2

We are using nexus oss 3.13 as a private docker registry. During development due to misconfiguration, some images/layers can get extremly big.

Currently we have a nexus groovy script which generates a report of the biggest files (==layer), but there's no way to find out the corresponding images.

For production this is a show-stopper. Therefore we can not delete the images, which are using the big layers, because we do not know which image is affected.

We are surprised, that such basic functionality is not provided.

Did we miss something in the documentation?

How are others tackling this problem?

Has someone a good approach/workaround (maybe a groovy script) to match the docker layers to the docker images in order to solve this issue?

bulle
  • 51
  • 5

1 Answers1

0

You can copy the non-truncated ID (SHA256) of the layer and grep for it in the folder /var/lib/docker/image.

This will find a file that has a SourceRepository JSON field:

$/var/lib/docker/image# find . -name *aae63f31dee9107165b24afa0a5e9ef9c9fbd079ff8a2bdd966f8c5d8736cc98*
./overlay2/distribution/v2metadata-by-diffid/sha256/aae63f31dee9107165b24afa0a5e9ef9c9fbd079ff8a2bdd966f8c5d8736cc98

Then when we cat that file, we can see the SourceRepository field I referred to above:

/var/lib/docker/image# cat ./overlay2/distribution/v2metadata-by-diffid/sha256/aae63f31dee9107165b24afa0a5e9ef9c9fbd079ff8a2bdd966f8c5d8736cc98
[{"Digest":"sha256:9931fdda3586a52049081bc78fa9793476662310356127cc8baa52e38bb34a8d","SourceRepository":"docker.io/library/mysql","HMAC":""}]

In the above we can see that the Source image is "MySQL" which I picked a layer from randomly.

As of the moment I don't believe there's a built-in way to accomplish this, maybe it's worth submitting a feature request.

Neekoy
  • 2,325
  • 5
  • 29
  • 48
  • in the nexus docker registry, it is not possible to navigate through the directory structure. the nexus repositories are organized in nexus blob-stores. and these blob-stores are unfortunately not plain directories. – bulle Aug 21 '18 at 12:15
  • @bulle You can do a local pull of the images, and script the above so it will find the images for you. That's not ideal but is the closest working solution I'm coming up at the moment. – Neekoy Aug 21 '18 at 13:28
  • okay, thanks for your effort, but theres a problem. the layers lying in the registry were compressed during docker push. so they have another hash which i cant compare to the hash that i found previously by the groovy script... – bulle Aug 22 '18 at 07:40
  • our solution is now, to get all manifests with a script and search inside of them for the layer that went too big.. – bulle Aug 22 '18 at 07:43