when building a layered docker image, ignore it if tar encounters cha… #75911
Conversation
|
cc @grahamc |
|
Hmm I'm still seeing an intermittent error That seems to be coming from this bit I'm a bit confused. I don't see how that file could be modified at this point and I'm hesitant to give it the same treatment without better understanding. |
|
I'm not in favor of this approach. I would prefer to explore the approach described in #75888 (comment). |
purefn
force-pushed
the
parallel-docker-buildlayeredimage
branch
from
ce87d79
to
fd4ec44
Compare
|
@nlewo - I've updated it with a different approach which should work better. Let me know what you think! |
Reformat it how? It's formatted according to the CONTRIBUTING.md unless there is a detail I'm missing. |
Since dockerTools refers to an attr set, I'm assuming something like: |
when tar'ing store paths into layered archives when building layered images, don't use the absolute nix store path so that tar won't complain if something new is added to the nix store when building the final docker image, ignore any file changes tar detects in the layers. they are all immutable and the only thing that might change is the number of hard links due to store optimization
purefn
force-pushed
the
parallel-docker-buildlayeredimage
branch
from
fd4ec44
to
3be7675
Compare
|
@nlewo Changed the final image tar to ignore the file changes it detected, added comments, and reformatted git commit as per @jonringer's suggestion. Should be good to merge now. Let me know if there is anything else. |
| @@ -625,7 +624,22 @@ rec { | |||
| -i "$imageName" > image/repositories | |||
|
|
|||
| echo "Cooking the image..." | |||
| tar -C image --dereference --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 --mode=a-w --xform s:'^./':: -c . | pigz -nT > $out | |||
| # tar exits with an exit code of 1 if files changed while it was | |||
| # reading them. it considers a change in the number of hard links | |||
There was a problem hiding this comment.
| # reading them. it considers a change in the number of hard links | |
| # reading them. It considers a change in the number of hard links |
| # tar exits with an exit code of 1 if files changed while it was | ||
| # reading them. it considers a change in the number of hard links | ||
| # to be a "change", which can cause this to fail if images are being | ||
| # built concurrently and auto-optimise-store is turned on. since |
There was a problem hiding this comment.
| # built concurrently and auto-optimise-store is turned on. since | |
| # built concurrently and the auto-optimise-store nix option is turned on. Since |
| # reading them. it considers a change in the number of hard links | ||
| # to be a "change", which can cause this to fail if images are being | ||
| # built concurrently and auto-optimise-store is turned on. since | ||
| # know the contents of these files will not change, we can reasonably |
There was a problem hiding this comment.
| # know the contents of these files will not change, we can reasonably | |
| # the contents of these files will not change, we can reasonably |
|
|
||
| mkdir -p "$layerPath" | ||
| tar --no-recursion -rf "$layerPath/layer.tar" \ | ||
|
|
||
| # make sure /nix and /nix/store appear first in the archive. |
There was a problem hiding this comment.
| # make sure /nix and /nix/store appear first in the archive. | |
| # Make sure /nix and /nix/store appear first in the archive. |
| tar --no-recursion -rf "$layerPath/layer.tar" \ | ||
|
|
||
| # make sure /nix and /nix/store appear first in the archive. | ||
| # we create the directories here and use them because |
There was a problem hiding this comment.
| # we create the directories here and use them because | |
| # We create the directories here and use them because |
| --transform='s,nix,/nix,' \ | ||
| nix | ||
|
|
||
| # we change into the /nix/store in order to avoid a similar |
There was a problem hiding this comment.
| # we change into the /nix/store in order to avoid a similar | |
| # We change into the /nix/store in order to avoid a similar |
| # we change into the /nix/store in order to avoid a similar | ||
| # "file changed as we read it" error as above. Namely, | ||
| # if we use the absolute path of /nix/store/123-pkg | ||
| # and something new it added to the nix store while tar |
There was a problem hiding this comment.
| # and something new it added to the nix store while tar | |
| # and something new is added to the nix store while tar |
| # the relative nix store path, tar will ignore changes | ||
| # to /nix/store. In order to create the correct structure | ||
| # in the tar file, we transform the relative nix store | ||
| # path to the absolute store path |
There was a problem hiding this comment.
| # path to the absolute store path | |
| # path to the absolute store path. |
|
@GrahamcOfBorg test docker-tools |
|
Note I applied comment fixes in da261e3. Thanks! |
|
@nlewo Would it be possible to backport this fix to 19.09? |
|
@rimmington I'm sorry, I don't have time to backport it. Note also this is actually not a trivial backport: we need to backport another patch (because this one is buggy) and there is a merge conflict. |
|
@nlewo Ah, I didn't realise the backport is non-trivial; I may just wait for 20.03 then. Thanks for checking! |
Motivation for this change
Allows building layered docker images in parallel with other derivations. Takes the second approach mentioned in #75888, telling tar to ignore the changes to
/nix/store.tarexit codes are defined asSo as long as
tarexits with a0or1we should be fine. The rationale for that is that any derivations that building the layered docker image depends on would have already been built and in the nix store by the time we get to this point. Therefore, any changes to/nix/storedon't pertain to the docker image under construction.Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @nlewo