Skip to content

Conversation

@TomSweeneyRedHat
Copy link
Member

@TomSweeneyRedHat TomSweeneyRedHat commented Mar 20, 2018

Signed-off-by: TomSweeneyRedHat tsweeney@redhat.com

When a removal of an image returns ErrImageUsedByContainer, rather than raising an error immediately we get the image from the containers/storage and see if we can remove containers from there for that image (generally those containers are put into play by Buildah) and then try again to remove the image from Podman.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already have a storage.Store in libpod, don't need this

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have the image already, can't we pass this in?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need this logic, the standard logic in our image library for removing images should work fine

@mheon
Copy link
Member

mheon commented Mar 20, 2018

I think we really just need RunningContainers and RemoveContainers here. We can run RunningContainers unconditionally before we try and remove the image but after we remove Podman containers. If it returns that containers are present and --force is present, we use the RemoveContainers code to remove all non-Podman containers associated with the image. If it returns that containers are present and force is not set, we warn that non-Podman containers are using the image, and you should use --force if you want it gone. Then we continue with our removal logic. How does this sound?

@baude
Copy link
Member

baude commented Mar 20, 2018

I agree with the proposed approach though part of me would prefer it be an import of buildah code ... nevertheless, I think that approach is spot on.

@TomSweeneyRedHat
Copy link
Member Author

@baude @mheon thanks for the looksee and suggestions. I'll fine tune.

@TomSweeneyRedHat TomSweeneyRedHat changed the title WIP - Remove image via storage if a buildah container is associated Remove image via storage if a buildah container is associated Mar 24, 2018
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was waffling about keeping these following three functions in here or moving them into libpod/runtime_img.go

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd go ahead and move them. I am trying to keep the store entirely inside libpod, so directly opening a store and deleting outside of libpod is really undesirable. If we can make these part of runtime.RemoveImage, instead of the code here calling it, I think that'd be fine, and we wouldn't have to leak the store outside of libpod.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need this. We can just get storageContainers for the image and return an error if containers exist or remove them if --force is set. We don't need to do it in an error handling block, that makes things a lot harder to follow.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure exactly what you're suggesting here. After line 129 are you saying I should just try getting the storage containers and then error if the image has containers and no force, other wise remove? When we get to this point we've already tried removing the image and that failed due to it being a storage image and a container was associated. I might be able to move the storage image handling that I've below into image.Remove() if that would be preferable. I'll play with that and hit me up on IRC in the morn if I'm off base.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, should have been more clear - I mean before 129, we can do the check if the container is mounted before the actual remove happens, thus removing the need to check errors.Cause() and perform complicated handling. This might make our fastpath a bit slower (we do a check unconditionally instead of conditionally), but will improve code flow and readability. We can always go back and make things faster later if need be.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This chunk has been reworked and greatly reduced. I still have the error check, but I think it makes more sense now. Cand/will adjust after the next review if you think appropriate.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not need this. I really do not want to return a Store anywhere the user can get one.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you or @baude have a suggestion around it, I'm happy to do it. I tried using image.imageruntime.store in the call in runtime_img.go below but got:

 github.com/projectatomic/libpod/libpod
_output/src/github.com/projectatomic/libpod/libpod/runtime_img.go:135:65: image.imageruntime undefined (cannot refer to unexported field or method imageruntime)

Thought exposing the function would be better. However if I move that code to handle the storage containers into image.go as talked about below, that might solve that problem.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The image runtime's store is guaranteed to be the same as the normal runtime's store - you should just be able to runtime.store instead

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, i went to great pains to avoid this.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ack, I was over complicating it, I can just do r.store in runtime_img.go and it gets me what I need. Thought I'd to pull it from each image and that wasn't resolving.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No printing in libpod - return this as an error

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will do....

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this necessary? Can we not find the image by its ID?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did this for the case when a image was tagged. If I do:

podman pull alpine
podman tag alpine tg
podman images
REPOSITORY                 TAG      IMAGE ID       CREATED        SIZE
tg                         latest   3fd9065eaf02   2 months ago   4.41MB
docker.io/library/alpine   latest   3fd9065eaf02   2 months ago   4.41MB

Both "images" had the same ID, the only way I could differentiate them was to go by their repo.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TomSweeneyRedHat im confused by this. I'll catch you on IRC for follow-up

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@baude and I worked through this before scrum. The issue I was running into was deleting container from an image created by Buildah when the image had a tag added to it. The code as I had it here worked around that, however @baude pointed to a tweak of a if statement down lower that let me remove this code and still get the containers removed. This has all been removed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer to see this and subsequent functions take a *image.Image ... then you have the store and storage.Image already. I say that assuming you at one point already had an *image.Image

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reworking. I've passed image.Image to the rmStorageContainers and just the id to one other function rather than the whole image.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ill hit you up on irc for clarification on this func as well.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We only talked briefly about this, but I've removed this as you indicated elsewhere I can get the info here from the runtime (r).

Copy link
Member Author

@TomSweeneyRedHat TomSweeneyRedHat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New Patch up. I want to test a bit more and just spotted a couple added blank lines. Will test and clean. If you want to review now, great, if not I'll be getting another patch up later today or tomorrow morn.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't just call out buildah here - could also be CRI-O.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally, should mention containers/storage specifically, could be a program using c/storage we didn't write

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple of things here. First, if the err is no ErrImageUserByContainer, isn't the error lost? And second, should your error message also contain the contents of err?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've changed the error message, bumped it a bit from what @mheon suggested. I don't think the error is lost here, we save it as we do currently in lastError. This only prints out extra verbiage when we have a container tied to the image. The error that prints I didn't think added a lot here, and the error message is currently pretty long so I didn't include it. If you've a strong opinion on adding it I can.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we retrying on the assumption that the containers using the image were removed? If so, can we get a comment to that effect?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, instead of setting error, it's probably better to just return here and below in the else

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there any chance that err might not be ErrImageUsedByContainer ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added a comment.

I think we want to capture the err from this second remove and return it if there's an error. But if you really think it's better, I can just let the original err be returned. As far as returning the errStorage error I was on the fence about returning that or not, but thought it would give a better clue if there was an error. I'll keep them both for now, holler in he morn if you'd like me to remove them.

I think there's a very small chance that the err would be something other then ErrImageUsedByContainer. But if it is, we'll just get the same error from the second image remove and will continue on down the error path. But for the vast majority, it should be the image in use error.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

&& force?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good call, done.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if err := remove.... ; err != nil

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep, found a second one too, thx.

@mheon
Copy link
Member

mheon commented Mar 27, 2018

@TomSweeneyRedHat can you rebase on latest master? The test failures should be fixed

@TomSweeneyRedHat
Copy link
Member Author

#564 should hopefully fix up the test errors here.

@rhatdan
Copy link
Member

rhatdan commented Mar 29, 2018

@TomSweeneyRedHat Rebase and try.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Not crazy about mentioning other tools here since we would love to see other tools start using containers/storage and then this message can become dated.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hear you, but my main concern that if a customer got an error that there's a "container associated with containers/storage" would they know enough to check Buildah/CRI-O? I've tried to open it up a bit by adding etc.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove random whitespace

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, don't know how I managed that one.

@rhatdan
Copy link
Member

rhatdan commented Mar 30, 2018

A couple of nits, but LGTM

Copy link
Member Author

@TomSweeneyRedHat TomSweeneyRedHat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New patch pushed.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hear you, but my main concern that if a customer got an error that there's a "container associated with containers/storage" would they know enough to check Buildah/CRI-O? I've tried to open it up a bit by adding etc.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, don't know how I managed that one.

@rhatdan
Copy link
Member

rhatdan commented Apr 4, 2018

@mheon @baude @umohnani8 PTAL
LGTM

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we throw ErrImageUsedByContainer here if len(ctrIDs) > 0 && !force?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was relying on the second image.Remove(force) to provide that error at line 132. However it probably does make more sense to throw the error here and not invoke that image.Remove() again as we know it will fail in this instance. Good thought.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extra whitespace

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed, found another rogue one and zapped that too.

@umohnani8
Copy link
Member

LGTM

Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
@mheon
Copy link
Member

mheon commented Apr 5, 2018

Changes LGTM
@rh-atomic-bot r+

@rh-atomic-bot
Copy link
Collaborator

📌 Commit 21b7c40 has been approved by mheon

@rh-atomic-bot
Copy link
Collaborator

⌛ Testing commit 21b7c40 with merge 54bd0ae...

@TomSweeneyRedHat
Copy link
Member Author

@baude @rhatdan @mheon I've just posted a new patch. I fixed up @mheon's comments and while testing noted an error message in rmi.go that would be better served with the image.ID() being printed.

@TomSweeneyRedHat
Copy link
Member Author

Quick test output:

# buildah from alpine
Getting image source signatures
Copying blob sha256:ff3a5c916c92643ff77519ffa742d3ec61b7f591b6b7504599d95a4a41134e28
 1.97 MiB / 1.97 MiB [=====================================================] 21s
Copying config sha256:3fd9065eaf02feaf94d68376da52541925650b81698c53c6824d92ff63f98353
 1.48 KiB / 1.48 KiB [======================================================] 0s
Writing manifest to image destination
Storing signatures
alpine-working-container

# podman pull busybox
Trying to pull docker.io/busybox:latest...Getting image source signatures
Copying blob sha256:f70adabe43c0cccffbae8785406d490e26855b8748fc982d14bc2b20c778b929
 706.22 KB / 706.22 KB [====================================================] 0s
Copying config sha256:8ac48589692a53a9b8c2d1ceaa6b402665aa7fe667ba51ccc03002300856d8c7
 1.46 KB / 1.46 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
8ac48589692a53a9b8c2d1ceaa6b402665aa7fe667ba51ccc03002300856d8c7

# podman tag alpine tg

# podman ps -a

# podman images
REPOSITORY                  TAG      IMAGE ID       CREATED        SIZE
tg                          latest   3fd9065eaf02   2 months ago   4.41MB
docker.io/library/alpine    latest   3fd9065eaf02   2 months ago   4.41MB
docker.io/library/busybox   latest   8ac48589692a   5 hours ago    1.36MB

# podman rmi -a
8ac48589692a53a9b8c2d1ceaa6b402665aa7fe667ba51ccc03002300856d8c7
unable to delete 3fd9065eaf02feaf94d68376da52541925650b81698c53c6824d92ff63f98353 (must force) - image is referred to in multiple tags

# podman images
REPOSITORY                 TAG      IMAGE ID       CREATED        SIZE
docker.io/library/alpine   latest   3fd9065eaf02   2 months ago   4.41MB
tg                         latest   3fd9065eaf02   2 months ago   4.41MB

# podman rmi tg
Untagged: tg:latest

# podman rmi -a
A container associated with containers/storage, i.e. via Buildah, CRI-O, etc., may be associated with this image: 3fd9065eaf02
image is in use by a container

# podman rmi -a -f
3fd9065eaf02feaf94d68376da52541925650b81698c53c6824d92ff63f98353

@rh-atomic-bot
Copy link
Collaborator

☀️ Test successful - status-papr
Approved by: mheon
Pushing 54bd0ae to master...

@TomSweeneyRedHat TomSweeneyRedHat deleted the dev/tsweeney/storagermi branch April 7, 2018 18:56
@TomSweeneyRedHat
Copy link
Member Author

Addresses #174

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 27, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants