Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(hash): recreate container on project config content change #11931

Open
wants to merge 8 commits into
base: main
Choose a base branch
from

Conversation

idsulik
Copy link
Collaborator

@idsulik idsulik commented Jun 23, 2024

What I did
Fixed hash.ServiceHash() to support config content change

Related issue
#11900

image

@ndeloof
Copy link
Contributor

ndeloof commented Jul 1, 2024

While I understand the intent, I don't like we get the config content added into the service hash. This also only makes sense as the config content is inlined.
I wonder we could rely on a label to track the config state by the time it was created : com.docker.compose.config.name=<config hash>.


for _, serviceConfig := range o.Configs {
if projectConfig, ok := project.Configs[serviceConfig.Source]; ok {
bytes = append(bytes, []byte(projectConfig.Content)...)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't detect changes for config set by environment of file

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added support for env and config file

@idsulik
Copy link
Collaborator Author

idsulik commented Jul 6, 2024

I don't like we get the config content added into the service hash

why?

I wonder we could rely on a label to track the config state by the time it was created : com.docker.compose.config.name=<config hash>.

I don't get the idea, time it was created - do you mean config file? or docker-compose.yaml? but docker-compose can refer to external config file

@ndeloof
Copy link
Contributor

ndeloof commented Jul 8, 2024

time container was created, so we can check it needs to be recreated if current config doesn't match

@@ -37,5 +38,22 @@ func ServiceHash(o types.ServiceConfig) (string, error) {
if err != nil {
return "", err
}

for _, serviceConfig := range o.Configs {
if projectConfig, ok := project.Configs[serviceConfig.Source]; ok {
Copy link
Contributor

@jhrotko jhrotko Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I would invert the if statements so that we do not get the code so nested. Other than that looks good to me!

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jhrotko done

@ndeloof
Copy link
Contributor

ndeloof commented Jul 10, 2024

Some poins:

  1. At some point we will have to do the same for secrets (same constraints) and networks/volumes (which can get labeled with a has). Solution we adopt here should be extensible to allow this in the future
  2. Configs set by file are implemented by a bind mount but this may change in near future (see Enable configs.file's on remote docker hosts #11871) so we also need to consider those
  3. There's no technical reason docker engine can't offer secrets/configs natively, just this is guarded by Swarm mode, but AFAIK some discussion happened to get them also available in standalone mode. I can't tell if/when this would take place, but preferably the logic here should consider this may happen
  4. Last but not least, I'd prefer we don't mix service config hash with resources it depends on, so my suggestion to introduce an additional label com.docker.compose.config.xx=hash that we can use to track this relation, and need to recreate container, without the need to change the service hash computation (which as impact on existing installations)

@idsulik
Copy link
Collaborator Author

idsulik commented Jul 11, 2024

@ndeloof thanks for the details. pushed changes:

  1. reverted old changes
  2. added new func ServiceDependenciesHash and label
// ConfigHashDependenciesLabel stores configuration hash for a compose service dependencies
ConfigHashDependenciesLabel = "com.docker.compose.config-hash-dependencies"

Let me know if you have better idea for the label name, because I'm not fully satisfied with my name)

if projectConfig.Content != "" {
bytes = append(bytes, []byte(projectConfig.Content)...)
} else if projectConfig.File != "" {
content, err := os.ReadFile(projectConfig.File)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

File could also be a folder. Maybe an option would be to read content into a tar (code exists to inject secrets) and compute hash from it

While the general approach looks good, I'd prefer we have a more explicit hash and label per resource, and a dedicated hash function for configs (and secrets), so that it make it easier to diagnose use of those labels

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ndeloof thank you the comment. Pushed fixes: added secrets hash, added separate hashes for configs and secrets, added support for file.File directory

return err
}
if !info.IsDir() {
fileContent, err := os.ReadFile(path)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will not detect file being rename. Maybe better to create a tar stream from file/dir content

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ndeloof it creates a tar from the content here pkg/compose/hash.go:122.

b, err := utils.CreateTar(content, serviceConfig, modTime)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ndeloof is there any reason to create tar inside a tar? the createTarForConfig func calls this readPathContent func and creates a tar with the path content

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here you are creating a tar with all content appended as []byte, this doesn't reflect the filesystem structure for intput. You have to create one tar entry per file with file/folder name.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ndeloof you're right, thank you! Updated the code, now it creates a tar file for a given path and keeps file structure

idsulik and others added 6 commits October 6, 2024 17:10
Signed-off-by: Suleiman Dibirov <idsulik@gmail.com>
This reverts commit 64c37bf.

Signed-off-by: Suleiman Dibirov <idsulik@gmail.com>
Signed-off-by: Suleiman Dibirov <idsulik@gmail.com>
…older support

Signed-off-by: Suleiman Dibirov <idsulik@gmail.com>
Signed-off-by: Suleiman Dibirov <idsulik@gmail.com>
Copy link

codecov bot commented Oct 6, 2024

Codecov Report

Attention: Patch coverage is 60.73620% with 64 lines in your changes missing coverage. Please review.

Project coverage is 51.21%. Comparing base (d9df7aa) to head (21d0e4c).
Report is 8 commits behind head on main.

Files with missing lines Patch % Lines
pkg/utils/tar.go 58.22% 22 Missing and 11 partials ⚠️
pkg/compose/hash.go 68.88% 11 Missing and 3 partials ⚠️
pkg/compose/convergence.go 52.17% 6 Missing and 5 partials ⚠️
pkg/compose/create.go 57.14% 4 Missing and 2 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main   #11931      +/-   ##
==========================================
+ Coverage   51.10%   51.21%   +0.11%     
==========================================
  Files         149      152       +3     
  Lines       14537    14743     +206     
==========================================
+ Hits         7429     7551     +122     
- Misses       6356     6419      +63     
- Partials      752      773      +21     
Flag Coverage Δ
?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

data = append(data, b.Bytes()...)
}

return digest.SHA256.FromBytes(data).Encoded(), nil
Copy link
Contributor

@ndeloof ndeloof Oct 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer we have one label per config/secret mount, so it makes it easier to track|debug changes and container being recreated.
Also need to consider config can be mounted from docker host, i.e. file is not available for compose to compute hash, and then must be excluded from label / no label created. createTarForConfig could return ErrNotFound and we would ignore it for this specific usage

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you mean something like that:

com.docker.compose.service.configs-hash-{configName}={hash}
com.docker.compose.service.configs-hash-{serviceName}={hash}

?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indeed, or maybe, to follow the dot-notation style used for labels, com.docker.compose.service.configs.{configName}.hash

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems to me that this will complicate the logic, first you need to generate a hash for each item separately, then you need to go through all labels whose names start with “com.docker.compose.service.configs.” to check if the hash has changed.

Copy link
Contributor

@ndeloof ndeloof Oct 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't look such a pain to me, as this would allow to trace reason we recreate a container, and make it easier to diagnose potential regressions (this sometimes happened :P)

for c := range service.Configs {
  hash := labels["com.docker.compose.configs."+c+".hash"]
  expected := ConfigHash(project.Configs[c]
  if hash := expected {
    log.Debug("container has to be recreated after config %s has been updated", c)
    return DIVERGED
  }
}

Comment on lines +127 to +131
if err != nil {
return nil, err
}

return b, nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: make it simpler as return b, err

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants