【containerd】(202407) 05.containerd核心组件解析

第7章 containerd核心组件解析

7.2 containerd API和core

7.2.1 GRPC API

不同于nerdctl和crictl,ctr提供的基本是containerd GRPC接口的原生能力。

containerd GRPC API的定义在目录containerd\api\services

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
[root@ubuntu-22 open-source]# ctr -h
NAME:
   ctr - 
        __
  _____/ /______
 / ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/

containerd CLI


USAGE:
   ctr [global options] command [command options] [arguments...]

VERSION:
   v1.7.18

DESCRIPTION:
   
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.

COMMANDS:
   plugins, plugin            Provides information about containerd plugins
   version                    Print the client and server versions
   containers, c, container   Manage containers
   content                    Manage content
   events, event              Display containerd events
   images, image, i           Manage images
   leases                     Manage leases
   namespaces, namespace, ns  Manage namespaces
   pprof                      Provide golang pprof outputs for containerd
   run                        Run a container
   snapshots, snapshot        Manage snapshots
   tasks, t, task             Manage tasks
   install                    Install a new package
   oci                        OCI tools
   sandboxes, sandbox, sb, s  Manage sandboxes
   info                       Print the server info
   deprecations               
   shim                       Interact with a shim directly
   help, h                    Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --debug                      Enable debug output in logs
   --address value, -a value    Address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
   --timeout value              Total timeout for ctr commands (default: 0s)
   --connect-timeout value      Timeout for connecting to containerd (default: 0s)
   --namespace value, -n value  Namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
   --help, -h                   show help
   --version, -v                print the version

container

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[root@ubuntu-22 open-source]# ctr container -h
NAME:
   ctr containers - Manage containers

USAGE:
   ctr containers command [command options] [arguments...]

COMMANDS:
   create                   Create container
   delete, del, remove, rm  Delete one or more existing containers
   info                     Get info about a container
   list, ls                 List containers
   label                    Set and clear labels for a container
   checkpoint               Checkpoint a container
   restore                  Restore a container from checkpoint

OPTIONS:
   --help, -h  show help
   
[root@ubuntu-22 open-source]# 
[root@ubuntu-22 open-source]# ctr c -h
NAME:
   ctr containers - Manage containers

USAGE:
   ctr containers command [command options] [arguments...]

COMMANDS:
   create                   Create container
   delete, del, remove, rm  Delete one or more existing containers
   info                     Get info about a container
   list, ls                 List containers
   label                    Set and clear labels for a container
   checkpoint               Checkpoint a container
   restore                  Restore a container from checkpoint

OPTIONS:
   --help, -h  show help

content

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@ubuntu-22 open-source]# ctr content -h
NAME:
   ctr content - Manage content

USAGE:
   ctr content command [command options] [arguments...]

COMMANDS:
   active                   Display active transfers
   delete, del, remove, rm  Permanently delete one or more blobs
   edit                     Edit a blob and return a new digest
   fetch                    Fetch all content for an image into containerd
   fetch-object             Retrieve objects from a remote
   fetch-blob               Retrieve blobs from a remote
   get                      Get the data for an object
   ingest                   Accept content into the store
   list, ls                 List all blobs in the store
   push-object              Push an object to a remote
   label                    Add labels to content
   prune                    Prunes content from the content store

OPTIONS:
   --help, -h  show help
   
[root@ubuntu-22 open-source]#

diff

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@ubuntu-22 open-source]# ctr snapshots diff -h
NAME:
   ctr snapshots diff - Get the diff of two snapshots. the default second snapshot is the first snapshot's parent.

USAGE:
   ctr snapshots diff [command options] [flags] <idA> [<idB>]

OPTIONS:
   --media-type value  Media type to use for creating diff (default: "application/vnd.oci.image.layer.v1.tar+gzip")
   --ref value         Content upload reference to use
   --keep              Keep diff content. up to creator to delete it.
   --label value       Labels to attach to the image
   
[root@ubuntu-22 open-source]# 
[root@ubuntu-22 open-source]#

event

1
2
3
4
5
6
7
[root@ubuntu-22 open-source]# ctr event -h
NAME:
   ctr events - Display containerd events

USAGE:
   ctr events [arguments...]
[root@ubuntu-22 open-source]#

image

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@ubuntu-22 ~]# ctr image -h
NAME:
   ctr images - Manage images

USAGE:
   ctr images command [command options] [arguments...]

COMMANDS:
   check                    Check existing images to ensure all content is available locally
   export                   Export images
   import                   Import images
   list, ls                 List images known to containerd
   mount                    Mount an image to a target path
   unmount                  Unmount the image from the target
   pull                     Pull an image from a remote
   push                     Push an image to a remote
   prune                    Remove unused images
   delete, del, remove, rm  Remove one or more images by reference
   tag                      Tag an image
   label                    Set and clear labels for an image
   convert                  Convert an image
   usage                    Display usage of snapshots for a given image ref

OPTIONS:
   --help, -h  show help

introspection

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@ubuntu-22 ~]# ctr info
{
    "server": {
        "uuid": "64bd2d8f-d225-40aa-82fd-874a0a06032b",
        "pid": 939,
        "pidns": 4026531836
    }
}
[root@ubuntu-22 ~]# 
[root@ubuntu-22 ~]# ps -ef |grep 939
root         939       1  0 20:48 ?        00:00:00 /usr/local/bin/containerd
root        3492    2363  0 20:50 pts/0    00:00:00 grep --color=auto 939
[root@ubuntu-22 ~]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
[root@ubuntu-22 ~]# ctr plugin ls
TYPE                                   ID                       PLATFORMS      STATUS    
io.containerd.snapshotter.v1           aufs                     linux/amd64    skip      
io.containerd.event.v1                 exchange                 -              ok        
io.containerd.internal.v1              opt                      -              ok        
io.containerd.warning.v1               deprecations             -              ok        
io.containerd.snapshotter.v1           blockfile                linux/amd64    skip      
io.containerd.snapshotter.v1           btrfs                    linux/amd64    skip      
io.containerd.snapshotter.v1           devmapper                linux/amd64    error     
io.containerd.snapshotter.v1           native                   linux/amd64    ok        
io.containerd.snapshotter.v1           overlayfs                linux/amd64    ok        
io.containerd.snapshotter.v1           zfs                      linux/amd64    skip      
io.containerd.content.v1               content                  -              ok        
io.containerd.metadata.v1              bolt                     -              ok        
io.containerd.gc.v1                    scheduler                -              ok        
io.containerd.differ.v1                walking                  linux/amd64    ok        
io.containerd.lease.v1                 manager                  -              ok        
io.containerd.streaming.v1             manager                  -              ok        
io.containerd.runtime.v1               linux                    linux/amd64    ok        
io.containerd.monitor.v1               cgroups                  linux/amd64    ok        
io.containerd.runtime.v2               task                     linux/amd64    ok        
io.containerd.runtime.v2               shim                     -              ok        
io.containerd.sandbox.store.v1         local                    -              ok        
io.containerd.sandbox.controller.v1    local                    -              ok        
io.containerd.service.v1               containers-service       -              ok        
io.containerd.service.v1               content-service          -              ok        
io.containerd.service.v1               diff-service             -              ok        
io.containerd.service.v1               images-service           -              ok        
io.containerd.service.v1               introspection-service    -              ok        
io.containerd.service.v1               namespaces-service       -              ok        
io.containerd.service.v1               snapshots-service        -              ok        
io.containerd.service.v1               tasks-service            -              ok        
io.containerd.grpc.v1                  containers               -              ok        
io.containerd.grpc.v1                  content                  -              ok        
io.containerd.grpc.v1                  diff                     -              ok        
io.containerd.grpc.v1                  events                   -              ok        
io.containerd.grpc.v1                  images                   -              ok        
io.containerd.grpc.v1                  introspection            -              ok        
io.containerd.grpc.v1                  leases                   -              ok        
io.containerd.grpc.v1                  namespaces               -              ok        
io.containerd.grpc.v1                  sandbox-controllers      -              ok        
io.containerd.grpc.v1                  sandboxes                -              ok        
io.containerd.grpc.v1                  snapshots                -              ok        
io.containerd.grpc.v1                  streaming                -              ok        
io.containerd.grpc.v1                  tasks                    -              ok        
io.containerd.transfer.v1              local                    -              ok        
io.containerd.grpc.v1                  transfer                 -              ok        
io.containerd.grpc.v1                  version                  -              ok        
io.containerd.internal.v1              restart                  -              ok        
io.containerd.tracing.processor.v1     otlp                     -              skip      
io.containerd.internal.v1              tracing                  -              skip      
io.containerd.grpc.v1                  healthcheck              -              ok        
io.containerd.nri.v1                   nri                      -              ok        
io.containerd.grpc.v1                  cri                      linux/amd64    ok        
[root@ubuntu-22 ~]#

leases

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@ubuntu-22 ~]# ctr leases -h
NAME:
   ctr leases - Manage leases

USAGE:
   ctr leases command [command options] [arguments...]

COMMANDS:
   list, ls                 List all active leases
   create                   Create lease
   delete, del, remove, rm  Delete a lease

OPTIONS:
   --help, -h  show help

namespace

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@ubuntu-22 ~]# ctr ns -h
NAME:
   ctr namespaces - Manage namespaces

USAGE:
   ctr namespaces command [command options] [arguments...]

COMMANDS:
   create, c   Create a new namespace
   list, ls    List namespaces
   remove, rm  Remove one or more namespaces
   label       Set and clear labels for a namespace

OPTIONS:
   --help, -h  show help
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@ubuntu-22 ~]# ctr namespace -h
NAME:
   ctr namespaces - Manage namespaces

USAGE:
   ctr namespaces command [command options] [arguments...]

COMMANDS:
   create, c   Create a new namespace
   list, ls    List namespaces
   remove, rm  Remove one or more namespaces
   label       Set and clear labels for a namespace

OPTIONS:
   --help, -h  show help

sandbox

参考:https://github.com/containerd/containerd/issues/7739

snapshot

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
NAME:
   ctr snapshots - Manage snapshots

USAGE:
   ctr snapshots command [command options] [arguments...]

COMMANDS:
   commit                   Commit an active snapshot into the provided name
   diff                     Get the diff of two snapshots. the default second snapshot is the first snapshot's parent.
   info                     Get info about a snapshot
   list, ls                 List snapshots
   mounts, m, mount         Mount gets mount commands for the snapshots
   prepare                  Prepare a snapshot from a committed snapshot
   delete, del, remove, rm  Remove snapshots
   label                    Add labels to content
   tree                     Display tree view of snapshot branches
   unpack                   Unpack applies layers from a manifest to a snapshot
   usage                    Usage snapshots
   view                     Create a read-only snapshot from a committed snapshot

OPTIONS:
   --snapshotter value  Snapshotter name. Empty value stands for the default value. [$CONTAINERD_SNAPSHOTTER]
   --help, -h           show help

task

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@ubuntu-22 ~]# ctr t -h
NAME:
   ctr tasks - Manage tasks

USAGE:
   ctr tasks command [command options] [arguments...]

COMMANDS:
   attach                   Attach to the IO of a running container
   checkpoint               Checkpoint a container
   delete, del, remove, rm  Delete one or more tasks
   exec                     Execute additional processes in an existing container
   list, ls                 List tasks
   kill                     Signal a container (default: SIGTERM)
   metrics, metric          Get a single data point of metrics for a task with the built-in Linux runtime
   pause                    Pause an existing container
   ps                       List processes for container
   resume                   Resume a paused container
   start                    Start a container that has been created

OPTIONS:
   --help, -h  show help
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@ubuntu-22 ~]# ctr task -h
NAME:
   ctr tasks - Manage tasks

USAGE:
   ctr tasks command [command options] [arguments...]

COMMANDS:
   attach                   Attach to the IO of a running container
   checkpoint               Checkpoint a container
   delete, del, remove, rm  Delete one or more tasks
   exec                     Execute additional processes in an existing container
   list, ls                 List tasks
   kill                     Signal a container (default: SIGTERM)
   metrics, metric          Get a single data point of metrics for a task with the built-in Linux runtime
   pause                    Pause an existing container
   ps                       List processes for container
   resume                   Resume a paused container
   start                    Start a container that has been created

OPTIONS:
   --help, -h  show help

tranfer & streaming

演进中、

version

返回containerd的版本号

1
2
3
4
5
6
7
8
9
10
[root@ubuntu-22 ~]# ctr version
Client:
  Version:  v1.7.18
  Revision: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
  Go version: go1.21.11

Server:
  Version:  v1.7.18
  Revision: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
  UUID: 64bd2d8f-d225-40aa-82fd-874a0a06032b
1
2
[root@ubuntu-22 ~]# containerd -v
containerd github.com/containerd/containerd v1.7.18 ae71819c4f5e67bb4d5ae76a6b735f29cc25774e

7.2.2 Services

containerd中的Service注册的两种插件如下:

  • Service Plugins:即io.containerd.service.v1,用于内部微服务之间相互调用,调用方式为函数调用。
  • GRPC Plugins:即io.containerd.grpc.v1,用于对外提供服务,通过grpc服务接口进行调用。
1
2
3
4
5
6
7
8
9
10
[root@ubuntu-22 ~]# ctr version
Client:
  Version:  v1.7.18
  Revision: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
  Go version: go1.21.11

Server:
  Version:  v1.7.18
  Revision: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
  UUID: 64bd2d8f-d225-40aa-82fd-874a0a06032b
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
[root@ubuntu-22 ~]# ctr plugin ls
TYPE                                   ID                       PLATFORMS      STATUS    
io.containerd.snapshotter.v1           aufs                     linux/amd64    skip      
io.containerd.event.v1                 exchange                 -              ok        
io.containerd.internal.v1              opt                      -              ok        
io.containerd.warning.v1               deprecations             -              ok        
io.containerd.snapshotter.v1           blockfile                linux/amd64    skip      
io.containerd.snapshotter.v1           btrfs                    linux/amd64    skip      
io.containerd.snapshotter.v1           devmapper                linux/amd64    error     
io.containerd.snapshotter.v1           native                   linux/amd64    ok        
io.containerd.snapshotter.v1           overlayfs                linux/amd64    ok        
io.containerd.snapshotter.v1           zfs                      linux/amd64    skip      
io.containerd.content.v1               content                  -              ok        
io.containerd.metadata.v1              bolt                     -              ok        
io.containerd.gc.v1                    scheduler                -              ok        
io.containerd.differ.v1                walking                  linux/amd64    ok        
io.containerd.lease.v1                 manager                  -              ok        
io.containerd.streaming.v1             manager                  -              ok        
io.containerd.runtime.v1               linux                    linux/amd64    ok        
io.containerd.monitor.v1               cgroups                  linux/amd64    ok        
io.containerd.runtime.v2               task                     linux/amd64    ok        
io.containerd.runtime.v2               shim                     -              ok        
io.containerd.sandbox.store.v1         local                    -              ok        
io.containerd.sandbox.controller.v1    local                    -              ok        
io.containerd.service.v1               containers-service       -              ok        
io.containerd.service.v1               content-service          -              ok        
io.containerd.service.v1               diff-service             -              ok        
io.containerd.service.v1               images-service           -              ok        
io.containerd.service.v1               introspection-service    -              ok        
io.containerd.service.v1               namespaces-service       -              ok        
io.containerd.service.v1               snapshots-service        -              ok        
io.containerd.service.v1               tasks-service            -              ok        
io.containerd.grpc.v1                  containers               -              ok        
io.containerd.grpc.v1                  content                  -              ok        
io.containerd.grpc.v1                  diff                     -              ok        
io.containerd.grpc.v1                  events                   -              ok        
io.containerd.grpc.v1                  images                   -              ok        
io.containerd.grpc.v1                  introspection            -              ok        
io.containerd.grpc.v1                  leases                   -              ok        
io.containerd.grpc.v1                  namespaces               -              ok        
io.containerd.grpc.v1                  sandbox-controllers      -              ok        
io.containerd.grpc.v1                  sandboxes                -              ok        
io.containerd.grpc.v1                  snapshots                -              ok        
io.containerd.grpc.v1                  streaming                -              ok        
io.containerd.grpc.v1                  tasks                    -              ok        
io.containerd.transfer.v1              local                    -              ok        
io.containerd.grpc.v1                  transfer                 -              ok        
io.containerd.grpc.v1                  version                  -              ok        
io.containerd.internal.v1              restart                  -              ok        
io.containerd.tracing.processor.v1     otlp                     -              skip      
io.containerd.internal.v1              tracing                  -              skip      
io.containerd.grpc.v1                  healthcheck              -              ok        
io.containerd.nri.v1                   nri                      -              ok        
io.containerd.grpc.v1                  cri                      linux/amd64    ok        
[root@ubuntu-22 ~]# 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@ubuntu-22 ~]# ctr plugin ls |grep io.containerd.service.v1
io.containerd.service.v1               containers-service       -              ok        
io.containerd.service.v1               content-service          -              ok        
io.containerd.service.v1               diff-service             -              ok        
io.containerd.service.v1               images-service           -              ok        
io.containerd.service.v1               introspection-service    -              ok        
io.containerd.service.v1               namespaces-service       -              ok        
io.containerd.service.v1               snapshots-service        -              ok        
io.containerd.service.v1               tasks-service            -              ok        
[root@ubuntu-22 ~]# 
[root@ubuntu-22 ~]# 
[root@ubuntu-22 ~]# ctr plugin ls |grep io.containerd.grpc.v1
io.containerd.grpc.v1                  containers               -              ok        
io.containerd.grpc.v1                  content                  -              ok        
io.containerd.grpc.v1                  diff                     -              ok        
io.containerd.grpc.v1                  events                   -              ok        
io.containerd.grpc.v1                  images                   -              ok        
io.containerd.grpc.v1                  introspection            -              ok        
io.containerd.grpc.v1                  leases                   -              ok        
io.containerd.grpc.v1                  namespaces               -              ok        
io.containerd.grpc.v1                  sandbox-controllers      -              ok        
io.containerd.grpc.v1                  sandboxes                -              ok        
io.containerd.grpc.v1                  snapshots                -              ok        
io.containerd.grpc.v1                  streaming                -              ok        
io.containerd.grpc.v1                  tasks                    -              ok        
io.containerd.grpc.v1                  transfer                 -              ok        
io.containerd.grpc.v1                  version                  -              ok        
io.containerd.grpc.v1                  healthcheck              -              ok        
io.containerd.grpc.v1                  cri                      linux/amd64    ok

7.2.3 Metadata

Metadata层为数据库层。containerd中的底层元数据的存储采用了boltdb开源数据库。

metadata在宿主机上保存的路径为 /var/lib/containerd/io.containerd.metadata.v1.bolt/meta.db

containerd中的boltdb schema数据结构可以参考 https://github.com/containerd/containerd/blob/main/core/metadata/buckets.go

boltbrowser是一款开源的boltdb数据库浏览器。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
[root@ubuntu-22 ~]# git clone https://github.com/br0xen/boltbrowser.git
Cloning into 'boltbrowser'...
remote: Enumerating objects: 678, done.
remote: Counting objects: 100% (58/58), done.
remote: Compressing objects: 100% (37/37), done.
remote: Total 678 (delta 29), reused 42 (delta 21), pack-reused 620
Receiving objects: 100% (678/678), 2.68 MiB | 6.01 MiB/s, done.
Resolving deltas: 100% (326/326), done.
[root@ubuntu-22 ~]# 
[root@ubuntu-22 ~]# cd boltbrowser/
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# go build
go: downloading github.com/br0xen/termbox-util v0.0.0-20170904143325-de1d4c83380e
go: downloading github.com/nsf/termbox-go v1.1.1
go: downloading go.etcd.io/bbolt v1.3.7
go: downloading github.com/mattn/go-runewidth v0.0.9
go: downloading golang.org/x/sys v0.8.0
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# ll /var/lib/containerd/io.containerd.metadata.v1.bolt/
total 196
drwx--x--x  2 root root   4096  4月 13 08:13 ./
drwx--x--x 12 root root   4096  7月  8 20:07 ../
-rw-r--r--  1 root root 262144  7月 24 21:25 meta.db
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# boltbrowser /var/lib/containerd/io.containerd.metadata.v1.bolt/meta.db 
boltbrowser: command not found
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# ls
boltbrowser    build      go.mod  LICENSE  mainloop.go          README.md        screen_browser.go  stringify.go
bolt_model.go  cursor.go  go.sum  main.go  mainloop_windows.go  screen_about.go  screen.go          style.go
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# ./boltbrowser /var/lib/containerd/io.containerd.metadata.v1.bolt/meta.db 
File /var/lib/containerd/io.containerd.metadata.v1.bolt/meta.db is locked. Make sure it's not used by another app and try again
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# systemctl stop contaienrd
Failed to stop contaienrd.service: Unit contaienrd.service not loaded.
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# systemctl stop containerd
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# 
[root@ubuntu-22 boltbrowser]# ./boltbrowser /var/lib/containerd/io.containerd.metadata.v1.bolt/meta.db 
                                                           boltbrowser: /var/lib/containerd/io.containerd.metadata.v1.bolt/meta.db                                                          
==============================================================================================|=============================================================================================
  - v1                                                                                        | Path: v1 → moby → content → blob → sha256:073c978f17eedaee7fb0d36636e1baa2ffdb6a2b5af2e458c9
    - moby                                                                                    | Buckets: 1                                                                                  
      - containers                                                                            | Pairs: 3                                                                                    
        - 42caca363f947a391bb6a3606cfd29a1fe59ed9b90ad043d8b4e8c5c0a7cf2f9                    |                                                                                             
          - labels                                                                            |                                                                                             
            com.docker/engine.bundle.path: /var/run/docker/containerd/42caca363f947a391bb6a360|                                                                                             
          - runtime                                                                           |                                                                                             
            name: io.containerd.runc.v2                                                       |                                                                                             
            options: 0a1a636f6e7461696e6572642e72756e632e76312e4f7074696f6e731226320472756e633|                                                                                             
          createdat: 010000000ede1dc4b4310e554fffff                                           |                                                                                             
          image:                                                                              |                                                                                             
          snapshotKey:                                                                        |                                                                                             
          snapshotter:                                                                        |                                                                                             
          spec: 0a3674797065732e636f6e7461696e6572642e696f2f6f70656e636f6e7461696e6572732f7275|                                                                                             
          updatedat: 010000000ede1dc4b4310e554fffff                                           |                                                                                             
      - content                                                                               |                                                                                             
        - blob                                                                                |                                                                                             
          - sha256:03b30c6a3c320ff172b52bd68eddffde6ded08ce47e650fe52de861c5e9df46d           |                                                                                             
            - labels                                                                          |                                                                                             
              containerd.io/distribution.source.docker.io: library/hello-world                |                                                                                             
            createdat: 010000000eddabc5443894fe6cffff                                         |                                                                                             
            size: 84a001                                                                      |                                                                                             
            updatedat: 010000000eddabc5443894fe6cffff                                         |                                                                                             
          + sha256:073c978f17eedaee7fb0d36636e1baa2ffdb6a2b5af2e458c9612a85ad06ea5d           |                                                                                             
          + sha256:16edc9559472f368b71e0f19a575e71080f2251f6693e7d560e21cc6472f7da6           |                                                                                             
          + sha256:33c69a810cc314b55c9e1e218ab9eb1b39034b28b023234854f093a207a87154           |                                                                                             
          + sha256:74f634b1bc1bd74535d5209589734efbd44a25f4e2dc96d78784576a3eb5b335           |                                                                                             
          + sha256:796dd77ab5223837579b323c961197514e9b5e37e99babbf51f9bb2ba1dbdcc8           |                                                                                             
          + sha256:8b08414b805beb7a1440493aa6e8cecd4729c536e8f9adc2d26514051bc31422           |                                                                                             
          + sha256:e2fc4e5012d16e7fe466f5291c476431beaa1f9b90a5c2125b493ed28e2aba57           |                                                                                             
          + sha256:e31c3b1cd47718260e1b6163af0a05b3c428dc01fa410baf72ca8b8076e22e72           |                                                                                             
          + sha256:ee08ce572c81dd90a3fbb7e2f4e660a5224924efd2649fb717460659b080c41b           |                                                                                             
          + sha256:efaa0224e7c87b2dbf8b4f0fee2bd595764adf6065a6bff6fffe833057237f64           |                                                                                             
          + sha256:fb9c9aef62af3955f6014613456551c92e88a67dcf1fc51f5f91bcbd1832813f           |                                                                                             
        - ingests                                                                             |                                                                                             
      - leases                                                                                |                                                                                             
        - moby-image-sha256:1052b284c2aa9cd4f832e76eddcba9738d7dca63a3358766e3cf0a408df4e13e  |                                                                                             
          - content                                                                           |                                                                                             
            sha256:efaa0224e7c87b2dbf8b4f0fee2bd595764adf6065a6bff6fffe833057237f64:          |                                                                                             
          createdat: 010000000ede0382f628cfc681ffff                                           |                                                                                             
        + moby-image-sha256:49b3cb3043cd00b3911213a837d1559638376017483d2d4b9761ed12e50f4f3e  |                                                                                             
        + moby-image-sha256:86eb87ff06b5a99af56ba09c36f9f06d904cc9f467e61a2a4befdfd2e5c50a3d  |                                                                                             
        + moby-image-sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a  |                                                                                             
        + moby-image-sha256:9363667f8aecb904d1f10cef4ca936f6507d25f0a50b103b55f78d336dbabe57  |                                                                                             
        + moby-image-sha256:97f5c5e8b918580066d433f26987c2e8f7348572ec8b85957784ab80471bcb68  |                                                                                             
        + moby-image-sha256:c80088f20cce4fd7f029dacea2e273e720f3e0d7a5a90b6cfb99d7290ea18537  |                                                                                             
        + moby-image-sha256:d2c94e258dcb3c5ac2798d32e1249e42ef01cba4841c2234249495f87264ac5a  |                                                                                             
    version: 06                                                                               |                                                                                             
                                                                                              |                                                                                             
                                                                                              |                                                                                             
                                                                                              |                                                                                             
Press '?' for help

7.3 containerd Backend

Backend层主要对接操作系统容器运行时,也是containerd对接外部插件的扩展层。
Backend层主要包括两大类:proxy plugins和containerd shim。

7.3.1 containerd中的proxy plugins

containerd中支持的代理插件类型有content、snapshotter及diff(containerd 1.7.1 中新增的类型)。

  • content:仅支持1个,要么是内置的content plugin,要么是自行实现的content plugin
  • snapshotter插件:可以配置多个
  • diff插件:可以配置多个

7.3.2 containerd中的Runtime和shim

参考

节选自《containerd原理剖析与实践》

【containerd】(202407) 05.containerd核心组件解析
http://example.com/2024/07/29/containerd/【containerd】(202407) 05.containerd核心组件解析/
作者
ningan123
发布于
2024年7月29日
许可协议