-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
generate accessed files list for container with NRI plugin #349
generate accessed files list for container with NRI plugin #349
Conversation
90deffb
to
a987375
Compare
a987375
to
b36c4c1
Compare
be14df6
to
001eb62
Compare
Codecov ReportBase: 29.26% // Head: 29.32% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #349 +/- ##
==========================================
+ Coverage 29.26% 29.32% +0.06%
==========================================
Files 38 38
Lines 3810 3812 +2
==========================================
+ Hits 1115 1118 +3
+ Misses 2563 2562 -1
Partials 132 132
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
1e4b537
to
358b9f9
Compare
Hi @sctb512 , any doc for this? Does it work on nydus image? |
Work in progress. This NRI plugin is image format independent. And it works on nydus image. |
7639b1e
to
e0b20b3
Compare
.PHONY: build | ||
build: | ||
GOOS=${GOOS} GOARCH=${GOARCH} ${PROXY} go build -ldflags "$(LDFLAGS)" -v -o bin/containerd-nydus-grpc ./cmd/containerd-nydus-grpc | ||
${CARGO} fmt --manifest-path ${OPTIMIZER_SERVER_TOML} -- --check | ||
${CARGO} build --release --manifest-path ${OPTIMIZER_SERVER_TOML} && cp ${OPTIMIZER_SERVER_BIN} ./bin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we have a new Makefile target for building the optimizer
? It will even better if we have its own Makefile
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By default, we should not build the optimizer as developers may not have rust environment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this is reasonable. Fixed it by adding build-optimizer
. Is it acceptable?
cmd/optimizer/main.go
Outdated
) | ||
|
||
type config struct { | ||
LogFile string `yaml:"logFile"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we use the Linux naming style like log_file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I followed this style in NRI's example code: https://github.com/containerd/nri/blob/main/plugins/logger/nri-logger.go#L33. Maybe we could keep the same style with them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Anyway. It makes sense to use the same parameter style in this project. Already fixed.
cmd/optimizer/main.go
Outdated
Events []string `yaml:"events"` | ||
|
||
ServerPath string `yaml:"serverPath"` | ||
PersistDir string `yaml:"persistDir"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
cmd/optimizer/main.go
Outdated
ServerPath string `yaml:"serverPath"` | ||
PersistDir string `yaml:"persistDir"` | ||
Timeout int `yaml:"timeout"` | ||
Overwrite bool `yaml:"overwrite"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moreover, toml is preferred
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
cmd/optimizer/main.go
Outdated
return 0, fmt.Errorf("failed to parse events in configuration: %w", err) | ||
} | ||
|
||
if cfg.LogFile != oldCfg.LogFile { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When to close the file f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now the optimizer server will close the file descriptor after sending the path
to the client.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Emm... It is not the same issue. The file descriptor mentioned in last comment is created by optimizer server. So we close it after getting the path.
The file f
should be closed before exiting this NRI plugin, i.e. in onClose
event.
tools/optimizer-server/src/main.rs
Outdated
@@ -0,0 +1,128 @@ | |||
use fanotify::low_level::*; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add license claim here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
tools/optimizer-server/src/main.rs
Outdated
use std::io; | ||
use std::io::Write; | ||
use std::os::unix::io::AsRawFd; | ||
use std::path::Path; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We usually put std
dependencies to the top position and then the third-party dependencies and then then project internal dependenecies
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed it.
afc4a6b
to
521fd14
Compare
.PHONY: build-optimizer | ||
build-optimizer: | ||
${CARGO} fmt --manifest-path ${OPTIMIZER_SERVER_TOML} -- --check | ||
${CARGO} build --release --manifest-path ${OPTIMIZER_SERVER_TOML} && cp ${OPTIMIZER_SERVER_BIN} ./bin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please also add cargo clippy
to lint the tool, which will give some wise suggestions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good suggestion. I have added this.
cmd/optimizer-nri-plugin/main.go
Outdated
) | ||
|
||
const ( | ||
defaultLogFile = "/opt/nri/optimizer/optimizer.log" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Logs should be stored in /var/log
or just stream it to syslog service rather than set a file as default on at /opt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now, we redirect it to the syslog service.
cmd/optimizer-nri-plugin/main.go
Outdated
oldCfg := cfg | ||
tree, err := toml.Load(config) | ||
if err != nil { | ||
return 0, fmt.Errorf("failed to parse TOML: %w", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you use errors.Errorf and errors.Wrapf ? %w
is deprecated now in Golang
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
cmd/optimizer-nri-plugin/main.go
Outdated
func (p *plugin) StartContainer(pod *api.PodSandbox, container *api.Container) error { | ||
dump("StartContainer", "pod", pod, "container", container) | ||
|
||
imageName := GetImageName(container.Annotations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should validate the image. Containerd already provides a package to validate image name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
cmd/optimizer-nri-plugin/main.go
Outdated
return update, nil | ||
} | ||
|
||
func GetImageName(annotations map[string]string) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There exists a standard method comes from contanerd package to extract the tagged image name. Can you try to use it.
tools/optimizer-server/src/main.rs
Outdated
|
||
let mut fds = [PollFd::new(fd.as_raw_fd(), PollFlags::POLLIN)]; | ||
loop { | ||
let poll_num = poll(&mut fds, -1).unwrap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Try to avoid directly unwrap
unless we be sure that it's safe
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed it with match
.
pkg/fanotify/fanotify.go
Outdated
return err | ||
} | ||
|
||
f, err := os.OpenFile(fserver.PersistFile, os.O_CREATE|os.O_WRONLY, 0644) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should close the file f
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, now we close it before exiting the server.
39d79ca
to
a317d7f
Compare
tools/optimizer-server/src/main.rs
Outdated
FAN_MARK_ADD | FAN_MARK_MOUNT, | ||
FAN_OPEN | FAN_CLOSE_WRITE, | ||
AT_FDCWD, | ||
path, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FAN_OPEN_EXEC
No need to monitor event FAN_CLOSE_WRITE
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed it.
ac67fb3
to
640064c
Compare
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
Signed-off-by: Bin Tang <tangbin.bin@bytedance.com>
640064c
to
5abe198
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. This is indeed a useful tool to help us build more efficient nydus images
Generate an in-order accessed files list for container workload. The accessed files list can be set as
prefetch-patterns
when converting OCI images to nydus format images.Related to dragonflyoss/nydus#807
Requirements
Workflow
Generate an accessed files list
To install the optimizer and optimizer-server, all you need is the command:
Install
containerd
that supports NRI 2.0:Modify containerd's toml configuration file to enable NRI.
Now, just start a container workload and you will get the list of accessed files in
persistDir
.The result file for the nginx image is
/opt/nri/optimiser/results/nginx:latest
.Optimize a nydus image
Nydus provides a nydusify CLI tool to convert OCI images from the source registry or local file system to nydus format and push them to the target registry.
We can install the nydusify cli tool from the nydus package.
With the
--prefetch-patterns
argument, we can specify the list of files to be written in the front of the nydus image and be prefetched in order when starting a container.Make sure the nydusd and nydus-snapshotter environments are installed correctly. Then, start a container with an optimized nydus image.
Signed-off-by: Bin Tang tangbin.bin@bytedance.com