Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

image-rs: Support to reuse meta_store #623

Merged
merged 3 commits into from
Jul 23, 2024
Merged

image-rs: Support to reuse meta_store #623

merged 3 commits into from
Jul 23, 2024

Conversation

ChengyuZhu6
Copy link
Member

Support to write meta_store to meta_store.json.
Set the absolute path for meta store with meta_store.json

@ChengyuZhu6
image-rs:image: Set the absolute path for meta store
417eea8 
To avoid any ambiguity and support scenarios where meta_store.json is set manually,
ensure that meta_store.json uses an absolute path.

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
@ChengyuZhu6
image-rs: support to write meta_store to file
3337610 
support to serialize metadata and write it to `meta_store.json`

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
@ChengyuZhu6
Copy link
Member Author

Needs to add related unit tests.

@ChengyuZhu6 ChengyuZhu6 marked this pull request as ready for review July 22, 2024 11:35
@ChengyuZhu6
image-rs: Add unit test to verify the reuse of meta store
6fa703c 
Add unit test to verify the reuse of the meta store.

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
@ChengyuZhu6
Copy link
Member Author

I’ve added code and unit tests to enable the reuse of the meta store and layers in the image client.

@ChengyuZhu6
Copy link
Member Author

cc @arronwy @Xynnn007 @bpradipt

@ChengyuZhu6
Copy link
Member Author

The template of meta_store.json is as follows:

{
    "image_db": {
        "sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e": {
            "id": "sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e",
            "digest": "sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a",
            "reference": "mcr.microsoft.com/hello-world",
            "image_config": {
                "created": "2019-01-01T01:29:27.650294696Z",
                "architecture": "amd64",
                "os": "linux",
                "config": {
                    "User": "",
                    "Env": [
                        "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
                    ],
                    "Cmd": [
                        "/hello"
                    ],
                    "WorkingDir": ""
                },
                "rootfs": {
                    "type": "layers",
                    "diff_ids": [
                        "sha256:af0b15c8625bb1938f1d7b17081031f649fd14e6b233688eea3c5483994a66a3"
                    ]
                },
                "history": [
                    {
                        "created": "2019-01-01T01:29:27.416803627Z",
                        "created_by": "/bin/sh -c #(nop) COPY file:f77490f70ce51da25bd21bfc30cb5e1a24b2b65eb37d4af0c327ddc24f0986a6 in / "
                    },
                    {
                        "created": "2019-01-01T01:29:27.650294696Z",
                        "created_by": "/bin/sh -c #(nop)  CMD [\"/hello\"]",
                        "empty_layer": true
                    }
                ]
            },
            "signed": false,
            "layer_metas": [
                {
                    "decoder": "Gzip",
                    "encrypted": false,
                    "compressed_digest": "sha256:1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced",
                    "uncompressed_digest": "sha256:af0b15c8625bb1938f1d7b17081031f649fd14e6b233688eea3c5483994a66a3",
                    "store_path": "/tmp/.tmpYioDI2/layers/sha256_1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced"
                }
            ]
        }
    },
    "layer_db": {
        "sha256:1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced": {
            "decoder": "Gzip",
            "encrypted": false,
            "compressed_digest": "sha256:1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced",
            "uncompressed_digest": "sha256:af0b15c8625bb1938f1d7b17081031f649fd14e6b233688eea3c5483994a66a3",
            "store_path": "/tmp/.tmpYioDI2/layers/sha256_1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced"
        }
    },
    "snapshot_db": {}
}

@bpradipt
Copy link
Member

The template of meta_store.json is as follows:

{
    "image_db": {
        "sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e": {
            "id": "sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e",
            "digest": "sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a",
            "reference": "mcr.microsoft.com/hello-world",
            "image_config": {
                "created": "2019-01-01T01:29:27.650294696Z",
                "architecture": "amd64",
                "os": "linux",
                "config": {
                    "User": "",
                    "Env": [
                        "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
                    ],
                    "Cmd": [
                        "/hello"
                    ],
                    "WorkingDir": ""
                },
                "rootfs": {
                    "type": "layers",
                    "diff_ids": [
                        "sha256:af0b15c8625bb1938f1d7b17081031f649fd14e6b233688eea3c5483994a66a3"
                    ]
                },
                "history": [
                    {
                        "created": "2019-01-01T01:29:27.416803627Z",
                        "created_by": "/bin/sh -c #(nop) COPY file:f77490f70ce51da25bd21bfc30cb5e1a24b2b65eb37d4af0c327ddc24f0986a6 in / "
                    },
                    {
                        "created": "2019-01-01T01:29:27.650294696Z",
                        "created_by": "/bin/sh -c #(nop)  CMD [\"/hello\"]",
                        "empty_layer": true
                    }
                ]
            },
            "signed": false,
            "layer_metas": [
                {
                    "decoder": "Gzip",
                    "encrypted": false,
                    "compressed_digest": "sha256:1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced",
                    "uncompressed_digest": "sha256:af0b15c8625bb1938f1d7b17081031f649fd14e6b233688eea3c5483994a66a3",
                    "store_path": "/tmp/.tmpYioDI2/layers/sha256_1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced"
                }
            ]
        }
    },
    "layer_db": {
        "sha256:1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced": {
            "decoder": "Gzip",
            "encrypted": false,
            "compressed_digest": "sha256:1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced",
            "uncompressed_digest": "sha256:af0b15c8625bb1938f1d7b17081031f649fd14e6b233688eea3c5483994a66a3",
            "store_path": "/tmp/.tmpYioDI2/layers/sha256_1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced"
        }
    },
    "snapshot_db": {}
}

Thanks @ChengyuZhu6 for fixing this. Few questions
As you know one of the aspects I'm experimenting with is to figure out a way to embed image layers in rootfs to avoid downloading the image layers again during pod creation. So for this scenario as I understand from this PR I need to do the following

  1. Populate image layers in a specific path in rootfs
  2. Create a meta_store.json file to indicate the layer details and the path inside the rootfs
  3. Ensure this meta_store.json is reference by kata-agent/image-rs to reuse the embedded layers

Is my understanding correct?
Would you know of a way (tool/script etc) to create meta_store.json ?

@ChengyuZhu6 ChengyuZhu6 changed the title image-rs: Support to write meta_store to file image-rs: Support to reuse meta_store Jul 22, 2024
@ChengyuZhu6
Copy link
Member Author

As you know one of the aspects I'm experimenting with is to figure out a way to embed image layers in rootfs to avoid downloading the image layers again during pod creation.

image-rs will download the image only once, even if multiple containers in a pod use same image.

@ChengyuZhu6
Copy link
Member Author

Populate image layers in a specific path in rootfs
Create a meta_store.json file to indicate the layer details and the path inside the rootfs
Ensure this meta_store.json is reference by kata-agent/image-rs to reuse the embedded layers

Just a reminder: we don't need to populate the image layers to rootfs. Instead, we should store the layers in the image-rs workdir/layers directory. For example, in kata, the layers (such as sha256:1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced) should be stored in /run/kata-containers/image/layers/sha256_1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced. Image-rs will then overlay the layers onto rootfs.

@ChengyuZhu6
Copy link
Member Author

Would you know of a way (tool/script etc) to create meta_store.json ?

I'm not sure if there is an existing tool or script for this, but it sounds like an interesting idea.

Xynnn007
Xynnn007 approved these changes Jul 23, 2024
View reviewed changes
Copy link
Member

@Xynnn007 Xynnn007 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice code, thanks @ChengyuZhu6 ! Let's wait for an approval from @bpradipt

bpradipt
bpradipt approved these changes Jul 23, 2024
View reviewed changes
Copy link
Member

@bpradipt bpradipt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
Thanks @ChengyuZhu6

fitzthum
fitzthum approved these changes Jul 23, 2024
View reviewed changes
Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

We have had some issues with layer caching on the host before (i.e. encrypted and unencrypted images can share layers), but I don't think that will be a problem here.

@fitzthum fitzthum merged commit f257568 into confidential-containers:main Jul 23, 2024
7 checks passed
@ChengyuZhu6 ChengyuZhu6 deleted the fix-meta-store branch July 24, 2024 02:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Xynnn007 Xynnn007 Xynnn007 approved these changes

@bpradipt bpradipt bpradipt approved these changes

@fitzthum fitzthum fitzthum approved these changes

@sameo sameo Awaiting requested review from sameo

@jiangliu jiangliu Awaiting requested review from jiangliu

@arronwy arronwy Awaiting requested review from arronwy

@lumjjb lumjjb Awaiting requested review from lumjjb

@jialez0 jialez0 Awaiting requested review from jialez0

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ChengyuZhu6 @bpradipt @fitzthum @Xynnn007