183 lines
5.3 KiB
Go
183 lines
5.3 KiB
Go
/*
|
|
Copyright The containerd Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package plugin
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"time"
|
|
|
|
"github.com/containerd/containerd/v2/core/content"
|
|
"github.com/containerd/containerd/v2/core/metadata"
|
|
"github.com/containerd/containerd/v2/core/snapshots"
|
|
"github.com/containerd/containerd/v2/errdefs"
|
|
"github.com/containerd/containerd/v2/events"
|
|
"github.com/containerd/containerd/v2/pkg/timeout"
|
|
"github.com/containerd/containerd/v2/plugins"
|
|
"github.com/containerd/log"
|
|
"github.com/containerd/plugin"
|
|
"github.com/containerd/plugin/registry"
|
|
|
|
bolt "go.etcd.io/bbolt"
|
|
)
|
|
|
|
const (
|
|
boltOpenTimeout = "io.containerd.timeout.bolt.open"
|
|
)
|
|
|
|
func init() {
|
|
timeout.Set(boltOpenTimeout, 0) // set to 0 means to wait indefinitely for bolt.Open
|
|
}
|
|
|
|
// BoltConfig defines the configuration values for the bolt plugin, which is
|
|
// loaded here, rather than back registered in the metadata package.
|
|
type BoltConfig struct {
|
|
// ContentSharingPolicy sets the sharing policy for content between
|
|
// namespaces.
|
|
//
|
|
// The default mode "shared" will make blobs available in all
|
|
// namespaces once it is pulled into any namespace. The blob will be pulled
|
|
// into the namespace if a writer is opened with the "Expected" digest that
|
|
// is already present in the backend.
|
|
//
|
|
// The alternative mode, "isolated" requires that clients prove they have
|
|
// access to the content by providing all of the content to the ingest
|
|
// before the blob is added to the namespace.
|
|
//
|
|
// Both modes share backing data, while "shared" will reduce total
|
|
// bandwidth across namespaces, at the cost of allowing access to any blob
|
|
// just by knowing its digest.
|
|
ContentSharingPolicy string `toml:"content_sharing_policy"`
|
|
}
|
|
|
|
const (
|
|
// SharingPolicyShared represents the "shared" sharing policy
|
|
SharingPolicyShared = "shared"
|
|
// SharingPolicyIsolated represents the "isolated" sharing policy
|
|
SharingPolicyIsolated = "isolated"
|
|
)
|
|
|
|
// Validate validates if BoltConfig is valid
|
|
func (bc *BoltConfig) Validate() error {
|
|
switch bc.ContentSharingPolicy {
|
|
case SharingPolicyShared, SharingPolicyIsolated:
|
|
return nil
|
|
default:
|
|
return fmt.Errorf("unknown policy: %s: %w", bc.ContentSharingPolicy, errdefs.ErrInvalidArgument)
|
|
}
|
|
}
|
|
|
|
func init() {
|
|
registry.Register(&plugin.Registration{
|
|
Type: plugins.MetadataPlugin,
|
|
ID: "bolt",
|
|
Requires: []plugin.Type{
|
|
plugins.ContentPlugin,
|
|
plugins.EventPlugin,
|
|
plugins.SnapshotPlugin,
|
|
},
|
|
Config: &BoltConfig{
|
|
ContentSharingPolicy: SharingPolicyShared,
|
|
},
|
|
InitFn: func(ic *plugin.InitContext) (interface{}, error) {
|
|
root := ic.Properties[plugins.PropertyRootDir]
|
|
if err := os.MkdirAll(root, 0711); err != nil {
|
|
return nil, err
|
|
}
|
|
cs, err := ic.GetSingle(plugins.ContentPlugin)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
snapshottersRaw, err := ic.GetByType(plugins.SnapshotPlugin)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
snapshotters := make(map[string]snapshots.Snapshotter)
|
|
for name, sn := range snapshottersRaw {
|
|
snapshotters[name] = sn.(snapshots.Snapshotter)
|
|
}
|
|
|
|
ep, err := ic.GetSingle(plugins.EventPlugin)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
shared := true
|
|
ic.Meta.Exports["policy"] = SharingPolicyShared
|
|
if cfg, ok := ic.Config.(*BoltConfig); ok {
|
|
if cfg.ContentSharingPolicy != "" {
|
|
if err := cfg.Validate(); err != nil {
|
|
return nil, err
|
|
}
|
|
if cfg.ContentSharingPolicy == SharingPolicyIsolated {
|
|
ic.Meta.Exports["policy"] = SharingPolicyIsolated
|
|
shared = false
|
|
}
|
|
|
|
log.G(ic.Context).WithField("policy", cfg.ContentSharingPolicy).Info("metadata content store policy set")
|
|
}
|
|
}
|
|
|
|
path := filepath.Join(root, "meta.db")
|
|
ic.Meta.Exports["path"] = path
|
|
|
|
options := *bolt.DefaultOptions
|
|
// Reading bbolt's freelist sometimes fails when the file has a data corruption.
|
|
// Disabling freelist sync reduces the chance of the breakage.
|
|
// https://github.com/etcd-io/bbolt/pull/1
|
|
// https://github.com/etcd-io/bbolt/pull/6
|
|
options.NoFreelistSync = true
|
|
// Without the timeout, bbolt.Open would block indefinitely due to flock(2).
|
|
options.Timeout = timeout.Get(boltOpenTimeout)
|
|
|
|
doneCh := make(chan struct{})
|
|
go func() {
|
|
t := time.NewTimer(10 * time.Second)
|
|
defer t.Stop()
|
|
select {
|
|
case <-t.C:
|
|
log.G(ic.Context).WithField("plugin", "bolt").Warn("waiting for response from boltdb open")
|
|
case <-doneCh:
|
|
return
|
|
}
|
|
}()
|
|
db, err := bolt.Open(path, 0644, &options)
|
|
close(doneCh)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
dbopts := []metadata.DBOpt{
|
|
metadata.WithEventsPublisher(ep.(events.Publisher)),
|
|
}
|
|
|
|
if !shared {
|
|
dbopts = append(dbopts, metadata.WithPolicyIsolated)
|
|
}
|
|
|
|
mdb := metadata.NewDB(db, cs.(content.Store), snapshotters, dbopts...)
|
|
if err := mdb.Init(ic.Context); err != nil {
|
|
return nil, err
|
|
}
|
|
return mdb, nil
|
|
},
|
|
})
|
|
}
|