Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix long container startup times #763

Merged
merged 1 commit into from
Aug 19, 2024
Merged

Conversation

n1hility
Copy link
Member

The use of a uid map leads to a new layer with all files chowned. This takes several seconds due to the size of the instructlab container (26GB). Normally this would be a one time cost where the idmap layer is cached and reusued accross container creations; however, since the container is stored on a read-only additional image store, no caching is performed.

Address the problem by creating a derived empty contianer in mutable container storage. This allows the 1k idmap layer to be created in the smae area, yet reuses the layers in additional image store.

The use of a uid map leads to a new layer with all files chowned.
This takes several seconds due to the size of the instructlab
container (26GB). Normally this would be a one time cost where
the idmap layer is cached and reusued accross container creations;
however, since the container is stored on a read-only additional
image store, no caching is performed.

Address the problem by creating a derived empty contianer in
mutable container storage. This allows the 1k idmap layer to be
created in the smae area, yet reuses the layers in additional
image store.

Signed-off-by: Jason T. Greene <[email protected]>
@n1hility
Copy link
Member Author

PTAL @Gregory-Pereira @lmilbaum , another high priority fix

// cc @rhatdan

@rhatdan
Copy link
Member

rhatdan commented Aug 19, 2024

LGTM
@giuseppe @nalind PTAL

@rhatdan rhatdan merged commit f604294 into containers:main Aug 19, 2024
1 check passed
if [ "$?" != "0" ]; then
echo "Initializing ilab container..."
id=$(sudo podman create "$SOURCE_IMAGE")
sudo podman commit "$id" "$IMAGE_NAME"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is creating a new layer in /var/lib/containers that references the base layers, but those layers will go away across an upgrade when the base ilab image changes, right?

IOW won't this break across upgrades?

Copy link
Member Author

@n1hility n1hility Aug 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cgwalters As long as we are updating our tag (1.1 today -> 1.2 tomorrow) this should be ok, it will then just create a new container at that point. We do need to add code to cleanup old images though (1.2 will need to delete the old 1.1 container)

@cgwalters
Copy link
Contributor

Backing up a second, we should support kernel native idmapping and shouldn't need to chown I think...

@rhatdan
Copy link
Member

rhatdan commented Aug 19, 2024

I don't think idmapping was supported in RHEL for 9.4.

@n1hility
Copy link
Member Author

Right yeah we are on 5.14 and this was added to overlay in 5.19 right?

@rhatdan
Copy link
Member

rhatdan commented Aug 19, 2024

Not sure of the numbers but sounds right.

@cgwalters
Copy link
Contributor

OK yes I guess overlayfs idmapping is only going to be for RHEL10 so far unless further backports happen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants