Comments (5)
There might be (at least) one scenario where you want to have whiteouts: if you ship a layer including some sample code, you might want to remove it (or overwrite it with something else) when you derive the layer.
On the current platform, we don't use whiteouts in that case, because this data is on a separate volume (therefore not requiring a whiteout).
There are also special cases of whiteouts: permission changes. Those can be useful when you want to give access to some files, or remove access. This was a frequent problem on the current platform (e.g. readability of logs when daemons are installed using system packages instead of the default user).
There is no convention in AUFS—just an opaque format. I'd personally advocate against making that part of the API, since it effectively ties the implementation with AUFS, which is probably a Very Bad Thing, but YMMV.
Last but not least, in some cases (mail servers), you might also want to preserve inode numbers—and in that case, you would have to also preserve the xino translation file of AUFS.
... Unless we want to support bind-mounted volumes; then those concerns are waived.
from moby.
On Sun, Jan 20, 2013 at 10:57 PM, jpetazzo [email protected] wrote:
There might be (at least) one scenario where you want to have whiteouts:
if you ship a layer including some sample code, you might want to remove it
(or overwrite it with something else) when you derive the layer.Could you walk me through an example use case in more detail?
There are also special cases of whiteouts: permission changes. Those can
be useful when you want to give access to some files, or remove access.
This was a frequent problem on the current platform (e.g. readability of
logs when daemons are installed using system packages instead of the
default user).Same question as above.
Last but not least, in some cases (mail servers), you might also want to
preserve inode numbers—and in that case, you would have to also preserve
the xino translation file of AUFS.Same question as above.
Thanks!
from moby.
On Sun, Jan 20, 2013 at 10:57 PM, jpetazzo [email protected] wrote:
There is no convention in AUFS—just an opaque format. I'd personally
advocate against making that part of the API, since it effectively ties the
implementation with AUFS, which is probably a Very Bad Thing, but YMMV.
We are in agreement here. Frankly, sticking to vanilla tarballs as the
image format is something I would like to preserve if at all possible. I know
Andrea feels the same way.
from moby.
- Whiteouts Needed To Remove Sample Code.
The current implementation of dotCloud service ships with some sample code. It is never seen by dotCloud users, since their code replaces it immediately after container deployment (before the container gets a chance to see traffic) — unless code deployment fails; in which case the container is rolled back to its previous version, which happens to be the pristine version of the cloudlet. Of course, we could argue that this sample code could be removed in the first place from the base layer; but it's here for a good reason: to help the service developer to ensure that his service actually works. - Whiteouts Needed To Preserve Permission Changes.
For a very long time, dotCloud Java service has been plagued by the fact that its logs were readable only by the jetty user, not by the dotCloud user. The files in base layer didn't have to be modified, but their permissions did. - Preserving Inode Numbers.
http://grox.net/doc/postfix/html/faq.html#copying
"Postfix names a queue file after its inode number and after the microsecond part of the time of day. Thus, if a queue file has a name based on someone elses inode number there is a small chance that the file name will collide with another queue file."
from moby.
Ok, after a few off-band discussions: the consensus seems to be that whiteouts and layers are a (very) useful tool, but should not be exposed as a top-level object to the end-user. The main reason being that it would make things unnecessarily complicated (every user needs to acquire the off-band knowledge of which layer works with which, and it is very easy to shoot yourself in the foot by combining layers that were not meant to be combined). At the same time, there is not much benefit to allowing arbitrary combination of layers: even if you are 99% sure your layer can be safely "rebased" to a new base layer, why not run that build script again just to make sure you're right?
So, instead, let's use layers (+ their associated whiteouts) as a optimization for storing and transferring images. In other words, the payload for docker is always a tarball. But it may optionally be a sparse tarball, which will reference the bottom layers by ID, and only store changes. Of course these sparse tarballs will only be usable to a receiver capable of (a) decoding the sparse format and (b) retrieving the bottom layers from their ID.
from moby.
Related Issues (20)
- Requests from docker container to remote DB are slow HOT 1
- docker image ls does not show images loaded from a tar file HOT 12
- Default Nvidia CDI spec location on rootless kit seems to be unaccessible HOT 1
- WIP: containerd integration: Multi-platform images UX
- "Incorrect" host-gateway in case with Rootless Docker HOT 4
- docker compose fails to mount sub-directories of named volumes HOT 2
- Fail to start a development container HOT 3
- [v26] Build caching with `type=cache` mounts HOT 7
- Provide the ability to update the container's DeviceRequest
- Getting "error while resolving symlinks in base directory" when using subpath HOT 6
- Certain log configuration reliably triggers a segfault
- How to leverage VFP NAT rules for outbound connectivity for overlay networks created by Docker Swarm in Windows server 2022
- Executing 'docker exec' to enter a container does not generate any logs. HOT 1
- Resolving down Swarm service from service with `dns: "127.0.0.11"` results in hundreds of errors per second in syslog HOT 11
- containerd integration: Passing a build context via tarball to the `/build` endpoint is broken
- Stopping container signal blocked by AppArmor on Ubuntu HOT 3
- Incorrect owner on volume inside bind mount HOT 2
- Add resynching mechanism to endpoint_table of networkDB HOT 10
- nil dereference when created timestamp is missing in image history HOT 3
- Remove `windows-dns-proxy` feature flag
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from moby.