metadata: define content sharing policy
This changeset modifies the metadata store to allow one to set a
"content sharing policy" that defines how blobs are shared between
namespaces in the content store.
The default mode "shared" will make blobs available in all namespaces
once it is pulled into any namespace. The blob will be pulled into
the namespace if a writer is opened with the "Expected" digest that
is already present in the backend.
The alternative mode, "isolated" requires that clients prove they have
access to the content by providing all of the content to the ingest
before the blob is added to the namespace.
Both modes share backing data, while "shared" will reduce total
bandwidth across namespaces, at the cost of allowing access to any
blob just by knowing its digest.
Note: Most functional codes and changelog of this commit originate from
Stephen J Day <stephen.day@docker.com>, see
40455aade8
Fixes #1713 Fixes #2865
Signed-off-by: Eric Lin <linxiulei@gmail.com>
This commit is contained in:
Eric Lin
@@ -238,6 +238,9 @@ func LoadPlugins(ctx context.Context, config *srvconfig.Config) ([]*plugin.Regis
|
||||
plugin.ContentPlugin,
|
||||
plugin.SnapshotPlugin,
|
||||
},
|
||||
Config: &srvconfig.BoltConfig{
|
||||
ContentSharingPolicy: srvconfig.SharingPolicyShared,
|
||||
},
|
||||
InitFn: func(ic *plugin.InitContext) (interface{}, error) {
|
||||
if err := os.MkdirAll(ic.Root, 0711); err != nil {
|
||||
return nil, err
|
||||
@@ -265,6 +268,22 @@ func LoadPlugins(ctx context.Context, config *srvconfig.Config) ([]*plugin.Regis
|
||||
snapshotters[name] = sn.(snapshots.Snapshotter)
|
||||
}
|
||||
|
||||
shared := true
|
||||
ic.Meta.Exports["policy"] = srvconfig.SharingPolicyShared
|
||||
if cfg, ok := ic.Config.(*srvconfig.BoltConfig); ok {
|
||||
if cfg.ContentSharingPolicy != "" {
|
||||
if err := cfg.Validate(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if cfg.ContentSharingPolicy == srvconfig.SharingPolicyIsolated {
|
||||
ic.Meta.Exports["policy"] = srvconfig.SharingPolicyIsolated
|
||||
shared = false
|
||||
}
|
||||
|
||||
log.L.WithField("policy", cfg.ContentSharingPolicy).Info("metadata content store policy set")
|
||||
}
|
||||
}
|
||||
|
||||
path := filepath.Join(ic.Root, "meta.db")
|
||||
ic.Meta.Exports["path"] = path
|
||||
|
||||
@@ -272,7 +291,12 @@ func LoadPlugins(ctx context.Context, config *srvconfig.Config) ([]*plugin.Regis
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
mdb := metadata.NewDB(db, cs.(content.Store), snapshotters)
|
||||
|
||||
var dbopts []metadata.DBOpt
|
||||
if !shared {
|
||||
dbopts = append(dbopts, metadata.WithPolicyIsolated)
|
||||
}
|
||||
mdb := metadata.NewDB(db, cs.(content.Store), snapshotters, dbopts...)
|
||||
if err := mdb.Init(ic.Context); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user