forked from containers/bootc
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Introduce bootc-owned container store, use for bound images
WIP for containers#721 Signed-off-by: Colin Walters <[email protected]>
- Loading branch information
Showing
4 changed files
with
175 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
//! # bootc-managed container storage | ||
//! | ||
//! The default storage for this project uses ostree, canonically storing all of its state in | ||
//! `/sysroot/ostree`. | ||
//! | ||
//! This containers-storage: which canonically lives in `/sysroot/ostree/bootc`. | ||
use std::cell::OnceCell; | ||
use std::sync::Arc; | ||
|
||
use anyhow::{Context, Result}; | ||
use camino::Utf8Path; | ||
use cap_std_ext::{ | ||
cap_std::fs_utf8::Dir, cmdext::CapStdExtCommandExt, dirext::CapStdExtDirExtUtf8, | ||
}; | ||
use fn_error_context::context; | ||
use rustix::fd::AsFd; | ||
use std::os::fd::OwnedFd; | ||
|
||
use crate::task::Task; | ||
|
||
/// The path to the storage, relative to the physical system root. | ||
pub(crate) const SUBPATH: &str = "ostree/bootc/storage"; | ||
/// The name of the overlay backend, created under SUBPATH above. | ||
/// Used to signal that the storage is fully initialized. | ||
const OVERLAY: &str = "overlay"; | ||
/// The path to the "runroot" with transient runtime state; this is | ||
/// relative to the /run directory | ||
const RUNROOT: &str = "bootc/storage"; | ||
|
||
pub(crate) struct Storage { | ||
root: Dir, | ||
#[allow(dead_code)] | ||
run: Dir, | ||
// A temporary mount point because skopeo wants absolute paths | ||
temp_mount: OnceCell<Result<tempfile::TempDir>>, | ||
} | ||
|
||
impl Storage { | ||
fn podman_task_in(sysroot: OwnedFd, run: OwnedFd) -> Result<crate::task::Task> { | ||
let mut t = Task::new_quiet("podman"); | ||
// podman expects absolute paths for these, so use /proc/self/fd | ||
{ | ||
let sysroot_fd: Arc<OwnedFd> = Arc::new(sysroot); | ||
t.cmd.take_fd_n(sysroot_fd, 3); | ||
} | ||
{ | ||
let run_fd: Arc<OwnedFd> = Arc::new(run); | ||
t.cmd.take_fd_n(run_fd, 4); | ||
} | ||
t = t.args(["--root=/proc/self/fd/3", "--runroot=/proc/self/fd/4"]); | ||
Ok(t) | ||
} | ||
|
||
#[allow(dead_code)] | ||
fn podman_task(&self) -> Result<crate::task::Task> { | ||
let sysroot = self.root.as_cap_std().try_clone()?.into_std_file().into(); | ||
let run = self.run.as_cap_std().try_clone()?.into_std_file().into(); | ||
Self::podman_task_in(sysroot, run) | ||
} | ||
|
||
#[context("Creating imgstorage")] | ||
pub(crate) fn create(sysroot: &Dir, run: &Dir) -> Result<Self> { | ||
let subpath = Utf8Path::new(SUBPATH); | ||
// SAFETY: We know there's a parent | ||
let parent = subpath.parent().unwrap(); | ||
if !sysroot.try_exists(subpath.join(OVERLAY))? { | ||
let tmp = format!("{SUBPATH}.tmp"); | ||
sysroot.remove_all_optional(&tmp)?; | ||
sysroot.create_dir_all(parent)?; | ||
sysroot.create_dir_all(&tmp).context("Creating tmpdir")?; | ||
// There's no explicit API to initialize a containers-storage: | ||
// root, simply passing a path will attempt to auto-create it. | ||
// We run "podman images" in the new root. | ||
Self::podman_task_in(sysroot.open_dir(&tmp)?.into(), run.try_clone()?.into())? | ||
.arg("images") | ||
.run()?; | ||
sysroot | ||
.rename(&tmp, sysroot, subpath) | ||
.context("Renaming tmpdir")?; | ||
sysroot.remove_all_optional(&tmp)?; | ||
} | ||
Self::open(sysroot, run) | ||
} | ||
|
||
#[context("Opening imgstorage")] | ||
pub(crate) fn open(sysroot: &Dir, run: &Dir) -> Result<Self> { | ||
let root = sysroot.open_dir(SUBPATH).context(SUBPATH)?; | ||
// Always auto-create this if missing | ||
run.create_dir_all(RUNROOT)?; | ||
let run = run.open_dir(RUNROOT).context(RUNROOT)?; | ||
Ok(Self { | ||
root, | ||
run, | ||
temp_mount: OnceCell::new(), | ||
}) | ||
} | ||
|
||
/// View this storage as a directory. | ||
#[allow(dead_code)] | ||
pub(crate) fn as_dir(&self) -> &Dir { | ||
&self.root | ||
} | ||
|
||
fn get_temp_mount(&self) -> Result<&Utf8Path> { | ||
match self.temp_mount.get_or_init(|| { | ||
let td = tempfile::TempDir::new()?; | ||
Task::new_quiet("mount") | ||
.args(["--bind", "."]) | ||
.arg(td.path()) | ||
.cwd(self.root.as_cap_std())? | ||
.run()?; | ||
Ok(td) | ||
}) { | ||
Ok(r) => Ok(r.path().try_into()?), | ||
Err(e) => Err(anyhow::Error::msg(e.to_string())), | ||
} | ||
} | ||
|
||
pub(crate) fn pull_from_host_storage(&self, image: &str) -> Result<()> { | ||
// The skopeo API expects absolute paths, so we make a temporary bind | ||
let temp_mount = self.get_temp_mount()?; | ||
// And an ephemeral place for the transient state | ||
let tmp_runroot = tempfile::tempdir()?; | ||
let tmp_runroot: &Utf8Path = tmp_runroot.path().try_into()?; | ||
|
||
// The destination (target stateroot) + container storage dest | ||
let storage_dest = &format!( | ||
"containers-storage:[overlay@{temp_mount}+{tmp_runroot}]" | ||
); | ||
Task::new(format!("Copying image to target: {}", image), "skopeo") | ||
.arg("copy") | ||
.arg(format!("containers-storage:{image}")) | ||
.arg(format!("{storage_dest}{image}")) | ||
.run()?; | ||
Ok(()) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -45,3 +45,4 @@ pub mod spec; | |
|
||
#[cfg(feature = "docgen")] | ||
mod docgen; | ||
mod imgstorage; |