Fix image pull and remove race #2331

dmcgowan · 2018-05-07T20:18:15Z

A few races exist today if deleting an image during pull that are addressed by this PR.

ctr image pull does not hold the same lease between fetch and unpack

Solved by getting a lease in the cli handler and passing to both functions

Rootfs apply holds no references while checking layer existence (stat from bottom up and layers can get garbage collected during check).

Solved by reversing the check order from top down, using prepare to check existence of parent rather than stat

Image object can get removed while unpack is taking place

Move image creation to after unpack, originally it existed before unpack because nothing else was holding reference to the content before leases

This did expose a common problematic pattern of relying on stat object + use object in the client. There is no guarantee after a stat returns that the object will still exist, even if the stat returned the object existed. For mutation and creation operations we normally add the object to the lease to prevent cleanup, but nothing is done on read operations today.

Signed-off-by: Derek McGowan <[email protected]>

codecov-io · 2018-05-07T20:40:24Z

Codecov Report

Merging #2331 into master will decrease coverage by 4.29%.
The diff coverage is n/a.

@@            Coverage Diff            @@
##           master    #2331     +/-   ##
=========================================
- Coverage   49.28%   44.98%   -4.3%     
=========================================
  Files          84       92      +8     
  Lines        7424     9340   +1916     
=========================================
+ Hits         3659     4202    +543     
- Misses       3089     4459   +1370     
- Partials      676      679      +3

Flag	Coverage Δ
#linux	`49.28% <ø> (ø)`	⬆️
#windows	`41.24% <ø> (?)`

Impacted Files	Coverage Δ
oci/spec.go	`40% <0%> (-10%)`	⬇️
snapshots/native/native.go	`43.89% <0%> (-10%)`	⬇️
metadata/snapshot.go	`45.8% <0%> (-8.96%)`	⬇️
archive/compression/compression.go	`43.93% <0%> (-8.9%)`	⬇️
remotes/docker/fetcher.go	`41.42% <0%> (-7.6%)`	⬇️
content/local/writer.go	`52.63% <0%> (-7.37%)`	⬇️
archive/tar.go	`43.05% <0%> (-6.95%)`	⬇️
metadata/containers.go	`47.97% <0%> (-6.62%)`	⬇️
metadata/buckets.go	`54.66% <0%> (-5.04%)`	⬇️
metadata/images.go	`58.46% <0%> (-4.7%)`	⬇️
... and 53 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6eee2a0...f0b3d5a. Read the comment docs.

crosbymichael · 2018-05-07T20:45:16Z

rootfs/apply.go

+			if tries < 3 && errdefs.IsNotFound(err) {
+				if err := applyLayers(ctx, layers, chain, sn, a); err != nil {
+					if errdefs.IsUnavailable(err) {
+						time.Sleep(time.Second * time.Duration(tries))


Do we have to wait at a min 1 sec? Seems a little long but not sure.

I can simplify this and get rid of the unavailability checks by moving the key generation into the loop. Likely this scenario cannot be reconciled and is reliant on cleanup anyway.

crosbymichael · 2018-05-07T20:47:44Z

rootfs/apply.go

+		mounts, err = sn.Prepare(ctx, key, parent.String(), opts...)
+		if err != nil {
+			tries++
+			if tries < 3 && len(layers) > 1 && errdefs.IsNotFound(err) {


this is kinda complex, do we need the len(layers) part in this?

That len(layers) check is to prevent recursion when called from rootfs.ApplyLayer. I tried to unify the functions, let me see if I can do this in a less complex well, else will document that.

Random-Liu · 2018-05-07T20:57:09Z

client.go

 	}
+
 	if pullCtx.Unpack {
 		if err := img.Unpack(ctx, pullCtx.Snapshotter); err != nil {
 			errors.Wrapf(err, "failed to unpack image on snapshotter %s", pullCtx.Snapshotter)


return nil, errors.Wrapf(err, "failed to unpack image on snapshotter %s", pullCtx.Snapshotter)?

Yeah, that isn't right #2011. I will make a seperate PR for that one.

Random-Liu · 2018-05-07T21:20:52Z

Should we cherry-pick this?

Random-Liu · 2018-05-07T22:06:35Z

Offline discussed with @dmcgowan.

Problem 1) and 3) are not a problem for cri today, because the internal image cache inside cri makes sure that image can only be deleted after it is fully pulled.

We'll update containerd and use WithPullUnpack containerd/cri#762 in cri, so that we can safely remove the internal image cache in the future for containerd/cri#760. But cherrypick is not needed.

Update apply layers to recursive from the top layer. Update apply layer to check for exists and apply single layer. Signed-off-by: Derek McGowan <[email protected]>

Signed-off-by: Derek McGowan <[email protected]>

crosbymichael · 2018-05-09T16:21:21Z

Is this ready to review again?

crosbymichael · 2018-05-10T17:06:37Z

LGTM

estesp

LGTM

Fix race in ctr pull

f701b3b

Signed-off-by: Derek McGowan <[email protected]>

crosbymichael reviewed May 7, 2018

View reviewed changes

Random-Liu reviewed May 7, 2018

View reviewed changes

Random-Liu mentioned this pull request May 7, 2018

Use containerd client.Pull with WithPullUnpack. containerd/cri#762

Closed

dmcgowan added 3 commits May 7, 2018 15:50

Add recursive apply layer function

28caf90

Update apply layers to recursive from the top layer. Update apply layer to check for exists and apply single layer. Signed-off-by: Derek McGowan <[email protected]>

Retry image creation after update not found

2bc9f49

Signed-off-by: Derek McGowan <[email protected]>

Move image creation after unpack

f0b3d5a

Signed-off-by: Derek McGowan <[email protected]>

dmcgowan force-pushed the fix-image-remove-race branch from 8b711ae to f0b3d5a Compare May 7, 2018 22:51

estesp approved these changes May 16, 2018

View reviewed changes

estesp merged commit e63768e into containerd:master May 16, 2018

dmcgowan mentioned this pull request Jun 5, 2018

parent snapshot does not exist: not found #2382

Closed

dmcgowan deleted the fix-image-remove-race branch June 5, 2018 18:19

Random-Liu mentioned this pull request Jul 26, 2018

Unpack image during import. containerd/cri#864

Merged

Fix image pull and remove race #2331

Fix image pull and remove race #2331

Uh oh!

Conversation

dmcgowan commented May 7, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov-io commented May 7, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

crosbymichael May 7, 2018

Choose a reason for hiding this comment

Uh oh!

dmcgowan May 7, 2018

Choose a reason for hiding this comment

Uh oh!

crosbymichael May 7, 2018

Choose a reason for hiding this comment

Uh oh!

dmcgowan May 7, 2018

Choose a reason for hiding this comment

Uh oh!

Random-Liu May 7, 2018

Choose a reason for hiding this comment

Uh oh!

dmcgowan May 7, 2018

Choose a reason for hiding this comment

Uh oh!

Random-Liu commented May 7, 2018

Uh oh!

Random-Liu commented May 7, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

crosbymichael commented May 9, 2018

Uh oh!

crosbymichael commented May 10, 2018

Uh oh!

estesp left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

dmcgowan commented May 7, 2018 •

edited

Loading

codecov-io commented May 7, 2018 •

edited

Loading

Random-Liu commented May 7, 2018 •

edited

Loading