Rework named volumes in DB #2774
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
@rhatdan What would you say about removing I really don't like the concept of force-removing volumes. You end up with a bunch of containers that don't work anymore because a volume they need went and disappeared. We should either require |
|
(That is why the tests are failing - I ripped out a lot of code related to |
|
|
pkg/spec/spec.go
Outdated
| @@ -126,7 +152,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint | |||
| g.RemoveMount("/dev/mqueue") | |||
| devMqueue := spec.Mount{ | |||
| Destination: "/dev/mqueue", | |||
| Type: "bind", | |||
| Type: bindMount, | |||
There was a problem hiding this comment.
we could probably just drop the Type altogether. The OCI runtime looks at the options to see if it is a bind mount (either contains bind or rbind)
There was a problem hiding this comment.
I'll leave it for now, it's in the official OCI spec.
pkg/spec/spec.go
Outdated
| continue | ||
| } | ||
| // Volumes that are not named volumes must be an absolute or relative path | ||
| if strings.Contains(mount.Source, "/") || strings.Contains(mount.Source, ".") { |
There was a problem hiding this comment.
it seems that Docker doesn't accept relative paths, but accept named volumes as foo.bar. If we want to extend it in a non breaking way, we could limit relative paths to having a prefix like ./, but raise an error on, e.g. -v .foo:/foo
What do you think?
There was a problem hiding this comment.
Right now we're using the same name regex for volumes that we do for pods and containers - letters, numbers, underscores only. I need to check and see what Docker uses for their volume name regex.
I don't know if I mind requiring that volume names not allow . if it makes detecting/allowing relative paths easier. @rhatdan @giuseppe WDYT?
There was a problem hiding this comment.
I don't like the idea of not allowing volume names that Docker does allow.
We can document that we allow paths that begin with . and / only.
There was a problem hiding this comment.
Alright, looking at this, it seems like Docker allows . in volume and container names now. No other changes I could see.
Will modify our regex in a separate PR to handle this, then update this PR.
There was a problem hiding this comment.
Fixed. We now use HasPrefix() to check only the first character which is guaranteed to be alphanumeric for names.
mheon
force-pushed
the
db_rework_named_volume
branch
from
d6e2bd3 to
37ed099
Compare
|
Only remaining question: should we force-remove those containers (stop them if they're running)? |
|
LGTM |
|
☔ The latest upstream changes (presumably #2730) made this pull request unmergeable. Please resolve the merge conflicts. |
mheon
force-pushed
the
db_rework_named_volume
branch
from
37ed099 to
e4f637b
Compare
|
I apparently broke volumes-from here |
|
Going to take a few hours to fix this, and it's not really release critical, so we'll go without it. |
mheon
force-pushed
the
db_rework_named_volume
branch
from
e4f637b to
97deed5
Compare
|
Finding heaps of bugs with the --mount flag at the same time I'm working on this. Going to try and get this in as-is, and rework the rest in a followup. |
|
Alright, if this passes tests, I think it's ready. Diving into this, I have way more work to do on the volumes side - the |
mheon
force-pushed
the
db_rework_named_volume
branch
4 times, most recently
from
a5d2490 to
6fc464a
Compare
|
35 minutes to build 12 commits? Wow. Alright, squashing down further. |
mheon
force-pushed
the
db_rework_named_volume
branch
from
6fc464a to
2de3f26
Compare
openshift-ci-robot
added
size/XXL
openshift-ci-robot
added
size/XL
and removed
size/XXL
|
Add to our --mount woes: commit handling of volume mounts is definitely wrong. Unfortunately, we have tests that verify the incorrect behavior, which seem to be failing here. |
mheon
force-pushed
the
db_rework_named_volume
branch
from
7bd786c to
28d1f0e
Compare
|
☔ The latest upstream changes (presumably #2706) made this pull request unmergeable. Please resolve the merge conflicts. |
mheon
force-pushed
the
db_rework_named_volume
branch
from
28d1f0e to
1e82a03
Compare
openshift-ci-robot
added
the
needs-rebase
Signed-off-by: Matthew Heon <[email protected]>
This swaps the previous handling (parse all volume mounts on the container and look for ones that might refer to named volumes) for the new, explicit named volume lists stored per-container. It also deprecates force-removing volumes that are in use. I don't know how we want to handle this yet, but leaving containers that depend on a volume that no longer exists is definitely not correct. Signed-off-by: Matthew Heon <[email protected]>
Replaces old functionality we used for handling image volumes. Signed-off-by: Matthew Heon <[email protected]>
Now that named volumes must be explicitly enumerated rather than passed in with all other volumes, we need to split normal and named volumes up before passing them into libpod. This PR does this. Signed-off-by: Matthew Heon <[email protected]>
Signed-off-by: Matthew Heon <[email protected]>
The flag should be substantially more durable, and no longer relies on the create artifact. This should allow it to properly handle our new named volume implementation. Signed-off-by: Matthew Heon <[email protected]>
We were never using it. It's actually a potentially quite sizable field (very expensive to decode an array of structs!). Removing it should do no harm. Signed-off-by: Matthew Heon <[email protected]>
The Commit test is blatantly wrong and testing buggy behavior. We should be commiting the destination, if anything - and more likely nothing at all. When force-removing volumes, don't remove the volumes of containers we need to remove. This can lead to a chicken and the egg problem where the container removes the volume before we can. When we re-add volume locks this could lead to deadlocks. I don't really want to deal with this, and this doesn't seem a particularly harmful quirk, so we'll let this slide until we get a bug report. Signed-off-by: Matthew Heon <[email protected]>
mheon
force-pushed
the
db_rework_named_volume
branch
from
1e82a03 to
02c6110
Compare
openshift-ci-robot
removed
the
needs-rebase
|
Rebased, tests ought to be fixed |
|
Tests finally passing. |
|
@mheon Nice work |
| @@ -47,7 +47,7 @@ var _ = Describe("Podman volume rm", func() { | |||
| Expect(len(session.OutputToStringArray())).To(Equal(0)) | |||
| }) | |||
|
|
|||
| It("podman rm with --force flag", func() { | |||
| It("podman volume rm with --force flag", func() { | |||
There was a problem hiding this comment.
Is there a test with a volume that is removed that's associated with multiple containers?
There was a problem hiding this comment.
LGTM.
One testing question. Would like a head nod from either @giuseppe or @vrothberg
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
I haven't done more than compile test this, but the code's finally done, so I figured I'd put it up for review.
This swaps the backend for named volumes, making them explicit in the database rather than intermixed with other container volumes. This has numerous advantages, especially with volumes that require mounts - we can ensure they're mounted when we start the container easily.
The biggest issue with this is the changes to the way the database tracks dependency containers for a volume. I've written things such that we don't need any changes to existing containers in the database - things should continue working as before on an upgrade. We won't know to remove container dependencies from the volume as it is removed, but the DB has been changed to gracefully handle this. The issue will come if you downgrade to an earlier Podman after using this patch - you may end up with volumes that can never be removed without upgrading back to a version with this patch. I don't have a good way around that.