Add new cosa cloud-prune command for garbage collection

[gursewak1997]

Add the ability to run garbage collection on resources using
cosa cloud-prune. This script would take policy.yaml and run
the garbage collection accordingly for the stream specified.

---

Test it with:
cosa cloud-prune --stream next-devel --gcp-json-key gcp-account-demo.json --gcp-project fedora-coreos-*** --aws-config-file ./creds fcos-developer-pipelines/gursewak/next-devel

[dustymabe]

initial pass - i need to go into more depth.

[dustymabe]

probably easier if we don't make assumptions.. i.e. maybe we just use a unit of days and even though it's a little harder to work with from a human perspective, it's easier not to make a mistake on the code side.

[gursewak1997]

Do we want to keep one unit i.e. could be just days or months or years? OR do we want to handle every possible inputs such as 90d, 4m and 2y?

[dustymabe]

it would be nice here if we can support both FCOS version numbers and RHCOS version numbers here. Maybe let's think about that now, while we are developing this rather than having to update things later.

[dustymabe]

for FCOS at least we don't have any cloud resources for Azure that we need to cleanup (yet).

For RHCOS I think we do have some object storage uploads we do.

[dustymabe]

should we actually raise an exception here instead of just being informational?

[dustymabe]

note that we do have a Build() class in cosalib as well. Not sure if that would be useful here to use that instead or not.

[gursewak1997]

We do indeed have that but they are changed according to those files. It seemed better to create a new variable since we are using cloud_images here.

[dustymabe]

just pointing out we will need some special handling of builds.json when we upload it back to s3

[jlebon]

Not a full review yet. Just a first pass.

[jbtrystram]

We have been looking at this today with Adam and have the following thought : since all the clouds artifacts are stored in a S3 bucket, except the container images : should we split out the builds.json parsing to a shared library and have a separate script that uses that and do the quay API calls rather than writing non-s3 logic in there ?

[gursewak1997]

should we split out the builds.json parsing to a shared library and have a separate script that uses that and do the quay API calls rather than writing non-s3 logic in there ?

It would make sense to keep the overall pruning of builds/resources to be kept within this file. For the exact logic for deletion of resources, it's definitely okay to make a separate script; similar to what we have for AWS and GCP.
The S3 logic is just there to make sure the we get the information for builds.json and update the file accordingly once the pruning is done.

[jlebon]

This is currently using the Python bindings. My inclination is to move away from that and just have it call ore instead, exactly like how remove_gcp_image() does it currently. For example, the golang code for deleting AMIs already exists and correctly handles the "is already deleted" case mentioned in my previous comment (see e.g. deregisterImageIfExists()).

That should also allow us to directly pass the config file to ore and avoid the env var hack.

[jlebon]

I feel like we should error out here if the information is incomplete.

[gursewak1997]

Do you mean in the case of either of the parameters (gcp_image and json_key and project) not being present.

[jlebon]

Yes. We can't add the cloud-uploads marker to a build if we couldn't actually remove a cloud image just because we were missing information about how to remove it.

[jlebon]

That's not going to work as expected. On the first iteration, it will raise an exception which will cause the program to exit. I think here instead we would print all of the errors and then raise once.

[gursewak1997]

I see just printing the errors during the process as below. But how do you want to raise once? Would that be once we have gone through all the builds?

if len(errors) != 0:
    print(f"Found errors when removing cloud-uploads for {build.id}:")
    for e in errors:
        print(e)

[jlebon]

You can add a raise Exception("some errors were encountered") right after the for-loop.

[jlebon]

Let's move this to some library where we can share it with cmd-buildupload.

[jbtrystram]

Some thoughts while I was working on this :

• we could default pulling builds.json and meta.json from HTTP, this way we don't have to have any s3 credentials loaded for dry-run attempts. See Adding garbage removal for cloud uploads gursewak1997/coreos-assembler#1 for an implementation

I am confused by the policy.yaml design:

• I assume image-keep will skip the pruning for those artifacts. But how long ? Indefinitely ?
• what does build refer to ? all the artifiacts for a build ?
• Should we have containers added as a key under images ? This way we can iterate on it like any other resources ? That would prevent having different GC policy for those. I see there is an unused oscontainer key. Would that work ? Is it only used for RHCOS ?

[jlebon]

Some thoughts while I was working on this :

Thanks for looking at this! I think from our discussions today, we landed on just keeping the container image pruning separate for now because (1) it seems more natural there to make the source of truth be the registry repo, (2) the GC policy is much more aggressive than the policy we have in mind here, so this would require adding another key to the builds.json's policy-cleanup which would in principle need to be added to all builds we've created so far, and (3) there's extra logic needed there for barrier releases which makes it not as good a fit for the model here.

We could always look at re-merging them in the future if we feel it's worth it. I'll note this is similar also to the ostree repo pruner which treats the OSTree repo as canonical and is currently also handled by separate code (https://github.com/coreos/fedora-coreos-releng-automation/tree/main/fedora-ostree-pruner). I could similarly imagine having this pruning code be generalized to handle multiple repos under the Fedora umbrella (this relates to e.g. rpm-software-management/dnf5#833 (comment), but also we'll likely want tagged releases for the base bootc images too which will then also need GC).

[jlebon]

We're passing the image ID via a flag though, so the synopsis here is incorrect.

[jlebon]

Whether this function errors out on the AMI not existing should probably be a flag like --allow-missing which we would pass as a bool here.

[jlebon]

Minor: extraneous empty line

[jlebon]

Why handle this case? It's a caller error to pass an empty ID.

[jlebon]

This construction seems odd. Isn't this calling ore twice, once for the AMI and once for the snapshot? I don't understand how this can work since the AWS API to delete those is different.

But anyway, I think it'd be cleaner to call ore just once and pass both the AMI ID and snapshot ID.

[jlebon]

Need the same for AWS above.

[jlebon]

Should set maxsplit to 1.

[jlebon]

Not quite. This needs to be a different mode entirely. So basically:

• cosa cloud-prune --policy ... prunes resources, updates builds.json locally.
• cosa cloud-prune --upload-builds-json does not do any pruning. It downloads the latest builds.json, merges the modifications from the local builds.json into the latest, and uploads to S3.

[jlebon]

I guess for consistency with the AWS one let's add the gcp_id to this exception.

[jlebon]

One comment, LGTM otherwise.
Let's split up the commit also.

[jlebon]

We need to bump the timestamp here too.

Actually, probably simpler to just fold the timestamp bumping into save_builds_json directly.

[jbtrystram]

Superficial LGTM

[jlebon]

• Commit "Factor out the S3 functions to cosalib" needs to be before the introduction of cmd-cloud-prune which uses it.

• Let's add the name of the new command in the commit title. E.g.:

  Add new cosa cloud-prune command for garbage collection

[jlebon]

OK with this, but as mentioned earlier, I think get_unreferenced_s3_builds() could still be useful. At least, I don't want to lose the overall idea behind it. I think basically cosa cloud-prune in the future should do this. Let's for now add a comment in cmd-cloud-prune like:

# XXX: We should also prune unreferenced build directories here. See also
# `get_unreferenced_s3_builds()` in the git log.

[jlebon]

LGTM. Nice work!