964 lines
30 KiB
Go
964 lines
30 KiB
Go
package storage
|
||
|
||
import (
|
||
"errors"
|
||
"fmt"
|
||
"os"
|
||
"path/filepath"
|
||
"slices"
|
||
"sync"
|
||
"time"
|
||
|
||
"github.com/containers/storage/pkg/idtools"
|
||
"github.com/containers/storage/pkg/ioutils"
|
||
"github.com/containers/storage/pkg/lockfile"
|
||
"github.com/containers/storage/pkg/stringid"
|
||
"github.com/containers/storage/pkg/truncindex"
|
||
digest "github.com/opencontainers/go-digest"
|
||
"github.com/sirupsen/logrus"
|
||
)
|
||
|
||
type containerLocations uint8
|
||
|
||
// The backing store is split in two json files, one (the volatile)
|
||
// that is written without fsync() meaning it isn't as robust to
|
||
// unclean shutdown
|
||
const (
|
||
stableContainerLocation containerLocations = 1 << iota
|
||
volatileContainerLocation
|
||
|
||
numContainerLocationIndex = iota
|
||
)
|
||
|
||
func containerLocationFromIndex(index int) containerLocations {
|
||
return 1 << index
|
||
}
|
||
|
||
// A Container is a reference to a read-write layer with metadata.
|
||
type Container struct {
|
||
// ID is either one which was specified at create-time, or a random
|
||
// value which was generated by the library.
|
||
ID string `json:"id"`
|
||
|
||
// Names is an optional set of user-defined convenience values. The
|
||
// container can be referred to by its ID or any of its names. Names
|
||
// are unique among containers.
|
||
Names []string `json:"names,omitempty"`
|
||
|
||
// ImageID is the ID of the image which was used to create the container.
|
||
ImageID string `json:"image"`
|
||
|
||
// LayerID is the ID of the read-write layer for the container itself.
|
||
// It is assumed that the image's top layer is the parent of the container's
|
||
// read-write layer.
|
||
LayerID string `json:"layer"`
|
||
|
||
// Metadata is data we keep for the convenience of the caller. It is not
|
||
// expected to be large, since it is kept in memory.
|
||
Metadata string `json:"metadata,omitempty"`
|
||
|
||
// BigDataNames is a list of names of data items that we keep for the
|
||
// convenience of the caller. They can be large, and are only in
|
||
// memory when being read from or written to disk.
|
||
BigDataNames []string `json:"big-data-names,omitempty"`
|
||
|
||
// BigDataSizes maps the names in BigDataNames to the sizes of the data
|
||
// that has been stored, if they're known.
|
||
BigDataSizes map[string]int64 `json:"big-data-sizes,omitempty"`
|
||
|
||
// BigDataDigests maps the names in BigDataNames to the digests of the
|
||
// data that has been stored, if they're known.
|
||
BigDataDigests map[string]digest.Digest `json:"big-data-digests,omitempty"`
|
||
|
||
// Created is the datestamp for when this container was created. Older
|
||
// versions of the library did not track this information, so callers
|
||
// will likely want to use the IsZero() method to verify that a value
|
||
// is set before using it.
|
||
Created time.Time `json:"created,omitempty"`
|
||
|
||
// UIDMap and GIDMap are used for setting up a container's root
|
||
// filesystem for use inside of a user namespace where UID mapping is
|
||
// being used.
|
||
UIDMap []idtools.IDMap `json:"uidmap,omitempty"`
|
||
GIDMap []idtools.IDMap `json:"gidmap,omitempty"`
|
||
|
||
Flags map[string]any `json:"flags,omitempty"`
|
||
|
||
// volatileStore is true if the container is from the volatile json file
|
||
volatileStore bool `json:"-"`
|
||
}
|
||
|
||
// rwContainerStore provides bookkeeping for information about Containers.
|
||
type rwContainerStore interface {
|
||
metadataStore
|
||
containerBigDataStore
|
||
flaggableStore
|
||
|
||
// startWriting makes sure the store is fresh, and locks it for writing.
|
||
// If this succeeds, the caller MUST call stopWriting().
|
||
startWriting() error
|
||
|
||
// stopWriting releases locks obtained by startWriting.
|
||
stopWriting()
|
||
|
||
// startReading makes sure the store is fresh, and locks it for reading.
|
||
// If this succeeds, the caller MUST call stopReading().
|
||
startReading() error
|
||
|
||
// stopReading releases locks obtained by startReading.
|
||
stopReading()
|
||
|
||
// create creates a container that has a specified ID (or generates a
|
||
// random one if an empty value is supplied) and optional names,
|
||
// based on the specified image, using the specified layer as its
|
||
// read-write layer.
|
||
// The maps in the container's options structure are recorded for the
|
||
// convenience of the caller, nothing more.
|
||
create(id string, names []string, image, layer string, options *ContainerOptions) (*Container, error)
|
||
|
||
// updateNames modifies names associated with a container based on (op, names).
|
||
updateNames(id string, names []string, op updateNameOperation) error
|
||
|
||
// Get retrieves information about a container given an ID or name.
|
||
Get(id string) (*Container, error)
|
||
|
||
// Exists checks if there is a container with the given ID or name.
|
||
Exists(id string) bool
|
||
|
||
// Delete removes the record of the container.
|
||
Delete(id string) error
|
||
|
||
// Wipe removes records of all containers.
|
||
Wipe() error
|
||
|
||
// Lookup attempts to translate a name to an ID. Most methods do this
|
||
// implicitly.
|
||
Lookup(name string) (string, error)
|
||
|
||
// Containers returns a slice enumerating the known containers.
|
||
Containers() ([]Container, error)
|
||
|
||
// Clean up unreferenced datadirs
|
||
GarbageCollect() error
|
||
}
|
||
|
||
type containerStore struct {
|
||
// The following fields are only set when constructing containerStore, and must never be modified afterwards.
|
||
// They are safe to access without any other locking.
|
||
lockfile *lockfile.LockFile // Synchronizes readers vs. writers of the _filesystem data_, both cross-process and in-process.
|
||
dir string
|
||
jsonPath [numContainerLocationIndex]string
|
||
|
||
inProcessLock sync.RWMutex // Can _only_ be obtained with lockfile held.
|
||
// The following fields can only be read/written with read/write ownership of inProcessLock, respectively.
|
||
// Almost all users should use startReading() or startWriting().
|
||
lastWrite lockfile.LastWrite
|
||
containers []*Container
|
||
idindex *truncindex.TruncIndex
|
||
byid map[string]*Container
|
||
bylayer map[string]*Container
|
||
byname map[string]*Container
|
||
}
|
||
|
||
func copyContainer(c *Container) *Container {
|
||
return &Container{
|
||
ID: c.ID,
|
||
Names: copySlicePreferringNil(c.Names),
|
||
ImageID: c.ImageID,
|
||
LayerID: c.LayerID,
|
||
Metadata: c.Metadata,
|
||
BigDataNames: copySlicePreferringNil(c.BigDataNames),
|
||
BigDataSizes: copyMapPreferringNil(c.BigDataSizes),
|
||
BigDataDigests: copyMapPreferringNil(c.BigDataDigests),
|
||
Created: c.Created,
|
||
UIDMap: copySlicePreferringNil(c.UIDMap),
|
||
GIDMap: copySlicePreferringNil(c.GIDMap),
|
||
Flags: copyMapPreferringNil(c.Flags),
|
||
volatileStore: c.volatileStore,
|
||
}
|
||
}
|
||
|
||
func (c *Container) MountLabel() string {
|
||
if label, ok := c.Flags[mountLabelFlag].(string); ok {
|
||
return label
|
||
}
|
||
return ""
|
||
}
|
||
|
||
func (c *Container) ProcessLabel() string {
|
||
if label, ok := c.Flags[processLabelFlag].(string); ok {
|
||
return label
|
||
}
|
||
return ""
|
||
}
|
||
|
||
func (c *Container) MountOpts() []string {
|
||
switch value := c.Flags[mountOptsFlag].(type) {
|
||
case []string:
|
||
return value
|
||
case []any:
|
||
var mountOpts []string
|
||
for _, v := range value {
|
||
if flag, ok := v.(string); ok {
|
||
mountOpts = append(mountOpts, flag)
|
||
}
|
||
}
|
||
return mountOpts
|
||
default:
|
||
return nil
|
||
}
|
||
}
|
||
|
||
// The caller must hold r.inProcessLock for reading.
|
||
func containerLocation(c *Container) containerLocations {
|
||
if c.volatileStore {
|
||
return volatileContainerLocation
|
||
}
|
||
return stableContainerLocation
|
||
}
|
||
|
||
// startWritingWithReload makes sure the store is fresh if canReload, and locks it for writing.
|
||
// If this succeeds, the caller MUST call stopWriting().
|
||
//
|
||
// This is an internal implementation detail of containerStore construction, every other caller
|
||
// should use startWriting() instead.
|
||
func (r *containerStore) startWritingWithReload(canReload bool) error {
|
||
r.lockfile.Lock()
|
||
r.inProcessLock.Lock()
|
||
succeeded := false
|
||
defer func() {
|
||
if !succeeded {
|
||
r.inProcessLock.Unlock()
|
||
r.lockfile.Unlock()
|
||
}
|
||
}()
|
||
|
||
if canReload {
|
||
if _, err := r.reloadIfChanged(true); err != nil {
|
||
return err
|
||
}
|
||
}
|
||
|
||
succeeded = true
|
||
return nil
|
||
}
|
||
|
||
// startWriting makes sure the store is fresh, and locks it for writing.
|
||
// If this succeeds, the caller MUST call stopWriting().
|
||
func (r *containerStore) startWriting() error {
|
||
return r.startWritingWithReload(true)
|
||
}
|
||
|
||
// stopWriting releases locks obtained by startWriting.
|
||
func (r *containerStore) stopWriting() {
|
||
r.inProcessLock.Unlock()
|
||
r.lockfile.Unlock()
|
||
}
|
||
|
||
// startReading makes sure the store is fresh, and locks it for reading.
|
||
// If this succeeds, the caller MUST call stopReading().
|
||
func (r *containerStore) startReading() error {
|
||
// inProcessLocked calls the nested function with r.inProcessLock held for writing.
|
||
inProcessLocked := func(fn func() error) error {
|
||
r.inProcessLock.Lock()
|
||
defer r.inProcessLock.Unlock()
|
||
return fn()
|
||
}
|
||
|
||
r.lockfile.RLock()
|
||
unlockFn := r.lockfile.Unlock // A function to call to clean up, or nil.
|
||
defer func() {
|
||
if unlockFn != nil {
|
||
unlockFn()
|
||
}
|
||
}()
|
||
r.inProcessLock.RLock()
|
||
unlockFn = r.stopReading
|
||
|
||
// If we are lucky, we can just hold the read locks, check that we are fresh, and continue.
|
||
_, modified, err := r.modified()
|
||
if err != nil {
|
||
return err
|
||
}
|
||
if modified {
|
||
// We are unlucky, and need to reload.
|
||
// NOTE: Multiple goroutines can get to this place approximately simultaneously.
|
||
r.inProcessLock.RUnlock()
|
||
unlockFn = r.lockfile.Unlock
|
||
|
||
// r.lastWrite can change at this point if another goroutine reloads the store before us. That’s why we don’t unconditionally
|
||
// trigger a load below; we (lock and) reloadIfChanged() again.
|
||
|
||
// First try reloading with r.lockfile held for reading.
|
||
// r.inProcessLock will serialize all goroutines that got here;
|
||
// each will re-check on-disk state vs. r.lastWrite, and the first one will actually reload the data.
|
||
var tryLockedForWriting bool
|
||
if err := inProcessLocked(func() error {
|
||
// We could optimize this further: The r.lockfile.GetLastWrite() value shouldn’t change as long as we hold r.lockfile,
|
||
// so if r.lastWrite was already updated, we don’t need to actually read the on-filesystem lock.
|
||
var err error
|
||
tryLockedForWriting, err = r.reloadIfChanged(false)
|
||
return err
|
||
}); err != nil {
|
||
if !tryLockedForWriting {
|
||
return err
|
||
}
|
||
// Not good enough, we need r.lockfile held for writing. So, let’s do that.
|
||
unlockFn()
|
||
unlockFn = nil
|
||
|
||
r.lockfile.Lock()
|
||
unlockFn = r.lockfile.Unlock
|
||
if err := inProcessLocked(func() error {
|
||
_, err := r.reloadIfChanged(true)
|
||
return err
|
||
}); err != nil {
|
||
return err
|
||
}
|
||
unlockFn()
|
||
unlockFn = nil
|
||
|
||
r.lockfile.RLock()
|
||
unlockFn = r.lockfile.Unlock
|
||
// We need to check for a reload once more because the on-disk state could have been modified
|
||
// after we released the lock.
|
||
// If that, _again_, finds inconsistent state, just give up.
|
||
// We could, plausibly, retry a few times, but that inconsistent state (duplicate container names)
|
||
// shouldn’t be saved (by correct implementations) in the first place.
|
||
if err := inProcessLocked(func() error {
|
||
_, err := r.reloadIfChanged(false)
|
||
return err
|
||
}); err != nil {
|
||
return fmt.Errorf("(even after successfully cleaning up once:) %w", err)
|
||
}
|
||
}
|
||
|
||
// NOTE that we hold neither a read nor write inProcessLock at this point. That’s fine in ordinary operation, because
|
||
// the on-filesystem r.lockfile should protect us against (cooperating) writers, and any use of r.inProcessLock
|
||
// protects us against in-process writers modifying data.
|
||
// In presence of non-cooperating writers, we just ensure that 1) the in-memory data is not clearly out-of-date
|
||
// and 2) access to the in-memory data is not racy;
|
||
// but we can’t protect against those out-of-process writers modifying _files_ while we are assuming they are in a consistent state.
|
||
|
||
r.inProcessLock.RLock()
|
||
}
|
||
unlockFn = nil
|
||
return nil
|
||
}
|
||
|
||
// stopReading releases locks obtained by startReading.
|
||
func (r *containerStore) stopReading() {
|
||
r.inProcessLock.RUnlock()
|
||
r.lockfile.Unlock()
|
||
}
|
||
|
||
// modified returns true if the on-disk state has changed (i.e. if reloadIfChanged may need to modify the store),
|
||
// and a lockfile.LastWrite value for that update.
|
||
//
|
||
// The caller must hold r.lockfile for reading _or_ writing.
|
||
// The caller must hold r.inProcessLock for reading or writing.
|
||
func (r *containerStore) modified() (lockfile.LastWrite, bool, error) {
|
||
return r.lockfile.ModifiedSince(r.lastWrite)
|
||
}
|
||
|
||
// reloadIfChanged reloads the contents of the store from disk if it is changed.
|
||
//
|
||
// The caller must hold r.lockfile for reading _or_ writing; lockedForWriting is true
|
||
// if it is held for writing.
|
||
//
|
||
// The caller must hold r.inProcessLock for WRITING.
|
||
//
|
||
// If !lockedForWriting and this function fails, the return value indicates whether
|
||
// reloadIfChanged() with lockedForWriting could succeed.
|
||
func (r *containerStore) reloadIfChanged(lockedForWriting bool) (bool, error) {
|
||
lastWrite, modified, err := r.modified()
|
||
if err != nil {
|
||
return false, err
|
||
}
|
||
// We require callers to always hold r.inProcessLock for WRITING, even if they might not end up calling r.load()
|
||
// and modify no fields, to ensure they see fresh data:
|
||
// r.lockfile.Modified() only returns true once per change. Without an exclusive lock,
|
||
// one goroutine might see r.lockfile.Modified() == true and decide to load, and in the meanwhile another one could
|
||
// see r.lockfile.Modified() == false and proceed to use in-memory data without noticing it is stale.
|
||
if modified {
|
||
if tryLockedForWriting, err := r.load(lockedForWriting); err != nil {
|
||
return tryLockedForWriting, err // r.lastWrite is unchanged, so we will load the next time again.
|
||
}
|
||
r.lastWrite = lastWrite
|
||
}
|
||
return false, nil
|
||
}
|
||
|
||
// Requires startReading or startWriting.
|
||
func (r *containerStore) Containers() ([]Container, error) {
|
||
containers := make([]Container, len(r.containers))
|
||
for i := range r.containers {
|
||
containers[i] = *copyContainer(r.containers[i])
|
||
}
|
||
return containers, nil
|
||
}
|
||
|
||
// This looks for datadirs in the store directory that are not referenced
|
||
// by the json file and removes it. These can happen in the case of unclean
|
||
// shutdowns or regular restarts in transient store mode.
|
||
// Requires startReading.
|
||
func (r *containerStore) GarbageCollect() error {
|
||
entries, err := os.ReadDir(r.dir)
|
||
if err != nil {
|
||
// Unexpected, don't try any GC
|
||
return err
|
||
}
|
||
|
||
for _, entry := range entries {
|
||
id := entry.Name()
|
||
// Does it look like a datadir directory?
|
||
if !entry.IsDir() || stringid.ValidateID(id) != nil {
|
||
continue
|
||
}
|
||
|
||
// Should the id be there?
|
||
if r.byid[id] != nil {
|
||
continue
|
||
}
|
||
|
||
// Otherwise remove datadir
|
||
logrus.Debugf("removing %q", filepath.Join(r.dir, id))
|
||
moreErr := os.RemoveAll(filepath.Join(r.dir, id))
|
||
// Propagate first error
|
||
if moreErr != nil && err == nil {
|
||
err = moreErr
|
||
}
|
||
}
|
||
|
||
return err
|
||
}
|
||
|
||
func (r *containerStore) datadir(id string) string {
|
||
return filepath.Join(r.dir, id)
|
||
}
|
||
|
||
func (r *containerStore) datapath(id, key string) string {
|
||
return filepath.Join(r.datadir(id), makeBigDataBaseName(key))
|
||
}
|
||
|
||
// load reloads the contents of the store from disk.
|
||
//
|
||
// Most callers should call reloadIfChanged() instead, to avoid overhead and to correctly
|
||
// manage r.lastWrite.
|
||
//
|
||
// The caller must hold r.lockfile for reading _or_ writing; lockedForWriting is true
|
||
// if it is held for writing.
|
||
// The caller must hold r.inProcessLock for WRITING.
|
||
//
|
||
// If !lockedForWriting and this function fails, the return value indicates whether
|
||
// retrying with lockedForWriting could succeed.
|
||
func (r *containerStore) load(lockedForWriting bool) (bool, error) {
|
||
var modifiedLocations containerLocations
|
||
containers := []*Container{}
|
||
|
||
ids := make(map[string]*Container)
|
||
|
||
for locationIndex := range numContainerLocationIndex {
|
||
location := containerLocationFromIndex(locationIndex)
|
||
rpath := r.jsonPath[locationIndex]
|
||
|
||
data, err := os.ReadFile(rpath)
|
||
if err != nil && !os.IsNotExist(err) {
|
||
return false, err
|
||
}
|
||
|
||
locationContainers := []*Container{}
|
||
if len(data) != 0 {
|
||
if err := json.Unmarshal(data, &locationContainers); err != nil {
|
||
return false, fmt.Errorf("loading %q: %w", rpath, err)
|
||
}
|
||
}
|
||
|
||
for _, container := range locationContainers {
|
||
// There should be no duplicated ids between json files, but lets check to be sure
|
||
if ids[container.ID] != nil {
|
||
continue // skip invalid duplicated container
|
||
}
|
||
// Remember where the container came from
|
||
if location == volatileContainerLocation {
|
||
container.volatileStore = true
|
||
}
|
||
containers = append(containers, container)
|
||
ids[container.ID] = container
|
||
}
|
||
}
|
||
|
||
idlist := make([]string, 0, len(containers))
|
||
layers := make(map[string]*Container)
|
||
names := make(map[string]*Container)
|
||
var errorToResolveBySaving error // == nil
|
||
for n, container := range containers {
|
||
idlist = append(idlist, container.ID)
|
||
layers[container.LayerID] = containers[n]
|
||
for _, name := range container.Names {
|
||
if conflict, ok := names[name]; ok {
|
||
r.removeName(conflict, name)
|
||
errorToResolveBySaving = errors.New("container store is inconsistent and the current caller does not hold a write lock")
|
||
modifiedLocations |= containerLocation(container)
|
||
}
|
||
names[name] = containers[n]
|
||
}
|
||
}
|
||
|
||
r.containers = containers
|
||
r.idindex = truncindex.NewTruncIndex(idlist) // Invalid values in idlist are ignored: they are not a reason to refuse processing the whole store.
|
||
r.byid = ids
|
||
r.bylayer = layers
|
||
r.byname = names
|
||
if errorToResolveBySaving != nil {
|
||
if !lockedForWriting {
|
||
return true, errorToResolveBySaving
|
||
}
|
||
return false, r.save(modifiedLocations)
|
||
}
|
||
return false, nil
|
||
}
|
||
|
||
// save saves the contents of the store to disk.
|
||
// The caller must hold r.lockfile locked for writing.
|
||
// The caller must hold r.inProcessLock for reading (but usually holds it for writing in order to make the desired changes).
|
||
func (r *containerStore) save(saveLocations containerLocations) error {
|
||
r.lockfile.AssertLockedForWriting()
|
||
// This must be done before we write the file, because the process could be terminated
|
||
// after the file is written but before the lock file is updated.
|
||
lw, err := r.lockfile.RecordWrite()
|
||
if err != nil {
|
||
return err
|
||
}
|
||
r.lastWrite = lw
|
||
for locationIndex := range numContainerLocationIndex {
|
||
location := containerLocationFromIndex(locationIndex)
|
||
if location&saveLocations == 0 {
|
||
continue
|
||
}
|
||
rpath := r.jsonPath[locationIndex]
|
||
if err := os.MkdirAll(filepath.Dir(rpath), 0o700); err != nil {
|
||
return err
|
||
}
|
||
subsetContainers := make([]*Container, 0, len(r.containers))
|
||
for _, container := range r.containers {
|
||
if containerLocation(container) == location {
|
||
subsetContainers = append(subsetContainers, container)
|
||
}
|
||
}
|
||
|
||
jdata, err := json.Marshal(&subsetContainers)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
var opts *ioutils.AtomicFileWriterOptions
|
||
if location == volatileContainerLocation {
|
||
opts = &ioutils.AtomicFileWriterOptions{
|
||
NoSync: true,
|
||
}
|
||
}
|
||
if err := ioutils.AtomicWriteFileWithOpts(rpath, jdata, 0o600, opts); err != nil {
|
||
return err
|
||
}
|
||
}
|
||
return nil
|
||
}
|
||
|
||
// saveFor saves the contents of the store relevant for modifiedContainer to disk.
|
||
// The caller must hold r.lockfile locked for writing.
|
||
// The caller must hold r.inProcessLock for reading (but usually holds it for writing in order to make the desired changes).
|
||
func (r *containerStore) saveFor(modifiedContainer *Container) error {
|
||
return r.save(containerLocation(modifiedContainer))
|
||
}
|
||
|
||
func newContainerStore(dir string, runDir string, transient bool) (rwContainerStore, error) {
|
||
if err := os.MkdirAll(dir, 0o700); err != nil {
|
||
return nil, err
|
||
}
|
||
volatileDir := dir
|
||
if transient {
|
||
if err := os.MkdirAll(runDir, 0o700); err != nil {
|
||
return nil, err
|
||
}
|
||
volatileDir = runDir
|
||
}
|
||
lockfile, err := lockfile.GetLockFile(filepath.Join(volatileDir, "containers.lock"))
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
cstore := containerStore{
|
||
lockfile: lockfile,
|
||
dir: dir,
|
||
jsonPath: [numContainerLocationIndex]string{
|
||
filepath.Join(dir, "containers.json"),
|
||
filepath.Join(volatileDir, "volatile-containers.json"),
|
||
},
|
||
|
||
containers: []*Container{},
|
||
byid: make(map[string]*Container),
|
||
bylayer: make(map[string]*Container),
|
||
byname: make(map[string]*Container),
|
||
}
|
||
|
||
if err := cstore.startWritingWithReload(false); err != nil {
|
||
return nil, err
|
||
}
|
||
cstore.lastWrite, err = cstore.lockfile.GetLastWrite()
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
defer cstore.stopWriting()
|
||
if _, err := cstore.load(true); err != nil {
|
||
return nil, err
|
||
}
|
||
return &cstore, nil
|
||
}
|
||
|
||
// Requires startReading or startWriting.
|
||
func (r *containerStore) lookup(id string) (*Container, bool) {
|
||
if container, ok := r.byid[id]; ok {
|
||
return container, ok
|
||
} else if container, ok := r.byname[id]; ok {
|
||
return container, ok
|
||
} else if container, ok := r.bylayer[id]; ok {
|
||
return container, ok
|
||
} else if longid, err := r.idindex.Get(id); err == nil {
|
||
if container, ok := r.byid[longid]; ok {
|
||
return container, ok
|
||
}
|
||
}
|
||
return nil, false
|
||
}
|
||
|
||
// Requires startWriting.
|
||
func (r *containerStore) ClearFlag(id string, flag string) error {
|
||
container, ok := r.lookup(id)
|
||
if !ok {
|
||
return ErrContainerUnknown
|
||
}
|
||
delete(container.Flags, flag)
|
||
return r.saveFor(container)
|
||
}
|
||
|
||
// Requires startWriting.
|
||
func (r *containerStore) SetFlag(id string, flag string, value any) error {
|
||
container, ok := r.lookup(id)
|
||
if !ok {
|
||
return ErrContainerUnknown
|
||
}
|
||
if container.Flags == nil {
|
||
container.Flags = make(map[string]any)
|
||
}
|
||
container.Flags[flag] = value
|
||
return r.saveFor(container)
|
||
}
|
||
|
||
// Requires startWriting.
|
||
func (r *containerStore) create(id string, names []string, image, layer string, options *ContainerOptions) (container *Container, err error) {
|
||
if options == nil {
|
||
options = &ContainerOptions{}
|
||
}
|
||
if id == "" {
|
||
id = stringid.GenerateRandomID()
|
||
_, idInUse := r.byid[id]
|
||
for idInUse {
|
||
id = stringid.GenerateRandomID()
|
||
_, idInUse = r.byid[id]
|
||
}
|
||
}
|
||
if _, idInUse := r.byid[id]; idInUse {
|
||
return nil, ErrDuplicateID
|
||
}
|
||
names = dedupeStrings(names)
|
||
for _, name := range names {
|
||
if _, nameInUse := r.byname[name]; nameInUse {
|
||
return nil, fmt.Errorf("the container name %q is already in use by %s. You have to remove that container to be able to reuse that name: %w", name, r.byname[name].ID, ErrDuplicateName)
|
||
}
|
||
}
|
||
if err := hasOverlappingRanges(options.UIDMap); err != nil {
|
||
return nil, err
|
||
}
|
||
if err := hasOverlappingRanges(options.GIDMap); err != nil {
|
||
return nil, err
|
||
}
|
||
container = &Container{
|
||
ID: id,
|
||
Names: names,
|
||
ImageID: image,
|
||
LayerID: layer,
|
||
Metadata: options.Metadata,
|
||
BigDataNames: []string{},
|
||
BigDataSizes: make(map[string]int64),
|
||
BigDataDigests: make(map[string]digest.Digest),
|
||
Created: time.Now().UTC(),
|
||
Flags: newMapFrom(options.Flags),
|
||
UIDMap: copySlicePreferringNil(options.UIDMap),
|
||
GIDMap: copySlicePreferringNil(options.GIDMap),
|
||
volatileStore: options.Volatile,
|
||
}
|
||
if options.MountOpts != nil {
|
||
container.Flags[mountOptsFlag] = slices.Clone(options.MountOpts)
|
||
}
|
||
if options.Volatile {
|
||
container.Flags[volatileFlag] = true
|
||
}
|
||
r.containers = append(r.containers, container)
|
||
// This can only fail on duplicate IDs, which shouldn’t happen — and in
|
||
// that case the index is already in the desired state anyway.
|
||
// Implementing recovery from an unlikely and unimportant failure here
|
||
// would be too risky.
|
||
_ = r.idindex.Add(id)
|
||
r.byid[id] = container
|
||
r.bylayer[layer] = container
|
||
for _, name := range names {
|
||
r.byname[name] = container
|
||
}
|
||
defer func() {
|
||
if err != nil {
|
||
// now that the in-memory structures know about the new
|
||
// record, we can use regular Delete() to clean up if
|
||
// anything breaks from here on out
|
||
if e := r.Delete(id); e != nil {
|
||
logrus.Debugf("while cleaning up partially-created container %q we failed to create: %v", id, e)
|
||
}
|
||
}
|
||
}()
|
||
err = r.saveFor(container)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
for _, item := range options.BigData {
|
||
if err = r.SetBigData(id, item.Key, item.Data); err != nil {
|
||
return nil, err
|
||
}
|
||
}
|
||
container = copyContainer(container)
|
||
return container, err
|
||
}
|
||
|
||
// Requires startReading or startWriting.
|
||
func (r *containerStore) Metadata(id string) (string, error) {
|
||
if container, ok := r.lookup(id); ok {
|
||
return container.Metadata, nil
|
||
}
|
||
return "", ErrContainerUnknown
|
||
}
|
||
|
||
// Requires startWriting.
|
||
func (r *containerStore) SetMetadata(id, metadata string) error {
|
||
if container, ok := r.lookup(id); ok {
|
||
container.Metadata = metadata
|
||
return r.saveFor(container)
|
||
}
|
||
return ErrContainerUnknown
|
||
}
|
||
|
||
// The caller must hold r.inProcessLock for writing.
|
||
func (r *containerStore) removeName(container *Container, name string) {
|
||
container.Names = stringSliceWithoutValue(container.Names, name)
|
||
}
|
||
|
||
// Requires startWriting.
|
||
func (r *containerStore) updateNames(id string, names []string, op updateNameOperation) error {
|
||
container, ok := r.lookup(id)
|
||
if !ok {
|
||
return ErrContainerUnknown
|
||
}
|
||
oldNames := container.Names
|
||
names, err := applyNameOperation(oldNames, names, op)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
for _, name := range oldNames {
|
||
delete(r.byname, name)
|
||
}
|
||
for _, name := range names {
|
||
if otherContainer, ok := r.byname[name]; ok {
|
||
r.removeName(otherContainer, name)
|
||
}
|
||
r.byname[name] = container
|
||
}
|
||
container.Names = names
|
||
return r.saveFor(container)
|
||
}
|
||
|
||
// Requires startWriting.
|
||
func (r *containerStore) Delete(id string) error {
|
||
container, ok := r.lookup(id)
|
||
if !ok {
|
||
return ErrContainerUnknown
|
||
}
|
||
id = container.ID
|
||
delete(r.byid, id)
|
||
// This can only fail if the ID is already missing, which shouldn’t happen — and in that case the index is already in the desired state anyway.
|
||
// The store’s Delete method is used on various paths to recover from failures, so this should be robust against partially missing data.
|
||
_ = r.idindex.Delete(id)
|
||
delete(r.bylayer, container.LayerID)
|
||
for _, name := range container.Names {
|
||
delete(r.byname, name)
|
||
}
|
||
r.containers = slices.DeleteFunc(r.containers, func(candidate *Container) bool {
|
||
return candidate.ID == id
|
||
})
|
||
if err := r.saveFor(container); err != nil {
|
||
return err
|
||
}
|
||
if err := os.RemoveAll(r.datadir(id)); err != nil {
|
||
return err
|
||
}
|
||
return nil
|
||
}
|
||
|
||
// Requires startReading or startWriting.
|
||
func (r *containerStore) Get(id string) (*Container, error) {
|
||
if container, ok := r.lookup(id); ok {
|
||
return copyContainer(container), nil
|
||
}
|
||
return nil, ErrContainerUnknown
|
||
}
|
||
|
||
// Requires startReading or startWriting.
|
||
func (r *containerStore) Lookup(name string) (id string, err error) {
|
||
if container, ok := r.lookup(name); ok {
|
||
return container.ID, nil
|
||
}
|
||
return "", ErrContainerUnknown
|
||
}
|
||
|
||
// Requires startReading or startWriting.
|
||
func (r *containerStore) Exists(id string) bool {
|
||
_, ok := r.lookup(id)
|
||
return ok
|
||
}
|
||
|
||
// Requires startReading or startWriting.
|
||
func (r *containerStore) BigData(id, key string) ([]byte, error) {
|
||
if key == "" {
|
||
return nil, fmt.Errorf("can't retrieve container big data value for empty name: %w", ErrInvalidBigDataName)
|
||
}
|
||
c, ok := r.lookup(id)
|
||
if !ok {
|
||
return nil, ErrContainerUnknown
|
||
}
|
||
return os.ReadFile(r.datapath(c.ID, key))
|
||
}
|
||
|
||
// Requires startWriting. Yes, really, WRITING (see SetBigData).
|
||
func (r *containerStore) BigDataSize(id, key string) (int64, error) {
|
||
if key == "" {
|
||
return -1, fmt.Errorf("can't retrieve size of container big data with empty name: %w", ErrInvalidBigDataName)
|
||
}
|
||
c, ok := r.lookup(id)
|
||
if !ok {
|
||
return -1, ErrContainerUnknown
|
||
}
|
||
if size, ok := c.BigDataSizes[key]; ok { // This is valid, and returns ok == false, for BigDataSizes == nil.
|
||
return size, nil
|
||
}
|
||
if data, err := r.BigData(id, key); err == nil && data != nil {
|
||
if err = r.SetBigData(id, key, data); err == nil {
|
||
c, ok := r.lookup(id)
|
||
if !ok {
|
||
return -1, ErrContainerUnknown
|
||
}
|
||
if size, ok := c.BigDataSizes[key]; ok {
|
||
return size, nil
|
||
}
|
||
} else {
|
||
return -1, err
|
||
}
|
||
}
|
||
return -1, ErrSizeUnknown
|
||
}
|
||
|
||
// Requires startWriting. Yes, really, WRITING (see SetBigData).
|
||
func (r *containerStore) BigDataDigest(id, key string) (digest.Digest, error) {
|
||
if key == "" {
|
||
return "", fmt.Errorf("can't retrieve digest of container big data value with empty name: %w", ErrInvalidBigDataName)
|
||
}
|
||
c, ok := r.lookup(id)
|
||
if !ok {
|
||
return "", ErrContainerUnknown
|
||
}
|
||
if d, ok := c.BigDataDigests[key]; ok { // This is valid, and returns ok == false, for BigDataSizes == nil.
|
||
return d, nil
|
||
}
|
||
if data, err := r.BigData(id, key); err == nil && data != nil {
|
||
if err = r.SetBigData(id, key, data); err == nil {
|
||
c, ok := r.lookup(id)
|
||
if !ok {
|
||
return "", ErrContainerUnknown
|
||
}
|
||
if d, ok := c.BigDataDigests[key]; ok {
|
||
return d, nil
|
||
}
|
||
} else {
|
||
return "", err
|
||
}
|
||
}
|
||
return "", ErrDigestUnknown
|
||
}
|
||
|
||
// Requires startReading or startWriting.
|
||
func (r *containerStore) BigDataNames(id string) ([]string, error) {
|
||
c, ok := r.lookup(id)
|
||
if !ok {
|
||
return nil, ErrContainerUnknown
|
||
}
|
||
return copySlicePreferringNil(c.BigDataNames), nil
|
||
}
|
||
|
||
// Requires startWriting.
|
||
func (r *containerStore) SetBigData(id, key string, data []byte) error {
|
||
if key == "" {
|
||
return fmt.Errorf("can't set empty name for container big data item: %w", ErrInvalidBigDataName)
|
||
}
|
||
c, ok := r.lookup(id)
|
||
if !ok {
|
||
return ErrContainerUnknown
|
||
}
|
||
if err := os.MkdirAll(r.datadir(c.ID), 0o700); err != nil {
|
||
return err
|
||
}
|
||
err := ioutils.AtomicWriteFile(r.datapath(c.ID, key), data, 0o600)
|
||
if err == nil {
|
||
save := false
|
||
if c.BigDataSizes == nil {
|
||
c.BigDataSizes = make(map[string]int64)
|
||
}
|
||
oldSize, sizeOk := c.BigDataSizes[key]
|
||
c.BigDataSizes[key] = int64(len(data))
|
||
if c.BigDataDigests == nil {
|
||
c.BigDataDigests = make(map[string]digest.Digest)
|
||
}
|
||
oldDigest, digestOk := c.BigDataDigests[key]
|
||
newDigest := digest.Canonical.FromBytes(data)
|
||
c.BigDataDigests[key] = newDigest
|
||
if !sizeOk || oldSize != c.BigDataSizes[key] || !digestOk || oldDigest != newDigest {
|
||
save = true
|
||
}
|
||
if !slices.Contains(c.BigDataNames, key) {
|
||
c.BigDataNames = append(c.BigDataNames, key)
|
||
save = true
|
||
}
|
||
if save {
|
||
err = r.saveFor(c)
|
||
}
|
||
}
|
||
return err
|
||
}
|
||
|
||
// Requires startWriting.
|
||
func (r *containerStore) Wipe() error {
|
||
ids := make([]string, 0, len(r.byid))
|
||
for id := range r.byid {
|
||
ids = append(ids, id)
|
||
}
|
||
for _, id := range ids {
|
||
if err := r.Delete(id); err != nil {
|
||
return err
|
||
}
|
||
}
|
||
return nil
|
||
}
|