When multiple clients are pulling the same image, we may have this
lock error. Short-lived locks are probably fine, but long-lived locks
may indicate that containerd has some issues.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
While Walk() has been taking filter strings, it was not using the parameter.
This change actually makes the filtering work.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
Private registries that does not support http 2.0 such as Azure Container Registry streams back content in a max of 16KB chunks (max TLS record size). The small chunks introduce an overhead when copying the layers to the content store sine each chunk incurs the overhead of grpc message that has to be sent to the content store.
This change reduces this overhead by buffering the chunks into 1MB chunks and only then writes a message to the content store.
Below is a per comparsion between the 2 approaches using a couple of large images that are being pulled from the docker hub (http 2.0) and a private Azure CR (http 1.1) in seconds.
image | Buffered copy | master
------- |---------------|----------
docker.io/pytorch/pytorch:latest | 55.63 | 58.33
docker.io/nvidia/cuda:latest | 72.05 | 75.98
containerdpulltest.azurecr.io/pytorch/pytorch:latest | 61.45 | 77.1
containerdpulltest.azurecr.io/nvidia/cuda:latest | 77.13 | 85.47
Signed-off-by: Amr Mahdi <amramahdi@gmail.com>
Enables showing debug logs in testing output.
For integration tests the client log output will show
in addition to daemon output, with timestamps for better
correlation.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
megacheck, gosimple and unused has been deprecated and subsumed by
staticcheck. And staticcheck also has been upgraded. we need to update
code for the linter issue.
close: #2945
Signed-off-by: Wei Fu <fuweid89@gmail.com>
This changeset modifies the metadata store to allow one to set a
"content sharing policy" that defines how blobs are shared between
namespaces in the content store.
The default mode "shared" will make blobs available in all namespaces
once it is pulled into any namespace. The blob will be pulled into
the namespace if a writer is opened with the "Expected" digest that
is already present in the backend.
The alternative mode, "isolated" requires that clients prove they have
access to the content by providing all of the content to the ingest
before the blob is added to the namespace.
Both modes share backing data, while "shared" will reduce total
bandwidth across namespaces, at the cost of allowing access to any
blob just by knowing its digest.
Note: Most functional codes and changelog of this commit originate from
Stephen J Day <stephen.day@docker.com>, see
40455aade8Fixes#1713Fixes#2865
Signed-off-by: Eric Lin <linxiulei@gmail.com>
The local store could end up in a state where the writer is
closed but the reference is locked after a commit on an
existing object.
Cleans up Commit logic to always close the writer even after
an error occurs, guaranteeing the reference is unlocked after commit.
Adds a test to the content test suite to verify this behavior.
Updates the content store interface definitions to clarify the behavior.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Allow content ingests to be cleaned up during gc.
Use a default expiration on content ingests or make
use of the lease expiration when provided.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Go 1.11 uses a different formatting for maps, and now
aligns values; running `gofmt -s -w` on this file resulted
in this diff;
```patch
content/testsuite/testsuite.go | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/content/testsuite/testsuite.go b/content/testsuite/testsuite.go
index 974c7cb8ed..d9ae9dc160 100644
--- a/content/testsuite/testsuite.go
+++ b/content/testsuite/testsuite.go
@@ -365,8 +365,8 @@ func checkLabels(ctx context.Context, t *testing.T, cs content.Store) {
rootTime := time.Now().UTC().Format(time.RFC3339)
labels := map[string]string{
- "k1": "v1",
- "k2": "v2",
+ "k1": "v1",
+ "k2": "v2",
"containerd.io/gc.root": rootTime,
}
@@ -402,7 +402,7 @@ func checkLabels(ctx context.Context, t *testing.T, cs content.Store) {
}
info.Labels = map[string]string{
- "k1": "v1",
+ "k1": "v1",
"containerd.io/gc.root": rootTime,
}
preUpdate = time.Now()
```
Adding a whitespace before the long key to make it format the same
on both Go 1.11 and older versions of Go.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change allows implementations to resolve the location of the actual data
using OCI descriptor fields such as MediaType.
No OCI descriptor field is written to the store.
No change on gRPC API.
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Deferring the put back of the buffer is not necessary since
it can be done immediately after use, before checking error.
This decreases the amount of the time the buffer is out
of the pool and not in use.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Allows the client to choose the context to finish the lease.
This allows the client to switch contexts when the main context
used to the create the lease may have been cancelled.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
