-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support transient store mode #16371
Support transient store mode #16371
Conversation
@mheon @vrothberg @nalind @baude PTAL |
075fcee
to
5c15e25
Compare
@@ -322,6 +322,14 @@ func makeRuntime(runtime *Runtime) (retErr error) { | |||
} | |||
} | |||
|
|||
// Create the tmpDir | |||
if err := os.MkdirAll(runtime.config.Engine.TmpDir, 0751); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be 755
or if 751
is intentional maybe a comment just above could help understand why only execute is given without read to others
.
if err := os.MkdirAll(runtime.config.Engine.TmpDir, 0751); err != nil { | |
if err := os.MkdirAll(runtime.config.Engine.TmpDir, 0755); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
0751 would give others the ability to reach files (search) under the tree, but not able to list it. I do not know which is correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't have an opinion on this, I just moved the existing mkdir code earlier in the function because I need to reference TmpDir. The existing code actually had both 751
and 755
, so I deleted both, but the 751
is the one that would have "won" before, so I kept that to make it not change behaviour.
I'm fine with changing the behavior to 755`, but maybe that should be a separate PR with separate arguments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
0751 is what's being used at the moment, so I think we should keep it that way in this PR. Changing the default can be done in a separate change if needed.
Can you add this to |
Missing man page changes. Can I run both --transient containers and non transient containers at the same time? |
This is more of a storage configuration similar to --runroot= or --root=, as it affects everything. Might it still work? I dunno? Maybe? You'll have double databases for some things (bolt_state.db, etc) but shared for some (images.json, etc). My guess is that it would look like it works, but there are some issues in the locking etc if you look at it more carefully. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really like the numbers!
For the c/storage changes, I suggest to open a PR directly. This will allow for passing CI and get the storage experts' eyes on it.
Need more docs for both PRs.
5c15e25
to
70c90ba
Compare
New version with some feedback applied. Still lacks man page updates and splitting up into two PRs. |
70c90ba
to
0d1e64a
Compare
I split out the containers/storage part here: containers/storage#1424 |
Note, this doesn't currently move container |
0d1e64a
to
7b1e537
Compare
@@ -457,6 +457,8 @@ func rootFlags(cmd *cobra.Command, podmanConfig *entities.PodmanConfig) { | |||
pFlags.StringVar(&podmanConfig.Runroot, runrootFlagName, "", "Path to the 'run directory' where all state information is stored") | |||
_ = cmd.RegisterFlagCompletionFunc(runrootFlagName, completion.AutocompleteDefault) | |||
|
|||
pFlags.BoolVar(&podmanConfig.TransientStore, "transient-store", false, "Enable transient container storage") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it seems to override the setting in storage.conf
.
Shouldn't transient_store = true
in storage.conf
always set the transient flag?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to be able to pass this in the conmon cleanup commands to get the exact same setup as the initial podman command was run as, similar to the --rundir=... args, etc. That can't rely on the global setting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agreed it makes sense to have the CLI option, but when I create a new container and the global setting is set I'd expect it to affect the newly created container unless I specify --transient=false
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah. right!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, this was a bit busted before, but should work now.
However, if you specify transient_store=true in the config file that currently only affects the default for rootful containers. It seems that there is a bunch of special code that defines the default for rootless containers. This might make sense, but I'm not sure, opinions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't feel strongly about either way. I think it's a fairly niche feature (for now) but it's worth pointing users to storage.conf.
e8f53dd
to
7cb716d
Compare
b523c9b
to
b55fb1f
Compare
0823d99
to
c917692
Compare
5bc4d64
to
cf1d1d4
Compare
@mheon @vrothberg PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM overall
@@ -322,6 +322,14 @@ func makeRuntime(runtime *Runtime) (retErr error) { | |||
} | |||
} | |||
|
|||
// Create the tmpDir | |||
if err := os.MkdirAll(runtime.config.Engine.TmpDir, 0751); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
0751 is what's being used at the moment, so I think we should keep it that way in this PR. Changing the default can be done in a separate change if needed.
@@ -457,6 +457,8 @@ func rootFlags(cmd *cobra.Command, podmanConfig *entities.PodmanConfig) { | |||
pFlags.StringVar(&podmanConfig.Runroot, runrootFlagName, "", "Path to the 'run directory' where all state information is stored") | |||
_ = cmd.RegisterFlagCompletionFunc(runrootFlagName, completion.AutocompleteDefault) | |||
|
|||
pFlags.BoolVar(&podmanConfig.TransientStore, "transient-store", false, "Enable transient container storage") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't feel strongly about either way. I think it's a fairly niche feature (for now) but it's worth pointing users to storage.conf.
docs/source/markdown/podman.1.md
Outdated
This moda mode allows starting containers faster, as well as guaranteeing a fresh state on boot in case of unclean shutdowns or other problems. However | ||
it is not compabible with a traditional model where containers persist across reboots. | ||
|
||
Default value for this is configured in `/etc/containers/storage.conf`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/etc/containers/storage.conf
-> containers-storage.conf(5)
as there are various locations for storage.conf
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is copied verbatim from other options like e.g. --root
. Should I change all of them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes lets move to man page links.
Later changes will need to access it earlier, so move its creation to just after the creation of StaticDir. Note: For whatever reason this we created twice before, but we now only do it once. Signed-off-by: Alexander Larsson <alexl@redhat.com>
This handles the transient store options from the container/storage configuration in the runtime/engine. Changes are: * Print transient store status in `podman info` * Print transient store status in runtime debug output * Add --transient-store argument to override config option * Propagate config state to conmon cleanup args so the callback podman gets the same config. Note: This doesn't really change any behaviour yet (other than the changes in containers/storage). Signed-off-by: Alexander Larsson <alexl@redhat.com>
This brings a performance improvement to `podman run` on top of the other transient_store improvements in containers/storage: Transient mode without transient bolt_db: Benchmark 1: bin/podman run --transient-store=true --rm --pull=never --network=host --security-opt seccomp=unconfined fedora true Time (mean ± σ): 130.6 ms ± 5.8 ms [User: 44.4 ms, System: 25.9 ms] Range (min … max): 122.6 ms … 143.7 ms 21 runs Transient mode with transient bolt_db: Benchmark 1: bin/podman run --transient-store=true --rm --pull=never --network=host --security-opt seccomp=unconfined fedora true Time (mean ± σ): 100.3 ms ± 5.3 ms [User: 40.5 ms, System: 24.9 ms] Range (min … max): 93.0 ms … 111.6 ms 29 runs Signed-off-by: Alexander Larsson <alexl@redhat.com>
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This just calls GC on the local storage, which will remove any leftover directories from previous containers that are not in the podman db anymore. This is useful primarily for transient store mode, but can also help in the case of an unclean shutdown. Also adds some e2e test to ensure prune --external works. Signed-off-by: Alexander Larsson <alexl@redhat.com>
cf1d1d4
to
93d2ec1
Compare
This changes references to `/etc/containers/storage.conf` (and similar) to links to `containers-storage.conf(5)`, as there are alternative locations for this file. Signed-off-by: Alexander Larsson <alexl@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Nice work, @alexlarsson !
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alexlarsson, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This adds a boolean option
transient_store
to storage.conf, or via the CLI--transient-store
. If this is enabled then all containers state is considered transient and will not survived reboot, as discussed in #16245.In particular the changes are these:
$rootdir/libpod/bolt_state.db
moves to$runroot/libpod
$rootdir/overlay-containers/containers.json
moves to$runroot/overlay-containers
overlay-containerlayers
which is similar tooverlay-layers
(uses the same layer store code). This is used for layers that are part of containers (i,e. not image layers).layers.json
is stored in$runroot
. This is used for theoverlay-containerlayers
dir.The end result of this is that all metadata that is stored related to containers and volumes (but not images) end up on tmpfs. This has two main advantages. First of all database writes much faster, in particular for
podman run
which now has no database writes outside tmpfs. And secondly, since the databases are not persisted we can't run into weird issues on unclean shutdowns or other corner case. Every boot always starts from a clean slate.Note, while the databases (bolt_state.db, containers.json and layers.json) don't persist, we do use persistant storage for some of the content (such as the "upper" of the overlayfs). This shouldn't cause problems in practice because all such data is indexed by layer/container id which is unlikely to be reused across boots. However, ideally
$rootdir/overlay-container
and$rootdir/overlay-containerlayers
should be cleaned on boot to avoid leftover data to waste space.The performance improvement of this depends on system performance and characteristics. But here is an example on my desktop:
Without transient mode:
With transient mode:
NOTE: This commit touches both podman code and vendored containers/storage code, so will need to be split out. But I think reviewing is easier this way.
Does this PR introduce a user-facing change?