Merge pull request containerd#8807 from ambarve/cimfs

Add support for cimfs snapshotter & differ
Mirantis · Dec 22, 2023 · 124bc0d · 124bc0d
2 parents 643fa70 + daa1ea5
commit 124bc0d
Show file tree

Hide file tree

Showing 104 changed files with 3,843 additions and 2,991 deletions.
diff --git a/archive/tar_opts_windows.go b/archive/tar_opts_windows.go
@@ -22,6 +22,7 @@ import (
 
 	"github.com/Microsoft/go-winio"
 	"github.com/Microsoft/hcsshim/pkg/ociwclayer"
+	ocicimlayer "github.com/Microsoft/hcsshim/pkg/ociwclayer/cim"
 )
 
 // applyWindowsLayer applies a tar stream of an OCI style diff tar of a Windows layer
@@ -77,3 +78,16 @@ func WithParentLayers(p []string) WriteDiffOpt {
 		return nil
 	}
 }
+
+func applyWindowsCimLayer(ctx context.Context, root string, r io.Reader, options ApplyOptions) (size int64, err error) {
+	return ocicimlayer.ImportCimLayerFromTar(ctx, r, root, options.Parents)
+}
+
+// AsCimContainerLayer indicates that the tar stream to apply is that of a Windows container Layer written in
+// the cim format.
+func AsCimContainerLayer() ApplyOpt {
+	return func(options *ApplyOptions) error {
+		options.applyFunc = applyWindowsCimLayer
+		return nil
+	}
+}
diff --git a/diff/windows/cimfs.go b/diff/windows/cimfs.go
@@ -0,0 +1,111 @@
+//go:build windows
+// +build windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package windows
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/Microsoft/hcsshim/pkg/cimfs"
+	"github.com/containerd/containerd/v2/archive"
+	"github.com/containerd/containerd/v2/content"
+	"github.com/containerd/containerd/v2/diff"
+	"github.com/containerd/containerd/v2/errdefs"
+	"github.com/containerd/containerd/v2/metadata"
+	"github.com/containerd/containerd/v2/mount"
+	"github.com/containerd/containerd/v2/platforms"
+	"github.com/containerd/containerd/v2/plugins"
+	"github.com/containerd/plugin"
+	"github.com/containerd/plugin/registry"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+func init() {
+	registry.Register(&plugin.Registration{
+		Type: plugins.DiffPlugin,
+		ID:   "cimfs",
+		Requires: []plugin.Type{
+			plugins.MetadataPlugin,
+		},
+		InitFn: func(ic *plugin.InitContext) (interface{}, error) {
+			md, err := ic.GetSingle(plugins.MetadataPlugin)
+			if err != nil {
+				return nil, err
+			}
+
+			if !cimfs.IsCimFSSupported() {
+				return nil, fmt.Errorf("host windows version doesn't support CimFS")
+			}
+			ic.Meta.Platforms = append(ic.Meta.Platforms, platforms.DefaultSpec())
+			return NewCimDiff(md.(*metadata.DB).ContentStore())
+		},
+	})
+}
+
+// cimDiff does filesystem comparison and application
+// for CimFS specific layer diffs.
+type cimDiff struct {
+	store content.Store
+}
+
+// NewCimDiff is the Windows cim container layer implementation
+// for comparing and applying filesystem layers
+func NewCimDiff(store content.Store) (CompareApplier, error) {
+	return cimDiff{
+		store: store,
+	}, nil
+}
+
+// Apply applies the content associated with the provided digests onto the
+// provided mounts. Archive content will be extracted and decompressed if
+// necessary.
+func (c cimDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts []mount.Mount, opts ...diff.ApplyOpt) (d ocispec.Descriptor, err error) {
+	layer, parentLayerPaths, err := cimMountsToLayerAndParents(mounts)
+	if err != nil {
+		return emptyDesc, err
+	}
+	return applyDiffCommon(ctx, c.store, desc, layer, parentLayerPaths, archive.AsCimContainerLayer(), opts...)
+}
+
+// Compare creates a diff between the given mounts and uploads the result
+// to the content store.
+func (c cimDiff) Compare(ctx context.Context, lower, upper []mount.Mount, opts ...diff.Opt) (d ocispec.Descriptor, err error) {
+	// support for generating layer diff of cimfs layers will be added later.
+	return emptyDesc, errdefs.ErrNotImplemented
+}
+
+func cimMountsToLayerAndParents(mounts []mount.Mount) (string, []string, error) {
+	if len(mounts) != 1 {
+		return "", nil, fmt.Errorf("%w: number of mounts should always be 1 for Windows layers", errdefs.ErrInvalidArgument)
+	}
+	mnt := mounts[0]
+	if mnt.Type != "CimFS" {
+		// This is a special case error. When this is received the diff service
+		// will attempt the next differ in the chain.
+		return "", nil, errdefs.ErrNotImplemented
+	}
+
+	parentLayerPaths, err := mnt.GetParentPaths()
+	if err != nil {
+		return "", nil, err
+	}
+
+	return mnt.Source, parentLayerPaths, nil
+}
diff --git a/diff/windows/windows.go b/diff/windows/windows.go
@@ -88,10 +88,8 @@ func NewWindowsDiff(store content.Store) (CompareApplier, error) {
 	}, nil
 }
 
-// Apply applies the content associated with the provided digests onto the
-// provided mounts. Archive content will be extracted and decompressed if
-// necessary.
-func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts []mount.Mount, opts ...diff.ApplyOpt) (d ocispec.Descriptor, err error) {
+// applyDiffCommon is a common function that is called by both windows & cimfs differs.
+func applyDiffCommon(ctx context.Context, store content.Store, desc ocispec.Descriptor, layerPath string, parentLayerPaths []string, applyOpt archive.ApplyOpt, opts ...diff.ApplyOpt) (d ocispec.Descriptor, err error) {
 	t1 := time.Now()
 	defer func() {
 		if err == nil {
@@ -111,7 +109,7 @@ func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts
 		}
 	}
 
-	ra, err := s.store.ReaderAt(ctx, desc)
+	ra, err := store.ReaderAt(ctx, desc)
 	if err != nil {
 		return emptyDesc, fmt.Errorf("failed to get reader from content store: %w", err)
 	}
@@ -133,26 +131,13 @@ func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts
 		r: io.TeeReader(processor, digester.Hash()),
 	}
 
-	layer, parentLayerPaths, err := mountsToLayerAndParents(mounts)
-	if err != nil {
-		return emptyDesc, err
-	}
-
-	// TODO darrenstahlmsft: When this is done isolated, we should disable these.
-	// it currently cannot be disabled, unless we add ref counting. Since this is
-	// temporary, leaving it enabled is OK for now.
-	// https://github.com/containerd/containerd/issues/1681
-	if err := winio.EnableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege}); err != nil {
-		return emptyDesc, err
-	}
-
 	archiveOpts := []archive.ApplyOpt{
 		archive.WithParents(parentLayerPaths),
-		archive.AsWindowsContainerLayer(),
 		archive.WithNoSameOwner(), // Lchown is not supported on Windows
+		applyOpt,
 	}
 
-	if _, err := archive.Apply(ctx, layer, rc, archiveOpts...); err != nil {
+	if _, err := archive.Apply(ctx, layerPath, rc, archiveOpts...); err != nil {
 		return emptyDesc, err
 	}
 
@@ -168,6 +153,26 @@ func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts
 	}, nil
 }
 
+// Apply applies the content associated with the provided digests onto the
+// provided mounts. Archive content will be extracted and decompressed if
+// necessary.
+func (s windowsDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mounts []mount.Mount, opts ...diff.ApplyOpt) (d ocispec.Descriptor, err error) {
+	layer, parentLayerPaths, err := mountsToLayerAndParents(mounts)
+	if err != nil {
+		return emptyDesc, err
+	}
+
+	// TODO darrenstahlmsft: When this is done isolated, we should disable these.
+	// it currently cannot be disabled, unless we add ref counting. Since this is
+	// temporary, leaving it enabled is OK for now.
+	// https://github.com/containerd/containerd/issues/1681
+	if err := winio.EnableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege}); err != nil {
+		return emptyDesc, err
+	}
+
+	return applyDiffCommon(ctx, s.store, desc, layer, parentLayerPaths, archive.AsWindowsContainerLayer(), opts...)
+}
+
 // Compare creates a diff between the given mounts and uploads the result
 // to the content store.
 func (s windowsDiff) Compare(ctx context.Context, lower, upper []mount.Mount, opts ...diff.Opt) (d ocispec.Descriptor, err error) {

diff --git a/go.mod b/go.mod
@@ -7,8 +7,7 @@ require (
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0
 	github.com/Microsoft/go-winio v0.6.1
-	github.com/Microsoft/hcsshim v0.12.0-rc.1
-	github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3
+	github.com/Microsoft/hcsshim v0.12.0-rc.2
 	github.com/container-orchestrated-devices/container-device-interface v0.6.1
 	github.com/containerd/btrfs/v2 v2.0.0
 	github.com/containerd/cgroups/v3 v3.0.2
@@ -30,9 +29,9 @@ require (
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c
 	github.com/docker/go-metrics v0.0.1
 	github.com/docker/go-units v0.5.0
-	github.com/fsnotify/fsnotify v1.7.0
+	github.com/fsnotify/fsnotify v1.6.0
 	github.com/google/go-cmp v0.6.0
-	github.com/google/uuid v1.5.0
+	github.com/google/uuid v1.3.1
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 	github.com/intel/goresctrl v0.5.0