e4c2697a545df715b171afc9774b7a37944c684a6f67c6c1cd0397 sha256:6872307367a6d0aef099e87420442dc2b75e73244f2e00cd55747e9440e84c09' | sha256sum
aa9ec45414d1cfeb999a6755caad9075e263bc591caa89d59e0e488cdfee10d5 -//shasum(parent_chainid diff_id) == chain_id
# echo -n 'sha256:318d73f100e4c2697a545df715b171afc9774b7a37944c684a6f67c6c1cd0397 sha256:6872307367a6d0aef099e87420442dc2b75e73244f2e00cd55747e9440e84c09' | sha256sum
aa9ec45414d1cfeb999a6755caad9075e263bc591caa89d59e0e488cdfee10d5 -
更多推荐
containerd pull过程分析
发布评论