Rewrite metadata store

[Random-Liu]

Previously, containerd only managed running container, so we have to do checkpoint to maintain complete lifecycle of a container and sandbox. That's why we introduced the metadata store, which was targeted to be a checkpoint store for container, sandbox and image if needed.

However, it seems that we should not rely on the metadata store now, because:

1. Containerd added container metadata store, and also supports container label, which could help us checkpoint constant data. We only need to maintain checkpoint of container status now.
2. The metadata store was originally designed for pure data checkpoint, it only supports update via Update function, which has some limitations:
   a) Update function is not flexible enough, e.g. for image, we need CreateOrUpdate operation to create a metadata if it does not exsit, or update it if does.
   b) Update and checkpoint doesn't make sense to some in-memory data we need to associate with the metadata lifecycle, e.g. containerd container/image client, cni netns object, stop container channel etc.
   c) The whole metadata store logic is unnecessarily complex given that we don't need a general checkpoint solution now.

Thus I made this change. Relatively large, but help us avoid future pain.

Use container store as an example, the store is organized like this:

Store (a simple in-memory map)
   |--> Container (a collection of all resources associated with the container)
             | --> Metadata (constant metadata of the container, will be checkpointed in containerd container label)
             | --> Status (container status maintained in our own checkpoint, the only checkpoint we need now)
             | --> Containerd Container Client (container client of containerd, added soon)
             | --> Container StopCh (a channel indicates container is stopped or not, added soon)
             | --> More... (If needed in the future)

For sandbox, we don't need status.
For image, we don't event need a separate Metadata field, because containerd provided everything we need.

[Random-Liu]

CRI Validation test result is not changed with this PR:

Ran 36 of 36 Specs in 94.648 seconds
FAIL! -- 23 Passed | 13 Failed | 0 Pending | 0 Skipped --- FAIL: TestE2ECRI (94.65s)
FAIL

[mikebrow]

Removing will introduce the possibility of programming errors with err vars.

[Random-Liu]

The problem is that the check is known to be error prone. It sometimes report error and sometimes not, and I don't think something like:

if err := func1(); err != nil {
}
if err := func2(); err != nil {
}

should be an error.

[mikebrow]

only with err? Or are you arguing for a different recommended pattern of use of variables in go? Should we always redeclare := go variables instead of assigning via =? What's the point of have var declaration and assignment as separate language features if we are only going to use declaration and assignment?

[Random-Liu]

Only with err. I mean.

[mikebrow]

Obviously err := foo is just a shortcut for var err error = In your above use case you are repetitivly stating var err error, when all you are really doing is assigning with an =. In your use case the cleaner way is to declare first then just use err = since you don't like using := sometimes and = other times, yes?

[mikebrow]

I guess my question is then, why is err a special use case of variable declaration and assignment? I understand the thought for keeping each test independent but the variable redeclaration doesn't make the test more independent than using assignment. Symmetry?

[Random-Liu]

Offline discussed. Keep the check and update the code.

[mikebrow]

When you refactor you really refactor! :-) Will review from the perspective of it being a complete replacement.

[yujuhong]

Will review today.

[Random-Liu]

@yujuhong Thanks~

[yujuhong]

nit: remove 'used' or s/internal used/internally used

[Random-Liu]

Will do.

[Random-Liu]

Done.

[yujuhong]

nit: remove 'used' or s/internal used/internally used

[Random-Liu]

Will do.

[Random-Liu]

Done.

[yujuhong]

I noticed that you pass around Container instead of *Container in the Store operations. Is this intentional to prevent callers from modifying the struct (which cannot work completely without deep copying)? This would lead to more memory allocation/copying, so just want to understand the use case.

[Random-Liu]

I use Container rather than *Container because:

1. The value copy could prevent callers from mutating the struct fields in some way, because most fields are primitive types.
2. Most importantly, when caller using the api, usually they won't expect to be able to mutate fields of a returned value, but may expect to mutate a returned pointer.

As for the overhead, metadata is small, so there shouldn't be too much overhead. :)

[yujuhong]

Why can't we delete m.status in this function? It looks like Delete() is only meaningful if we back the data on the disk.

[Random-Liu]

It doesn't matter whether we delete m.status or not, because once the container is removed from container list, no one should be able to retrieve and access it.

Delete m.status will only cause race condition between operations which already get the reference.

[yujuhong]

Same question about the rationale of storing Image vs *Image

[Random-Liu]

Same with above.

[yujuhong]

Is that true? In Add(), you merge RepoTags and RepoDigest and write it back to the store.

[Random-Liu]

Will update the comment to "All fields MUST not be mutated directly".

[mikebrow]

Can we do this change universally on the other read only comments?

[Random-Liu]

Done.

[yujuhong]

I'm not sure how fields can be thread-safe. I think you mean the methods to mutate the status are thread-safe?

[Random-Liu]

Yeah, thanks. Will update the comment.

[Random-Liu]

Done.

[yujuhong]

Same question about storing pointers vs. structs.

[Random-Liu]

Same.

[Random-Liu]

Will rebase this and address comments.

[Random-Liu]

Moved to v0.2.0, because this PR mainly:

1. Eases the work to switching to new containerd client, and add permanent network namespace.
2. Makes it possible to checkpoint most metadata in container label.
3. Makes it easier to make future change.

There is no new feature introduced.

Since we don't have time to finish the containerd client switch and permanent network namespace work. Let's also punt this one to v0.2.0.

[Random-Liu]

@yujuhong Rebased the PR. Could you help me take another look? Maybe focus on the first commit.

@mikebrow Could you help me review this PR?

[mikebrow]

Please see questions and comments.

[mikebrow]

Suggest rename from refactor metadata store to rewrite metadata store. Or merge the delete and create commits into one so we can see the diff.

[Random-Liu]

You won't see the diff even after I merge those 2. Will change to "rewrite".

[mikebrow]

Good.. like the pattern using new() (container, error) then calling add with container vs using .create(meta). But it's strange that you had to defer the container.Status.Delete for a container that never gets added to the store?

[mikebrow]

I see the storing of the status in the NewContainer() call but don't understand why the status is stored before the container. Is that to make sure the container always has status? maybe the container store.add could be changed to add container with status to make it more atomic?

[Random-Liu]

Add need to lock the container list. I don't think we want to lock the list and do some disk operation.

[Random-Liu]

Done. Added Container.Delete function.

[mikebrow]

like the comment but the naming might get confusing down the road over the two container stores, ours and containerd's.

[Random-Liu]

Yeah, that's a problem... :(

[mikebrow]

I think this is why containerd came up with the name task/tasks.

[Random-Liu]

What do you mean here? :)

[mikebrow]

you refactored from range metas to range containersInStore presumably cause you didn't like the term meta... and didn't have a better option than just calling the data container again... :-)

[mikebrow]

defer delete for state of sandbox?

[Random-Liu]

We don't maintain state of sandbox. We infer that directly from sandbox container state.

We could not do that for container because we also need exit code, finished timestamp etc. which we have to checkpoint ourselves. But for sandbox, we only care about whether it is running or not.

[mikebrow]

ok yeah been having some debug issues on the update PR for sandboxes that have a messed up state (can't be stopped) then later on can't be created cause /pause isn't there.. the rootfs is messed up.

[Random-Liu]

I'll help debug your PR over the weekend. :)

[mikebrow]

?

[Random-Liu]

I mean in the future, we could this here, after we start to use containerd client.

[mikebrow]

kk

[mikebrow]

? you mean can't be updated after create?

[Random-Liu]

Yeah, will update.

[Random-Liu]

Done.

[mikebrow]

just confirming we'll use labels not annotations for all metadata so we can find the container by the metadata labels or... maybe some combination of labels and annotations...?

[Random-Liu]

containerd only has label, there is no notion of annotation in containerd.

And we store metadata into label just for checkpoint, not for filtering.

[mikebrow]

oci will have the annotations.. and I suspect containerd will let them pass through without providing first class support.. I was thinking about image labels.. my bad.

[mikebrow]

Can we do this change universally on the other read only comments?

[Random-Liu]

@mikebrow Addressed comments.

The code could be cleaned up more, especially when we start to use containerd client. We could do that in the future.

[mikebrow]

LGTM