Support zstd compression in image commit #5452
Conversation
openshift-ci
bot
added
the
kind/feature
|
If a test is required for this change, I'd appreciate suggestions about how to best add test coverage. It doesn't seem possible to test via the CLI because the if c.Flag("compress").Changed {
logrus.Debugf("--compress option specified but is ignored")
}
compression := define.Gzip
if iopts.DisableCompression {
compression = define.Uncompressed
} |
|
@flouthoc PTAL |
image.go
Outdated
| // how to decompress them, we can't try to compress layers with zstd. | ||
| return "", "", errors.New("media type for zstd-compressed layers is not defined") | ||
| omediaType = v1.MediaTypeImageLayerZstd | ||
| dmediaType = "application/vnd.docker.image.rootfs.diff.tar.zstd" |
There was a problem hiding this comment.
Drive-by comment: I'm uncomfortable with hardcoded magic strings. Shouldn't this be defined as a constant in c/image?
There was a problem hiding this comment.
Yes, if this should happen, it would be in c/image/v5/manifest.
(Buildkit does seem to use this constant, but it is not a part of the public API.)
There was a problem hiding this comment.
We must refuse to create v2s2 images with zstd compression.
AFAICS that means that the whole of NewImageSource needs to be restructured around respecting i.preferredManifestType, instead of always building data in both formats.
There may be various ways to do it:
- Add some kind of “manifest type” abstraction, and call it everywhere the code currently computes both values
- Continue building both formats all the time, but somehow represent “this format failed”, and check that at the very end (might be less invasive, but also rather more convoluted)
- Maybe some other design.
image.go
Outdated
| return "", "", errors.New("media type for xz-compressed layers is not defined") | ||
| case archive.Zstd: | ||
| // Until the image specs define a media type for zstd-compressed layers, even if we know | ||
| // how to decompress them, we can't try to compress layers with zstd. |
There was a problem hiding this comment.
This comment is accurate: Docker images can’t represent Zstd images layers.
We can’t very well just silently ignore that problem and create something that doesn’t work.
There was a problem hiding this comment.
I'm happy to defer to you and refuse to create schema2 images with zstd compression. But I'm curious to understand why this is a problem - BuildKit seems happy to create them using this media type, and they seem to work fine with Docker and kaniko (but not buildah...).
There was a problem hiding this comment.
One place is our own https://github.com/containers/image/blob/1c648b405e0763472db0bcc189136ddb6a5b61c6/manifest/docker_schema2.go#L173 . In retrospect, being that strict might have been a mistake, but either way that code refusing unexpected MIME types has been there for many years.
(IIRC, Docker is not checking MIME types at all when pulling; that’s the other extreme option.)
So we would need to think about a migration mechanism, and giving users enough tools to manage it. For a format feature which is, AFAICS, undocumented. Meanwhile, “if you want to use Zstd, migrate to OCI” is a simple story that works. for all implementations.
To keep the change relatively contained, what would you think about returning an empty // Figure out if we need to change the media type, in case we've changed the compression.
omediaType, dmediaType, err = computeLayerMIMEType(what, i.compression)
if err != nil {
return nil, err
}
// The layer media type must be defined for the type of manifest we are producing.
if (omediaType == "" && manifestType == v1.MediaTypeImageManifest) ||
(dmediaType == "" && manifestType == manifest.DockerV2Schema2MediaType) {
return nil, fmt.Errorf("manifest type %q does not support selected compression format", manifestType)
}Refactoring with a manifest type abstraction seems like a worthy idea as well. I can't see a reason why this function is constructing both in parallel (not sure if I'm missing something). I'm not sure I'm the best person to do this refactor though, as I'm brand new to the codebase. |
|
I’ll let actual Buildah maintainers to decide how this should be organized. |
|
@rhatdan: How would you like to proceed here? |
|
Hoping for some direction on where to go with this PR. I'm happy to make the changes if the maintainers have thoughts on what makes most sense. |
|
My preference would be
but that’s the option that requires more work, and I’m not authoritative to commit Buildah to that direction, nor can I spend very much time helping with that work. |
|
@rhatdan: Still looking for guidance on this one... |
giuseppe
added
the
No New Tests
|
could you please define "application/vnd.docker.image.rootfs.diff.tar.zstd" in |
@giuseppe To this day we are explicitly rejecting unknown MIME types for v2s2 layers. (I could see an argument that that has been a mistake, but here we are anyway.) Any v2s2 image with zstd are not going to be accepted by any currently existing version of Podman. Why should we start creating such images now, instead of using the OCI format exclusively? |
|
@mtrmac ok thanks, that makes sense. @aaronlehmann can you use the OCI format? |
|
@giuseppe: Using the OCI format is completely fine for me; I don't care about the Docker format. However, the issue is that |
|
@giuseppe: Any thoughts? |
|
@mtrmac do you have any suggestions for @aaronlehmann ? |
|
… so we have come full circle :) My preference is #5452 (comment) , to split the manifest creation code into per-format implementations, and to only use one instead of both. |
|
@aaronlehmann still working on this? |
|
@rhatdan: Happy to come back to this if I can get some clarity over the direction to go for the solution. Would something like #5452 (comment) be merged, or do we need to completely refactor with a "manifest type" abstraction as described in #5452 (comment)? |
|
If miloslav prefers 5452, I would go along with him. He is far smarter then me. |
Currently, NewImageSource creates a Docker schema2 manifest and an OCI manifest at the same time. This precludes functionality that isn't supported by both manifest types, for example zstd compression. Refactoring this to create only the desired manifest type solves this and also cleans up the code by separating manifest-type-specific code into distinct implementations of a "manifest builder". See discussion in containers#5452.
Currently, NewImageSource creates a Docker schema2 manifest and an OCI manifest at the same time. This precludes functionality that isn't supported by both manifest types, for example zstd compression. Refactoring this to create only the desired manifest type solves this and also cleans up the code by separating manifest-type-specific code into distinct implementations of a "manifest builder". See discussion in containers#5452.
|
Now that #5743 is merged, I've updated this to only support zstd in the OCI manifest path. |
|
@mtrmac: Does this look good now that it's specific to OCI manifests? |
|
@aaronlehmann do you think a test can be added for this, do you need help with tests ? |
|
@flouthoc: Yes, some help would be great! Please see my comment here: #5452 (comment) |
|
@flouthoc: Any ideas about what a test should look like? |
|
072ee88 suggests that I didn’t investigate further, is that incorrect? |
|
There is no intuitive way to test this without exposing a user exposed feature or hidden CLI flag, since this does not affects default behaviour of buildah, maybe we can merge this without test. @nalind any thoughts ? |
|
@nalind WDYT? |
|
The change itself LGTM, but without a test of some kind, I fear we wouldn't notice if it broke. There's one on the tip of https://github.com/nalind/buildah/tree/aaronlehmann-support-zstd-commit, if you'd like to cherry-pick it. |
Without this change, specifying `Compression: imagebuildah.Zstd` in `imagebuildah`'s `BuildOptions fails, so it is not possible to push cache to a registry with zstd compression. Note this is only applicable to OCI manifests. Signed-off-by: Aaron Lehmann <[email protected]>
Add a unit test that commits OCI layouts with various types of compression specified, and verifies that the layers end up written with the desired compression and media type descriptors. Signed-off-by: Nalin Dahyabhai <[email protected]>
aaronlehmann
force-pushed
the
support-zstd-commit
branch
from
4b62612 to
873e545
Compare
|
Thanks so much! I went ahead and cherry-picked this test (and also rebased the PR). |
|
Ephemeral COPR build failed. @containers/packit-build please check. |
Signed-off-by: Aaron Lehmann <[email protected]>
aaronlehmann
force-pushed
the
support-zstd-commit
branch
from
58995dd to
2eb666c
Compare
|
@flouthoc: I think this is ready to go now. Please let me know if you'd like any other changes. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aaronlehmann, flouthoc, mtrmac The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
🎉 Thank you! |
8 participants
What type of PR is this?
/kind feature
What this PR does / why we need it:
Without this change, specifying
Compression: imagebuildah.Zstdinimagebuildah's `BuildOptions fails, so it is not possible to push cache to a registry with zstd compression.Note this is only applicable to OCI manifests.
How to verify it
Specify
Compression: imagebuildah.Zstdwhen building an image usingimagebuildah.BuildDockerfiles,.Which issue(s) this PR fixes:
None
Special notes for your reviewer:
n/a
Does this PR introduce a user-facing change?