containerd: Image delete fixes and cleanup#46840
Conversation
vvoland
left a comment
There was a problem hiding this comment.
Just posting a couple of comments/nits.
0b9a7f7 to
04526ea
Compare
vvoland
left a comment
There was a problem hiding this comment.
Looks good overall. Just a few comments/questions from me. Don't think any of those is a blocker though.
| if truncatedID.MatchString(refOrID) { | ||
| if d, ok := parsed.(reference.Digested); ok { | ||
| if cimg, err := i.images.Get(ctx, d.String()); err == nil { | ||
| img = &cimg | ||
| dgst = d.Digest() | ||
| if cimg.Target.Digest != dgst { | ||
| // Ambiguous image reference, use reference name | ||
| log.G(ctx).WithField("image", refOrID).WithField("target", cimg.Target.Digest).Warn("digest reference points to image with a different digest") | ||
| dgst = cimg.Target.Digest | ||
| } | ||
| } else if !cerrdefs.IsNotFound(err) { | ||
| return nil, nil, convertError(err) | ||
| } else { | ||
| dgst = d.Digest() | ||
| } |
There was a problem hiding this comment.
(just a note when reviewing, wasn't sure which cases exactly would hit that path)
For the ^(sha256:)?([a-f0-9]{4,64})$ there are few distinct reference cases (refOrID):
sha256:abcdef7890123456789012345678901234567890123456789012345678901234(algo prefixed full digest)sha256:abce(algo prefixed truncated digest)abcdef7890123456789012345678901234567890123456789012345678901234(unprefixed full digest)abce(unprefixed truncated digest)
This is what the reference is resolved to in each case (reference.ParseAnyReference):
docker.io/library/sha256:abcdef7890123456789012345678901234567890123456789012345678901234
type: reference.taggedReferencedocker.io/library/sha256:abce
type: reference.taggedReferencesha256:abcdef7890123456789012345678901234567890123456789012345678901234
type: reference.digestReferencedocker.io/library/abce
type: reference.repository
There was a problem hiding this comment.
1 Seems a bit surprising. I can add more unit tests around these cases to lessen the surprise.
|
Oh, also noticed this breaks the $ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 3fbc63216742 4 months ago 6.09MB
$ docker inspect busybox -f {{.RepoDigests}}
[busybox@sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79]
# This should work
$ docker rmi busybox@sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79
Error response from daemon: No such image: busybox@sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79 |
|
@vvoland I'll add more unit tests around that case. I don't think the current tests match all the format of references which get created. |
daemon/containerd/image.go
Outdated
| if !cerrdefs.IsNotFound(err) { | ||
| return nil, nil, convertError(err) | ||
| } | ||
| return nil, nil, images.ErrImageDoesNotExist{Ref: parsed} |
There was a problem hiding this comment.
Related to the remove by repo digest test, this is the case that gets hit. There is currently a unit test that checks for this condition. When a digest is provided we can probably fall back to similar logic as when just a hash is provided. The tricky part is whether to return a matched image or not, since in this case there was no actual matched image and trying to avoid any sort of fuzzy matching with whats in containerd. However I think it makes sense to support the repo@digest case even if it is new functionality and doesn't represent any specific image which has been created.
82a655e to
3f51b7a
Compare
|
Updated with functionality to match images by repo + digest on rmi. |
|
A lot of tests are failing now in integration-cli with |
3f51b7a to
5c48d18
Compare
|
Updated, @rumpl late night commit, I missed the zero case. I added a unit test for that now as well. Still looking at TestDockerCLIRmiSuite/TestRmiUntagHistoryLayer but that isn't holding this PR back. |
5c48d18 to
49c34d7
Compare
Add single resolve function to get a consistent list of images matching the same digest. Signed-off-by: Derek McGowan <derek@mcg.dev>
Ensure that when removing an image, an image is checked consistently against the images with the same target digest. Add unit testing around delete. Signed-off-by: Derek McGowan <derek@mcg.dev>
49c34d7 to
30255e4
Compare
When repo and digest is provided, remove all references within a repository for the given digest. Signed-off-by: Derek McGowan <derek@mcg.dev>
30255e4 to
5c95e2d
Compare
|
Updated with comment and added a commit which fixes The fix for the untag is to re-add the dangling image before deleting the last tag when there are children and the rmi is not forced. I think this matches the intended logic around dangling image, another label scan right before delete is not optimal but we might be able to address that with switching to gc labels in 2.0. |
Signed-off-by: Derek McGowan <derek@mcg.dev>
5c95e2d to
cf1ea92
Compare
| assert.ErrorContains(c, err, "") | ||
| assert.Assert(c, strings.Contains(out, cID[:12])) | ||
| assert.Assert(c, strings.Contains(out, "(must force)")) | ||
| assert.Assert(c, strings.Contains(out, "(must force)") || strings.Contains(out, "(must be forced)")) |
There was a problem hiding this comment.
😭 do we know where these originate from, or is one in the CLI and one in the daemon?
There was a problem hiding this comment.
Both are in the daemon, it is just one case in the old image code that had the reason hardcoded in as (must force), although both containerd and non-containerd use the reason as must be forced. I could have updated the non-containerd code but seems like it could be considered separately.
There was a problem hiding this comment.
Oh! My search only found one, but perhaps I did it wrong.
Yeah, they were somewhat weird error messages in either case.
| // TODO: Add with target option | ||
| err := i.images.Delete(compatcontext.WithoutCancel(ctx), img.Name) |
There was a problem hiding this comment.
We should create a tracking ticket for this
| } | ||
|
|
||
| func isDanglingImage(image containerdimages.Image) bool { | ||
| // TODO: Also check for expired |
There was a problem hiding this comment.
Ditto (we should create a tracking ticket for this)
Ensure that when removing an image, an image is checked consistently against the images with the same target digest.
Update logic of determining which references are the same to fix failing tests.
Add unit testing around delete.