LCOW: Support for docker cp, ADD/COPY on build

[gupta-ak]

- What I did

Added support for LCOW container file operations likedocker cp and ADD/COPY for docker build

- How I did it

1. The original graphdriver interface for Get() returned a (string, error). I changed it to return a new interface RootFS defined in pkg/rootfs/rootfs.go. It has the Driver and PathDriver interface from continuity, which abstracts the file operations from the os package behind the interface. The RootFS interface also has container specific methods, such as resolving scoped paths.
2. I implemented the RootFS interface for non-LCOW and LCOW cases. In the non-LCOW cases, it's just a wrapper around the os package, but for LCOW, docker sends the file operations to a Linux Service VM that handles it.
3. After that, it was a matter of propagating the interface throughout docker.

- How to verify it

For regressions due to the interface break, I'm hoping the CI will catch them. For LCOW, I'm running @jhowardmsft 's LCOW testing script and also manually verifying that docker cp and docker build works.

- Description for the changelog

Support for docker cp and ADD/COPY in docker build

- A picture of a cute animal (not mandatory but encouraged)

[gupta-ak]

Example of docker cp working:

PS C:\Users\Administrator> cat '.\Documents\New folder\Dockerfile'
FROM busybox
ENV "Goldens" "Are the best dogs"
RUN export
#Hello!
PS C:\Users\Administrator> docker create -it busybox
8691c852d3bfc68201db40183d875bed2f3cba58174e30f429ef2811a12ce912
PS C:\Users\Administrator> docker cp '.\Documents\New folder\Dockerfile' 869:/root/
PS C:\Users\Administrator> docker start -ia 869
/ # cat /root/Dockerfile
FROM busybox
ENV "Goldens" "Are the best dogs"
RUN export
#Hello!/ #exit
PS C:\Users\Administrator> docker cp 869:/root/Dockerfile Dockerfile2
PS C:\Users\Administrator> cat .\Dockerfile2
FROM busybox
ENV "Goldens" "Are the best dogs"
RUN export
#Hello
PS C:\Users\Administrator>

[gupta-ak]

@stevvooe PTAL as well. Right now, everything is complete aside from the lcow/remotefs implementation, which mostly works, but has some reliability issues.

This PR can be split into multiple PRs (one for interface changes, one for LCOW changse, one for remotefs implementation) so if that is easier to do, I can do that as well. You would need everything to have it work, but it would probably be easier to review.

[dnephin]

Please move these two helpers to below the single function where they are called.

[dnephin]

A type and constant for platform and "windows" would be nice

[gupta-ak]

There's quite a few platform string that was already here. I think it's from @jhowardmsft's first LCOW PR. He's working on a platform API for the builder, so do you want the change now or in his PR? @jhowardmsft: Thoughts?

[lowenna]

I'm not sure this makes sense at this point*. There's dozens of places outside of LCOW where platform strings are used directly without a constant. It's been a long-standing pattern like this.

E:\go\src\github.com\docker\docker [jjh/buildplatformapi]> (git grep '\"windows\"' *.go | Measure-Object).Count
262

* Sure, no objection to doing this a little further down the road, across the entire code base (ideally at a point where the fast-arriving LCOW PRs aren't going to merge conflict).

[dnephin]

For the most part the path details seem to be well abstracted, but they leak out in this function.

Instead of this maybe we could have a system.HasDirectorySuffix() and system.FromSlash() or something like that?

system is already a large package, so maybe that's not the right place for it.

[gupta-ak]

I added a platform tag to the copier struct. The platform was already in the dispathRequest.builder, so I just had to extract that into thecopierFromDistpatchRequest. I added a system.FromSlash() and system.Separator() to check the directory suffix.

If the copy instruction dest doesn't need the daemon/platform specific paths here, we could also just do a check like if len(infos) > 1 && !strings.HasSuffix(filepath.ToSlash(inst.dest), "/")

[gupta-ak]

Couple of updates.

• I squashed all the commits to a single one & vendor commit.
• Finished rest of remotefs implementation, so the docker code should be ready. There's some platform reliability issues I'm hitting when testing this that I'm investigating, but the docker code shouldn't change.
• Addressed @dnephin's comments

[gupta-ak]

Now that #34170 is merged. I rebased to just my commit and the vendor.

[lowenna]

This should switch over to github.com/Microsoft/opengcs/client now.

[lowenna]

This is problematic. I hit a nil pointer de-reference panic due to this change at L411. Previously, the code had an explicit nil check here. Repro was docker cp IDOfStoppedContainer:/bin/sh .

[gupta-ak]

I can't repro it, but the logic in startServiceVMIfNotRunning needs some tweaking. See here:

defer func() {
	// Signal that start has finished, passing in the error if any.
	svm.signalStartFinished(err)
	if err == nil {
		return
	}

	// We added a ref to the VM, since we failed, we should delete the ref.
	d.terminateServiceVM(id, "error path on startServiceVMIfNotRunning", false)
}()

/* Some functions that can fail. */
	
// Start it.
logrus.Debugf("lcowdriver: startServiceVmIfNotRunning: (%s) starting %s", context, svm.config.Name)
if err := svm.config.StartUtilityVM(); err != nil {
	return nil, fmt.Errorf("failed to start service utility VM (%s): %s", context, err)
}

Bascially, if any function fails before the svm.config.StartUtilityVM() part, then svm.config.Uvm will be nil, triggering a panic, so I need to guard L411 with some check.

[lowenna]

s/Operationg/operation

[gupta-ak]

@stevvooe PTAL + add whoever else should take a look

[lowenna]

Has this comment been moved to the correct place? It used to be in the driver struct for the cache.

[johnstep]

I only skimmed the rest of the PR, but the LCOW graph driver changes look good!

[johnstep]

Nit: Why is syscall separate from the previous set of imports?

[gupta-ak]

just seems like a typo

[johnstep]

ContainerFS interface

[johnstep]

You could move this after locking on line 103, and remove the Unlock on 105.

[johnstep]

Note: Seems a little odd to recurse here, but it's not a problem.

[johnstep]

Shouldn't this function remove the mount if this is the last reference?

[gupta-ak]

good catch! should be > 1

[johnstep]

Nit: Why is io separate from the previous set of imports?

[gupta-ak]

seems like a typo

[mlaventure]

I just got aware of this, and it's too big for me to have a proper look in a decent timeframe, but it does look like overkill. I think something is wrong if we have to re-implement the POSIX interface within moby. This would be better served by an actual filesystem driver. Any reason not to go that way? It would also allow Microsoft to change its behavior in sync with their shim without requiring changes within Docker.

[gupta-ak]

rebased + updated with @johnstep 's feedback

[johnstep]

LGTM (based on code, will test soon)

[lowenna]

Graphdriver changes LGTM

[thaJeztah]

from #34252 (comment)

Notes from 8/25 call with Li Li, Akash, Derek, Tonis, John S, Friis, Carl

Next steps:
1 - Get 2 LGTMs on LCOW portions (@jhowardmsft, @johnstep )
2 - Get 1 LGTM from Docker on the non-LCOW portions (@dmcgowan)
3 - MSFT to work with Docker (@friism to get contact) to get graph driver test coverage via existing > end to end regression test suite

@dmcgowan @mlaventure is this one ready to go?

[dmcgowan]

LGTM