Overlay snapshotter should return overlayfs mount for parallel…#13044
Overlay snapshotter should return overlayfs mount for parallel…#13044henry118 wants to merge 2 commits intocontainerd:mainfrom
Conversation
That's because erofs uses its a different applier. If it used the default walking applier it would fail as well. Its probably cleaner to have the default walking applier not have any special logic and have different appliers for these use cases. Such as with #12842. Parallel unpack would only be used together with an unpack configuration that knew how to handle it and what differ to use anyway. Without that special logic, then it would just do serial unpack with the walking differ. For backporting, this change is probably the smallest and best to get in though. I just don't think it is the cleaner long term solution. |
|
Ah I wasn't aware of #12842. I'll try to add an overlay specific applier on top of that work. |
|
We should have an integration test around this too, reproing the reported issue. |
Yes I have an integration test, but it requires a testing image. Currently the image is hosted on AWS ECR. It's better to be added to containerd's gchr. Could use some help with that as I don't have permission. |
henry118
changed the title
|
Should we host the image in ghcr or just build it as part of the test? I think either is reasonable. |
samuelkarp
added
the
cherry-pick/2.2.x
|
It would be great if the test image is held in ghcr. That'll greatly simplify the test implementation. Other benefits include:
|
|
I just ran the workflow to mirror your image: https://github.com/containerd/containerd/pkgs/container/whiteout-test |
|
Thanks @samuelkarp. The test is updated to use the ghcr image. |
samuelkarp
left a comment
samuelkarp
left a comment
There was a problem hiding this comment.
Mostly looks good. One question about userns, a nit about the test, and some suggested comments to make it clearer to a future reader.
| // If we only have one layer/no parents then just return a bind mount as overlay | ||
| // will not work. The exception is parallel unpack initially has parentless layers | ||
| // that need to be rebased on a parent later. For this case, the "overlay" mount | ||
| // is returned to signal the optimized fast-path in the walking applier. |
There was a problem hiding this comment.
I must admit that I don't actually follow on a quick read what the fast path / slow path for the walking applier is (that's just my shortcomings of internals here).
Does this trick work if we are doing a "parallel" unpack of a single layer image?
There was a problem hiding this comment.
Yes single layer image will work:
- The label is only applied to upper layers during unpack. A single layer of an image won't be labeled and will follow the slow-path (tmp mount);
- However, we can execute the fast-path for single layer too, because the fast-path doesn't really need the parents to apply the layer content.
I chose to implement the 1st approach in this PR to align more closely with the existing logic.
| for i := range s.ParentIDs { | ||
| parentPaths[i] = o.upperPath(s.ParentIDs[i]) | ||
| } | ||
| options = append(options, fmt.Sprintf("lowerdir=%s", strings.Join(parentPaths, ":"))) |
There was a problem hiding this comment.
kernel will post error like overlay: Bad value for 'lowerdir' if parentPaths is empty.
I am thinking we can use grpc metadata (just like namespace) wrapper and pass option to differ and then it can pick up whiteout converter.
There was a problem hiding this comment.
I don't think this problem would happen per the current logic.
This malformed mount option is only used by the fast-path of the applier logic during unpacking.
Regular mount operations will always have parents due to rebase.
There was a problem hiding this comment.
Happy path is always happy. I mean it's trying to poke hole as label can be updated by API.
Just feel like it's short-term fix but poke hole of system. I am not against introducing API-level change on applier
There was a problem hiding this comment.
I'm working on #13053 as long term fix.
Any chance this PR get in for v2.2 back-port in the interim?
| } | ||
| snapshotLabels[labelSnapshotRef] = chainID | ||
|
|
||
| if i > 0 && parallel { |
There was a problem hiding this comment.
or tweak the mount info if's overlay snapshot (it's hack)
|
The change can work. But I still think we should let snapshot return correct mount information and client side can tweak that to let applier to use whiteout converter. Let other reviewers chime in as well. |
@fuweid I implemented the alternative solution in #13115. Does it align what you've been thinking? |
Signed-off-by: Henry Wang <[email protected]>
Signed-off-by: Henry Wang <[email protected]>
|
I also rebased this PR and got rid of the original label proposed in this PR. We can just reuse the label introduced by #13071. |
github-project-automation
Bot
moved this from Needs Triage
to Review In Progress
in Pull Request Review
|
#13115 was merged. closing this. |
github-project-automation
Bot
moved this from Review In Progress
to Done
in Pull Request Review
6 participants
Fixes: #13030
During parallel unpack, "parent" is not passed in for snapshot prepare. The result is that overlay SN will return bind mounts instead of overlay mounts.
This PR introduces a label to indicate that the snapshot is to be "rebased" later. This will allow the overlay SN to return overlay mount. This way the whiteout files can be correctly handled by diff-apply logic.
This bug seems only apply to overlay. EROFS works fine based on my testing.