ctr 使用
ctr 目前很多功能做的还没有 docker 那么完善,但基本功能已经具备了。下面将围绕镜像和容器这两个方面来介绍其使用方法。
# ctr -hNAME:ctr -_______/ /______/ ___/ __/ ___// /__/ /_/ /\___/\__/_/containerd CLIUSAGE:ctr [global options] command [command options] [arguments...]VERSION:v1.4.4DESCRIPTION:ctr is an unsupported debug and administrative client for interactingwith the containerd daemon. Because it is unsupported, the commands,options, and operations are not guaranteed to be backward compatible orstable from release to release of the containerd project.COMMANDS:plugins, plugin provides information about containerd pluginsversion print the client and server versionscontainers, c, container manage containerscontent manage contentevents, event display containerd eventsimages, image, i manage imagesleases manage leasesnamespaces, namespace, ns manage namespacespprof provide golang pprof outputs for containerdrun run a containersnapshots, snapshot manage snapshotstasks, t, task manage tasksinstall install a new packageoci OCI toolsshim interact with a shim directlyhelp, h Shows a list of commands or help for one commandGLOBAL OPTIONS:--debug enable debug output in logs--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]--timeout value total timeout for ctr commands (default: 0s)--connect-timeout value timeout for connecting to containerd (default: 0s)--namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]--help, -h show help--version, -v print the version
镜像
镜像下载
# ctr i pull docker.io/library/nginx:alpinedocker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|index-sha256:e20c21e530f914fb6a95a755924b1cbf71f039372e94ac5ddcf8c3b386a44615: done |++++++++++++++++++++++++++++++++++++++|manifest-sha256:96419b83f29b198ae9f63670d5a28325a8bc9ebaf76c1260cf15eca3a521ebd0: done |++++++++++++++++++++++++++++++++++++++|layer-sha256:5b4dcb4d3646b218b442697b56990ca56997efa87f6861388164cc46d353659a: done |++++++++++++++++++++++++++++++++++++++|config-sha256:5fd75c905b52a175660818ab9f318cfab375da0b90d23690e00871c0db1ed3a4: done |++++++++++++++++++++++++++++++++++++++|layer-sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d: done |++++++++++++++++++++++++++++++++++++++|layer-sha256:468d8ccebf7a1512bde09f06975206a7f474c714f96020dabb6e3437a3bc426b: done |++++++++++++++++++++++++++++++++++++++|layer-sha256:b7f67c5d6ce97f864346b65ed55571f7d191c0f9518ac59bb1b7291fbae0f716: done |++++++++++++++++++++++++++++++++++++++|layer-sha256:ed91f01a4fcb8de36c14f0048c15971b7a2d8eaf4740c9d2855de94e19467cd7: done |++++++++++++++++++++++++++++++++++++++|layer-sha256:8051568c89ac729bba391cc909f7eb97ad3e0bc6991db52ad3b5a7bb4cc6c000: done |++++++++++++++++++++++++++++++++++++++|elapsed: 15.5s total: 8.7 Mi (574.3 KiB/s)unpacking linux/amd64 sha256:e20c21e530f914fb6a95a755924b1cbf71f039372e94ac5ddcf8c3b386a44615...done
本地镜像列表查询
root@i-gqqsb62d:/etc/containerd# ctr i lsREF TYPE DIGEST SIZE PLATFORMSLABELSdocker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:e20c21e530f914fb6a95a755924b1cbf71f039372e94ac5ddcf8c3b386a44615 9.4 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
这里需要注意PLATFORMS,它是镜像的能够运行的平台标识。
将镜像挂载到主机目录:
ctr i mount docker.io/library/nginx:alpine /mnt/nginx_tmp/sha256:22dd1c631d282d9c89a77fb4592d8f32dcc4e946228cf0b671a2d37c2511e1dc/mnt/nginx_tmp/
# tree /mnt/nginx_tmp/ -L 1/mnt/nginx_tmp/├── bin├── dev├── docker-entrypoint.d├── docker-entrypoint.sh├── etc├── home├── lib├── media├── mnt├── opt├── proc├── root├── run├── sbin├── srv├── sys├── tmp├── usr└── var
讲镜像从主机卸载
# ctr i unmount /mnt/nginx_tmp//mnt/nginx_tmp/
镜像包导出为压缩包
root@i-gqqsb62d:~# ctr i export nginx.tar.gz docker.io/library/nginx:alpineroot@i-gqqsb62d:~# ls nginx.tar.gznginx.tar.gz
删除
root@i-gqqsb62d:~# ctr i remove docker.io/library/nginx:alpinedocker.io/library/nginx:alpineroot@i-gqqsb62d:~# ctr i lsREF TYPE DIGEST SIZE PLATFORMS LABELS
导入
root@i-gqqsb62d:~# ctr i import nginx.tar.gzunpacking docker.io/library/nginx:alpine (sha256:e20c21e530f914fb6a95a755924b1cbf71f039372e94ac5ddcf8c3b386a44615)...doneroot@i-gqqsb62d:~# ctr i lsREF TYPE DIGEST SIZE PLATFORMSLABELSdocker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:e20c21e530f914fb6a95a755924b1cbf71f039372e94ac5ddcf8c3b386a44615 9.4 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
其他
root@i-gqqsb62d:~# ctr i -hNAME:ctr images - manage imagesUSAGE:ctr images command [command options] [arguments...]COMMANDS:check check that an image has all content available locallyexport export imagesimport import imageslist, ls list images known to containerdmount mount an image to a target pathunmount unmount the image from the targetpull pull an image from a remotepush push an image to a remoteremove, rm remove one or more images by referencetag tag an imagelabel set and clear labels for an imageOPTIONS:--help, -h show help
容器
创建容器
root@i-gqqsb62d:~# ctr c create docker.io/library/nginx:alpinectr: container id must be provided: invalid argumentroot@i-gqqsb62d:~# ctr c create docker.io/library/nginx:alpine nginxroot@i-gqqsb62d:~# ctr c lsCONTAINER IMAGE RUNTIMEnginx docker.io/library/nginx:alpine io.containerd.runc.v2
查看容器详细配置
# ctr c info nginx{"ID": "nginx","Labels": {"io.containerd.image.config.stop-signal": "SIGQUIT"},"Image": "docker.io/library/nginx:alpine","Runtime": {"Name": "io.containerd.runc.v2","Options": {"type_url": "containerd.runc.v1.Options"}},"SnapshotKey": "nginx","Snapshotter": "overlayfs","CreatedAt": "2021-03-23T06:00:08.021700023Z","UpdatedAt": "2021-03-23T06:00:08.021700023Z","Extensions": null,"Spec": {"ociVersion": "1.0.2-dev","process": {"user": {"uid": 0,"gid": 0,"additionalGids": [1,2,3,4,6,10,11,20,26,27]},"args": ["/docker-entrypoint.sh","nginx","-g","daemon off;"],"env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","NGINX_VERSION=1.19.8","NJS_VERSION=0.5.2","PKG_RELEASE=1"],"cwd": "/","capabilities": {"bounding": ["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"],"effective": ["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"],"inheritable": ["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"],"permitted": ["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"]},"rlimits": [{"type": "RLIMIT_NOFILE","hard": 1024,"soft": 1024}],"noNewPrivileges": true},"root": {"path": "rootfs"},"mounts": [{"destination": "/proc","type": "proc","source": "proc","options": ["nosuid","noexec","nodev"]},{"destination": "/dev","type": "tmpfs","source": "tmpfs","options": ["nosuid","strictatime","mode=755","size=65536k"]},{"destination": "/dev/pts","type": "devpts","source": "devpts","options": ["nosuid","noexec","newinstance","ptmxmode=0666","mode=0620","gid=5"]},{"destination": "/dev/shm","type": "tmpfs","source": "shm","options": ["nosuid","noexec","nodev","mode=1777","size=65536k"]},{"destination": "/dev/mqueue","type": "mqueue","source": "mqueue","options": ["nosuid","noexec","nodev"]},{"destination": "/sys","type": "sysfs","source": "sysfs","options": ["nosuid","noexec","nodev","ro"]},{"destination": "/run","type": "tmpfs","source": "tmpfs","options": ["nosuid","strictatime","mode=755","size=65536k"]}],"linux": {"resources": {"devices": [{"allow": false,"access": "rwm"},{"allow": true,"type": "c","major": 1,"minor": 3,"access": "rwm"},{"allow": true,"type": "c","major": 1,"minor": 8,"access": "rwm"},{"allow": true,"type": "c","major": 1,"minor": 7,"access": "rwm"},{"allow": true,"type": "c","major": 5,"minor": 0,"access": "rwm"},{"allow": true,"type": "c","major": 1,"minor": 5,"access": "rwm"},{"allow": true,"type": "c","major": 1,"minor": 9,"access": "rwm"},{"allow": true,"type": "c","major": 5,"minor": 1,"access": "rwm"},{"allow": true,"type": "c","major": 136,"access": "rwm"},{"allow": true,"type": "c","major": 5,"minor": 2,"access": "rwm"},{"allow": true,"type": "c","major": 10,"minor": 200,"access": "rwm"}]},"cgroupsPath": "/default/nginx","namespaces": [{"type": "pid"},{"type": "ipc"},{"type": "uts"},{"type": "mount"},{"type": "network"}],"maskedPaths": ["/proc/acpi","/proc/asound","/proc/kcore","/proc/keys","/proc/latency_stats","/proc/timer_list","/proc/timer_stats","/proc/sched_debug","/sys/firmware","/proc/scsi"],"readonlyPaths": ["/proc/bus","/proc/fs","/proc/irq","/proc/sys","/proc/sysrq-trigger"]}}}
other
root@i-gqqsb62d:~# ctr c -hNAME:ctr containers - manage containersUSAGE:ctr containers command [command options] [arguments...]COMMANDS:create create containerdelete, del, rm delete one or more existing containersinfo get info about a containerlist, ls list containerslabel set and clear labels for a containercheckpoint checkpoint a containerrestore restore a container from checkpointOPTIONS:--help, -h show help
任务
上面 create 的命令创建了容器后,并没有处于运行状态,只是一个静态的容器。所以还需要启动容器,task 代表任务的意思:
root@i-gqqsb62d:~# ctr task lsTASK PID STATUSroot@i-gqqsb62d:~# ctr task start -d nginx/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d//docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.shroot@i-gqqsb62d:~# ctr task lsTASK PID STATUSnginx 7931 RUNNING
当然,也可以一步到位直接创建并运行容器:
root@i-gqqsb62d:~# ctr run -d docker.io/library/nginx:alpine nginx1/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d//docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.shroot@i-gqqsb62d:~# ctr task lsTASK PID STATUSnginx1 8075 RUNNINGnginx 7931 RUNNING
进入容器
和 docker 的操作类似,但必须要指定 —exec-id,这个 id 可以随便写,只要唯一就行
root@i-gqqsb62d:~# ctr task exec --exec-id 0 -t nginx sh/ #/ # lsbin media srvdev mnt sysdocker-entrypoint.d opt tmpdocker-entrypoint.sh proc usretc root varhome runlib sbin
暂停容器
root@i-gqqsb62d:~# ctr task lsTASK PID STATUSnginx 7931 RUNNINGnginx1 8075 RUNNINGroot@i-gqqsb62d:~# ctr task pause nginxroot@i-gqqsb62d:~# ctr task lsTASK PID STATUSnginx 7931 PAUSEDnginx1 8075 RUNNING
恢复
root@i-gqqsb62d:~# ctr task resume nginxroot@i-gqqsb62d:~# ctr task lsTASK PID STATUSnginx 7931 RUNNINGnginx1 8075 RUNNING
杀死容器
root@i-gqqsb62d:~# ctr task kill nginxroot@i-gqqsb62d:~# ctr task lsTASK PID STATUSnginx 7931 STOPPEDnginx1 8075 RUNNING
获取cgroup信息
root@i-gqqsb62d:~# ctr task metrics nginxID TIMESTAMPnginx 2021-03-23 06:08:00.601588973 +0000 UTCMETRIC VALUEmemory.usage_in_bytes 716800memory.limit_in_bytes 9223372036854771712memory.stat.cache 61440cpuacct.usage 61135700cpuacct.usage_percpu [61135700]pids.current 0pids.limit 0root@i-gqqsb62d:~# ctr task metrics nginx1ID TIMESTAMPnginx1 2021-03-23 06:08:07.026595123 +0000 UTCMETRIC VALUEmemory.usage_in_bytes 2162688memory.limit_in_bytes 9223372036854771712memory.stat.cache 57344cpuacct.usage 46920481cpuacct.usage_percpu [46920481]pids.current 2pids.limit 0root@i-gqqsb62d:~#
查看容器中所有进程的 PID:
root@i-gqqsb62d:~# ctr task ps nginxPID INFOroot@i-gqqsb62d:~# ctr task ps nginx1PID INFO8075 -8112 -
注意:这里的 PID 是宿主机看到的 PID,不是容器中看到的 PID。
命名空间
除了 k8s 有命名空间以外,Containerd 也支持命名空间。
root@i-gqqsb62d:~# ctr ns lsNAME LABELSdefault
若有收获,就点个赞吧
0 人点赞
