Containerd安装配置及基本操作

时间:2023-02-22 11:57:33

一、安装

1.下载(https://github.com/containerd/containerd)

wget https://github.com/containerd/containerd/releases/download/v1.6.10/cri-containerd-1.6.10-linux-amd64.tar.gz

2.解压安装包

[root@tidb-1 container]# tar -C / -zxvf containerd-1.6.10-linux-amd64.tar.gz
bin/
bin/ctr
bin/containerd
bin/containerd-shim
bin/containerd-stress
bin/containerd-shim-runc-v2
bin/containerd-shim-runc-v1

3.配置环境变量(添加 "export PATH=$PATH:/usr/local/bin:/usr/local/sbin")

[root@tidb-1 container]# vim ~/.bashrc
[root@tidb-1 container]# cat ~/.bashrc
# .bashrc

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

export PATH=$PATH:/usr/local/bin:/usr/local/sbin ###添加该配置

[root@tidb-1 container]# source ~/.bashrc

4.配置并启动

[root@tidb-1 container]# systemctl daemon-reload
[root@tidb-1 container]# systemctl enable containerd
[root@tidb-1 container]# systemctl restart containerd

5.查看版本

[root@tidb-1 container]#  /bin/ctr  version
Client:
Version: v1.6.10
Revision: 770bd0108c32f3fb5c73ae1264f7e503fe7b2661
Go version: go1.18.8

Server:
Version: v1.5.9
Revision: 1407cab509ff0d96baa4f0eb6ff9980270e6e620
UUID: 44bc4e58-eaf1-4643-8272-53f8d773054c

二、配置

1.创建默认配置文件

mkdir /etc/containerd2

2.创建默认配置文件

containerd config default > /etc/containerd/config.yaml

3.配置镜像加速

在/etc/containerd/config.toml 文件中添加需要加速的镜像信息:其中,​registry.mirrors."xxx"​​表示需要配置 mirror 的镜像仓库原镜像仓库,​endpoint​表示提供 mirror 的镜像加速服务。

vim /etc/containerd/config.toml

[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["https://registry.aliyuncs.com/k8sxio"]

三、镜像的基本操作

1.导入镜像

# ctr i import /home/tidb-operator-v.1.1.7.tar
unpacking docker.io/pingcap/tidb-operator:v1.1.7 (sha256:784c6e590c747da2c1037fe9258c0e644865f2c8eff9f2e3cca772d4774312f7)...done

或者
ctr image import --digests=true /home/tidb-operator-v.1.1.7.tar

2.导出镜像

ctr i export --all-platforms nginx.tar ghcr.io/cwen0/echo-all:latest

3.查看镜像列表

ctr i list

4.拉取镜像

ctr i pull --all-platforms docker.io/library/nginx:latest

5.镜像挂载

方便查看镜像中的内容

[root@tidb-1 container]# ctr i mount docker.io/library/nginx:latest /mount
sha256:2f7529ffbbe947eb797a3610d36b66cc2c5448e3ed8488a3ca7106469022a75b
/mount
[root@tidb-1 container]# ls /mount/
bin/ dev/ docker-entrypoint.sh home/ lib64/ mnt/ proc/ run/ srv/ tmp/ var/
boot/ docker-entrypoint.d/ etc/ lib/ media/ opt/ root/ sbin/ sys/ usr/
[root@tidb-1 container]# ls /mount/etc/
adduser.conf cron.d/ e2scrub.conf gshadow issue localtime nsswitch.conf profile rc4.d/ selinux/ subuid
alternatives/ cron.daily/ environment gshadow- issue.net login.defs opt/ profile.d/ rc5.d/ shadow systemd/
apt/ debconf.conf fonts/ gss/ kernel/ logrotate.d/ os-release .pwd.lock rc6.d/ shadow- terminfo/
bash.bashrc debian_version fstab host.conf ld.so.cache mke2fs.conf pam.conf rc0.d/ rcS.d/ shells timezone
bindresvport.blacklist default/ gai.conf hostname ld.so.conf motd pam.d/ rc1.d/ resolv.conf skel/ ucf.conf
ca-certificates/ deluser.conf group init.d/ ld.so.conf.d/ netconfig passwd rc2.d/ rmt ssl/ update-motd.d/
ca-certificates.conf dpkg/ group- inputrc libaudit.conf nginx/ passwd- rc3.d/ security/ subgid xattr.conf
[root@tidb-1 container]# ls /mount/etc/nginx/
conf.d/ fastcgi_params mime.types modules nginx.conf scgi_params uwsgi_params
[root@tidb-1 container]# ls /mount/etc/nginx/nginx.conf
/mount/etc/nginx/nginx.conf

####卸载
[root@tidb-1 container]# umount /mount

6.删除镜像

ctr images rm ghcr.io/cwen0/echo-all:latest

7.修改镜像tag

[root@tidb-1 container]# ctr images tag docker.io/library/nginx:latest nginx:latest
nginx:latest

[root@tidb-1 container]# ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:e209ac2f37c70c1e0e9873a5f7231e91dcd83fdf1178d8ed36c2ec09974210ba 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
docker.io/pingcap/tidb-operator:v1.1.7 application/vnd.docker.distribution.manifest.v2+json sha256:784c6e590c747da2c1037fe9258c0e644865f2c8eff9f2e3cca772d4774312f7 161.3 MiB linux/amd64 -
ghcr.io/cwen0/echo-all:latest application/vnd.docker.distribution.manifest.v2+json sha256:229b0b2522a3a49aa7ca280c0885b38036b747ee1c45b159abc775ed0a305a88 11.8 MiB linux/amd64 -
nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:e209ac2f37c70c1e0e9873a5f7231e91dcd83fdf1178d8ed36c2ec09974210ba 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -

四、创建容器

1. 创建容器

创建容器(静态容器)

ctr c create docker.io/library/nginx:latest nginx-test

创建容器(动态容器)

[root@172-16-5-146 containerd]# ctr run -d --net-host docker.io/library/nginx:latest nginx1
[root@172-16-5-146 containerd]# ctr task ls
TASK PID STATUS
nginx1 24359 RUNNING

2.启动容器

ctr task start  -d nginx-test

3.进入容器

ctr tasks exec --exec-id 0 -t  nginx-test /bin/bash

4.查看正在运行的容器

[root@tidb-1 container]# ctr tasks ls
TASK PID STATUS
nginx 1842383 RUNNING
nginx-test 1856922 RUNNING

5.暂停和恢复容器

#暂停容器 
ctr task pause nginx
#恢复容器
ctr task resume nginx

#查看容器
[root@tidb-1 container]# ctr tasks ls
TASK PID STATUS
nginx-test 1856922 RUNNING
nginx 1842383 RUNNING

五、出现问题解决方法

出现问题

ctr: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/i4t/nginx/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown
ctr: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/containerd/io.containerd.runtime.v2.task/i4t/nginx/log.json: no such file or directory): runc did not terminate successfully: exit status 127: unknown

原因是runc异常,需要重新安装依赖

解决步骤:

#卸载原来的
[i4t@web01 ~]# rpm -qa | grep libseccomp
libseccomp-devel-2.3.1-4.el7.x86_64
libseccomp-2.3.1-4.el7.x86_64
[i4t@web01 ~]# rpm -e libseccomp-devel-2.3.1-4.el7.x86_64 --nodeps
[i4t@web01 ~]# rpm -e libseccomp-2.3.1-4.el7.x86_64 --nodeps

#下载高于2.4以上的包
[i4t@web01 ~]# wget http://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/libseccomp-2.5.1-1.el8.x86_64.rpm

#安装
[i4t@web01 ~]# rpm -ivh libseccomp-2.5.1-1.el8.x86_64.rpm
warning: libseccomp-2.5.1-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:libseccomp-2.5.1-1.el8 ################################# [100%]

#查看当前版本
[root@web01 ~]# rpm -qa | grep libseccomp
libseccomp-2.5.1-1.el8.x86_64
[root@tidb-1 container]#
[root@tidb-1 container]# runc
NAME:
runc - Open Container Initiative runtime

runc is a command line client for running applications packaged according to
the Open Container Initiative (OCI) format and is a compliant implementation of the
Open Container Initiative specification.

runc integrates well with existing process supervisors to provide a production
container runtime environment for applications. It can be used with your
existing process monitoring tools and the container will be spawned as a
direct child of the process supervisor.

Containers are configured using bundles. A bundle for a container is a directory
that includes a specification file named "config.json" and a root filesystem.
The root filesystem contains the contents of the container.

To start a new instance of a container:

# runc run [ -b bundle ] <container-id>

Where "<container-id>" is your name for the instance of the container that you
are starting. The name you provide for the container instance must be unique on
your host. Providing the bundle directory using "-b" is optional. The default
value for "bundle" is the current directory.

USAGE:
runc [global options] command [command options] [arguments...]

VERSION:
1.0.3
commit: v1.0.3-0-gf46b6ba2
spec: 1.0.2-dev
go: go1.16.12
libseccomp: 2.5.1