看完源碼后了解從公開的鏡像 repository 上 pull 一個(gè) image 到本地再到作為運(yùn)行一個(gè) containerd rootfs 的全流程,相應(yīng)的除了源碼 debug 這種復(fù)雜的方式外,今天我們從一個(gè)外圍操作層面來分析一下 containerd image pull 的整個(gè)流程(拉取 -> 存儲 -> 容器的文件系統(tǒng)),對于熟悉 image pull 源碼的同學(xué)可以通過此實(shí)現(xiàn)來驗(yàn)證并加深理解祝高,對于不熟源碼的也可以先熟悉操作層面的過程分析戴卜,將來對源碼有興趣學(xué)習(xí)時(shí)更有助于理解代碼實(shí)現(xiàn)邏輯匣掸。廢話少說废膘,直接開干旬薯!
pull 鏡像下載
# 本實(shí)例以一個(gè)nginx鏡像為例癣猾,如何安裝 containerd 可參考我的另外文章
[~]# ctr image pull daocloud.io/library/nginx:1.12.0-alpine
daocloud.io/library/nginx:1.12.0-alpine: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:6a88bc1398333a1a508824c13cc214119510bf7d5898557640606d5edf5da244: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:30cf39878add9b76abdfccd79b79d1eb76629f7eca924822f6b68df9735a9f00: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:09b2eb12555fd1a51a97f9231f7edefd4e242af42cc6ce73fc94a4fd2014bf1e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ab14e39f58e6d8ba465d2bb577a82a750ec0bcd2342b380920f9e7f307be3c4f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b719aad0065e54869664cc345032763a5ef015431b4b712c55c26d591d2a2281: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:193bc4296e28af74c271e70ffc4456f2f2e39972dd7912dff5a0b542d8f2c3a4: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 15.1s total: 5.9 Mi (399.1 KiB/s)
unpacking linux/amd64 sha256:6a88bc1398333a1a508824c13cc214119510bf7d5898557640606d5edf5da244...
done: 347.589512ms
第一步觀察: 下載過程中 ingest (下載完成后移至content,并清理 ingest 目錄)
注:在上面拉取鏡像時(shí)可以通過 ctrl+c 中斷下載敛劝,保持未完成狀態(tài),這樣可能到下載過程數(shù)據(jù)斷點(diǎn)續(xù)傳的機(jī)制煎谍,這也就是 content 服務(wù) ingest 實(shí)現(xiàn)
[root@i-ratolcyu ingest]# pwd
/var/lib/containerd/io.containerd.content.v1.content/ingest
[root@i-ratolcyu ingest]# tree
.
└── 640b3de94bbe6f243a26ee8a5ad6edc21997868a961280068a6d48e9504106b6
├── data
├── ref
├── startedat
├── total
└── updated
1 directory, 5 files
第二步觀察 下載完后 content 內(nèi)容
[root@i-ratolcyu sha256]# pwd
/var/lib/containerd/io.containerd.content.v1.content/blobs/sha256
[root@i-ratolcyu sha256]# ls -alh
總用量 7.3M
drwxr-xr-x 2 root root 4.0K 8月 17 15:52 .
drwxr-xr-x 3 root root 4.0K 5月 25 17:33 ..
-r--r--r-- 1 root root 8.6K 8月 17 15:52 09b2eb12555fd1a51a97f9231f7edefd4e242af42cc6ce73fc94a4fd2014bf1e # config-sha256
-r--r--r-- 1 root root 492 8月 17 15:52 193bc4296e28af74c271e70ffc4456f2f2e39972dd7912dff5a0b542d8f2c3a4 # layer-sha256
-r--r--r-- 1 root root 631 8月 17 15:52 30cf39878add9b76abdfccd79b79d1eb76629f7eca924822f6b68df9735a9f00 # layer-sha256
-r--r--r-- 1 root root 1.2K 8月 17 15:52 6a88bc1398333a1a508824c13cc214119510bf7d5898557640606d5edf5da244 # manifest-sha256
-r--r--r-- 1 root root 1.9M 8月 17 15:52 ab14e39f58e6d8ba465d2bb577a82a750ec0bcd2342b380920f9e7f307be3c4f # layer-sha256
-r--r--r-- 1 root root 4.6M 8月 17 15:52 b719aad0065e54869664cc345032763a5ef015431b4b712c55c26d591d2a2281 # layer-sha256
# layer tar files
[root@i-ratolcyu sha256]# file b719aad0065e54869664cc345032763a5ef015431b4b712c55c26d591d2a2281
b719aad0065e54869664cc345032763a5ef015431b4b712c55c26d591d2a2281: gzip compressed data
查看的 meta.db 元數(shù)據(jù)庫信息
[~ io.containerd.metadata.v1.bolt]# pwd
/var/lib/containerd/io.containerd.metadata.v1.bolt
[~ io.containerd.metadata.v1.bolt]# ls
meta.db
# 查看工具 boltbrowser
===============================================================================================|
- v1 |
- default |
+ containers |
- content |
- blob |
+ sha256:09b2eb12555fd1a51a97f9231f7edefd4e242af42cc6ce73fc94a4fd2014bf1e |
+ sha256:193bc4296e28af74c271e70ffc4456f2f2e39972dd7912dff5a0b542d8f2c3a4 |
+ sha256:30cf39878add9b76abdfccd79b79d1eb76629f7eca924822f6b68df9735a9f00 |
+ sha256:6a88bc1398333a1a508824c13cc214119510bf7d5898557640606d5edf5da244 |
+ sha256:ab14e39f58e6d8ba465d2bb577a82a750ec0bcd2342b380920f9e7f307be3c4f |
+ sha256:b719aad0065e54869664cc345032763a5ef015431b4b712c55c26d591d2a2281 |
+ ingests |
- images |
- daocloud.io/library/nginx:1.12.0-alpine |
- target |
digest: sha256:6a88bc1398333a1a508824c13cc214119510bf7d5898557640606d5edf5da244 | # manifest-sha256
mediatype: application/vnd.docker.distribution.manifest.v2+json |
size: 8212 |
createdat: 010000000ed8ad61c714c53555ffff |
updatedat: 010000000ed8ad61c714c53555ffff |
+ leases |
+ snapshots |
version: 06 |
第三步觀察 鏡像層的應(yīng)用攘蔽,解壓至 snapshot 文件系統(tǒng)
#查看鏡像config配置文件 ( 獲取關(guān)于layer 文件chain_IDs)
[root@i-ratolcyu sha256]# cat 09b2eb12555fd1a51a97f9231f7edefd4e242af42cc6ce73fc94a4fd2014bf1e
{…
… 略
"rootfs”:{
"type":"layers”,
"diff_ids":["sha256:040fd7841192c4f283485d5c7817f4508a774a8fabef8fc265c87f4d2a2ae635”, # layer 文件chain_IDs, sha256sum計(jì)算方式,可擴(kuò)展學(xué)習(xí)本文最后
"sha256:613b41d784fd502fed68d437a35318388828394a9d099dbdac24d4162c79c172",
"sha256:9854154a6906e0b692131dd23c739a70ef376e32c89a79bc3adb0039c4529355",
"sha256:96c62e4b6ca4c84a1dc877e7a93408ce41e9d0b25d276d8703ac689e95fbb842"]
}
}
# 查看 layers 父子關(guān)系鏈
[root@i-ratolcyu ~]# ctr snapshot tree
sha256:040fd7841192c4f283485d5c7817f4508a774a8fabef8fc265c87f4d2a2ae635
\_ sha256:7ce319e17b0b70ff9abdff5a32d9442a1218f9fd5d38432a9818426577d3836e
\_ sha256:5e8742c74622849e0886659428fb6b295edb5e8a3d0808b85b390e62e8c2a7ca
\_ sha256:2c01bb519bed0697c239bcef756503e5fe4f308f5297db3527dd1e2b4df7e14f
# 查看snapshot的 metadata.db 元數(shù)據(jù)庫
[~ snapshots]# pwd
/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots
[~ io.containerd.snapshotter.v1.overlayfs]# ls
metadata.db snapshots
===============================================================================================|
- v1 |
- parents |
010003: default/4/demo_lab |
1c001d: default/56/commit_add02 |
1c001e: default/57/activeLayer0 |
1d001f: default/58/activeLayer1 |
200021: default/62/sha256:7ce319e17b0b70ff9abdff5a32d9442a1218f9fd5d38432a9818426577d3...|
210022: default/64/sha256:5e8742c74622849e0886659428fb6b295edb5e8a3d0808b85b390e62e8c2...|
220023: default/66/sha256:2c01bb519bed0697c239bcef756503e5fe4f308f5297db3527dd1e2b4df7...|
- snapshots |
+ default/2/sha256:d0d0905d7be4eff6a63efe4a38647a679de1e024101f67db4fe4b5736c1... |
+ default/4/demo_lab |
+ default/48/sha256:5b8c72934dfc08c7d2bd707e93197550f06c0751023dabb3a045b723c5... |
+ default/54/commit_add01 |
+ default/56/commit_add02 |
+ default/57/activeLayer0 |
+ default/58/activeLayer1 |
+ default/60/sha256:040fd7841192c4f283485d5c7817f4508a774a8fabef8fc265c87f4d2a... |
+ default/62/sha256:7ce319e17b0b70ff9abdff5a32d9442a1218f9fd5d38432a9818426577... |
+ default/64/sha256:5e8742c74622849e0886659428fb6b295edb5e8a3d0808b85b390e62e8... |
+ default/66/sha256:2c01bb519bed0697c239bcef756503e5fe4f308f5297db3527dd1e2b4d... |
|
|
# 查看 snapshots layers的內(nèi)容
# 注意此文件目錄名在元數(shù)據(jù)庫內(nèi)為 snapshot 的 id (十六進(jìn)制)號
[~ snapshots]# pwd
/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots
[~ snapshots]# ls -alh
總用量 52K
drwx------ 13 root root 4.0K 8月 17 15:52 .
drwx------ 3 root root 4.0K 8月 17 16:06 ..
drwx------ 4 root root 4.0K 5月 25 17:33 1
drwx------ 4 root root 4.0K 6月 18 18:39 25
drwx------ 4 root root 4.0K 6月 28 09:40 28
drwx------ 4 root root 4.0K 6月 28 09:41 29
drwx------ 4 root root 4.0K 5月 25 17:53 3
drwx------ 4 root root 4.0K 6月 28 09:59 30
drwx------ 4 root root 4.0K 6月 28 10:01 31
drwx------ 4 root root 4.0K 8月 17 15:52 32
drwx------ 4 root root 4.0K 8月 17 15:52 33
drwx------ 4 root root 4.0K 8月 17 15:52 34
drwx------ 4 root root 4.0K 8月 17 15:52 35
[root@i-ratolcyu snapshots]# ls 32
fs work
[root@i-ratolcyu snapshots]# ls 32/fs
bin dev etc home lib media mnt proc root run sbin srv sys tmp usr var
[root@i-ratolcyu snapshots]# ls 33/fs
etc lib tmp usr var
[root@i-ratolcyu snapshots]# ls 34/fs
etc
[root@i-ratolcyu snapshots]# ls 35/fs
etc
最后 當(dāng)鏡像下載后就可以作為容器的基礎(chǔ)來運(yùn)行一個(gè) container ,這樣我們可通看文件來查看一下容器的 rootfs
/run/containerd/io.containerd.runtime.v2.task/default/
[~]# ls /run/containerd/io.containerd.runtime.v2.task/default/demo_lab/
address config.json init.pid log log.json options.json rootfs runtime work
[root@i-ratolcyu containerd]# ls /run/containerd/io.containerd.runtime.v2.task/default/demo_lab/rootfs
bin dev etc home proc root run sys tmp usr var
# rootfs通過掛載overlay文件系統(tǒng)實(shí)現(xiàn)
[~]# mount | grep /run/containerd/io.containerd.runtime.v2.task/default/demo_lab/rootfs
overlay on /run/containerd/io.containerd.runtime.v2.task/default/demo_lab/rootfs type overlay (rw,relatime,lowerdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/1/fs,upperdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/3/fs,workdir=/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/3/work)
#底層
[~]# ls /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/1/fs/
bin dev etc home root tmp usr var
#上層
[~]# ls /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/3/fs/
proc root run sys
附 從鏡像的diff_ids計(jì)算出chain-id擴(kuò)展學(xué)習(xí)
"os": "linux",
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:c1eac31e742f9787152adeb8d82dbff43882214993210f684a432ec5b8f276ec”, //base_image
"sha256:9161a60cc9644083de5cafc67d0efe1d03aeabe6159f1df397dcccf2a049e533",
"sha256:6872307367a6d0aef099e87420442dc2b75e73244f2e00cd55747e9440e84c09"
]
}
最頂層為 base_image 呐粘,作為下一層的 “父”
需要使用 echo -n 满俗,因?yàn)槟J(rèn)命令為加上’\n’等字符,計(jì)算將出錯(cuò)
第一次計(jì)算:
#echo -n 'sha256:c1eac31e742f9787152adeb8d82dbff43882214993210f684a432ec5b8f276ec sha256:9161a60cc9644083de5cafc67d0efe1d03aeabe6159f1df397dcccf2a049e533' | sha256sum
318d73f100e4c2697a545df715b171afc9774b7a37944c684a6f67c6c1cd0397 -
第二次計(jì)算:
# echo -n 'sha256:318d73f100e4c2697a545df715b171afc9774b7a37944c684a6f67c6c1cd0397 sha256:6872307367a6d0aef099e87420442dc2b75e73244f2e00cd55747e9440e84c09' | sha256sum
aa9ec45414d1cfeb999a6755caad9075e263bc591caa89d59e0e488cdfee10d5 -
//shasum(parent_chainid diff_id) == chain_id
# echo -n 'sha256:318d73f100e4c2697a545df715b171afc9774b7a37944c684a6f67c6c1cd0397 sha256:6872307367a6d0aef099e87420442dc2b75e73244f2e00cd55747e9440e84c09' | sha256sum
aa9ec45414d1cfeb999a6755caad9075e263bc591caa89d59e0e488cdfee10d5 -
~~Finish~~
