github.com/lacework-dev/go-moby@v20.10.12+incompatible/builder/builder-next/worker/worker.go (about) 1 package worker 2 3 import ( 4 "context" 5 "fmt" 6 "io" 7 "io/ioutil" 8 nethttp "net/http" 9 "runtime" 10 "strings" 11 "time" 12 13 "github.com/containerd/containerd/content" 14 "github.com/containerd/containerd/images" 15 "github.com/containerd/containerd/platforms" 16 "github.com/containerd/containerd/rootfs" 17 "github.com/docker/docker/builder/builder-next/adapters/containerimage" 18 "github.com/docker/docker/distribution" 19 distmetadata "github.com/docker/docker/distribution/metadata" 20 "github.com/docker/docker/distribution/xfer" 21 "github.com/docker/docker/image" 22 "github.com/docker/docker/layer" 23 pkgprogress "github.com/docker/docker/pkg/progress" 24 "github.com/moby/buildkit/cache" 25 "github.com/moby/buildkit/cache/metadata" 26 "github.com/moby/buildkit/client" 27 "github.com/moby/buildkit/client/llb" 28 "github.com/moby/buildkit/executor" 29 "github.com/moby/buildkit/exporter" 30 localexporter "github.com/moby/buildkit/exporter/local" 31 tarexporter "github.com/moby/buildkit/exporter/tar" 32 "github.com/moby/buildkit/frontend" 33 "github.com/moby/buildkit/session" 34 "github.com/moby/buildkit/snapshot" 35 "github.com/moby/buildkit/solver" 36 "github.com/moby/buildkit/solver/llbsolver/mounts" 37 "github.com/moby/buildkit/solver/llbsolver/ops" 38 "github.com/moby/buildkit/solver/pb" 39 "github.com/moby/buildkit/source" 40 "github.com/moby/buildkit/source/git" 41 "github.com/moby/buildkit/source/http" 42 "github.com/moby/buildkit/source/local" 43 "github.com/moby/buildkit/util/archutil" 44 "github.com/moby/buildkit/util/compression" 45 "github.com/moby/buildkit/util/contentutil" 46 "github.com/moby/buildkit/util/progress" 47 digest "github.com/opencontainers/go-digest" 48 ocispec "github.com/opencontainers/image-spec/specs-go/v1" 49 "github.com/pkg/errors" 50 "github.com/sirupsen/logrus" 51 bolt "go.etcd.io/bbolt" 52 ) 53 54 const labelCreatedAt = "buildkit/createdat" 55 56 // LayerAccess provides access to a moby layer from a snapshot 57 type LayerAccess interface { 58 GetDiffIDs(ctx context.Context, key string) ([]layer.DiffID, error) 59 EnsureLayer(ctx context.Context, key string) ([]layer.DiffID, error) 60 } 61 62 // Opt defines a structure for creating a worker. 63 type Opt struct { 64 ID string 65 Labels map[string]string 66 GCPolicy []client.PruneInfo 67 MetadataStore *metadata.Store 68 Executor executor.Executor 69 Snapshotter snapshot.Snapshotter 70 ContentStore content.Store 71 CacheManager cache.Manager 72 ImageSource *containerimage.Source 73 DownloadManager distribution.RootFSDownloadManager 74 V2MetadataService distmetadata.V2MetadataService 75 Transport nethttp.RoundTripper 76 Exporter exporter.Exporter 77 Layers LayerAccess 78 Platforms []ocispec.Platform 79 } 80 81 // Worker is a local worker instance with dedicated snapshotter, cache, and so on. 82 // TODO: s/Worker/OpWorker/g ? 83 type Worker struct { 84 Opt 85 SourceManager *source.Manager 86 } 87 88 // NewWorker instantiates a local worker 89 func NewWorker(opt Opt) (*Worker, error) { 90 sm, err := source.NewManager() 91 if err != nil { 92 return nil, err 93 } 94 95 cm := opt.CacheManager 96 sm.Register(opt.ImageSource) 97 98 gs, err := git.NewSource(git.Opt{ 99 CacheAccessor: cm, 100 MetadataStore: opt.MetadataStore, 101 }) 102 if err == nil { 103 sm.Register(gs) 104 } else { 105 logrus.Warnf("Could not register builder git source: %s", err) 106 } 107 108 hs, err := http.NewSource(http.Opt{ 109 CacheAccessor: cm, 110 MetadataStore: opt.MetadataStore, 111 Transport: opt.Transport, 112 }) 113 if err == nil { 114 sm.Register(hs) 115 } else { 116 logrus.Warnf("Could not register builder http source: %s", err) 117 } 118 119 ss, err := local.NewSource(local.Opt{ 120 CacheAccessor: cm, 121 MetadataStore: opt.MetadataStore, 122 }) 123 if err == nil { 124 sm.Register(ss) 125 } else { 126 logrus.Warnf("Could not register builder local source: %s", err) 127 } 128 129 return &Worker{ 130 Opt: opt, 131 SourceManager: sm, 132 }, nil 133 } 134 135 // ID returns worker ID 136 func (w *Worker) ID() string { 137 return w.Opt.ID 138 } 139 140 // Labels returns map of all worker labels 141 func (w *Worker) Labels() map[string]string { 142 return w.Opt.Labels 143 } 144 145 // Platforms returns one or more platforms supported by the image. 146 func (w *Worker) Platforms(noCache bool) []ocispec.Platform { 147 if noCache { 148 pm := make(map[string]struct{}, len(w.Opt.Platforms)) 149 for _, p := range w.Opt.Platforms { 150 pm[platforms.Format(p)] = struct{}{} 151 } 152 for _, p := range archutil.SupportedPlatforms(noCache) { 153 if _, ok := pm[p]; !ok { 154 pp, _ := platforms.Parse(p) 155 w.Opt.Platforms = append(w.Opt.Platforms, pp) 156 } 157 } 158 } 159 if len(w.Opt.Platforms) == 0 { 160 return []ocispec.Platform{platforms.DefaultSpec()} 161 } 162 return w.Opt.Platforms 163 } 164 165 // GCPolicy returns automatic GC Policy 166 func (w *Worker) GCPolicy() []client.PruneInfo { 167 return w.Opt.GCPolicy 168 } 169 170 // ContentStore returns content store 171 func (w *Worker) ContentStore() content.Store { 172 return w.Opt.ContentStore 173 } 174 175 // MetadataStore returns the metadata store 176 func (w *Worker) MetadataStore() *metadata.Store { 177 return w.Opt.MetadataStore 178 } 179 180 // LoadRef loads a reference by ID 181 func (w *Worker) LoadRef(ctx context.Context, id string, hidden bool) (cache.ImmutableRef, error) { 182 var opts []cache.RefOption 183 if hidden { 184 opts = append(opts, cache.NoUpdateLastUsed) 185 } 186 return w.CacheManager().Get(ctx, id, opts...) 187 } 188 189 // ResolveOp converts a LLB vertex into a LLB operation 190 func (w *Worker) ResolveOp(v solver.Vertex, s frontend.FrontendLLBBridge, sm *session.Manager) (solver.Op, error) { 191 if baseOp, ok := v.Sys().(*pb.Op); ok { 192 switch op := baseOp.Op.(type) { 193 case *pb.Op_Source: 194 return ops.NewSourceOp(v, op, baseOp.Platform, w.SourceManager, sm, w) 195 case *pb.Op_Exec: 196 return ops.NewExecOp(v, op, baseOp.Platform, w.CacheManager(), sm, w.Opt.MetadataStore, w.Executor(), w) 197 case *pb.Op_File: 198 return ops.NewFileOp(v, op, w.CacheManager(), w.Opt.MetadataStore, w) 199 case *pb.Op_Build: 200 return ops.NewBuildOp(v, op, s, w) 201 } 202 } 203 return nil, errors.Errorf("could not resolve %v", v) 204 } 205 206 // ResolveImageConfig returns image config for an image 207 func (w *Worker) ResolveImageConfig(ctx context.Context, ref string, opt llb.ResolveImageConfigOpt, sm *session.Manager, g session.Group) (digest.Digest, []byte, error) { 208 return w.ImageSource.ResolveImageConfig(ctx, ref, opt, sm, g) 209 } 210 211 // DiskUsage returns disk usage report 212 func (w *Worker) DiskUsage(ctx context.Context, opt client.DiskUsageInfo) ([]*client.UsageInfo, error) { 213 return w.CacheManager().DiskUsage(ctx, opt) 214 } 215 216 // Prune deletes reclaimable build cache 217 func (w *Worker) Prune(ctx context.Context, ch chan client.UsageInfo, info ...client.PruneInfo) error { 218 return w.CacheManager().Prune(ctx, ch, info...) 219 } 220 221 // Exporter returns exporter by name 222 func (w *Worker) Exporter(name string, sm *session.Manager) (exporter.Exporter, error) { 223 switch name { 224 case "moby": 225 return w.Opt.Exporter, nil 226 case client.ExporterLocal: 227 return localexporter.New(localexporter.Opt{ 228 SessionManager: sm, 229 }) 230 case client.ExporterTar: 231 return tarexporter.New(tarexporter.Opt{ 232 SessionManager: sm, 233 }) 234 default: 235 return nil, errors.Errorf("exporter %q could not be found", name) 236 } 237 } 238 239 // GetRemote returns a remote snapshot reference for a local one 240 func (w *Worker) GetRemote(ctx context.Context, ref cache.ImmutableRef, createIfNeeded bool, _ compression.Type, _ session.Group) (*solver.Remote, error) { 241 var diffIDs []layer.DiffID 242 var err error 243 if !createIfNeeded { 244 diffIDs, err = w.Layers.GetDiffIDs(ctx, ref.ID()) 245 if err != nil { 246 return nil, err 247 } 248 } else { 249 if err := ref.Finalize(ctx, true); err != nil { 250 return nil, err 251 } 252 diffIDs, err = w.Layers.EnsureLayer(ctx, ref.ID()) 253 if err != nil { 254 return nil, err 255 } 256 } 257 258 descriptors := make([]ocispec.Descriptor, len(diffIDs)) 259 for i, dgst := range diffIDs { 260 descriptors[i] = ocispec.Descriptor{ 261 MediaType: images.MediaTypeDockerSchema2Layer, 262 Digest: digest.Digest(dgst), 263 Size: -1, 264 } 265 } 266 267 return &solver.Remote{ 268 Descriptors: descriptors, 269 Provider: &emptyProvider{}, 270 }, nil 271 } 272 273 // PruneCacheMounts removes the current cache snapshots for specified IDs 274 func (w *Worker) PruneCacheMounts(ctx context.Context, ids []string) error { 275 mu := mounts.CacheMountsLocker() 276 mu.Lock() 277 defer mu.Unlock() 278 279 for _, id := range ids { 280 id = "cache-dir:" + id 281 sis, err := w.Opt.MetadataStore.Search(id) 282 if err != nil { 283 return err 284 } 285 for _, si := range sis { 286 for _, k := range si.Indexes() { 287 if k == id || strings.HasPrefix(k, id+":") { 288 if siCached := w.CacheManager().Metadata(si.ID()); siCached != nil { 289 si = siCached 290 } 291 if err := cache.CachePolicyDefault(si); err != nil { 292 return err 293 } 294 si.Queue(func(b *bolt.Bucket) error { 295 return si.SetValue(b, k, nil) 296 }) 297 if err := si.Commit(); err != nil { 298 return err 299 } 300 // if ref is unused try to clean it up right away by releasing it 301 if mref, err := w.CacheManager().GetMutable(ctx, si.ID()); err == nil { 302 go mref.Release(context.TODO()) 303 } 304 break 305 } 306 } 307 } 308 } 309 310 mounts.ClearActiveCacheMounts() 311 return nil 312 } 313 314 func (w *Worker) getRef(ctx context.Context, diffIDs []layer.DiffID, opts ...cache.RefOption) (cache.ImmutableRef, error) { 315 var parent cache.ImmutableRef 316 if len(diffIDs) > 1 { 317 var err error 318 parent, err = w.getRef(ctx, diffIDs[:len(diffIDs)-1], opts...) 319 if err != nil { 320 return nil, err 321 } 322 defer parent.Release(context.TODO()) 323 } 324 return w.CacheManager().GetByBlob(context.TODO(), ocispec.Descriptor{ 325 Annotations: map[string]string{ 326 "containerd.io/uncompressed": diffIDs[len(diffIDs)-1].String(), 327 }, 328 }, parent, opts...) 329 } 330 331 // FromRemote converts a remote snapshot reference to a local one 332 func (w *Worker) FromRemote(ctx context.Context, remote *solver.Remote) (cache.ImmutableRef, error) { 333 rootfs, err := getLayers(ctx, remote.Descriptors) 334 if err != nil { 335 return nil, err 336 } 337 338 layers := make([]xfer.DownloadDescriptor, 0, len(rootfs)) 339 340 for _, l := range rootfs { 341 // ongoing.add(desc) 342 layers = append(layers, &layerDescriptor{ 343 desc: l.Blob, 344 diffID: layer.DiffID(l.Diff.Digest), 345 provider: remote.Provider, 346 w: w, 347 pctx: ctx, 348 }) 349 } 350 351 defer func() { 352 for _, l := range rootfs { 353 w.ContentStore().Delete(context.TODO(), l.Blob.Digest) 354 } 355 }() 356 357 r := image.NewRootFS() 358 rootFS, release, err := w.DownloadManager.Download(ctx, *r, runtime.GOOS, layers, &discardProgress{}) 359 if err != nil { 360 return nil, err 361 } 362 defer release() 363 364 if len(rootFS.DiffIDs) != len(layers) { 365 return nil, errors.Errorf("invalid layer count mismatch %d vs %d", len(rootFS.DiffIDs), len(layers)) 366 } 367 368 for i := range rootFS.DiffIDs { 369 tm := time.Now() 370 if tmstr, ok := remote.Descriptors[i].Annotations[labelCreatedAt]; ok { 371 if err := (&tm).UnmarshalText([]byte(tmstr)); err != nil { 372 return nil, err 373 } 374 } 375 descr := fmt.Sprintf("imported %s", remote.Descriptors[i].Digest) 376 if v, ok := remote.Descriptors[i].Annotations["buildkit/description"]; ok { 377 descr = v 378 } 379 ref, err := w.getRef(ctx, rootFS.DiffIDs[:i+1], cache.WithDescription(descr), cache.WithCreationTime(tm)) 380 if err != nil { 381 return nil, err 382 } 383 if i == len(remote.Descriptors)-1 { 384 return ref, nil 385 } 386 defer ref.Release(context.TODO()) 387 } 388 389 return nil, errors.Errorf("unreachable") 390 } 391 392 // Executor returns executor.Executor for running processes 393 func (w *Worker) Executor() executor.Executor { 394 return w.Opt.Executor 395 } 396 397 // CacheManager returns cache.Manager for accessing local storage 398 func (w *Worker) CacheManager() cache.Manager { 399 return w.Opt.CacheManager 400 } 401 402 type discardProgress struct{} 403 404 func (*discardProgress) WriteProgress(_ pkgprogress.Progress) error { 405 return nil 406 } 407 408 // Fetch(ctx context.Context, desc ocispec.Descriptor) (io.ReadCloser, error) 409 type layerDescriptor struct { 410 provider content.Provider 411 desc ocispec.Descriptor 412 diffID layer.DiffID 413 // ref ctdreference.Spec 414 w *Worker 415 pctx context.Context 416 } 417 418 func (ld *layerDescriptor) Key() string { 419 return "v2:" + ld.desc.Digest.String() 420 } 421 422 func (ld *layerDescriptor) ID() string { 423 return ld.desc.Digest.String() 424 } 425 426 func (ld *layerDescriptor) DiffID() (layer.DiffID, error) { 427 return ld.diffID, nil 428 } 429 430 func (ld *layerDescriptor) Download(ctx context.Context, progressOutput pkgprogress.Output) (io.ReadCloser, int64, error) { 431 done := oneOffProgress(ld.pctx, fmt.Sprintf("pulling %s", ld.desc.Digest)) 432 433 // TODO should this write output to progressOutput? Or use something similar to loggerFromContext()? see https://github.com/moby/buildkit/commit/aa29e7729464f3c2a773e27795e584023c751cb8 434 discardLogs := func(_ []byte) {} 435 if err := contentutil.Copy(ctx, ld.w.ContentStore(), ld.provider, ld.desc, discardLogs); err != nil { 436 return nil, 0, done(err) 437 } 438 _ = done(nil) 439 440 ra, err := ld.w.ContentStore().ReaderAt(ctx, ld.desc) 441 if err != nil { 442 return nil, 0, err 443 } 444 445 return ioutil.NopCloser(content.NewReader(ra)), ld.desc.Size, nil 446 } 447 448 func (ld *layerDescriptor) Close() { 449 // ld.is.ContentStore().Delete(context.TODO(), ld.desc.Digest) 450 } 451 452 func (ld *layerDescriptor) Registered(diffID layer.DiffID) { 453 // Cache mapping from this layer's DiffID to the blobsum 454 ld.w.V2MetadataService.Add(diffID, distmetadata.V2Metadata{Digest: ld.desc.Digest}) 455 } 456 457 func getLayers(ctx context.Context, descs []ocispec.Descriptor) ([]rootfs.Layer, error) { 458 layers := make([]rootfs.Layer, len(descs)) 459 for i, desc := range descs { 460 diffIDStr := desc.Annotations["containerd.io/uncompressed"] 461 if diffIDStr == "" { 462 return nil, errors.Errorf("%s missing uncompressed digest", desc.Digest) 463 } 464 diffID, err := digest.Parse(diffIDStr) 465 if err != nil { 466 return nil, err 467 } 468 layers[i].Diff = ocispec.Descriptor{ 469 MediaType: ocispec.MediaTypeImageLayer, 470 Digest: diffID, 471 } 472 layers[i].Blob = ocispec.Descriptor{ 473 MediaType: desc.MediaType, 474 Digest: desc.Digest, 475 Size: desc.Size, 476 } 477 } 478 return layers, nil 479 } 480 481 func oneOffProgress(ctx context.Context, id string) func(err error) error { 482 pw, _, _ := progress.FromContext(ctx) 483 now := time.Now() 484 st := progress.Status{ 485 Started: &now, 486 } 487 _ = pw.Write(id, st) 488 return func(err error) error { 489 // TODO: set error on status 490 now := time.Now() 491 st.Completed = &now 492 _ = pw.Write(id, st) 493 _ = pw.Close() 494 return err 495 } 496 } 497 498 type emptyProvider struct { 499 } 500 501 func (p *emptyProvider) ReaderAt(ctx context.Context, dec ocispec.Descriptor) (content.ReaderAt, error) { 502 return nil, errors.Errorf("ReaderAt not implemented for empty provider") 503 }