Handle pull for "internal" containers #990
Conversation
samuelkarp
requested review from
cabbruzzese,
aaithal,
petderek and
richardpen
| } | ||
|
|
||
| // Windows is special-cased here and just performs a normal pull | ||
| if runtime.GOOS == "windows" { |
There was a problem hiding this comment.
I'd prefer this test to be in platform specific files if the expectations are different.
There was a problem hiding this comment.
Yeah, wasn't sure about that since this is the only difference in all these tests. I can move it though.
There was a problem hiding this comment.
Have this check at the top of the function and do a t.Skip() if you don't want to make a separate Linux file?
You could also make this more OO instead of using platform constants. That would make testing more straightforward here.
You could also just leave this as is. I don't have a strong preference.
There was a problem hiding this comment.
Have this check at the top of the function and do a t.Skip() if you don't want to make a separate Linux file?
There's both a Linux- and Windows-test, sharing most of the test structure except some of the expectations.
You could also make this more OO instead of using platform constants.
Not sure I understand what you mean here.
There was a problem hiding this comment.
You branch based on a constant boolean that's defined for each platform. You could instead attach these functions to a struct with this configuration embedded.
The tests would then be driven by configuration instead of driven by platform.
There was a problem hiding this comment.
I went and separated them into platform-specific files.
agent/engine/docker_task_engine.go
Outdated
| @@ -508,6 +509,20 @@ func (engine *DockerTaskEngine) GetTaskByArn(arn string) (*api.Task, bool) { | |||
| } | |||
|
|
|||
| func (engine *DockerTaskEngine) pullContainer(task *api.Task, container *api.Container) DockerContainerMetadata { | |||
| if container.Type == api.ContainerCNIPause { | |||
| // ContainerCNIPause images are managed at startup | |||
| return DockerContainerMetadata{} | |||
There was a problem hiding this comment.
What part is redundant? The comment? That explains why there's an early return.
There was a problem hiding this comment.
The whole if block doesn't seem necessary. The switch block that runs the same check.
There was a problem hiding this comment.
Oh! Yeah...oops. Will remove!
| case api.ContainerEmptyHostVolume: | ||
| // ContainerEmptyHostVolume image is either local (must be imported) or remote (must be pulled) | ||
| if emptyvolume.LocalImage { | ||
| return engine.client.ImportLocalEmptyVolumeImage() |
There was a problem hiding this comment.
Did create better describe what was happening behind the scenes here?
There was a problem hiding this comment.
Import is the verb that is used in the Docker API.
|
Can you edit |
samuelkarp
force-pushed
the
internal-pull
branch
from
e62456c
to
4537635
Compare
| case resp := <-response: | ||
| return resp | ||
| case <-timeout: | ||
| return DockerContainerMetadata{Error: &DockerTimeoutError{pullImageTimeout, "pulled"}} |
There was a problem hiding this comment.
Can the transition string be a const ?
There was a problem hiding this comment.
Any particular reason why? I generally like constants if there's string reuse, string comparison, or if it aids clarity. I suppose reuse might apply here, but it's only used in two places right now.
There was a problem hiding this comment.
I was primarily concerned with reuse but it was more of a suggestion.
| case resp := <-response: | ||
| return resp | ||
| case <-timeout: | ||
| return DockerContainerMetadata{Error: &DockerTimeoutError{pullImageTimeout, "pulled"}} |
There was a problem hiding this comment.
I was primarily concerned with reuse but it was more of a suggestion.
This commit treats internal containers differently during the pull step of the container lifecycle. We currently have two types of internal containers: "empty host volume" containers and pause containers. "Empty host volume" containers should either be pulled from a remote image (as on Windows) or imported from a locally-generated tarball (as on Linux). The pause container image is either imported from a locally-embedded tarball inside the agent's rootfs or expected to already be present on the host (if the image is overridden via config).
microsoft/nanoserver:latest is significantly smaller than microsoft/windowsservercore:latest and should pull more quickly.
samuelkarp
force-pushed
the
internal-pull
branch
from
c133031
to
7a26f74
Compare
Summary
Internal containers should be treated differently during the pull step of the container lifecycle.
We currently have two types of internal containers: "empty host volume" containers and pause containers. "Empty host volume" containers should either be pulled from a remote image (as on Windows) or imported from a locally-generated tarball (as on Linux). The pause container image is either imported from a locally-embedded tarball inside the agent's rootfs or expected to already be present on the host (if the image is overridden via config).
A second commit here changes the empty host volume image on Windows from
microsoft/windowsservercore:latesttomicrosoft/nanoserver:latest, as it's a significantly smaller image.This addresses #729 (comment).
Implementation details
New constant exposed in the
emptyvolumepackage to control whether or not the image is present locally to be imported, or it should be pulled. New logic inDockerTaskEngineto dispatch to different methods based on the container'sTypefield.Testing
make release)go build -out amazon-ecs-agent.exe ./agent)make test) passgo test -timeout=25s ./agent/...) passmake run-integ-tests) pass.\scripts\run-integ-tests.ps1) passmake run-functional-tests) pass.\scripts\run-functional-tests.ps1) passNew tests cover the changes: yes
Description for the changelog
microsoft/windowsservercore:latestwas not pulled on Windows under certain conditionsLicensing
This contribution is under the terms of the Apache 2.0 License: yes