New image manifest format #18785
New image manifest format #18785
Conversation
|
Tentatively added this to the 1.10 milestone, thanks @aaronlehmann |
| @@ -126,17 +125,7 @@ func NewV2Repository(ctx context.Context, repoInfo *registry.RepositoryInfo, end | |||
| } | |||
|
|
|||
| func digestFromManifest(m *schema1.SignedManifest, name reference.Named) (digest.Digest, int, error) { | |||
There was a problem hiding this comment.
This helper doesn't seem very useful anymore. At least, there is no need to have name as input and err as output.
aaronlehmann
force-pushed
the
new-manifest
branch
2 times, most recently
from
fa99803 to
170e191
Compare
|
design +1, this has already been approved and implemented on the distribution side. |
|
Design LGTM |
aaronlehmann
force-pushed
the
new-manifest
branch
from
170e191 to
6d83ad7
Compare
|
ping @aaronlehmann #18889 was merged, so this needs to be rebased |
aaronlehmann
force-pushed
the
new-manifest
branch
from
6d83ad7 to
f9a1e6b
Compare
|
Rebased |
| # Install two versions of the registry. The first is an older version that | ||
| # only supports schema1 manifests. The second is a newer version that supports | ||
| # both. This allows integration-cli tests to cover push/pull with both schema1 | ||
| # and schema1 manifests. |
aaronlehmann
force-pushed
the
new-manifest
branch
2 times, most recently
from
11fa69e to
bde2e44
Compare
aaronlehmann
changed the title
aaronlehmann
force-pushed
the
new-manifest
branch
from
bde2e44 to
cc5167b
Compare
|
This is no longer WIP. The distribution bits have been merged upstream and the version vendored here is off the master branch. |
|
ping @tonistiigi could you review this? |
| @@ -27,7 +27,7 @@ func (r *RootFS) BaseLayerID() string { | |||
|
|
|||
| // ChainID returns the ChainID for the top layer in RootFS. | |||
| func (r *RootFS) ChainID() layer.ChainID { | |||
| baseDiffID, _ := digest.FromBytes([]byte(r.BaseLayerID())) // can never error | |||
| baseDiffID := digest.FromBytes([]byte(r.BaseLayerID())) // can never error | |||
| } | ||
|
|
||
| // blobSumAlreadyExists checks if the registry already know about any of the | ||
| // blobsums passed in the "blobsums" slice. If it finds one that the registry | ||
| // knows about, it returns the known digest and "true". | ||
| func blobSumAlreadyExists(ctx context.Context, blobsums []digest.Digest, repo distribution.Repository, layersPushed *pushMap) (digest.Digest, bool, error) { | ||
| layersPushed.Lock() | ||
| for _, dgst := range blobsums { |
There was a problem hiding this comment.
Sorry, why is this block gone?
There was a problem hiding this comment.
Moved to Upload, line 233.
|
LGTM |
|
LGTM 🐹 |
|
I don't think there is any docs impact there: merging \o/ |
icecrime
added
status/4-merge
impact/changelog
impact/distribution
and removed
status/3-docs-review
labels
|
@aaronlehmann I don't think this has user-facing changes? So docs should be good, but please let us know if we overlooked something there, then we can do a docs follow up |
|
Mmmm Windows CI is broken again 😢 Ping @jfrazelle @mikedougherty @jhowardmsft: can we merge anyway or do you want to give it look? |
|
Looking now and restarting failing nodes... |
|
This seems a different error to other Windows CI failures. It's consistently hitting this: This is happening on multiple nodes, which are working with other PRs. Hence I think it's something in this PR rather than CI itself. Can you guys see anything obvious that I'm missing? |
|
This PR changes the BTW, @tonistiigi has tested this PR manually on Windows. |
|
Re-started on node 1 which I've just cleaned out the build cache on. |
|
Suceessful windows run: https://jenkins.dockerproject.org/job/Windows-PRs/20105/console |
Concurrent uploads which share layers worked correctly as of moby#18353, but unfortunately moby#18785 caused a regression. This PR removed the logic that shares digests between different push sessions. This overlooked the case where one session was waiting for another session to upload a layer. This commit adds back the ability to propagate this digest information, using the distribution.Descriptor type because this is what is received from stats and uploads, and also what is ultimately needed for building the manifest. Surprisingly, there was no test covering this case. This commit adds one. It fails without the fix. See recent comments on moby#9132. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Concurrent uploads which share layers worked correctly as of moby#18353, but unfortunately moby#18785 caused a regression. This PR removed the logic that shares digests between different push sessions. This overlooked the case where one session was waiting for another session to upload a layer. This commit adds back the ability to propagate this digest information, using the distribution.Descriptor type because this is what is received from stats and uploads, and also what is ultimately needed for building the manifest. Surprisingly, there was no test covering this case. This commit adds one. It fails without the fix. See recent comments on moby#9132. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> (cherry picked from commit 5c99eeb)
This PR adds support for the new manifest format ("schema2") specified in https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md.
The new format allows end-to-end content addressability. The existing v2 manifest format puts image configurations in "v1Compatibility" strings that use the same data model and non-content-addressable ID scheme that the legacy v1 protocol uses. Supporting this format with the content addressable image/layer model in Docker 1.10 involves hacks to do things like generate fake v1 IDs. The new format carries the actual image configuration as a blob, so push/pull transfers an exact copy of the image.
The schema2 format also includes the concept of a "manifest list". This is a kind of meta-manifest that points to the appropriate manifests for different platforms. It will eventually allow pulling the same image name, tag, or digest across different platforms, and getting a version of the image built for the correct platform. The tools to create and push these manifest lists don't exist yet, but assuming this PR is merged for 1.10, 1.10 will support these multi-architecture images.
The transition to the new manifest format preserves backward compatibility. Engines which support the new format will always try to push schema2 manifests; however, if the remote registry doesn't support the format, it will fall back to using the schema1 format. When pulling, the engine indicates in an Accept header if it can accept the new format. If it can't, and it's pulling an image that the manifest has a schema2 manifest for, the registry will transparently convert the manifest to schema1 format (note this is not supported for pull-by-digest).
One nice side effect of this PR is that the hacks described above for assembling legacy manifests are moved out of the engine code into vendored distribution code. The distribution APIs now have a
ManifestBuilderinterface that abstracts away the job of creating a manifest in either the old or new format.Support for the new format will be coming soon on Docker Hub. For now, testing push and pull with schema2 manifests requires building registry from the master branch of github.com/docker/distribution.