layers: write read only layers to imagestore#2258
layers: write read only layers to imagestore#2258openshift-merge-bot[bot] merged 1 commit intocontainers:mainfrom
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
d06baeb to
73bde82
Compare
mtrmac
left a comment
There was a problem hiding this comment.
This does not touch drivers/overlay where I am refusing to review PRs adding new conditionals, but it’s pretty close… please find a reviewer who understands this.
I’m basically only reviewing the store.go API part.
As for the core of the thing, changing where layer metadata is stored seems like a Big Deal. If we were doing the wrong thing all this time, how come no-one has noticed until now?!
I suppose, this is preexisting (and fixing this will mean touching drivers/overlay…): I’m also pretty seriously uncomfortable about this code making a decision where to record metadata, vs. the overlay driver making a decision where to create the physical layer (or, if there are multiple layers with the same ID, which one to use), completely independently. That seems to be one of those things that is guaranteed to drift out of sync.
store.go
Outdated
| if !writeable && s.imageStoreDir != "" { | ||
| options.ImageStore = true | ||
| } |
There was a problem hiding this comment.
I don’t generally see why this logic should exist at this layer of the call stack. layerStore was already initialized with the imageStore location, it seems to me that it can make this decision on its own.
Alternatively… for imageStore, the search, and the decision where to write is managed at the store level. There is no multipleLockFile for images. This looks so different, and I don’t understand the design nearly enough to tell whether the difference is necessary.
There was a problem hiding this comment.
the difference is necessary because images are always directed to the image store. Instead for layers, we write only the RO layers to the imagestore; container layers are written to the main store.
There was a problem hiding this comment.
There are three calls to .create in store.go. What about the one in imageTopLayerForMapping?
There was a problem hiding this comment.
should remapped images be always created on the image store?
I think it is better if they are created on the same store where their parent layer is. I've added a patch to the PR to implement this behavior
There was a problem hiding this comment.
Fine, I can see how that is a good location to choose.
… but now, again, we have one part of the code that decides the location in layers.go and another here in store.go.
WDYT about layerStore explicitly tracking whether imageDir is set (compare #2258 (comment) ), and then this condition can be moved inside the new pickLocation.
There was a problem hiding this comment.
and then this condition can be moved
no, that doesn’t work that easily because, AFAICS, we can’t currently tell between “ordinary” RO layers and the ID-mapping layers from imageTopLayerForMapping; we would still need to add a new option to create. Still, an thisIsAnIDMappingLayer option set in store.Go, and all location decisions centralized in pickLocations, seems worth considering.
73bde82 to
6fa178e
Compare
nobody tried to use the image store as a self store, instead of an additional store.
I was against this feature when it was first added, because it is a mess and makes everything more complicated. IMO this could have been an additional store and the decision where to pull an image handled at a higher level, but it was needed for Kubernetes and now we have to deal with it. |
… :| I am deeply dissatisfied with how the current implementation requires [I guess something along the lines of: would want to just have one “ordinary” |
6fa178e to
0fa4e24
Compare
0fa4e24 to
37f6acc
Compare
|
took care of the last comments and pushed a new version |
|
AFAICS #2258 (comment) and some variant of #2258 (comment) are still outstanding. |
a7b64c7 to
22169ad
Compare
if the goal is to not have duplication of the logic in |
|
working on a fix for the failing tests... |
f948f09 to
dc090bc
Compare
mtrmac
left a comment
There was a problem hiding this comment.
Thanks!
LGTM, just please check that I understand the removal of the “inherit from parent” code. If so, feel free to merge.
dc090bc to
a50114c
Compare
when an imagestore is used, a R/O layer must be written to the
layers.json under the imagestore, not graphroot.
The lock on the imagestore is already taken through the
multipleLockFile{} mechanism in place.
Closes: containers#2257
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
a50114c to
11a5b7b
Compare
mtrmac
left a comment
There was a problem hiding this comment.
/lgtm
Thanks!
I guess I tricked myself into doing a full review after all :)
when an imagestore is used, a R/O layer must be written to the layers.json under the imagestore, not graphroot.
The lock on the imagestore is already taken through the multipleLockFile{} mechanism in place.
Closes: #2257