container-diff 谷歌开源镜像分析工具使用
原创
©著作权归作者所有:来自51CTO博客作者rongfengliang的原创作品,请联系作者获取转载授权,否则将追究法律责任
1. 安装
curl -LO https://storage.googleapis.com/container-diff/latest/container-diff-linux-amd64 && chmod +x container-diff-linux-amd64 && sudo mv container-diff-linux-amd64 /usr/local/bin/container-diff
备注:
安装的时候是在阿里云的机器,但是就是网络不通,最简单的方法是先下载在上传阿里云服务器
storage.googleapis.com国内 还是可以使用的
2. 命令
a.全部
sage:
container-diff [command]
Available Commands:
analyze Analyzes an image: [image]
diff Compare two images: [image1] [image2]
help Help about any command
version Print the version of container-diff
Flags:
-h, --help help for container-diff
-v, --verbosity string This flag controls the verbosity of container-diff. (default "warning")
b. analyze
Usage:
container-diff analyze [flags]
Flags:
-h, --help help for analyze
-j, --json JSON Output defines if the diff should be returned in a human readable format (false) or a JSON (true).
-n, --no-cache Set this to force retrieval of layers on each run.
-o, --order Set this flag to sort any file/package results by descending size. Otherwise, they will be sorted by name.
-s, --save Set this flag to save rather than remove the final image filesystems on exit.
-t, --type Diff Types This flag sets the list of analyzer types to use. Set it repeatedly to use multiple analyzers.
Global Flags:
-v, --verbosity string This flag controls the verbosity of container-diff. (default "warning")
c.
2. 分析镜像
a. 参考命令
container-diff analyze <img> [Run default analyzers]
container-diff analyze <img> --type=history [History]
container-diff analyze <img> --type=file [File System]
container-diff analyze <img> --type=pip [Pip]
container-diff analyze <img> --type=apt [Apt]
container-diff analyze <img> --type=node [Node]
container-diff analyze <img> --type=apt --type=node [Apt and Node]
本地镜像:daemon://
container-diff analyze daemon://dalongrong/fn:0.0.3
远程镜像:remote://
container-diff analyze nginx
输出如下:
Retrieving image redis from source Cloud Registry
ERRO[0029] remove /tmp/redis263898236/var/lib/apt/lists/partial/.wh..wh..opq: no such fil
Retrieving analyses
-----Apt-----
Packages found in redis:
NAME VERSION SIZE
-acl 2.2.52-2 258K
-adduser 3.113 nmu3 1M
-apt 1.0.9.8.4 3.1M
-base-files 8 deb8u9 413K
-base-passwd 3.5.37 185K
-bash 4.3-11 deb8u1 4.9M
-bsdutils 1:2.25.2-6 181K
-coreutils 8.23-4 13.9M
-dash 0.5.7-4 b1 191K
-debconf 1.5.56 deb8u1 614K
-debconf-i18n 1.5.56 deb8u1 1.1M
-debian-archive-keyring 2017.5~deb8u1 137K
-debianutils 4.4 b1 147K
-diffutils 1:3.3-1 b1 950K
-dmsetup 2:1.02.90-2.2 deb8u1 123K
-dpkg 1.17.27 6.5M
-e2fslibs 1.42.12-2 b1 386K
-e2fsprogs 1.42.12-2 b1 2.7M
-findutils 4.4.2-9 b1 1.4M
-gcc-4.8-base 4.8.4-1 212K
-gcc-4.9-base 4.9.2-10 218K
-gnupg 1.4.18-7 deb8u4 4.8M
-gpgv 1.4.18-7 deb8u4 414K
-grep 2.20-4.1 1.2M
-gzip 1.6-4 239K
-hostname 3.15 59K
-init 1.22 29K
-initscripts 2.88dsf-59 165K
-insserv 1.14.0-5 183K
-libacl1 2.2.52-2 80K
-libapt-pkg4.12 1.0.9.8.4 2.6M
-libattr1 1:2.4.47-2 30K
-libaudit-common 1:2.4-1 49K
-libaudit1 1:2.4-1 b1 157K
-libblkid1 2.25.2-6 326K
-libbz2-1.0 1.0.6-7 b3 114K
-libc-bin 2.19-18 deb8u10 3.2M
-libc6 2.19-18 deb8u10 10M
-libcap2 1:2.24-8 61K
-libcap2-bin 1:2.24-8 110K
-libcomerr2 1.42.12-2 b1 69K
-libcryptsetup4 2:1.6.6-5 227K
-libdb5.3 5.3.28-9 1.8M
-libdebconfclient0 0.192 53K
-libdevmapper1.02.1 2:1.02.90-2.2 deb8u1 330K
-libgcc1 1:4.9.2-10 129K
-libgcrypt20 1.6.3-2 deb8u4 998K
-libgpg-error0 1.17-3 444K
-libkmod2 18-3 134K
-liblocale-gettext-perl 1.05-8 b1 37K
-liblzma5 5.1.1alpha 20120614-2+b3 309K
-libmount1 2.25.2-6 357K
-libncurses5 5.9 20140913-1+b1 306K
-libncursesw5 5.9 20140913-1+b1 388K
-libpam-modules 1.1.8-3.1 deb8u2+b1 788K
-libpam-modules-bin 1.1.8-3.1 deb8u2+b1 201K
-libpam-runtime 1.1.8-3.1 deb8u2 1.4M
-libpam0g 1.1.8-3.1 deb8u2+b1 213K
-libpcre3 2:8.35-3.3 deb8u4 618K
-libprocps3 2:3.3.9-9 132K
-libreadline6 6.3-8 b3 419K
-libselinux1 2.3-2 213K
-libsemanage-common 2.3-1 65K
-libsemanage1 2.3-1 b1 245K
-libsepol1 2.3-2 339K
-libslang2 2.3.0-2 1.5M
-libsmartcols1 2.25.2-6 209K
-libss2 1.42.12-2 b1 82K
-libstdc++6 4.9.2-10 1.3M
-libsystemd0 215-17 deb8u7 183K
-libtext-charwidth-perl 0.04-7 b3 85K
-libtext-iconv-perl 1.7-5 b2 92K
-libtext-wrapi18n-perl 0.06-7 28K
-libtinfo5 5.9 20140913-1+b1 480K
-libudev1 215-17 deb8u7 101K
-libusb-0.1-4 2:0.1.12-25 42K
-libustr-1.0-1 1.0.4-3 b2 287K
-libuuid1 2.25.2-6 89K
-login 1:4.2-3 deb8u4 2.1M
-lsb-base 4.1 Debian13+nmu1 72K
-mawk 1.3.3-17 198K
-mount 2.25.2-6 357K
-multiarch-support 2.19-18 deb8u10 194K
-ncurses-base 5.9 20140913-1 371K
-ncurses-bin 5.9 20140913-1+b1 535K
-passwd 1:4.2-3 deb8u4 2.1M
-perl-base 5.20.2-3 deb8u9 4.5M
-procps 2:3.3.9-9 670K
-readline-common 6.3-8 109K
-sed 4.2.2-4 deb8u1 575K
-sensible-utils 0.0.9 110K
-startpar 0.59-3 95K
-systemd 215-17 deb8u7 11.2M
-systemd-sysv 215-17 deb8u7 40K
-sysv-rc 2.88dsf-59 125K
-sysvinit-utils 2.88dsf-59 147K
-tar 1.27.1-2 deb8u1 2.2M
-tzdata 2017b-0 deb8u1 1.7M
-udev 215-17 deb8u7 5.8M
-util-linux 2.25.2-6 2.7M
-zlib1g 1:1.2.8.dfsg-2 b1 179K
container-diff analyze remote://docker.io/dalongrong/mqttmosca --type=node // 指明是node
输出如下:
Retrieving image docker.io/dalongrong/mqttmosca from source Cloud Registry
ERRO[0008] remove /tmp/docker.iodalongrongmqttmosca121533925/var/lib/apt/lists/.wh.partial: no such file or directory
Retrieving analyses
-----Node-----
Packages found in docker.io/dalongrong/mqttmosca:
NAME VERSION SIZE INSTALLATION
-balanced-match 0.4.2 8.5K /node_modules/balanced-match/
-cnpm 4.4.2 14.8M /usr/local/lib/node_modules/cnpm/
-code-point-at 1.0.0 10.1K /node_modules/code-point-at/
-concat-map 0.0.1 6.3K /node_modules/concat-map/
-d 0.1.1 20.9K /node_modules/d/
-es5-ext 0.10.12 445.1K /node_modules/es5-ext/
-is-fullwidth-code-point 1.0.0 11.5K /node_modules/is-fullwidth-code-point/
-npm 3.8.6 8.5M /usr/local/lib/node_modules/npm/
-number-is-nan 1.0.0 4.4K /node_modules/number-is-nan/
-pm2 2.2.3 11.7M /usr/local/lib/node_modules/pm2/
3. 镜像差异比较
1. 参考命令:
container-diff diff <img1> <img2> [Run default differs]
container-diff diff <img1> <img2> --type=history [History]
container-diff diff <img1> <img2> --type=file [File System]
container-diff diff <img1> <img2> --type=pip [Pip]
container-diff diff <img1> <img2> --type=apt [Apt]
container-diff diff <img1> <img2> --type=node [Node]
2. 使用(和上面的一样daemon:// 本地镜像 remote:// 远程 )
container-diff remote://docker.io/dalongrong/fn:0.0.9 remote://docker.io/dalongrong/mqttmosca
具体信息就不粘贴了,太多了
4. 附加参数
比如: -j or --json 生成json 格式的数据
5. 总结
功能很强很大,容器的黑匣子对于我们来说就比较清晰了。
5. 参考资料
https://github.com/GoogleCloudPlatform/container-diff
·