containerd 镜像层分析

meta.db找到 d842e8e2623636b8fb0d070a2dd9592c1eb0ebfa975c6a283960bc1f710feab4

mediatype: application/vnd.docker.distribution.manifest.v2+json 多种类型 application/vnd.docker.distribution.manifest.list.v2+json

======================================================================================================|======================================================================================================
- v1 | Path: v1 → default → images → docker.io/library/nginx:1.21 → target → mediatype
- default | Key: mediatype
+ content | Value: application/vnd.docker.distribution.manifest.list.v2+json
- images |
+ docker.io/library/centos:latest |
- docker.io/library/nginx:1.21 |
- target |
digest: sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514 |
mediatype: application/vnd.docker.distribution.manifest.list.v2+json |
size: 8c1d |
createdat: 010000000edd4ecdbf1dd31b12ffff |
updatedat: 010000000edd4ecdbf1dd31b12ffff |
- docker.io/library/nginx:latest |
+ target |
createdat: 010000000edd51675606c9fbf3ffff |
updatedat: 010000000edd51675606c9fbf3ffff |
- localhost/test:1 |
- annotations |
io.containerd.image.name: localhost/test:1 |
org.opencontainers.image.ref.name: 1 |
- target |
digest: sha256:d842e8e2623636b8fb0d070a2dd9592c1eb0ebfa975c6a283960bc1f710feab4 |
mediatype: application/vnd.docker.distribution.manifest.v2+json |
size: b621 |
createdat: 010000000edd51691d2355a336ffff |
updatedat: 010000000edd51691d2355a336ffff |
+ leases |
+ snapshots |
version: 06


[root@node1 containerd]# cat ./io.containerd.content.v1.content/blobs/sha256/d842e8e2623636b8fb0d070a2dd9592c1eb0ebfa975c6a283960bc1f710feab4 |jq
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"digest": "sha256:95ec8d45232146497bcec477f8ede64ac2efc6d92d2fa55965341cd467c08af6",
"size": 2813
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:2e112031b4b923a873c8b3d685d48037e4d5ccd967b658743d93a6e56c3064b9",
"size": 4492288
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:d6a8454dcdfaf1e5e34f56ea4bca513c2a828c90a1b62500943b65a61234bd34",
"size": 6144
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:2d691d912a485454b4f70342817a0f8b674f82004360f1b0fc91de5f2e126b4f",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:71ff98296e6021ca76916abc6584bb41d8fa1ea532b1e449b9af3433307f3455",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:19533e306c03e7362627ad45ad5c82166f778630bbe697aaaf57f75c300248d0",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:44ef656eed064e13cd6396b31cc317183e89477cbbf66e8dd89ab6e7a2087ebb",
"size": 2560
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:800dc69e2834bf155d9e6cd89394815c8abfb0da1d69a4cae0dfd400f7e186aa",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:1b4b8ac06dc92ee6c30a06eac061d082763a9a1f4085cc7dda4e31fb59272ab4",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:b7e89ea5b915cb9f99d728b803769a68d40bf351134c1944fd558119b6b5e30f",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:825721ce82da3b0e231ac621fa138c738920c364c5c47050073d09197d516dd6",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:36cd99a16b1074ac9470cb9f65978148b7a244447d885941dd8f34c0decf9e5e",
"size": 3072
}
]
}

cat ./io.containerd.content.v1.content/blobs/sha256/95ec8d45232146497bcec477f8ede64ac2efc6d92d2fa55965341cd467c08af6|jq


"diff_ids": [
"sha256:2e112031b4b923a873c8b3d685d48037e4d5ccd967b658743d93a6e56c3064b9",
"sha256:d6a8454dcdfaf1e5e34f56ea4bca513c2a828c90a1b62500943b65a61234bd34",
"sha256:2d691d912a485454b4f70342817a0f8b674f82004360f1b0fc91de5f2e126b4f",
"sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c",
"sha256:71ff98296e6021ca76916abc6584bb41d8fa1ea532b1e449b9af3433307f3455",
"sha256:19533e306c03e7362627ad45ad5c82166f778630bbe697aaaf57f75c300248d0",
"sha256:44ef656eed064e13cd6396b31cc317183e89477cbbf66e8dd89ab6e7a2087ebb",
"sha256:800dc69e2834bf155d9e6cd89394815c8abfb0da1d69a4cae0dfd400f7e186aa",
"sha256:1b4b8ac06dc92ee6c30a06eac061d082763a9a1f4085cc7dda4e31fb59272ab4",
"sha256:b7e89ea5b915cb9f99d728b803769a68d40bf351134c1944fd558119b6b5e30f",
"sha256:825721ce82da3b0e231ac621fa138c738920c364c5c47050073d09197d516dd6",
"sha256:36cd99a16b1074ac9470cb9f65978148b7a244447d885941dd8f34c0decf9e5e"
]
},

也可以通过调用nerdctl inspect images 获取 diff_ids

chainID(n)=sha256sum(chainID(n-1)) diffID(n))
chainid（1） = diffID(1)) =2e112031b4b923a873c8b3d685d48037e4d5ccd967b658743d93a6e56c3064b9
chainid（2） = echo -n 'sha256:2e112031b4b923a873c8b3d685d48037e4d5ccd967b658743d93a6e56c3064b9 sha256:d6a8454dcdfaf1e5e34f56ea4bca513c2a828c90a1b62500943b65a61234bd34' | sha256sum
=ccc99401c98a738d382a2567ff1467b598193b74c449232b6544c78661d0d534
chainid（3） = echo -n 'sha256:ccc99401c98a738d382a2567ff1467b598193b74c449232b6544c78661d0d534 sha256:2d691d912a485454b4f70342817a0f8b674f82004360f1b0fc91de5f2e126b4f' | sha256sum
=03fe3a03b16acdb2f08e7d09327cbe283ad432d3286ea8c88554a53c5f628cff
chainid（4） = echo -n 'sha256:03fe3a03b16acdb2f08e7d09327cbe283ad432d3286ea8c88554a53c5f628cff sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c' | sha256sum
=b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645

以chainID4 为例

meta2.db snaphots内容根据 b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645 找到 default/36/sha256:b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645
- sha256:b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645 |
- children |
sha256:e043fcb0d70e2f3022d0a74d2eff241931d3237a1bcea70feeb42c69056bb85e: |
createdat: 010000000edd51691d37925d86ffff |
name: default/36/sha256:b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645 |
parent: sha256:03fe3a03b16acdb2f08e7d09327cbe283ad432d3286ea8c88554a53c5f628cff |
updatedat: 010000000edd51691d37925d86ffff

metadata2.db里找到default/36/sha256:b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645

snaphots 发现id是12
- default/36/sha256:b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645 |
createdat: 010000000edd51691d379442adffff |
id: 12 |
inodes: 08 |
kind: 03 |
parent: default/34/sha256:03fe3a03b16acdb2f08e7d09327cbe283ad432d3286ea8c88554a53c5f628cff |
size: 8040 |
updatedat: 010000000edd51691d379442adffff

计算结果是18
package main

import (
"encoding/binary"
"fmt"
)

func main() {
data := []byte{0x12}
x, n := binary.Uvarint(data)
if n != len(data) {
fmt.Println("Uvarint did not consume all of in")
}
fmt.Println(x)
}
因此解压后是 /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/18/fs

diffid 在meta.db blob中不一定能直接找到
需要遍历
containerd.io/uncompressed: sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5（少了一些位数）
752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c

meta.db blob 内容 找到752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c 即是解压前的原始数据

=
- v1 | Path: v1 → default → content → blob → sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114
- default | Key: containerd.io/uncompressed
- content | Value: sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c
- blob |
+ sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d |
+ sha256:19533e306c03e7362627ad45ad5c82166f778630bbe697aaaf57f75c300248d0 |
+ sha256:1b4b8ac06dc92ee6c30a06eac061d082763a9a1f4085cc7dda4e31fb59272ab4 |
+ sha256:1ef1c1a36ec24a6e2e803471dd61fd79a5a28666c553c4cccc26f2225d48b307 |
+ sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4 |
+ sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514 |
+ sha256:2d691d912a485454b4f70342817a0f8b674f82004360f1b0fc91de5f2e126b4f |
+ sha256:2e112031b4b923a873c8b3d685d48037e4d5ccd967b658743d93a6e56c3064b9 |
+ sha256:36cd99a16b1074ac9470cb9f65978148b7a244447d885941dd8f34c0decf9e5e |
+ sha256:398157bc5c51a9e2e4ceb552c196bee781b157c9ef4760f76ed3ddd34164fe71 |
+ sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda |
+ sha256:44ef656eed064e13cd6396b31cc317183e89477cbbf66e8dd89ab6e7a2087ebb |
+ sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6 |
+ sha256:5f44022eab9198d75939d9eaa5341bc077eca16fa51d4ef32d33f1bd4c8cbe7d |
+ sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b |
+ sha256:71ff98296e6021ca76916abc6584bb41d8fa1ea532b1e449b9af3433307f3455 |
- sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c （和containerd.io/uncompressed 里面的id 不一定一致） |
- labels |
containerd.io/uncompressed: sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c1|
createdat: 010000000edd51691b1c52234bffff |
size: 8030 |
updatedat: 010000000edd51691d390f96abffff