Add cimfs differ and snapshotter

Details about CimFs project are discussed in #8346 Signed-off-by: Amit Barve <ambarve@microsoft.com>
2023-09-14 16:18:13 -07:00
parent 643fa70a7d
commit daa1ea522b
104 changed files with 3848 additions and 2996 deletions
--- a/diff/windows/cimfs.go
+++ b/diff/windows/cimfs.go
@@ -0,0 +1,111 @@
+//go:build windows
+// +build windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package windows
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/Microsoft/hcsshim/pkg/cimfs"
+	"github.com/containerd/containerd/v2/archive"
+	"github.com/containerd/containerd/v2/content"
+	"github.com/containerd/containerd/v2/diff"
+	"github.com/containerd/containerd/v2/errdefs"
+	"github.com/containerd/containerd/v2/metadata"
+	"github.com/containerd/containerd/v2/mount"
+	"github.com/containerd/containerd/v2/platforms"
+	"github.com/containerd/containerd/v2/plugins"
+	"github.com/containerd/plugin"
+	"github.com/containerd/plugin/registry"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+func init() {
+	registry.Register(&plugin.Registration{
+		Type: plugins.DiffPlugin,
+		ID:   "cimfs",
+		Requires: []plugin.Type{
+			plugins.MetadataPlugin,
+		},
+		InitFn: func(ic *plugin.InitContext) (interface{}, error) {
+			md, err := ic.GetSingle(plugins.MetadataPlugin)
+			if err != nil {
+				return nil, err
+			}
+
+			if !cimfs.IsCimFSSupported() {
+				return nil, fmt.Errorf("host windows version doesn't support CimFS")
+			}
+			ic.Meta.Platforms = append(ic.Meta.Platforms, platforms.DefaultSpec())
+			return NewCimDiff(md.(*metadata.DB).ContentStore())
+		},
+	})
+}
+
+// cimDiff does filesystem comparison and application
+// for CimFS specific layer diffs.
+type cimDiff struct {
+	store content.Store
+}
+
+// NewCimDiff is the Windows cim container layer implementation
+// for comparing and applying filesystem layers
+func NewCimDiff(store content.Store) (CompareApplier, error) {
+	return cimDiff{
+		store: store,
+	}, nil
+}
+
+// Apply applies the content associated with the provided digests onto the
+// provided mounts. Archive content will be extracted and decompressed if
+// necessary.
+func (c cimDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts []mount.Mount, opts ...diff.ApplyOpt) (d ocispec.Descriptor, err error) {
+	layer, parentLayerPaths, err := cimMountsToLayerAndParents(mounts)
+	if err != nil {
+		return emptyDesc, err
+	}
+	return applyDiffCommon(ctx, c.store, desc, layer, parentLayerPaths, archive.AsCimContainerLayer(), opts...)
+}
+
+// Compare creates a diff between the given mounts and uploads the result
+// to the content store.
+func (c cimDiff) Compare(ctx context.Context, lower, upper []mount.Mount, opts ...diff.Opt) (d ocispec.Descriptor, err error) {
+	// support for generating layer diff of cimfs layers will be added later.
+	return emptyDesc, errdefs.ErrNotImplemented
+}
+
+func cimMountsToLayerAndParents(mounts []mount.Mount) (string, []string, error) {
+	if len(mounts) != 1 {
+		return "", nil, fmt.Errorf("%w: number of mounts should always be 1 for Windows layers", errdefs.ErrInvalidArgument)
+	}
+	mnt := mounts[0]
+	if mnt.Type != "CimFS" {
+		// This is a special case error. When this is received the diff service
+		// will attempt the next differ in the chain.
+		return "", nil, errdefs.ErrNotImplemented
+	}
+
+	parentLayerPaths, err := mnt.GetParentPaths()
+	if err != nil {
+		return "", nil, err
+	}
+
+	return mnt.Source, parentLayerPaths, nil
+}
--- a/diff/windows/windows.go
+++ b/diff/windows/windows.go
@@ -88,10 +88,8 @@ func NewWindowsDiff(store content.Store) (CompareApplier, error) {
 	}, nil
 }

-// Apply applies the content associated with the provided digests onto the
-// provided mounts. Archive content will be extracted and decompressed if
-// necessary.
-func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts []mount.Mount, opts ...diff.ApplyOpt) (d ocispec.Descriptor, err error) {
+// applyDiffCommon is a common function that is called by both windows & cimfs differs.
+func applyDiffCommon(ctx context.Context, store content.Store, desc ocispec.Descriptor, layerPath string, parentLayerPaths []string, applyOpt archive.ApplyOpt, opts ...diff.ApplyOpt) (d ocispec.Descriptor, err error) {
 	t1 := time.Now()
 	defer func() {
 		if err == nil {
@@ -111,7 +109,7 @@ func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts
 		}
 	}

-	ra, err := s.store.ReaderAt(ctx, desc)
+	ra, err := store.ReaderAt(ctx, desc)
 	if err != nil {
 		return emptyDesc, fmt.Errorf("failed to get reader from content store: %w", err)
 	}
@@ -133,26 +131,13 @@ func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts
 		r: io.TeeReader(processor, digester.Hash()),
 	}

-	layer, parentLayerPaths, err := mountsToLayerAndParents(mounts)
-	if err != nil {
-		return emptyDesc, err
-	}
-
-	// TODO darrenstahlmsft: When this is done isolated, we should disable these.
-	// it currently cannot be disabled, unless we add ref counting. Since this is
-	// temporary, leaving it enabled is OK for now.
-	// https://github.com/containerd/containerd/issues/1681
-	if err := winio.EnableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege}); err != nil {
-		return emptyDesc, err
-	}
-
 	archiveOpts := []archive.ApplyOpt{
 		archive.WithParents(parentLayerPaths),
-		archive.AsWindowsContainerLayer(),
 		archive.WithNoSameOwner(), // Lchown is not supported on Windows
+		applyOpt,
 	}

-	if _, err := archive.Apply(ctx, layer, rc, archiveOpts...); err != nil {
+	if _, err := archive.Apply(ctx, layerPath, rc, archiveOpts...); err != nil {
 		return emptyDesc, err
 	}

@@ -168,6 +153,26 @@ func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts
 	}, nil
 }

+// Apply applies the content associated with the provided digests onto the
+// provided mounts. Archive content will be extracted and decompressed if
+// necessary.
+func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts []mount.Mount, opts ...diff.ApplyOpt) (d ocispec.Descriptor, err error) {
+	layer, parentLayerPaths, err := mountsToLayerAndParents(mounts)
+	if err != nil {
+		return emptyDesc, err
+	}
+
+	// TODO darrenstahlmsft: When this is done isolated, we should disable these.
+	// it currently cannot be disabled, unless we add ref counting. Since this is
+	// temporary, leaving it enabled is OK for now.
+	// https://github.com/containerd/containerd/issues/1681
+	if err := winio.EnableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege}); err != nil {
+		return emptyDesc, err
+	}
+
+	return applyDiffCommon(ctx, s.store, desc, layer, parentLayerPaths, archive.AsWindowsContainerLayer(), opts...)
+}
+
 // Compare creates a diff between the given mounts and uploads the result
 // to the content store.
 func (s windowsDiff) Compare(ctx context.Context, lower, upper []mount.Mount, opts ...diff.Opt) (d ocispec.Descriptor, err error) {