mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
guix: docker: Build layered images.
* guix/docker.scm (%docker-image-max-layers): New variable. (size-sorted-store-items, create-empty-tar): New procedures. (config, manifest, build-docker-image): Build layered images. Change-Id: I4c8846bff0a3ceccb77e6bdf95d4942e5c3efe41
This commit is contained in:
parent
bdf0ba4ca1
commit
d3d3eedf7f
1 changed files with 166 additions and 46 deletions
212
guix/docker.scm
212
guix/docker.scm
|
@ -3,6 +3,7 @@
|
||||||
;;; Copyright © 2017, 2018, 2019, 2021 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2017, 2018, 2019, 2021 Ludovic Courtès <ludo@gnu.org>
|
||||||
;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
|
;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
|
||||||
;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
||||||
|
;;; Copyright © 2023 Oleg Pykhalov <go.wigust@gmail.com>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -29,16 +30,27 @@ (define-module (guix docker)
|
||||||
with-directory-excursion
|
with-directory-excursion
|
||||||
invoke))
|
invoke))
|
||||||
#:use-module (gnu build install)
|
#:use-module (gnu build install)
|
||||||
|
#:use-module ((guix build store-copy)
|
||||||
|
#:select (file-size))
|
||||||
#:use-module (json) ;guile-json
|
#:use-module (json) ;guile-json
|
||||||
#:use-module (srfi srfi-1)
|
#:use-module (srfi srfi-1)
|
||||||
#:use-module (srfi srfi-19)
|
#:use-module (srfi srfi-19)
|
||||||
#:use-module (srfi srfi-26)
|
#:use-module (srfi srfi-26)
|
||||||
|
#:use-module (srfi srfi-71)
|
||||||
#:use-module ((texinfo string-utils)
|
#:use-module ((texinfo string-utils)
|
||||||
#:select (escape-special-chars))
|
#:select (escape-special-chars))
|
||||||
#:use-module (rnrs bytevectors)
|
#:use-module (rnrs bytevectors)
|
||||||
#:use-module (ice-9 ftw)
|
#:use-module (ice-9 ftw)
|
||||||
#:use-module (ice-9 match)
|
#:use-module (ice-9 match)
|
||||||
#:export (build-docker-image))
|
#:export (%docker-image-max-layers
|
||||||
|
build-docker-image))
|
||||||
|
|
||||||
|
;; The maximum number of layers allowed in a Docker image is typically around
|
||||||
|
;; 128, although it may vary depending on the Docker daemon. However, we
|
||||||
|
;; recommend setting the limit to 100 to ensure sufficient room for future
|
||||||
|
;; extensions.
|
||||||
|
(define %docker-image-max-layers
|
||||||
|
#f)
|
||||||
|
|
||||||
;; Generate a 256-bit identifier in hexadecimal encoding for the Docker image.
|
;; Generate a 256-bit identifier in hexadecimal encoding for the Docker image.
|
||||||
(define docker-id
|
(define docker-id
|
||||||
|
@ -92,12 +104,12 @@ (define normalized-name
|
||||||
(make-string (- min-length l) padding-character)))
|
(make-string (- min-length l) padding-character)))
|
||||||
(_ normalized-name))))
|
(_ normalized-name))))
|
||||||
|
|
||||||
(define* (manifest path id #:optional (tag "guix"))
|
(define* (manifest path layers #:optional (tag "guix"))
|
||||||
"Generate a simple image manifest."
|
"Generate a simple image manifest."
|
||||||
(let ((tag (canonicalize-repository-name tag)))
|
(let ((tag (canonicalize-repository-name tag)))
|
||||||
`#(((Config . "config.json")
|
`#(((Config . "config.json")
|
||||||
(RepoTags . #(,(string-append tag ":latest")))
|
(RepoTags . #(,(string-append tag ":latest")))
|
||||||
(Layers . #(,(string-append id "/layer.tar")))))))
|
(Layers . ,(list->vector layers))))))
|
||||||
|
|
||||||
;; According to the specifications this is required for backwards
|
;; According to the specifications this is required for backwards
|
||||||
;; compatibility. It duplicates information provided by the manifest.
|
;; compatibility. It duplicates information provided by the manifest.
|
||||||
|
@ -106,8 +118,8 @@ (define* (repositories path id #:optional (tag "guix"))
|
||||||
`((,(canonicalize-repository-name tag) . ((latest . ,id)))))
|
`((,(canonicalize-repository-name tag) . ((latest . ,id)))))
|
||||||
|
|
||||||
;; See https://github.com/opencontainers/image-spec/blob/master/config.md
|
;; See https://github.com/opencontainers/image-spec/blob/master/config.md
|
||||||
(define* (config layer time arch #:key entry-point (environment '()))
|
(define* (config layers-diff-ids time arch #:key entry-point (environment '()))
|
||||||
"Generate a minimal image configuration for the given LAYER file."
|
"Generate a minimal image configuration for the given LAYERS files."
|
||||||
;; "architecture" must be values matching "platform.arch" in the
|
;; "architecture" must be values matching "platform.arch" in the
|
||||||
;; runtime-spec at
|
;; runtime-spec at
|
||||||
;; https://github.com/opencontainers/runtime-spec/blob/v1.0.0-rc2/config.md#platform
|
;; https://github.com/opencontainers/runtime-spec/blob/v1.0.0-rc2/config.md#platform
|
||||||
|
@ -125,7 +137,7 @@ (define* (config layer time arch #:key entry-point (environment '()))
|
||||||
(container_config . #nil)
|
(container_config . #nil)
|
||||||
(os . "linux")
|
(os . "linux")
|
||||||
(rootfs . ((type . "layers")
|
(rootfs . ((type . "layers")
|
||||||
(diff_ids . #(,(layer-diff-id layer)))))))
|
(diff_ids . ,(list->vector layers-diff-ids))))))
|
||||||
|
|
||||||
(define directive-file
|
(define directive-file
|
||||||
;; Return the file or directory created by a 'evaluate-populate-directive'
|
;; Return the file or directory created by a 'evaluate-populate-directive'
|
||||||
|
@ -136,6 +148,26 @@ (define directive-file
|
||||||
(('directory name _ ...)
|
(('directory name _ ...)
|
||||||
(string-trim name #\/))))
|
(string-trim name #\/))))
|
||||||
|
|
||||||
|
(define (size-sorted-store-items items max-layers)
|
||||||
|
"Split list of ITEMS at %MAX-LAYERS and sort by disk usage."
|
||||||
|
(let* ((items-length (length items))
|
||||||
|
(head tail
|
||||||
|
(split-at
|
||||||
|
(map (match-lambda ((size . item) item))
|
||||||
|
(sort (map (lambda (item)
|
||||||
|
(cons (file-size item) item))
|
||||||
|
items)
|
||||||
|
(lambda (item1 item2)
|
||||||
|
(< (match item2 ((size . _) size))
|
||||||
|
(match item1 ((size . _) size))))))
|
||||||
|
(if (>= items-length max-layers)
|
||||||
|
(- max-layers 2)
|
||||||
|
(1- items-length)))))
|
||||||
|
(list head tail)))
|
||||||
|
|
||||||
|
(define (create-empty-tar file)
|
||||||
|
(invoke "tar" "-cf" file "--files-from" "/dev/null"))
|
||||||
|
|
||||||
(define* (build-docker-image image paths prefix
|
(define* (build-docker-image image paths prefix
|
||||||
#:key
|
#:key
|
||||||
(repository "guix")
|
(repository "guix")
|
||||||
|
@ -146,11 +178,13 @@ (define* (build-docker-image image paths prefix
|
||||||
entry-point
|
entry-point
|
||||||
(environment '())
|
(environment '())
|
||||||
compressor
|
compressor
|
||||||
(creation-time (current-time time-utc)))
|
(creation-time (current-time time-utc))
|
||||||
"Write to IMAGE a Docker image archive containing the given PATHS. PREFIX
|
max-layers
|
||||||
must be a store path that is a prefix of any store paths in PATHS. REPOSITORY
|
root-system)
|
||||||
is a descriptive name that will show up in \"REPOSITORY\" column of the output
|
"Write to IMAGE a layerer Docker image archive containing the given PATHS.
|
||||||
of \"docker images\".
|
PREFIX must be a store path that is a prefix of any store paths in PATHS.
|
||||||
|
REPOSITORY is a descriptive name that will show up in \"REPOSITORY\" column of
|
||||||
|
the output of \"docker images\".
|
||||||
|
|
||||||
When DATABASE is true, copy it to /var/guix/db in the image and create
|
When DATABASE is true, copy it to /var/guix/db in the image and create
|
||||||
/var/guix/gcroots and friends.
|
/var/guix/gcroots and friends.
|
||||||
|
@ -172,7 +206,14 @@ (define* (build-docker-image image paths prefix
|
||||||
SYSTEM is a GNU triplet (or prefix thereof) of the system the binaries in
|
SYSTEM is a GNU triplet (or prefix thereof) of the system the binaries in
|
||||||
PATHS are for; it is used to produce metadata in the image. Use COMPRESSOR, a
|
PATHS are for; it is used to produce metadata in the image. Use COMPRESSOR, a
|
||||||
command such as '(\"gzip\" \"-9n\"), to compress IMAGE. Use CREATION-TIME, a
|
command such as '(\"gzip\" \"-9n\"), to compress IMAGE. Use CREATION-TIME, a
|
||||||
SRFI-19 time-utc object, as the creation time in metadata."
|
SRFI-19 time-utc object, as the creation time in metadata.
|
||||||
|
|
||||||
|
When MAX-LAYERS is not false build layered image, providing a Docker
|
||||||
|
image with store paths splitted in their own layers to improve sharing
|
||||||
|
between images.
|
||||||
|
|
||||||
|
ROOT-SYSTEM is a directory with a provisioned root file system, which will be
|
||||||
|
added to image as a layer."
|
||||||
(define (sanitize path-fragment)
|
(define (sanitize path-fragment)
|
||||||
(escape-special-chars
|
(escape-special-chars
|
||||||
;; GNU tar strips the leading slash off of absolute paths before applying
|
;; GNU tar strips the leading slash off of absolute paths before applying
|
||||||
|
@ -203,6 +244,59 @@ (define transformation-options
|
||||||
(if (eq? '() transformations)
|
(if (eq? '() transformations)
|
||||||
'()
|
'()
|
||||||
`("--transform" ,(transformations->expression transformations))))
|
`("--transform" ,(transformations->expression transformations))))
|
||||||
|
(define (seal-layer)
|
||||||
|
;; Add 'layer.tar' to 'image.tar' under the right name. Return its hash.
|
||||||
|
(let* ((file-hash (layer-diff-id "layer.tar"))
|
||||||
|
(file-name (string-append file-hash "/layer.tar")))
|
||||||
|
(mkdir file-hash)
|
||||||
|
(rename-file "layer.tar" file-name)
|
||||||
|
(invoke "tar" "-rf" "image.tar" file-name)
|
||||||
|
(delete-file file-name)
|
||||||
|
file-hash))
|
||||||
|
(define layers-hashes
|
||||||
|
;; Generate a tarball that includes container image layers as tarballs,
|
||||||
|
;; along with a manifest.json file describing the layer and config file
|
||||||
|
;; locations.
|
||||||
|
(match-lambda
|
||||||
|
(((head ...) (tail ...) id)
|
||||||
|
(create-empty-tar "image.tar")
|
||||||
|
(let* ((head-layers
|
||||||
|
(map
|
||||||
|
(lambda (file)
|
||||||
|
(invoke "tar" "cf" "layer.tar" file)
|
||||||
|
(seal-layer))
|
||||||
|
head))
|
||||||
|
(tail-layer
|
||||||
|
(begin
|
||||||
|
(create-empty-tar "layer.tar")
|
||||||
|
(for-each (lambda (file)
|
||||||
|
(invoke "tar" "-rf" "layer.tar" file))
|
||||||
|
tail)
|
||||||
|
(let* ((file-hash (layer-diff-id "layer.tar"))
|
||||||
|
(file-name (string-append file-hash "/layer.tar")))
|
||||||
|
(mkdir file-hash)
|
||||||
|
(rename-file "layer.tar" file-name)
|
||||||
|
(invoke "tar" "-rf" "image.tar" file-name)
|
||||||
|
(delete-file file-name)
|
||||||
|
file-hash)))
|
||||||
|
(customization-layer
|
||||||
|
(let* ((file-id (string-append id "/layer.tar"))
|
||||||
|
(file-hash (layer-diff-id file-id))
|
||||||
|
(file-name (string-append file-hash "/layer.tar")))
|
||||||
|
(mkdir file-hash)
|
||||||
|
(rename-file file-id file-name)
|
||||||
|
(invoke "tar" "-rf" "image.tar" file-name)
|
||||||
|
file-hash))
|
||||||
|
(all-layers
|
||||||
|
(append head-layers (list tail-layer customization-layer))))
|
||||||
|
(with-output-to-file "manifest.json"
|
||||||
|
(lambda ()
|
||||||
|
(scm->json (manifest prefix
|
||||||
|
(map (cut string-append <> "/layer.tar")
|
||||||
|
all-layers)
|
||||||
|
repository))))
|
||||||
|
(invoke "tar" "-rf" "image.tar" "manifest.json")
|
||||||
|
all-layers))))
|
||||||
(let* ((directory "/tmp/docker-image") ;temporary working directory
|
(let* ((directory "/tmp/docker-image") ;temporary working directory
|
||||||
(id (docker-id prefix))
|
(id (docker-id prefix))
|
||||||
(time (date->string (time-utc->date creation-time) "~4"))
|
(time (date->string (time-utc->date creation-time) "~4"))
|
||||||
|
@ -229,26 +323,39 @@ (define transformation-options
|
||||||
(with-output-to-file "json"
|
(with-output-to-file "json"
|
||||||
(lambda () (scm->json (image-description id time))))
|
(lambda () (scm->json (image-description id time))))
|
||||||
|
|
||||||
;; Create a directory for the non-store files that need to go into the
|
(if root-system
|
||||||
;; archive.
|
(let ((directory (getcwd)))
|
||||||
(mkdir "extra")
|
(with-directory-excursion root-system
|
||||||
|
(apply invoke "tar"
|
||||||
|
"-cf" (string-append directory "/layer.tar")
|
||||||
|
`(,@transformation-options
|
||||||
|
,@(tar-base-options)
|
||||||
|
,@(scandir "."
|
||||||
|
(lambda (file)
|
||||||
|
(not (member file '("." "..")))))))))
|
||||||
|
(begin
|
||||||
|
;; Create a directory for the non-store files that need to go
|
||||||
|
;; into the archive.
|
||||||
|
(mkdir "extra")
|
||||||
|
|
||||||
(with-directory-excursion "extra"
|
(with-directory-excursion "extra"
|
||||||
;; Create non-store files.
|
;; Create non-store files.
|
||||||
(for-each (cut evaluate-populate-directive <> "./")
|
(for-each (cut evaluate-populate-directive <> "./")
|
||||||
extra-files)
|
extra-files)
|
||||||
|
|
||||||
(when database
|
(when database
|
||||||
;; Initialize /var/guix, assuming PREFIX points to a profile.
|
;; Initialize /var/guix, assuming PREFIX points to a
|
||||||
(install-database-and-gc-roots "." database prefix))
|
;; profile.
|
||||||
|
(install-database-and-gc-roots "." database prefix))
|
||||||
|
|
||||||
(apply invoke "tar" "-cf" "../layer.tar"
|
(apply invoke "tar" "-cf" "../layer.tar"
|
||||||
`(,@transformation-options
|
`(,@transformation-options
|
||||||
,@(tar-base-options)
|
,@(tar-base-options)
|
||||||
,@paths
|
,@(if max-layers '() paths)
|
||||||
,@(scandir "."
|
,@(scandir "."
|
||||||
(lambda (file)
|
(lambda (file)
|
||||||
(not (member file '("." ".."))))))))
|
(not (member file '("." ".."))))))))
|
||||||
|
(delete-file-recursively "extra")))
|
||||||
|
|
||||||
;; It is possible for "/" to show up in the archive, especially when
|
;; It is possible for "/" to show up in the archive, especially when
|
||||||
;; applying transformations. For example, the transformation
|
;; applying transformations. For example, the transformation
|
||||||
|
@ -261,24 +368,37 @@ (define transformation-options
|
||||||
;; error messages.
|
;; error messages.
|
||||||
(with-error-to-port (%make-void-port "w")
|
(with-error-to-port (%make-void-port "w")
|
||||||
(lambda ()
|
(lambda ()
|
||||||
(system* "tar" "--delete" "/" "-f" "layer.tar")))
|
(system* "tar" "--delete" "/" "-f" "layer.tar"))))
|
||||||
|
|
||||||
(delete-file-recursively "extra"))
|
|
||||||
|
|
||||||
(with-output-to-file "config.json"
|
(with-output-to-file "config.json"
|
||||||
(lambda ()
|
(lambda ()
|
||||||
(scm->json (config (string-append id "/layer.tar")
|
(scm->json
|
||||||
time arch
|
(config (if max-layers
|
||||||
#:environment environment
|
(layers-hashes
|
||||||
#:entry-point entry-point))))
|
(append (size-sorted-store-items paths max-layers)
|
||||||
(with-output-to-file "manifest.json"
|
(list id)))
|
||||||
(lambda ()
|
(list (layer-diff-id (string-append id "/layer.tar"))))
|
||||||
(scm->json (manifest prefix id repository))))
|
time arch
|
||||||
(with-output-to-file "repositories"
|
#:environment environment
|
||||||
(lambda ()
|
#:entry-point entry-point))))
|
||||||
(scm->json (repositories prefix id repository)))))
|
(if max-layers
|
||||||
|
(begin
|
||||||
(apply invoke "tar" "-cf" image "-C" directory
|
(invoke "tar" "-rf" "image.tar" "config.json")
|
||||||
`(,@(tar-base-options #:compressor compressor)
|
(if compressor
|
||||||
"."))
|
(begin
|
||||||
|
(apply invoke `(,@compressor "image.tar"))
|
||||||
|
(copy-file "image.tar.gz" image))
|
||||||
|
(copy-file "image.tar" image)))
|
||||||
|
(begin
|
||||||
|
(with-output-to-file "manifest.json"
|
||||||
|
(lambda ()
|
||||||
|
(scm->json (manifest prefix
|
||||||
|
(list (string-append id "/layer.tar"))
|
||||||
|
repository))))
|
||||||
|
(with-output-to-file "repositories"
|
||||||
|
(lambda ()
|
||||||
|
(scm->json (repositories prefix id repository))))
|
||||||
|
(apply invoke "tar" "-cf" image
|
||||||
|
`(,@(tar-base-options #:compressor compressor)
|
||||||
|
".")))))
|
||||||
(delete-file-recursively directory)))
|
(delete-file-recursively directory)))
|
||||||
|
|
Loading…
Reference in a new issue