base: docker-ce: Untar images before running docker#200
base: docker-ce: Untar images before running docker#200ricardosalveti merged 1 commit intomasterfrom
Conversation
|
|
||
| # pre-load container images into the docker data root directory (only works for overlay2 graph driver) | ||
| ExecStartPre=-/bin/sh -c 'mkdir -p /var/lib/docker && for f in `find /var/sota/import -name "*.tar"`; do echo "compose app: preloading $f" && tar -xf $f -C /var/lib/docker/ && rm $f; done' | ||
|
|
There was a problem hiding this comment.
clever - so it only runs once, unless you add to that folder on subsequent boots? I'm guessing you may have thoughts on (ab)using this later on?
There was a problem hiding this comment.
I was wondering if we should just create a separated service file just for importing the containers, as that way we can probably control the process better and avoid changing the main docker service file. That way the user can add or remove the logic by deciding what to include at the lmp image.
If we create another service we can make it run before docker and only when there are known tar files at var/sota/import (e.g. ConditionPathExistsGlob=/var/sota/import/*.tar).
There was a problem hiding this comment.
That way the user can add or remove the logic by deciding what to include at the lmp image.
This is actually for the container build. An assumption is that a customer makes lmp builds rarely and normally works with container build and if at some point he/she decides to get a system image pre-loaded with his/her latest apps' container images then these ci-scripts params should be turned on https://source.foundries.io/factories/msul-dev01/ci-scripts.git/tree/factory-config.yml#n38. Moreover, @doanac thinks that we should add an additional command to fioctl that would trigger a job (container build run) that produces a system image with pre-loaded container images taking Target as an input. Such 'interface/API' assumes that each Target's lmp build/image should include the given logic unconditionally, so users could assemble a "preloaded" image for any Target they choose.
Having said that, I think it's not a big deal to add a new a systemd service. I agree that it would "probably control the process better and avoid changing the main docker service file". I just think that we might not need it at all in the future once we move to ostree.
mike-sul
force-pushed
the
preload-container-images
branch
4 times, most recently
from
3e6113a to
d7e6d2a
Compare
| @@ -0,0 +1,17 @@ | |||
| [Unit] | |||
| Description=Docker container images preloading | |||
|
|
|||
There was a problem hiding this comment.
Please remove this empty line.
There was a problem hiding this comment.
Why? I put it there deliberately, IMHO it makes 'code' more readable.
There was a problem hiding this comment.
Just so we can separate the blocks via an empty line.
|
|
||
| After=local-fs.target | ||
| Before=docker.service | ||
|
|
There was a problem hiding this comment.
Please remove this empty line.
| ConditionPathExistsGlob=/var/sota/import/*.tar | ||
|
|
||
| [Service] | ||
| Type=oneshot |
There was a problem hiding this comment.
I believe it is also recommended to use 'RemainAfterExit=yes' here, otherwise the service will show up as dead after being executed. This is not particularly clear to, but it seems the standard.
There was a problem hiding this comment.
I read about it and tried it, but I don't see any reason it's needed in this particular case.
There was a problem hiding this comment.
I just double-checked it once more, I don't see any difference in the service behavior with or without RemainAfterExit=yes.
There was a problem hiding this comment.
Actually, there is some difference. With RemainAfterExit=yes and if the conditions are met and the ExecStart* scripts return(s) 0 then the service state will be at Active: active (exited) state while without RemainAfterExit=yes or if the conditions are not met or one of ExecStart* scripts fail then it will be at Active: inactive (dead). Also, the service will be at this state Active: inactive (dead) after the second boot regardless of RemainAfterExit=yes.
If the service is at Active: inactive (dead) then the docker service restart causes a restart of the given service. It's not quite what we need but it doesn't cause any issue anyway.
There was a problem hiding this comment.
Cool, thanks for investigating that one.
| Type=oneshot | ||
|
|
||
| # pre-load container images into the docker data root directory (only works for overlay2 graph driver) | ||
| ExecStart=/bin/sh -c 'mkdir -p /var/lib/docker && for f in `find /var/sota/import -name "*.tar"`; do echo "Compose App: preloading $f" && tar -xf $f -C /var/lib/docker/ && rm $f; done' |
There was a problem hiding this comment.
You can move 'mkdir -p /var/lib/docker' to ExecStartPre.
| After=local-fs.target | ||
| Before=docker.service | ||
|
|
||
| ConditionPathExists=/var/sota/import/installed_versions |
There was a problem hiding this comment.
IIRC this file is removed by aktualizr once it starts for the first time, so probably also good to add a dependency on aktualizr-lite (Before).
There was a problem hiding this comment.
It doesn't bring any value.
Systemd service that extracts container images from a tarball into /var/lib/docker, so they become 'preloaded' before running dockerd. The tarball is generated and injected into a system image/rootfs (WIC) either by lmp or container build or by fioctl (TBD). We might have more than one tarball file in the future. Signed-off-by: Mike Sul <[email protected]>
mike-sul
force-pushed
the
preload-container-images
branch
from
d7e6d2a to
0d56343
Compare
|
@rsalveti Updated according to your comments and verified on qemu and rpi4 under different conditions, with available an image tarball, without it, behavior after rebooting, etc. |
Relevant changes: - d323df3 Merge pull request #208 from Freescale/backport-207-to-honister - 32aff9b linux-boundary: bump revision to bb58f0ee - b123854 Merge pull request #204 from boundarydevices/honister - 9e698af u-boot-boundary: fix fw_env.config management - b4df0cf Merge pull request #201 from chrisdimich/honister - 2ebd2e0 nitrogen8mp: Define nxp as default BSP - 657e750 Merge pull request #200 from chrisdimich/honister - 8f6984a u-boot-boundary: bump revision to 3d5e7f60 - b30688b linux-boundary: bump revision to 04f4286f Signed-off-by: Ricardo Salveti <[email protected]>
Bumping go-errors to version v0.8.1-32-g5dd12d0, which comprises the following commits:
5dd12d0 AddingPowerSupport_CI/Testing (#234)
614d223 Revert "Support Go 1.13 error chains in `Cause` (#215)" (#220)
49f8f61 Support Go 1.13 error chains in `Cause` (#215)
004deef remove unnecessary use of fmt.Sprintf (#217)
6d954f5 feat: support std errors functions (#213)
7f95ac1 Add support for Go 1.13 error chains (#206)
91f1693 travis.yml: add Go 1.13
ca0248e fix travis, 1.10 doesnt support by unconvert anymore
27936f6 travis.yml: add Go 1.12 (#200)
856c240 Add json.Marshaler support to the Frame type. (#197)
ffb6e22 Reduce allocations in StackTrace.Format (#194)
e9933c1 Restore performance improvements from #150
ee1923e Return errors.Frame to a uintptr
72fa05e errors: detect unknown frames correctly (#192)
c38ea53 Remove errors.Frame to runtime.Frame conversions (#189)
c9e70be Makefile: switch to staticcheck (#187)
ee4766c Fix error during merge
584cbac Remove checks for old style anon funcs (#186)
42ce1b6 Remove Frame methods (#185)
937e8c5 gofmt -w
e19cb69 Remove last reference to runtime.FuncForPC (#184)
4f47277 Switch to runtime.CallersFrames (#183)
537896a travis: remove Go 1.8 and earlier (#182)
31aac83 travis: use Makefile (#181)
5ac96ae Update README.md
ba968bf gofmt -w errors.go (#179)
059132a Update .travis.yml (#168)
d58f942 Bump Travis versions (#172)
6ed0a2e Fix StackTrace print example
2233dee Copyedit the package documentation (#135)
e981d1a Add WithMessagef function (#118)
c059e47 fixed spelling (#156)
816c908 travis.yml: add Go 1.10 (#154)
e1ac100 reduce allocations when printing stack traces (#149)
30136e2 Remove deadcode (#146)
e881fd5 Fix minor typo in README.md (#142)
8842a6e Add badge for number of dependent libraries (#109)
e4f5060 Fix doc comment for exported Format func (#137)
f15c970 Remove an unused argument of utility test func (#139)
2b3a18b travis: add 1.9.x to go versions (#133)
c605e28 Add doc comment for exported Format func (#115)
ff09b13 Bump Go versions, use latest patch releases (#110)
bfd5150 Move benchmark assigned err to global exported variable (#106)
248dadf Bump Go versions (#91)
Signed-off-by: Bruce Ashfield <[email protected]>
3 participants
Systemd service that extracts container images from a tarball into /var/lib/docker so they become 'preloaded'
before running dockerd service.
The tarball is generated and injected into a system image/rootfs (WIC) either by lmp or container build or by fioctl (TBD).
This should go with foundriesio/ci-scripts#73 and https://git.foundries.io/development/cloudplatforms/infrastructure/repoz/merge_requests/15
Signed-off-by: Mike Sul [email protected]