mirror of
				https://github.com/containers/podman.git
				synced 2025-10-27 03:06:22 +08:00 
			
		
		
		
	 fc6dcd12b3
			
		
	
	fc6dcd12b3
	
	
	
		
			
			We added the concept of image volumes in 2.2.0, to support inspecting an image from within a container. However, this is a strictly read-only mount, with no modification allowed. By contrast, the new `image` volume driver creates a c/storage container as its underlying storage, so we have a read/write layer. This, in and of itself, is not especially interesting, but what it will enable in the future is. If we add a new command to allow these image volumes to be committed, we can now distribute volumes - and changes to them - via a standard OCI image registry (which is rather new and quite exciting). Future work in this area: - Add support for `podman volume push` (commit volume changes and push resulting image to OCI registry). - Add support for `podman volume pull` (currently, we require that the image a volume is created from be already pulled; it would be simpler if we had a dedicated command that did the pull and made a volume from it) - Add support for scratch images (make an empty image on demand to use as the base of the volume) - Add UOR support to `podman volume push` and `podman volume pull` to enable both with non-image volume drivers Signed-off-by: Matthew Heon <matthew.heon@pm.me>
		
			
				
	
	
		
			143 lines
		
	
	
		
			4.7 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			143 lines
		
	
	
		
			4.7 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| package libpod
 | |
| 
 | |
| import (
 | |
| 	"context"
 | |
| 	"errors"
 | |
| 	"fmt"
 | |
| 	"io"
 | |
| 	"os"
 | |
| 
 | |
| 	buildahDefine "github.com/containers/buildah/define"
 | |
| 	"github.com/containers/buildah/imagebuildah"
 | |
| 	"github.com/containers/common/libimage"
 | |
| 	"github.com/containers/image/v5/docker/reference"
 | |
| 	"github.com/containers/podman/v4/libpod/define"
 | |
| 	"github.com/containers/podman/v4/libpod/events"
 | |
| 	"github.com/containers/podman/v4/pkg/util"
 | |
| 	"github.com/sirupsen/logrus"
 | |
| )
 | |
| 
 | |
| // Runtime API
 | |
| 
 | |
| // RemoveContainersForImageCallback returns a callback that can be used in
 | |
| // `libimage`.  When forcefully removing images, containers using the image
 | |
| // should be removed as well.  The callback allows for more graceful removal as
 | |
| // we can use the libpod-internal removal logic.
 | |
| func (r *Runtime) RemoveContainersForImageCallback(ctx context.Context) libimage.RemoveContainerFunc {
 | |
| 	return func(imageID string) error {
 | |
| 		if !r.valid {
 | |
| 			return define.ErrRuntimeStopped
 | |
| 		}
 | |
| 		ctrs, err := r.state.AllContainers()
 | |
| 		if err != nil {
 | |
| 			return err
 | |
| 		}
 | |
| 		for _, ctr := range ctrs {
 | |
| 			if ctr.config.RootfsImageID != imageID {
 | |
| 				continue
 | |
| 			}
 | |
| 			var timeout *uint
 | |
| 			if ctr.config.IsInfra {
 | |
| 				pod, err := r.state.Pod(ctr.config.Pod)
 | |
| 				if err != nil {
 | |
| 					return fmt.Errorf("container %s is in pod %s, but pod cannot be retrieved: %w", ctr.ID(), ctr.config.Pod, err)
 | |
| 				}
 | |
| 				if err := r.removePod(ctx, pod, true, true, timeout); err != nil {
 | |
| 					return fmt.Errorf("removing image %s: container %s using image could not be removed: %w", imageID, ctr.ID(), err)
 | |
| 				}
 | |
| 			} else {
 | |
| 				if err := r.removeContainer(ctx, ctr, true, false, false, false, timeout); err != nil {
 | |
| 					return fmt.Errorf("removing image %s: container %s using image could not be removed: %w", imageID, ctr.ID(), err)
 | |
| 				}
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		// Need to handle volumes with the image driver
 | |
| 		vols, err := r.state.AllVolumes()
 | |
| 		if err != nil {
 | |
| 			return err
 | |
| 		}
 | |
| 		for _, vol := range vols {
 | |
| 			if vol.config.Driver != define.VolumeDriverImage || vol.config.StorageImageID != imageID {
 | |
| 				continue
 | |
| 			}
 | |
| 			// Do a force removal of the volume, and all containers
 | |
| 			// using it.
 | |
| 			if err := r.RemoveVolume(ctx, vol, true, nil); err != nil {
 | |
| 				return fmt.Errorf("removing image %s: volume %s backed by image could not be removed: %w", imageID, vol.Name(), err)
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		// Note that `libimage` will take care of removing any leftover
 | |
| 		// containers from the storage.
 | |
| 		return nil
 | |
| 	}
 | |
| }
 | |
| 
 | |
| // IsExternalContainerCallback returns a callback that be used in `libimage` to
 | |
| // figure out whether a given container is an external one.  A container is
 | |
| // considered external if it is not present in libpod's database.
 | |
| func (r *Runtime) IsExternalContainerCallback(_ context.Context) libimage.IsExternalContainerFunc {
 | |
| 	// NOTE: pruning external containers is subject to race conditions
 | |
| 	// (e.g., when a container gets removed). To address this and similar
 | |
| 	// races, pruning had to happen inside c/storage.  Containers has to be
 | |
| 	// labelled with "podman/libpod" along with callbacks similar to
 | |
| 	// libimage.
 | |
| 	return func(idOrName string) (bool, error) {
 | |
| 		_, err := r.LookupContainer(idOrName)
 | |
| 		if err == nil {
 | |
| 			return false, nil
 | |
| 		}
 | |
| 		if errors.Is(err, define.ErrNoSuchCtr) {
 | |
| 			return true, nil
 | |
| 		}
 | |
| 		isVol, err := r.state.ContainerIDIsVolume(idOrName)
 | |
| 		if err == nil && !isVol {
 | |
| 			return true, nil
 | |
| 		}
 | |
| 		return false, nil
 | |
| 	}
 | |
| }
 | |
| 
 | |
| // newBuildEvent creates a new event based on completion of a built image
 | |
| func (r *Runtime) newImageBuildCompleteEvent(idOrName string) {
 | |
| 	e := events.NewEvent(events.Build)
 | |
| 	e.Type = events.Image
 | |
| 	e.Name = idOrName
 | |
| 	if err := r.eventer.Write(e); err != nil {
 | |
| 		logrus.Errorf("Unable to write build event: %q", err)
 | |
| 	}
 | |
| }
 | |
| 
 | |
| // Build adds the runtime to the imagebuildah call
 | |
| func (r *Runtime) Build(ctx context.Context, options buildahDefine.BuildOptions, dockerfiles ...string) (string, reference.Canonical, error) {
 | |
| 	if options.Runtime == "" {
 | |
| 		options.Runtime = r.GetOCIRuntimePath()
 | |
| 	}
 | |
| 	// share the network interface between podman and buildah
 | |
| 	options.NetworkInterface = r.network
 | |
| 	id, ref, err := imagebuildah.BuildDockerfiles(ctx, r.store, options, dockerfiles...)
 | |
| 	// Write event for build completion
 | |
| 	r.newImageBuildCompleteEvent(id)
 | |
| 	return id, ref, err
 | |
| }
 | |
| 
 | |
| // DownloadFromFile reads all of the content from the reader and temporarily
 | |
| // saves in it $TMPDIR/importxyz, which is deleted after the image is imported
 | |
| func DownloadFromFile(reader *os.File) (string, error) {
 | |
| 	outFile, err := os.CreateTemp(util.Tmpdir(), "import")
 | |
| 	if err != nil {
 | |
| 		return "", fmt.Errorf("creating file: %w", err)
 | |
| 	}
 | |
| 	defer outFile.Close()
 | |
| 
 | |
| 	logrus.Debugf("saving %s to %s", reader.Name(), outFile.Name())
 | |
| 
 | |
| 	_, err = io.Copy(outFile, reader)
 | |
| 	if err != nil {
 | |
| 		return "", fmt.Errorf("saving %s to %s: %w", reader.Name(), outFile.Name(), err)
 | |
| 	}
 | |
| 
 | |
| 	return outFile.Name(), nil
 | |
| }
 |