[ci:docs] Clean up /var/tmp/ when creating containers from oci-archive tarballs #19201
Conversation
rhatdan
changed the title
|
/approve You need to sign your commits. git commit -a --amend -s |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jdoss, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
We need to remove /var/tmp/oci* and /var/tmp/storage* which are podman temporary directories on each boot which are created when creating containers from oci-archive tarballs Signed-off-by: Joe Doss <[email protected]>
jdoss
force-pushed
the
jdoss/tmpfiles.d_oci_archive_cleanup
branch
from
5415f10
to
a56d785
Compare
| # Remove /var/tmp/oci* and /var/tmp/storage* podman temporary directories on each | ||
| # boot which are created when creating containers from oci-archive tarballs | ||
| R! /var/tmp/oci* | ||
| R! /var/tmp/storage* |
There was a problem hiding this comment.
This is a bit alarming: storage is a generic word, it is easy to imagine regular users saving /var/tmp/storage-archive.tgz and being surprised to find it gone on reboot. (Let's leave aside discussion of the merits of expecting anything in a tmpdir to survive)
Suggestion: instead of *, try [0-9]+$ (first making sure that those patterns are valid in this context)
[EDIT: this applies to both added patterns, both oci and storage]
There was a problem hiding this comment.
Even better than that, a better solution would be for @containers/podman-maintainers to use better namespaces (podman-unpack-*) and to find (and plug) the leaks.
There was a problem hiding this comment.
I thought of this too so that is why I did on reboot vs using https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html#e to have it be removed when systemd-tmpfiles-clean.service fires off it's timer. At least in this case it can stick around until reboot. I know you want to put this aside but I also don't expect anything in tmpdirs to survive a reboot which is why I went this direction. It a pretty well known that if tmpdirs are temporary.
Looking into your suggestion
-rw-r--r--. 1 jdoss jdoss 0 Jul 11 20:04 oci1234.tar
drwxr-xr-x. 1 jdoss jdoss 0 Jul 11 20:03 oci1333441593
drwxr-xr-x. 1 jdoss jdoss 0 Jul 11 20:04 oci2343867263
drwxr-xr-x. 1 jdoss jdoss 0 Jul 11 20:04 storage1255676731
drwx------. 1 jdoss jdoss 2 Jun 23 14:56 storage162146237
drwx------. 1 jdoss jdoss 0 Jun 23 14:47 storage1628300548
-rw-r--r--. 1 jdoss jdoss 0 Jul 11 20:04 storage.tar
This shell-style globbing seems to work
$ ls storage*[0-9]
storage1255676731:
storage162146237:
1
storage1628300548:
$ ls oci*[0-9]
oci1333441593:
oci2343867263:
But I am hesitant to to do anything more than what my PR provides because again, if something is in /var/tmp I don't expect it to survive a reboot. Heck, someone could create a directory like this and it will get caught.
$ mkdir storage123
[jdoss@sw-0608 tmp]$ ls storage*[0-9]
storage123:
storage1255676731:
storage162146237:
1
storage1628300548:
So even the shell-style globbing doesn't catch this edge case.
It would be handy if these directories were to have a prefix of podman- to make it more error proof when removing them with systemd-tmpfiles.d but this is a quick fix to prevent systems from running out of disk space. Ideally we should change to a podman- prefix on these directories and adjust this file later so they are cleaned up with systemd-tmpfiles-clean.service
There was a problem hiding this comment.
Even better than that, a better solution would be for @containers/podman-maintainers to use better namespaces (
podman-unpack-*) and to find (and plug) the leaks.
I missed this reply before I sent mine. I agree wholeheartedly.
|
@rhatdan OK I signed them and force pushed. |
|
How and why are we leaking these? IMO this is the wrong approach as it just works around the actual issue. c/image or c/storage or whatever creates these should be smart enough to clean them up on its own. And I agree that it should use a better namespace. And if we really think we should use the tmpfile hack then it should not live in podman. This should be at least in c/common so that it can be shipped vie containers-common so that it also effects buildah, skopeo or other c/storage,image users. This does not look like a podman specific problem to me. |
|
A reproducer would be nice. Is it |
There was a problem hiding this comment.
I agree this is not desirable. Let’s fix the root cause.
Or at the very least, if we needed this for crash resiliency or something, we should switch to use very-unique file names and target those.
And yes, c/image is supposedly cleaning up these files, in https://github.com/containers/image/blob/9b3e4a40d5c314aebcfaa197ee2652118760e45f/storage/storage_dest.go#L153 and https://github.com/containers/image/blob/9b3e4a40d5c314aebcfaa197ee2652118760e45f/oci/archive/oci_dest.go#L59 / https://github.com/containers/image/blob/9b3e4a40d5c314aebcfaa197ee2652118760e45f/oci/archive/oci_src.go#L104 ; assuming users call .Close().
@vrothberg Sure thing. I am saving my images like this: Then I let |
|
@Luap99 @mtrmac I unfortunately don't have the emotional fortitude to provide more of a fix than what I have in this PR. I fixed this on my end with the same file in I do deeply appreciate you all for wanting to fix the root problem. I agree that podman (or whatever part responsible) should be cleaning up after itself. Maybe some proper namespacing of tmp dirs too wouldn't hurt. |
|
I think we can fix this both ways, cleanup podman commands that left cruft behind because they were canceled as well as have the commands cleanup for themselves. |
|
$ podman save ubi8 --format oci-archive -o /tmp/images/ubi8.tar We should fix this to be a content specific directory. |
If you hit Ctr-C while pulling an image files and directories get left in /var/tmp. By adding "containers_images" prefix, we can use systemd tmpfiles handling to remove them on reboot safely. Help to make containers/podman#19201 safer. Signed-off-by: Daniel J Walsh <[email protected]>
If you hit Ctr-C while pulling an image files and directories get left in /var/tmp. By adding "containers_images" prefix, we can use systemd tmpfiles handling to remove them on reboot safely. Help to make containers/podman#19201 safer. Signed-off-by: Daniel J Walsh <[email protected]>
If you hit Ctr-C while pulling an image files and directories get left in /var/tmp. By adding "containers_images" prefix, we can use systemd tmpfiles handling to remove them on reboot safely. Help to make containers/podman#19201 safer. Signed-off-by: Daniel J Walsh <[email protected]>
|
It is … a possibility… for Podman to listen for a SIGINT, and to turn that into a context cancellation of a global context object. That would allow cleanup actions to be processed throughout the codebase. OTOH
|
|
Thanks @rhatdan !! |
github-actions
bot
added
the
locked - please file new issue/PR
When creating a container from an oci-archive tarball it will unpack everything to /var/tmp but there isn't anything to remove these directories over time after they are loaded into container storage. Over time, if these are not removed, it can lead to running out of disk space as old directories start to pile up as you update containers over time from oci-archive tarballs.
This PR adds support to our existing tmpfiles.d conf file which will remove all /var/tmp/oci* and /var/tmp/storage* directories. See my testing below.
The changes from this PR:
Leftover directories:
After a reboot you can see that they have been removed as expected on boot by tmpfiles.d
Does this PR introduce a user-facing change?
[NO NEW TESTS NEEDED]