New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ctr import: strictly match platform #6906
Conversation
Currently, ctr import will use loose matching as defined by platforms.Only(), meaning in the case of platform linux/amd64 as in issue#6441, importing will also match linux/386 platform on the image-to-be-imported's index. However, that image-to-be-imported may not have both the linux/amd64 and linux/386 platform contents, resulting in a failure to unpack the image. This change makes that check strict such that the requested platform to import for is the only platform content imported. Both ctr pull and ctr export will treat the platform option as strict, so this change makes ctr import consistent with those. resolves containerd#6441 Signed-off-by: Gavin Inglis <giinglis@amazon.com>
Hi @ginglis13. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The change looks good to me. Is it possible to notify the number of matched platforms and warn a user if no platforms are matched? The matching behavior confused a lot of people and we had multiple iterations. So it may be better to tell end users what's happening exactly. |
Hmm I'm not so sure how that could be propagated back to the user.. Are you expecting this notification to come from the actual import and/or unpack method itself? i.e. within client.Import, or rather check the platforms of imgs returned by platform matching calls Line 261 in 68d9d46
maybe in this function we can have that notification? although |
@ginglis13 Hmm I see. I'm fine if that is complicated. |
@jonyhy96 @AkihiroSuda Can you take a look? |
LGTM Thanks for the contribution! $ ctr image pull --platform linux/amd64 docker.io/library/postgres:12
$ ctr image export --platform linux/amd64 postgres-12.tar docker.io/library/postgres:12
$ ctr image import --all-platform postgres-12.tar content digest sha256:xxx: not found |
https://github.com/containerd/containerd/blob/main/import.go#L199-L201 |
In the case of specifying
In this specific case at least, only 1 image would be returned, and I'm not sure if we could extract useful information from that for a warning message (i.e., the platforms for which content could not be found). @jonyhy96 The original content not found error in your example and the original issue can be traced to ReadBlob in images.Children Lines 341 to 345 in e217c83
this error will propagate all the way to if err != nil {
if !errdefs.IsNotFound(err) {
return children, err
} else {
log.G(ctx).Warnf("content for platform %s not found", platforms.Format(*desc.Platform))
}
} This would work for your provided example, but I'm not sure that logging directly from this function is acceptable, or the implications for other functions using FilterPlatforms. |
Not sure if it will warn about failure to import for other platforms, at least it should success on platforms that it exported with. IMO, all-platforms means all platforms this image supports.
The |
@ginglis13, @kzys - Hi Guys, I am facing a similar issue while importing the busybox images. Is there a way we can export the image with more than one platform so that we can export it for both "linux/amd64" and "linux/386" . |
Maybe helpful for others in the future, but this is the current logic without this PR for import/export:
|
/ok-to-test |
Since this is effectively a bug fix, we should put it into our supported release branches |
Currently,
ctr import
will use loose matching as defined by platforms.Only(..), meaning in the case of platform linux/amd64 as in issue #6441 , #6441 (comment), importing will also match linux/386 platform on the image-to-be-imported's index. However, that image-to-be-imported may not have both the linux/amd64 and linux/386 platform contents, resulting in a failure to unpack the image :ctr: content digest sha256:abc123xyz: not found
, where the content not found is the image's manifest for the other platform.This change makes that platform matching strict such that the requested platform to import for is the only platform content imported, avoiding implicit attempts to import content for another platform.
ctr export
will treat the platform option as strict, so this change makesctr import
consistent with that.If it's requested to expand the
import --platform
option to allow specifying multiple platforms (asctr image export
does):containerd/cmd/ctr/commands/images/export.go
Lines 72 to 84 in 68d9d46
then I can include those changes in this PR.
resolves #6441
Signed-off-by: Gavin Inglis giinglis@amazon.com