Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add garbage collection for docker images #2435

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Add garbage collection for docker images #2435

wants to merge 4 commits into from

Conversation

jsoriano
Copy link
Member

@jsoriano jsoriano commented Feb 27, 2025
edited
Loading

Related to #856.

If one is using elastic-package during enough time, Docker storage can end up full of docker images. Once the 90% threshold is reached, behavior can be unpredictable as described in #856.

This change introduces garbage collection for docker images that were downloaded by elastic-package. Before pulling new images, it checks first if there are old unused images or if the images are taking too much space, and remove images accordingly. It only removes images known to be downloaded by elastic-package.

Implementation is based on two methods:

  • Track is used to start tracking images, by recording their tags and last used times. It has to be called before pulling the images, it won't track images that are already pulled, to avoid GCing images not managed by elastic-package.
  • Run runs the garbage collection, based on two parameters: max_unused can be used to remove images older than some time and max_total_size to trigger removals when the total size of images (from docker system df) goes beyond some threshold. Less recently used images are removed first.

Tracking of known images is persisted under ~/.elastic-package/cache/docker-images-gc.json.

Garbage collection is disabled by default.

This can be configured from ~/.elastic-package/config.yml, for example:

stack:
  gc:
    enabled: true
    max_unused: 336h # 2 weeks
    max_total_size: 60GB

@jsoriano jsoriano self-assigned this Feb 27, 2025
jsoriano
jsoriano commented Feb 27, 2025
View reviewed changes
internal/common/bytesize.go
)

// ByteSize represents the size of a file.
type ByteSize uint64
Copy link
Member Author

@jsoriano jsoriano Feb 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Type mostly copied from https://github.com/elastic/package-spec/blob/964c4a69e024cc464c4808720ba0db9f001a82a7/code/go/internal/spectypes/filesize.go, adding support for GB and floats, to support sizes reported by docker system df.

jsoriano
jsoriano commented Feb 27, 2025
View reviewed changes
internal/stack/compose.go
@@ -50,6 +51,34 @@ func (eb *envBuilder) build() []string {
return eb.vars
}

func runDockerImagesGC(ctx context.Context, project *compose.Project, opts compose.CommandOptions, appConfig *install.ApplicationConfiguration) error {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added by now only to stack operations, it could be added too to agent and service deployers. It may be specially interesting in the service deployer.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've checked that running elastic-package test system -v in the mysql package (integrations repo), it creates 36 docker images to test the service:

 $ elastic-package test system -v
...
 $ docker images |grep elastic-package-service |grep mysql  | wc -l 
36
 $ docker images |grep elastic-package-service
...
elastic-package-service-30135-mysql                      latest                   040dcd09ffba   58 minutes ago      1.34GB
elastic-package-service-13845-mysql_replica              latest                   9b7839234a41   About an hour ago   591MB
...

When trying with other packages using the new custom agents (e.g. oracle), elastic-package creates one elastic-agent docker image per each system test with different Dockerfile (hash of that file is part of the docker tag) link.

 $ elastic-package test system -v --data-streams memory,performance
...
 $ docker images |grep elastic-package-test
elastic-package-test-elastic-agent                       8.17.3-1e83b6defffbb1d833d6235e1c502bad   ecbc1bc5d908   22 minutes ago   1.95GB
elastic-package-test-elastic-agent                       8.17.3-2459e61e8ebaf237cffe70dc5ad649cb   159f23420959   31 minutes ago   1.95GB

As most of them are built with the same base image, there could be a lot of shared layers.

Removing all the previous docker images in my laptop (docker rmi), docker just untagged the docker images. Maybe does it need to clean the docker cache too ?

 $ docker images |grep elastic-package-service |grep mysql | awk '{print $3}' | xargs -I {} docker rmi {}
Untagged: elastic-package-service-40716-mysql:latest
Deleted: sha256:1fc900526a35aeb6563b6fc4a393fe88e2282b41ca95e603684bd3dc72264245
Untagged: elastic-package-service-47488-mysql:latest
Deleted: sha256:6625ce72c4b0b506cf0ad86e8b703b580d6d90707471aef59c39d2e62ab4fa82
Untagged: elastic-package-service-66823-mysql:latest
Deleted: sha256:973241860b7932f231dead77a048d8a433bd468ed1e93bb90c8e0815707cc5ee
Untagged: elastic-package-service-61615-mysql:latest
Deleted: sha256:0385a33fc301b9b417ac9db269386af710767ef7e6342cfcfccb61717857051a
...

 $ docker rmi elastic-package-test-elastic-agent:8.17.3-1e83b6defffbb1d833d6235e1c502bad 
Untagged: elastic-package-test-elastic-agent:8.17.3-1e83b6defffbb1d833d6235e1c502bad
Deleted: sha256:ecbc1bc5d908ca93d32d8af54ecc43dc067a8367abc400f2bcfc325aa37bb629

 $ docker rmi elastic-package-test-elastic-agent:8.17.3-2459e61e8ebaf237cffe70dc5ad649cb 
Untagged: elastic-package-test-elastic-agent:8.17.3-2459e61e8ebaf237cffe70dc5ad649cb
Deleted: sha256:159f234209595713fc882f7e6802c09a4b57381770610e2661defbf5dfe91618

jsoriano
jsoriano commented Feb 27, 2025
View reviewed changes
internal/compose/compose.go
@@ -60,7 +61,23 @@ type Config struct {
Services map[string]service
}

// Images lists the images found in the configuration.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This only lists images found directly in the docker compose configuration, it won't find images found in Dockerfiles. Maybe we can think in other approaches to find the images to track. Ideas welcome.

efd6
efd6 reviewed Mar 3, 2025
View reviewed changes
internal/common/bytesize.go
return s.unmarshalString(value.Value)
}

var bytesPattern = regexp.MustCompile(fmt.Sprintf(`^(\d+(\.\d+)?)(%s|%s|%s|%s|)$`, byteString, kiloByteString, megaByteString, gigaByteString))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
var bytesPattern = regexp.MustCompile(fmt.Sprintf(`^(\d+(\.\d+)?)(%s|%s|%s|%s|)$`, byteString, kiloByteString, megaByteString, gigaByteString))
var bytesPattern = regexp.MustCompile(`^(\d+(\.\d+)?)(` + byteString + `|` + kiloByteString + `|` + megaByteString + `|` + gigaByteString + `|)$`)

(compile-time string construction instead of init-time)

but for a more efficient pattern

Suggested change
var bytesPattern = regexp.MustCompile(fmt.Sprintf(`^(\d+(\.\d+)?)(%s|%s|%s|%s|)$`, byteString, kiloByteString, megaByteString, gigaByteString))
var bytesPattern = regexp.MustCompile(`^(\d+(\.\d+)?)(B|[KMG]B|)$`)

internal/docker/imagesgc.go Outdated
Comment on lines 45 to 48
path string
images []gcEntry
clock func() time.Time
client imagesGCClient
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Field godoc?

internal/docker/imagesgc.go
// Persist saves the list of images to disk.
func (gc *ImagesGC) Persist() error {
if gc.path == "" {
return errors.New("GC list was not created with a path")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems to me that path != "" is an invariant where non-adherence is a programmer error, so this should panic.

internal/docker/imagesgc.go
continue
}
if err != nil {
gc.images = append(images, gc.images[i:]...)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we do this? I can't see that this value is used after an error. What am I missing?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is done in case gc is used after Run() fails, so gc.images is updated with images that may have been removed.
gc is not reused now, but the idea is that it could be.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

YAGNI?

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

cc @jsoriano

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrodm mrodm mrodm left review comments

@efd6 efd6 efd6 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@jsoriano jsoriano

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jsoriano @elasticmachine @mrodm @efd6