-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: extend oci.Store with DeleteTree(). #645
Conversation
1b137cc
to
f77d4b2
Compare
f77d4b2
to
7d8a764
Compare
@eiffel-fl Thank you for proposing the Instead of deleting a tree, I'm thinking about garbage collection (GC). There are many benefits of GC over simply deleting a tree.
The basic idea is to mimic the garbage collection behavior of a real registry. Related: |
Hi!
After thinking a bit about it, having GC makes more sense as the GC would be on the store side and the CLI side would not need to handle it. Best regards. |
Signed-off-by: Francis Laniel <[email protected]>
7d8a764
to
d57c2d1
Compare
Codecov ReportAttention:
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #645 +/- ##
==========================================
- Coverage 75.20% 75.10% -0.10%
==========================================
Files 59 59
Lines 5473 5500 +27
==========================================
+ Hits 4116 4131 +15
- Misses 1001 1009 +8
- Partials 356 360 +4 ☔ View full report in Codecov by Sentry. |
@eiffel-fl Thanks for opening this PR. Let's make future discussions on the #472 issue page, so that more stakeholders can participate. |
@eiffel-fl Given that #653 has been merged, shall we close this PR? Thanks for bringing this up! |
Hi!
#653 handled the referrers, i.e. predecessors, while this PR handles the successors. $ sudo ls /var/lib/ig/oci-store/blobs/sha256 francis/rmi-upstream *%
225a8e697e260684d9451ccf8a622cd5548b0ae5fac6e13c416cd1d85247b7b7 b4be31f07444fb9be6dee8cd1349aab3c780d333b63406be10c5c14c1b39dd37
662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313 c06a86dad7e582686b53bec9c729b92fc56c838b59cc11d0105c2c20f3158dcd
b0eff7f0ec2a27b8d71fe904cf373fa2002c6d669db54c25a9542cf2cb5f46d1 f61eef5ff800b2e4366c6d2e7311e95ce8dc3cff5c020a3a810429656fd93efb
$ sudo -E ./ig image remove execs francis/rmi-upstream *%
INFO[0000] Experimental features enabled
Successfully removed execs
# Expected ls output is empty.
$ sudo ls /var/lib/ig/oci-store/blobs/sha256 francis/rmi-upstream *%
225a8e697e260684d9451ccf8a622cd5548b0ae5fac6e13c416cd1d85247b7b7 c06a86dad7e582686b53bec9c729b92fc56c838b59cc11d0105c2c20f3158dcd
662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313 f61eef5ff800b2e4366c6d2e7311e95ce8dc3cff5c020a3a810429656fd93efb
b4be31f07444fb9be6dee8cd1349aab3c780d333b63406be10c5c14c1b39dd37 So, I am wondering if we should not add some code here to remove also the successors? Best regards. |
Hi @eiffel-fl , can you help us to understand the relationships among those blobs you listed? $sudo ls /var/lib/ig/oci-store/blobs/sha256
225a8e697e260684d9451ccf8a622cd5548b0ae5fac6e13c416cd1d85247b7b7 b4be31f07444fb9be6dee8cd1349aab3c780d333b63406be10c5c14c1b39dd37
662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313 c06a86dad7e582686b53bec9c729b92fc56c838b59cc11d0105c2c20f3158dcd
b0eff7f0ec2a27b8d71fe904cf373fa2002c6d669db54c25a9542cf2cb5f46d1 f61eef5ff800b2e4366c6d2e7311e95ce8dc3cff5c020a3a810429656fd93efb A mermaid diagram would be very helpful. |
Hi!
Sure, sorry for the lack of details, here is the diagram: graph TD;
b0eff7f0ec2a27b8d71fe904cf373fa2002c6d669db54c25a9542cf2cb5f46d1 --> 662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313
b0eff7f0ec2a27b8d71fe904cf373fa2002c6d669db54c25a9542cf2cb5f46d1 --> f61eef5ff800b2e4366c6d2e7311e95ce8dc3cff5c020a3a810429656fd93efb
662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313 --> b4be31f07444fb9be6dee8cd1349aab3c780d333b63406be10c5c14c1b39dd37
662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313 --> 225a8e697e260684d9451ccf8a622cd5548b0ae5fac6e13c416cd1d85247b7b7
f61eef5ff800b2e4366c6d2e7311e95ce8dc3cff5c020a3a810429656fd93efb --> b4be31f07444fb9be6dee8cd1349aab3c780d333b63406be10c5c14c1b39dd37
f61eef5ff800b2e4366c6d2e7311e95ce8dc3cff5c020a3a810429656fd93efb --> c06a86dad7e582686b53bec9c729b92fc56c838b59cc11d0105c2c20f3158dcd
Basically, we have the following:
By using Best regards. |
@eiffel-fl I have some further questions:
|
Sure!
Can you please precise how can I get this information 😅?
Here is its output: root@pwmachine:/var/lib/ig/oci-store# cat index.json | jq
{
"schemaVersion": 2,
"manifests": [
{
"mediaType": "application/vnd.oci.image.index.v1+json",
"digest": "sha256:b0eff7f0ec2a27b8d71fe904cf373fa2002c6d669db54c25a9542cf2cb5f46d1",
"size": 491,
"annotations": {
"org.opencontainers.image.ref.name": "docker.io/library/execs:latest"
}
},
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313",
"size": 581,
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:f61eef5ff800b2e4366c6d2e7311e95ce8dc3cff5c020a3a810429656fd93efb",
"size": 581,
"platform": {
"architecture": "arm64",
"os": "linux"
}
}
]
} Best regards. |
For the record, I tested with #656 and I am still getting some blobs even after calling |
Hi @eiffel-fl , thanks for the clarification. I now understand what's happening. TL;DR: the behavior you observed is by design. We don't automatically delete the successor manifests along with the deleted index, if they are present in Let me put the diagram in another way: graph TD;
b0eff7f0ec2a27b8d71fe904cf373fa2002c6d669db54c25a9542cf2cb5f46d1[Index:latest] --> 662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313
b0eff7f0ec2a27b8d71fe904cf373fa2002c6d669db54c25a9542cf2cb5f46d1 --> f61eef5ff800b2e4366c6d2e7311e95ce8dc3cff5c020a3a810429656fd93efb
662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313[Manifest:amd64] --> b4be31f07444fb9be6dee8cd1349aab3c780d333b63406be10c5c14c1b39dd37
662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313 --> 225a8e697e260684d9451ccf8a622cd5548b0ae5fac6e13c416cd1d85247b7b7
f61eef5ff800b2e4366c6d2e7311e95ce8dc3cff5c020a3a810429656fd93efb[Manifest:arm64] --> b4be31f07444fb9be6dee8cd1349aab3c780d333b63406be10c5c14c1b39dd37
f61eef5ff800b2e4366c6d2e7311e95ce8dc3cff5c020a3a810429656fd93efb --> c06a86dad7e582686b53bec9c729b92fc56c838b59cc11d0105c2c20f3158dcd
We know that:
When one is deleting
The idea is that Does this make sense to you? |
BTW, may I know what tool did you use to generate this OCI layout? |
Oh you can just look into the manifests and see if they have a cat /var/lib/ig/oci-store/blobs/sha256/662ca58536d5a03864781eb42870f6712927981383f1dab1449d9adf80067313 | jq . But in this particular case, the answer is that: none of them is a |
Hi!
Thank you for the precision, it makes everything clear.
We do it ourselves using
Thank you for sharing, I will for sure remember! Best regards. |
Actually, it is |
Oh OK! |
This is not a bug, and it is not straightforward to change it🤔. |
Sure! |
Closing as we should continue discussion in #664. |
@eiffel-fl Thank you! |
Hi!
Following the merge of #614, I opened this PR to propose
DeleteTree()
.This function will delete the content matching the given descriptor but also its children if they do not have any other parent.
We use this code in Inspektor Gadget to delete OCI image:
inspektor-gadget/inspektor-gadget#2162
inspektor-gadget/inspektor-gadget@2488118#diff-570aea5baf5f0e0b7f46b570a48f173e8858df3436f091fb61d2e3c745db6f0eR298
While it is still not merged at the moment, it was nonetheless validated.
If you see any way to improve this PR, feel free to share your feedback.
Best regards and thank you in advance.