Autoupdate Local #10063
Autoupdate Local #10063
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
pkg/autoupdate/autoupdate.go
Outdated
| //return ctr_digest == img_digest, nil | ||
|
|
||
| img_created := img.Created() | ||
| ctr_created := ctr.CreatedTime() |
There was a problem hiding this comment.
I think we should continue comparing digests rather than using time stamps. The latter is prone to errors.
pkg/autoupdate/autoupdate.go
Outdated
| @@ -174,6 +183,36 @@ func AutoUpdate(runtime *libpod.Runtime, options Options) ([]string, []error) { | |||
| } | |||
| } | |||
|
|
|||
| // Autoupdate Local Iteration | |||
| for imageID, containers := range localMap { | |||
There was a problem hiding this comment.
That adds quite some duplicate code. I think we should have only loop and make the needsUpdate check conditional on the policy. We could achieve that by merging the maps into one.
map[imageUpdate][]*libpod.Container with
type imageUpdate struct {
image string
policy string
}That allows for bundling an image with a policy:
for imageUpdate, containers := range myMap {
switch imageUpdate.policy {
case ...:
case ...:
}
}
ParkerVR
force-pushed
the
autoupdate-local
branch
4 times, most recently
from
a1261c9 to
7966d6c
Compare
|
I have a working edition of the code and made some changes to refactor - new struct including the policy and changing the naming convention of the original autoupdate to 'registry' Here is my manual test/results: |
pkg/autoupdate/autoupdate.go
Outdated
| // PolicyNewImage is the policy to update as soon as there's a new image found. | ||
| PolicyNewImage = "image" | ||
| // PolicyRegistryImage is the policy to update as soon as there's a new image found. | ||
| PolicyRegistryImage = "image" |
There was a problem hiding this comment.
Could you change it to "registry"?
I would love us to use this term in the future as it's less ambiguous than "image". But (as you already did 👍) we still need to support "image" for backwards compat.
pkg/autoupdate/autoupdate.go
Outdated
| } | ||
|
|
||
| // Struct for tying a container to it's autoupdate policy | ||
| type PolicyContainer struct { |
There was a problem hiding this comment.
I think this should be a private type.
pkg/autoupdate/autoupdate.go
Outdated
| @@ -198,14 +233,14 @@ func AutoUpdate(runtime *libpod.Runtime, options Options) ([]string, []error) { | |||
|
|
|||
| // imageContainersMap generates a map[image ID] -> [containers using the image] | |||
| // of all containers with a valid auto-update policy. | |||
| func imageContainersMap(runtime *libpod.Runtime) (map[string][]*libpod.Container, []error) { | |||
| func imageContainersMap(runtime *libpod.Runtime) (map[string][]PolicyContainer, []error) { | |||
There was a problem hiding this comment.
Can you extend the comment of this function? I think it'll be helpful for future readers to understand the reasoning behind this structure:
policyContainerto bundle a policy with a container- Mapping from image to a slice of policy containers since it's possible that multiple containers refer to the same image but with different policies.
Thinking about the upper points. If the slice has [policy A, policy B, policy A] ... I think it would make sense to further bundle the items together such that we have to run a given policy only once instead of for each item individually.
A PolicyContainer could look as follows:
type policyMapper struct {
map[Policy][]*libpod.Container
}Now, when executing the policies we have direct mapping image -> policy -> containers using this policy.
There was a problem hiding this comment.
Looking good!
Along with tests, we also need to extend the man pages a bit.
I think that some may argue that having different policies for one image may be wrong (configuration error). But I haven't made my mind up on that. @ParkerVR, what do you think? Do you think we should (in theory) yield an error if image foo as containers configured with registry and local?
pkg/autoupdate/autoupdate.go
Outdated
|
|
||
| // policyMapper is used for tying a container to it's autoupdate policy | ||
| type policyMapper struct { | ||
| pMap map[Policy][]*libpod.Container |
There was a problem hiding this comment.
Nit: we could rewrite it to type policyMappyer map[Policy][]*libpod.Container
pkg/autoupdate/autoupdate.go
Outdated
| policyMap.pMap[policy] = append(policyMap.pMap[policy], ctr) | ||
| containerMap[id] = policyMap | ||
| // Now we know that `ctr` is configured for auto updates. | ||
| } else { |
There was a problem hiding this comment.
If we invert the branch logic, we can get rid of one branch:
if policy == PolicyDefault {
continue
}
id, _ := ...
|
@vrothberg to address your concern with multiple configurations, I think while this could be implemented I don't see a realistic use and as we just use a difference in digests it doesn't seem particularly rational to implement - so, I'm adding an error case. |
Digests were used to compare local image and container image Registry alias added for Image Policy Refactored to integrate new feature + change some naming conventions Tested this using a modified version of the docs autoupdate instructions & it worked successfully Signed-off-by: Parker Van Roy <[email protected]>
Signed-off-by: Parker Van Roy <[email protected]>
ParkerVR
force-pushed
the
autoupdate-local
branch
4 times, most recently
from
996d03b to
d10d8e8
Compare
| An image is considered updated if the digest in the local storage is different than the one of the remote image. | ||
| If an image must be updated, Podman pulls it down and restarts the systemd unit executing the container. | ||
|
|
||
| The registry policy requires a requires a fully-qualified image reference (e.g., quay.io/podman/stable:latest) to be used to create the container. | ||
| This enforcement is necessary to know which image to actually check and pull. | ||
| If an image ID was used, Podman would not know which image to check/pull anymore. |
There was a problem hiding this comment.
Note that "registry" and "image" refer to the same policy for backwards compatibility.
test/system/250-systemd.bats
Outdated
| @@ -42,7 +42,7 @@ function teardown() { | |||
|
|
|||
| cname=$(random_string) | |||
| # See #7407 for --pull=always. | |||
| run_podman create --pull=always --name $cname --label "io.containers.autoupdate=image" $IMAGE top | |||
| run_podman create --pull=always --name $cname --label "io.containers.autoupdate=local" $IMAGE top | |||
There was a problem hiding this comment.
Please create a new test for the local policy. --pull=always and local conflict a bit and the TODO not below is a rather important reminder of open work items.
ParkerVR
force-pushed
the
autoupdate-local
branch
from
d10d8e8 to
571345f
Compare
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
ParkerVR
force-pushed
the
autoupdate-local
branch
from
571345f to
d951415
Compare
changed struct to policyMapper change "image" to "registry" in multiple locations Updated documentation with registry alias & autoupdate local Added relevant test Signed-off-by: Parker Van Roy <[email protected]>
ParkerVR
force-pushed
the
autoupdate-local
branch
from
d951415 to
caf19ef
Compare
|
/lgtm |
|
LGTM |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon, ParkerVR The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
github-actions
bot
added
the
locked - please file new issue/PR
#9088
Introduces a new auto-update policy: "local"
Although it should probably be using NewFromLocal() and comparing image digests, the current method is to compare creation dates for autoupdate - Though I'd like to discuss before changing this system
I tested this using a modified version of the docs autoupdate instructions & it worked 'successfully'
(it required the ctr to be stopped before updating it- is this proper?)
Todo List:
Digest-Based Diff Check ?
Refactor/Merge similar functions
Write Tests
Alias "image" policy as "registry"
Will build off of #9740 to write tests
Signed-off-by: Parker Van Roy [email protected]