Commit graph

99 commits

Author SHA1 Message Date
Kir Kolyshkin
936432326a
layer: protect from same-name races
As pointed out by Tonis, there's a race between ReleaseRWLayer()
and GetRWLayer():

```
----- goroutine 1 -----               ----- goroutine 2 -----
ReleaseRWLayer()
  m := ls.mounts[l.Name()]
  ...
  m.deleteReference(l)
  m.hasReferences()
  ...                                 GetRWLayer()
  ...                                   mount := ls.mounts[id]
  ls.driver.Remove(m.mountID)
  ls.store.RemoveMount(m.name)          return mount.getReference()
  delete(ls.mounts, m.Name())
-----------------------               -----------------------
```

When something like this happens, GetRWLayer will return
an RWLayer without a storage. Oops.

There might be more races like this, and it seems the best
solution is to lock by layer id/name by using pkg/locker.

With this in place, name collision could not happen, so remove
the part of previous commit that protected against it in
CreateRWLayer (temporary nil assigmment and associated rollback).

So, now we have
* layerStore.mountL sync.Mutex to protect layerStore.mount map[]
  (against concurrent access);
* mountedLayer's embedded `sync.Mutex` to protect its references map[];
* layerStore.layerL (which I haven't touched);
* per-id locker, to avoid name conflicts and concurrent operations
  on the same rw layer.

The whole rig seems to look more readable now (mutexes use is
straightforward, no nested locks).

Reported-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit af433dd200)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-25 22:33:45 +02:00
Kir Kolyshkin
9eeb2b5ef0
layer/CreateRWLayerByGraphID: remove
This is an additon to commit 1fea38856a ("Remove v1.10 migrator")
aka PR #38265. Since that one, CreateRWLayerByGraphID() is not
used anywhere, so let's drop it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit b4e9b50765)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-25 22:33:37 +02:00
Xinfeng Liu
eaa3e69d14
layer: optimize layerStore mountL
Goroutine stack analisys shown some lock contention
while doing massively (100 instances of `docker rm`)
parallel image removal, with many goroutines waiting
for the mountL mutex. Optimize it.

With this commit, the above operation is about 3x
faster, with no noticeable change to container
creation times (tested on aufs and overlay2).

kolyshkin@:
- squashed commits
- added description
- protected CreateRWLayer against name collisions by
temporary assiging nil to ls.mounts[name], and treating
nil as "non-existent" in all the other functions.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 05250a4f00)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-25 22:32:51 +02:00
Kir Kolyshkin
80a35e0bd4
layer: protect mountedLayer.references
Add a mutex to protect concurrent access to mountedLayer.references map.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f73b5cb4e8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-25 22:32:43 +02:00
Sergio Lopez
5846db10af layer/layer_store: ensure NewInputTarStream resources are released
In applyTar, if the driver's ApplyDiff returns an error, the function
returns early without calling io.Copy.

As a consequence, the resources (a goroutine and some buffers holding
the uncompressed image, the digest, etc...) allocated or referenced by
NewInputTarStream above aren't released, as the worker goroutine only
finishes when it finds EOF or a closed pipe.

Signed-off-by: Sergio Lopez <slp@redhat.com>
2018-12-21 09:30:09 +01:00
zhenhai gao
7c5cf58328 Fix a typos in layer_windows.go
Signed-off-by: zhenhai gao <gaozh1988@live.com>
2018-11-18 18:45:06 +08:00
Salahuddin Khan
763d839261 Add ADD/COPY --chown flag support to Windows
This implements chown support on Windows. Built-in accounts as well
as accounts included in the SAM database of the container are supported.

NOTE: IDPair is now named Identity and IDMappings is now named
IdentityMapping.

The following are valid examples:
ADD --chown=Guest . <some directory>
COPY --chown=Administrator . <some directory>
COPY --chown=Guests . <some directory>
COPY --chown=ContainerUser . <some directory>

On Windows an owner is only granted the permission to read the security
descriptor and read/write the discretionary access control list. This
fix also grants read/write and execute permissions to the owner.

Signed-off-by: Salahuddin Khan <salah@docker.com>
2018-08-13 21:59:11 -07:00
Tonis Tiigi
9a0eb8d330 layer: relax graphdriver ID format
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-06-10 10:05:26 -07:00
Tonis Tiigi
ea36c3cbaf daemon: access to distribution internals
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2018-06-10 10:05:26 -07:00
Derek McGowan
0aebcbc32d
Remove metadata store interface
Layer metadata storage has not been implemented outside of the layer
store and will be deprecated by containerd metadata storage. To prepare
for this and freeze the current metadata storage, remove the exported
interface and make it internal to the layer store.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-03-06 10:42:00 -08:00
Daniel Nephin
4f0d95fa6e Add canonical import comment
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:51:57 -05:00
Yong Tang
19918b88b7 Golint fix with ro_layer.go
A small golint fix with ro_layer.go.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2018-01-24 18:24:03 +00:00
John Howard
c94d34f783 Remove OS() from layer interface
Signed-off-by: John Howard <jhoward@microsoft.com>
2018-01-18 12:56:28 -08:00
John Howard
0cba7740d4 Address feedback from Tonis
Signed-off-by: John Howard <jhoward@microsoft.com>
2018-01-18 12:30:39 -08:00
John Howard
afd305c4b5 LCOW: Refactor to multiple layer-stores based on feedback
Signed-off-by: John Howard <jhoward@microsoft.com>
2018-01-18 08:31:05 -08:00
John Howard
ce8e529e18 LCOW: Re-coalesce stores
Signed-off-by: John Howard <jhoward@microsoft.com>

The re-coalesces the daemon stores which were split as part of the
original LCOW implementation.

This is part of the work discussed in https://github.com/moby/moby/issues/34617,
in particular see the document linked to in that issue.
2018-01-18 08:29:19 -08:00
Sebastiaan van Stijn
b4a6313969
Golint: remove redundant ifs
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-01-15 00:42:25 +01:00
Sargun Dhillon
d2b71b2660 Have VFS graphdriver use accelerated in-kernel copy
This change makes the VFS graphdriver use the kernel-accelerated
(copy_file_range) mechanism of copying files, which is able to
leverage reflinks.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
2017-11-28 14:59:56 -08:00
Yong Tang
4785f1a7ab Remove solaris build tag and `contrib/mkimage/solaris
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-11-02 00:01:46 +00:00
John Howard
0380fbff37 LCOW: API: Add platform to /images/create and /build
Signed-off-by: John Howard <jhoward@microsoft.com>

This PR has the API changes described in https://github.com/moby/moby/issues/34617.
Specifically, it adds an HTTP header "X-Requested-Platform" which is a JSON-encoded
OCI Image-spec `Platform` structure.

In addition, it renames (almost all) uses of a string variable platform (and associated)
methods/functions to os. This makes it much clearer to disambiguate with the swarm
"platform" which is really os/arch. This is a stepping stone to getting the daemon towards
fully multi-platform/arch-aware, and makes it clear when "operating system" is being
referred to rather than "platform" which is misleadingly used - sometimes in the swarm
meaning, but more often as just the operating system.
2017-10-06 11:44:18 -07:00
Victor Vieux
a5f9783c93 Merge pull request #34252 from Microsoft/akagup/lcow-remotefs-sandbox
LCOW: Support for docker cp, ADD/COPY on build
2017-09-15 16:49:48 -07:00
chchliang
c72112b171 add testcase in layer/empty_test.go with Metadata()
Signed-off-by: chchliang <chen.chuanliang@zte.com.cn>
2017-09-15 14:13:48 +08:00
Akash Gupta
7a7357dae1 LCOW: Implemented support for docker cp + build
This enables docker cp and ADD/COPY docker build support for LCOW.
Originally, the graphdriver.Get() interface returned a local path
to the container root filesystem. This does not work for LCOW, so
the Get() method now returns an interface that LCOW implements to
support copying to and from the container.

Signed-off-by: Akash Gupta <akagup@microsoft.com>
2017-09-14 12:07:52 -07:00
Derek McGowan
1009e6a40b
Update logrus to v1.0.1
Fixes case sensitivity issue

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2017-07-31 13:16:46 -07:00
Aaron Lehmann
3be2273d03 Merge pull request #33713 from x1022as/error_fd
fd leak and error handling
2017-07-06 16:47:34 -07:00
John Howard
4ec9766a27 LCOW: Fix nits from 33241
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-27 11:59:49 -07:00
Deng Guangxing
0042f992d8 fd leak and error handling
Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
2017-06-23 15:38:35 +08:00
John Howard
87abf34a3d LCOW: Store integrity checks
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-20 19:49:53 -07:00
John Howard
42c5c1a9ec LCOW: Pass platform through into layer store
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-20 09:21:37 -07:00
John Howard
fc21bf280b LCOW: Adds platform to the layer store
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-06-20 09:00:32 -07:00
Daniel Nephin
bd5f92d263 Remove CopyOnBuild from the daemon.
Add CreateImage() to the daemon
Refactor daemon.Comit() and expose a Image.NewChild()
Update copy to use IDMappings.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-08 15:06:54 -04:00
Daniel Nephin
967ef7e6d2 Remove unused functions from archive.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-07 11:44:33 -04:00
Daniel Nephin
09cd96c5ad Partial refactor of UID/GID usage to use a unified struct.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-07 11:44:33 -04:00
Alfred Landrum
aa96c3176b
Let graphdrivers declare diff stream fidelity
This allows graphdrivers to declare that they can reproduce the original
diff stream for a layer. If they do so, the layer store will not use
tar-split processing, but will still verify the digest on layer export.
This makes it easier to experiment with non-default diff formats.

Signed-off-by: Alfred Landrum <alfred.landrum@docker.com>
2017-03-31 08:32:00 -07:00
lixiaobing10051267
1b0f2d71a1 modify ID to ChainID to avoid confusing
Signed-off-by: lixiaobing10051267 <li.xiaobing1@zte.com.cn>
2017-03-09 16:59:04 +08:00
John Howard
2cd8bcd7df Windows: Remove redundant 'GraphDriver() func
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-01-12 15:32:46 -08:00
John Howard
02ed83aee9 Windows: Remove dead code RegisterDiffIDs
Signed-off-by: John Howard <jhoward@microsoft.com>
2017-01-09 08:56:34 -08:00
Stephen J Day
7a85579917
*: use opencontainers/go-digest package
The `digest` data type, used throughout docker for image verification
and identity, has been broken out into `opencontainers/go-digest`. This
PR updates the dependencies and moves uses over to the new type.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-01-06 18:48:41 -08:00
Brian Goff
677fa03654 Moves graphdriver plugn docs out of experimental
Also updates some of the structures being sent so plugins are getting
all the new options.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-12-22 15:30:25 -05:00
yuexiao-wang
c8c7a3ff21 Fix some typos
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-11-30 03:01:32 +08:00
Vivek Goyal
f7f3d34210 Move CreateRWLayer() parameters in a struct
Move some of the optional parameters of CreateRWLayer() in a struct
called CreateRWLayerOpts. This will make it easy to add more options
arguments without having to change signature of CreateRWLayer().

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2016-11-16 16:31:23 -05:00
Vivek Goyal
b937aa8e69 Pass all graphdriver create() parameters in a struct
This allows for easy extension of adding more parameters to existing
parameters list. Otherwise adding a single parameter changes code
at so many places.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2016-11-09 15:59:58 -05:00
Vincent Demeester
1f4137857f Merge pull request #28006 from dmcgowan/clean-overlay2-layerstore
Cleanup invalid code in overlay2 and layer store
2016-11-02 23:16:38 -07:00
Derek McGowan
6622cc970e
Cleanup invalid code in overlay2 and layer store
The overlay2 change ensures that the correct path is used to resolve the
symlink. The current code will not fail since the symlinks are always given
a value of "../id/diff" which ends up ignoring the incorrect "link" value.
Fix this code so it doesn't cause unexpected errors in the future if the
symlink changes.

The layerstore cleanup ensures that the empty layer returns a tar stream if
the provided parent is empty. Any value other than empty still returns an
error since the empty layer has no parent. Currently empty layer is not
used anywhere that TarStreamFrom is used but could break in the future if
this function is called.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-02 16:13:53 -07:00
Derek McGowan
8625d25351
Remove TarStreamFrom from RWLayer interface
RWLayers do not implement the tar stream from, moved the
definition to Layer instead of TarStreamer

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-01 14:44:27 -07:00
Brian Goff
362369b4bb Adds ability to squash image after build
Allow built images to be squash to scratch.
Squashing does not destroy any images or layers, and preserves the
build cache.

Introduce a new CLI argument --squash to docker build
Introduce a new param to the build API endpoint `squash`

Once the build is complete, docker creates a new image loading the diffs
from each layer into a single new layer and references all the parent's
layers.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2016-11-01 13:41:59 -04:00
Stephen J Day
aa2cc18745
pkg/archive: remove unnecessary Archive and Reader type
The `archive` package defines aliases for `io.ReadCloser` and
`io.Reader`. These don't seem to provide an benefit other than type
decoration. Per this change, several unnecessary type cases were
removed.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-10-20 19:31:24 -07:00
Anusha Ragunathan
a98be0344b Update plugingetter import path in docker/docker.
Signed-off-by: Anusha Ragunathan <anusha@docker.com>
2016-10-11 11:24:18 -07:00
Kenfe-Mickael Laventure
148aef9199 Add Map() method to LayerStore interface
This method return a map associating a chain ID to its layer object

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
2016-09-29 07:42:53 -07:00
Vivek Goyal
2508ca000e layer_store: Use CreateReadWrite() for -init layer instead of Create()
init layer is read/write layer and not read only layer. Following commit
introduced new graph driver method CreateReadWrite.

ef5bfad Adding readOnly parameter to graphdriver Create method

So far only windows seem to be differentiating between above two methods.
Making this change to make sure -init layer calls right method so that
we don't have surprises in future.

Windows does not need init layer. This patch also gets rid of creation of
init layer on windows.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
2016-09-21 14:45:25 -04:00