LCOW: Dynamic sandbox management

[lowenna]

Signed-off-by: John Howard jhoward@microsoft.com

This changes the graphdriver to perform dynamic sandbox management. Previously, as a temporary 'hack', the service VM had a prebuilt sandbox in it. With this change, management is under the control of the client (docker) and executes a mkfs.ext4 on it. This enables sandboxes of non-default sizes too (a TODO previously in the code).

It also addresses #33969 (comment) from @thaJeztah

Requires:
- go-winio: v0.4.3 (v0.4.4 is vendored)
- opengcs: v0.0.12
- hcsshim: v0.6.x (merged as part of 34272 so not in this PR)

@johnstep PTAL. Note, you won't be able to use this on current builds you have, as to create the sandbox and scratch space blank VHDX's in the cache, it relies on HCS APIs which aren't present in your builds. You can temporarily work around this by keeping sandbox.vhdx and scratch.vhdx from \lcow\lcow\cache safe somewhere, and copying them manually so that they are in place.

@darrenstahlmsft Can you track/address feedback comments while I'm on vacation?

[lowenna]

@PatrickLang FYI.

[lowenna]

And @gupta-ak FYI too.

[AkihiroSuda]

nit: it maybe good to mention that a custom kernel needs to be embedded in UEFI boot program

[lowenna]

That information is in the build instructions in the Microsoft/opengcs repo. I don't think it belongs here.

[PatrickLang]

Just to clarify - this isn't testable on Windows builds 16237 or 16241. Will be in a later build

[lowenna]

@johnstep do you have time to look? Thx

[darstahl]

This all LGTM, but I'm not a maintainer. I'll address any comments while John is on vacation.

[johnstep]

Looks pretty good, just a couple small things.

[johnstep]

Nit: This default is really %ProgramFiles%\Linux Containers\uvm.vhdx, but, more precisely, it's uvm.vhdx under lcow.kirdpath.

[lowenna]

Sure, that'll be fixed in the next push.

[johnstep]

How about a corresponding decrementRefCount for Put, replacing the following code:

	// Are we just decrementing the reference count?
	logrus.Debugf("%s: locking cache item for possible decrement", title)
	entry.Lock()
	if entry.refCount > 1 {
		entry.refCount--
		logrus.Debugf("%s: releasing cache item for decrement and early get-out as refCount is now %d", title, entry.refCount)
		entry.Unlock()
		logrus.Debugf("%s: refCount decremented to %d. Releasing cacheMutex", title, entry.refCount)
		d.cacheMutex.Unlock()
		return nil
	}
	logrus.Debugf("%s: releasing cache item", title)
	entry.Unlock()

...with something like this:

	// Are we just decrementing the reference count?
	if entry.decrementRefCount() > 0 {
		d.cacheMutex.Unlock()
		return nil
	}

[lowenna]

I didn't do that deliberately. It's currently a conditional decrement rather than absolute decrement - it just seemed clearer the way it currently is. IMO.

[johnstep]

Fair enough, and slightly more efficient, but my proposal seems easier to read, providing symmetry to the increment function. It doesn't matter if the condition is checked before or after, and decrementing makes the debug log accurate about reaching zero. :)

[lowenna]

Done

[johnstep]

Are you not renaming variables from entry (and cacheEntry) to item (or ci) to simplify this change?

[lowenna]

Yeah, I missed a few. Fixing them up :)

[johnstep]

Nit: Minor, and not a regression, but if Stat fails for a layer, but the file exists, this message is technically inaccurate. However, that seems like an unlikely scenario. I'm not sure this existence check is worthwhile.

[lowenna]

That's fair. Fixed.

[johnstep]

Is the last parameter supposed to be d.cachedSandboxFile, like it was before? This is a little confusing to me.

[lowenna]

Ah, no this is correct. First parameter is the target (which in this case the scratch we're trying to create). Last parameter is both the source and target of a cached file - if it exists, it's a straight CopyFileW from the cache to target file; if it doesn't then first the target file gets created, then it's cached to the cache location. Make sense?

[lowenna]

@johnstep - Update pushed with comments addressed.

[johnstep]

LGTM

[lowenna]

@thaJeztah PTAL. Addressed John's comments (and also fixed your decrement/increment comment from the previous PR, with helper functions).

[johnstep]

The update looks good.

[lowenna]

Note: If #34272 gets merged first, I'll need to update the vendoring on this to reflect versions with lowercase s for Sirupsen.

[lowenna]

#34272 is merged. Vendoring updated to match.

[lowenna]

Ugh. z is sooooooo flaky. Restarting. 4th time lucky 😭

[lowenna]

@mlaventure @thaJeztah @vdemeester Do you guys have time to look at this? There's a few other LCOW related PRs not yet submitted which are backed up behind this being merged. On the bright side, it only affects LCOW code, so the risk of regressing other functionality (it doesn't.....) is as close as it gets to zero. It's also already had some pretty thorough reviews from @johnstep & @darrenstahlmsft

[mlaventure]

@jhowardmsft LGTM, but could you switch to go-winio v0.4.4 ? It fixes a couple of possible deadlock/race conditions

[lowenna]

@mlaventure Yes, that's bumped to go-winio v0.4.4 now

[mlaventure]

LGTM

Anyone seeing this green on Windows can just merge :)

[lowenna]

Darn z. I've kicked it off for the 3rd attempt at https://jenkins.dockerproject.org/job/Docker-PRs-s390x/4797/console (not showing below for some reason).