背景信息
电脑:华为擎云L420
CPU:ARM架构,HUAWEI Kirin 9006C
OS:Kylin桌面操作系统V10(SP1)
Kernel:5.4.96
Docker: 27.5.1
已准备容器文件openjdk:8u342的离线镜像文件压缩包jdk8.arm.tar.gz, 对应镜像ID:sha256:53ff4b6f85a89d88a34a0e8a00f1df940d15aee8cc1c717f919cc368ece0218e
参考:https://hub.docker.com/layers/library/openjdk/8u342-jdk/images/sha256-53ff4b6f85a89d88a34a0e8a00f1df940d15aee8cc1c717f919cc368ece0218e
1 故障现象
执行docker load -i jdk8.arm.tar.gz 显示如下错误:
bd245ec49ee5: Loading layer [================================> ] 34.54MB/53.68MB
archive/tar: invalid tar header2 排障
检查离线文件是否存在压缩问题
mkdir repo
cd repo
tar xvf ../jdk8.arm.tar.gz
cd 1f248b96d7f6b52b6e6693ba3d60679c1d01fd4369419797cdcf8e83f110fb2c
tar tvf layer.tar 解压均正常,文件没有问题
使用在线镜像,进一步排除离线文件原因
直接使用在线镜像地址下载,导入,依然报错
root@xwhw:~# docker -D pull registry.openanolis.cn/openanolis/anolisos:8.10
time="2025-05-10T14:01:52+08:00" level=debug msg="otel error" error="1 errors occurred detecting resource:\n\t* conflicting Schema URL: https://opentelemetry.io/schemas/1.21.0 and https://opentelemetry.io/schemas/1.26.0"
8.10: Pulling from openanolis/anolisos
643ade85e06c: Extracting [==================================================>] 81.99MB/81.99MB
ffe32c2f64f9: Download complete
failed to register layer: archive/tar: invalid tar header网络搜索该错误,没有有效信息
查看docker cli源码,没有从代码文件中直接检索到invalid tar header
启动docker debug,获取详细日志信息
修改docker daemon配置文件/etc/docker/daemon.json,启动debug模式,查看详细日志信息
{
"debug": true
}执行journalctl -u docker, 显示如下日志
5月 10 14:01:53 xwhw dockerd[46749]: time="2025-05-10T14:01:53.187527932+08:00" level=debug msg="Downloaded ffe32c2f64f9 to tempfile /var/lib/docker/tmp/GetImageBlob361179273"
5月 10 14:01:54 xwhw dockerd[46749]: time="2025-05-10T14:01:54.717283867+08:00" level=debug msg="Downloaded 643ade85e06c to tempfile /var/lib/docker/tmp/GetImageBlob3202669198"
5月 10 14:01:54 xwhw dockerd[46749]: time="2025-05-10T14:01:54.718119809+08:00" level=debug msg="Using /usr/bin/unpigz to decompress"
5月 10 14:01:54 xwhw dockerd[46749]: time="2025-05-10T14:01:54.721354719+08:00" level=debug msg="Start untar layer" id=5894aadd924d12292f694b380d2eadf7463cc1641c61e5d81573cf02b483610b
5月 10 14:01:54 xwhw dockerd[46749]: time="2025-05-10T14:01:54.732879772+08:00" level=debug msg="Cleaning up layer 5894aadd924d12292f694b380d2eadf7463cc1641c61e5d81573cf02b483610b: archive/tar: inv>5月 10 14:01:54 xwhw dockerd[46749]: time="2025-05-10T14:01:54.734877698+08:00" level=info msg="Attempting next endpoint for pull after error: failed to register layer: archive/tar: invalid tar hea>5月 10 14:07:49 xwhw dockerd[46749]: time="2025-05-10T14:07:49.687158999+08:00" level=debug msg="Calling HEAD /_ping"根据日志显示,docker daemon调用了unpigz命令来解压缩镜像文件
手工调用unpigz命令,显示如下错误
root@xwhw:~/repo/1f248b96d7f6b52b6e6693ba3d60679c1d01fd4369419797cdcf8e83f110fb2c# unpigz -d -c layer.tar > /dev/null
unpigz: skipping: layer.tar: corrupted -- crc32 mismatch
unpigz: abort: internal threads error对比在intel x86主机上, 同一个文件执行结果
[root@dev6 1f248b96d7f6b52b6e6693ba3d60679c1d01fd4369419797cdcf8e83f110fb2c]# unpigz -d -c layer.tar | sha256sum -
bd245ec49ee5cd979b20c0a4efd32385afca92f5afa84faa6769c6a56543350a -确认文件一致
arm主机上
root@xwhw:~/repo/1f248b96d7f6b52b6e6693ba3d60679c1d01fd4369419797cdcf8e83f110fb2c# sha256sum layer.tar
114ba63dd73a866ac1bb59fe594dfd218f44ac9b4fa4b2c68499da5584fcfa9d layer.tarintel主机上
[root@dev6 1f248b96d7f6b52b6e6693ba3d60679c1d01fd4369419797cdcf8e83f110fb2c]# sha256sum layer.tar
114ba63dd73a866ac1bb59fe594dfd218f44ac9b4fa4b2c68499da5584fcfa9d layer.tar问题已定位为unpigz命令问题
3 修复
搜索网络信息:unpigz: skipping: : corrupted -- crc32 mismatch, 得到2个"有效"网页:解决Docker拉取镜像时pigz版本问题:升级与bug修复-CSDN博客
corrupted -- crc32 mismatch · Issue #123 · madler/pigz · GitHub
看起来是pigz的版本文件,升级版本
升级版本
当前版本是2.4,升级到最新版2.8
apt update
apt list --upgradable已是KylinOSapt源的最新版,参考上述网页,手动下载源码安装更新
代码从zlib网站下载:pigz - Parallel gzip
wget https://www.zlib.net/pigz/pigz.tar.gz
mkdir pigz
cd pigz
tar xvf ../pigz.tar.gz
cd pigz-2.8
make
which pigz
cd /usr/bin
mv pigz pigz-2.4
mv unpigz unpigz-2.4
cd -
cp pigz /usr/bin
cp unpigz /usr/bin升级后,问题依然存在,版本升级失败
根据网页2, 可能是zlib的版本问题,升级zlib
同pigz,kylin源无法升级,手工下载zlib源码,编译升级
wget https://www.zlib.net/zlib-1.3.1.tar.gz
tar xvf zlib-1.3.1.tar.gz
cd zlib-1.3.1
./configure
make
make install根据make install 的结果,发现zlib.so放在了/usr/local/lib,与dpkg -L zlib1g-dev显示的文件路径不一致
再次编译pigz前,修改Makefile文件,在gcc 的 libs上加上-L/usr/local/lib -I/usr/local/include
然而,处理后,问题依旧,未解决
临时解决方案
考虑unpigz解决镜像文件压缩问题,而且是gzip格式,是不是可以用gzip命令替代unpigz命令, 查看gzip命令的参数,解压参数一致
测试验证,没有报错,证明gzip可用
root@xwhw:~/repo/1f248b96d7f6b52b6e6693ba3d60679c1d01fd4369419797cdcf8e83f110fb2c# gzip -d -c layer.tar > /dev/null
root@xwhw:~/repo/1f248b96d7f6b52b6e6693ba3d60679c1d01fd4369419797cdcf8e83f110fb2c# gzip -d -c layer.tar | sha256sum -
bd245ec49ee5cd979b20c0a4efd32385afca92f5afa84faa6769c6a56543350a -进行替代
cd /usr/bin
rm pigz unpigz
ln -s /usr/bin/gzip pigz
ln -s /usr/bin/gzip unpigz替代后验证
cd ~
root@xwhw:~# docker load -i jdk8.arm.tar.gz
bd245ec49ee5: Loading layer [==================================================>] 53.68MB/53.68MB
595a656dd8ef: Loading layer [==================================================>] 5.149MB/5.149MB
8874c5d5df1a: Loading layer [==================================================>] 10.66MB/10.66MB
b7b6064a28a9: Loading layer [==================================================>] 54.68MB/54.68MB
ee9872ea8036: Loading layer [==================================================>] 5.421MB/5.421MB
89273ea6b11f: Loading layer [==================================================>] 212B/212B
df0ca509f290: Loading layer [==================================================>] 104.9MB/104.9MB
invalid reference format报错,但tar文件没有解压错误, 查看image是否加载成功
root@xwhw:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 6fbf41d7a679 2 years ago 520MB发现image,加载成功
运行容器,检查是否正常
docker run -it --rm 6fbf /bin/bash
# 进入容器执行
which java
java -version容器运行正常
tag名称不对,手工处理
root@xwhw:~# docker tag 6fb openjdk:8u342
root@xwhw:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
openjdk 8u342 6fbf41d7a679 2 years ago 520MB通过docker pull测试在线镜像,直接加载
root@xwhw:~# docker pull registry.openanolis.cn/openanolis/anolisos:8.10
8.10: Pulling from openanolis/anolisos
643ade85e06c: Pull complete
ffe32c2f64f9: Pull complete
Digest: sha256:27ab3c0286b3130814a8c9fb62b285ef25e9a971b24e692dc2b09bccc27e8785
Status: Downloaded newer image for registry.openanolis.cn/openanolis/anolisos:8.10
registry.openanolis.cn/openanolis/anolisos:8.10
root@xwhw:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.openanolis.cn/openanolis/anolisos 8.10 3a1bd5b2e8a2 3 weeks ago 242MB
openjdk 8u342 6fbf41d7a679 2 years ago 520MB至此,问题临时修复,整体用时:4个多小时
4 附
中间还换了一个alpine:3镜像来测试,报另外一个错误,如下:
root@xwhw:~/docker_static# docker load -i alpine.arm.tar.gz
a16e98724c05: Loading layer [==================================================>] 3.993MB/3.993MB
invalid diffID for layer 0: expected "sha256:a16e98724c05975ee8c40d8fe389c3481373d34ab20a1cf52ea2accc43f71f4c", got "sha256:1ddcd170685e705ca533815243deb76a74c0bc63c98e0ac1bf7aa5a45cf16051"使用jq命令查看json文件,得到diffID
jq . 8d591b0b7dea080ea3be9e12ae563eebf9869168ffced1cb25b2470a3d9fe15e.json
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:a16e98724c05975ee8c40d8fe389c3481373d34ab20a1cf52ea2accc43f71f4c"
]
},若没有jq命令,可以采用如下命令替代
python -m json.tool 8d591b0b7dea080ea3be9e12ae563eebf9869168ffced1cb25b2470a3d9fe15e.json可以看到alpine:3镜像确实有一层镜像文件的sha256值是错误信息的expected
gzip -d -c layer.tar | sha256sum -
a16e98724c05975ee8c40d8fe389c3481373d34ab20a1cf52ea2accc43f71f4c -使用2.4版本的unpigz测试得到错误的sha256值
unpigz.2.4 -d -c layer.tar | sha256sum -
unpigz.2.4: skipping: layer.tar: corrupted -- crc32 mismatch
unpigz.2.4: abort: internal threads error
1ddcd170685e705ca533815243deb76a74c0bc63c98e0ac1bf7aa5a45cf16051 -可以手动执行看到输出的错误与docker load错误日志对上, 进一步验证是 unpigz命令在该环境的问题
5 遗留2个问题,后续处理
-
unpigz的彻底修复
-
临时方案docker load 报
invalid reference format错误