1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/daemon/images/image_pull.go

172 lines
5.7 KiB
Go
Raw Normal View History

package images // import "github.com/docker/docker/daemon/images"
import (
"context"
"io"
"strings"
"time"
"github.com/containerd/containerd/leases"
"github.com/containerd/containerd/namespaces"
dist "github.com/docker/distribution"
"github.com/docker/distribution/reference"
imagetypes "github.com/docker/docker/api/types/image"
"github.com/docker/docker/api/types/registry"
"github.com/docker/docker/distribution"
progressutils "github.com/docker/docker/distribution/utils"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/pkg/progress"
docker pull: warn when pulled single-arch image does not match --platform This takes the same approach as was implemented on `docker build`, where a warning is printed if `FROM --platform=...` is used (added in 399695305c67aae1010e6754f90f9078aa39e742) Before: docker rmi armhf/busybox docker pull --platform=linux/s390x armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest docker.io/armhf/busybox:latest With this change: docker rmi armhf/busybox docker pull --platform=linux/s390x armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest WARNING: image with reference armhf/busybox was found but does not match the specified platform: wanted linux/s390x, actual: linux/arm64 docker.io/armhf/busybox:latest And daemon logs print: WARN[2021-04-26T11:19:37.153572667Z] ignoring platform mismatch on single-arch image error="image with reference armhf/busybox was found but does not match the specified platform: wanted linux/s390x, actual: linux/arm64" image=armhf/busybox When pulling without specifying `--platform, no warning is currently printed (but we can add a warning in future); docker rmi armhf/busybox docker pull armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest docker.io/armhf/busybox:latest Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-26 06:41:40 -04:00
"github.com/docker/docker/pkg/streamformatter"
"github.com/opencontainers/go-digest"
specs "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
docker pull: warn when pulled single-arch image does not match --platform This takes the same approach as was implemented on `docker build`, where a warning is printed if `FROM --platform=...` is used (added in 399695305c67aae1010e6754f90f9078aa39e742) Before: docker rmi armhf/busybox docker pull --platform=linux/s390x armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest docker.io/armhf/busybox:latest With this change: docker rmi armhf/busybox docker pull --platform=linux/s390x armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest WARNING: image with reference armhf/busybox was found but does not match the specified platform: wanted linux/s390x, actual: linux/arm64 docker.io/armhf/busybox:latest And daemon logs print: WARN[2021-04-26T11:19:37.153572667Z] ignoring platform mismatch on single-arch image error="image with reference armhf/busybox was found but does not match the specified platform: wanted linux/s390x, actual: linux/arm64" image=armhf/busybox When pulling without specifying `--platform, no warning is currently printed (but we can add a warning in future); docker rmi armhf/busybox docker pull armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest docker.io/armhf/busybox:latest Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-26 06:41:40 -04:00
"github.com/sirupsen/logrus"
)
// PullImage initiates a pull operation. image is the repository name to pull, and
// tag may be either empty, or indicate a specific tag to pull.
func (i *ImageService) PullImage(ctx context.Context, image, tag string, platform *specs.Platform, metaHeaders map[string][]string, authConfig *registry.AuthConfig, outStream io.Writer) error {
start := time.Now()
// Special case: "pull -a" may send an image name with a
// trailing :. This is ugly, but let's not break API
// compatibility.
image = strings.TrimSuffix(image, ":")
ref, err := reference.ParseNormalizedNamed(image)
if err != nil {
return errdefs.InvalidParameter(err)
}
if tag != "" {
// The "tag" could actually be a digest.
var dgst digest.Digest
dgst, err = digest.Parse(tag)
if err == nil {
ref, err = reference.WithDigest(reference.TrimNamed(ref), dgst)
} else {
ref, err = reference.WithTag(ref, tag)
}
if err != nil {
return errdefs.InvalidParameter(err)
}
}
err = i.pullImageWithReference(ctx, ref, platform, metaHeaders, authConfig, outStream)
imageActions.WithValues("pull").UpdateSince(start)
docker pull: warn when pulled single-arch image does not match --platform This takes the same approach as was implemented on `docker build`, where a warning is printed if `FROM --platform=...` is used (added in 399695305c67aae1010e6754f90f9078aa39e742) Before: docker rmi armhf/busybox docker pull --platform=linux/s390x armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest docker.io/armhf/busybox:latest With this change: docker rmi armhf/busybox docker pull --platform=linux/s390x armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest WARNING: image with reference armhf/busybox was found but does not match the specified platform: wanted linux/s390x, actual: linux/arm64 docker.io/armhf/busybox:latest And daemon logs print: WARN[2021-04-26T11:19:37.153572667Z] ignoring platform mismatch on single-arch image error="image with reference armhf/busybox was found but does not match the specified platform: wanted linux/s390x, actual: linux/arm64" image=armhf/busybox When pulling without specifying `--platform, no warning is currently printed (but we can add a warning in future); docker rmi armhf/busybox docker pull armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest docker.io/armhf/busybox:latest Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-26 06:41:40 -04:00
if err != nil {
return err
}
if platform != nil {
// If --platform was specified, check that the image we pulled matches
// the expected platform. This check is for situations where the image
// is a single-arch image, in which case (for backward compatibility),
// we allow the image to have a non-matching architecture. The code
// below checks for this situation, and returns a warning to the client,
// as well as logging it to the daemon logs.
img, err := i.GetImage(ctx, image, imagetypes.GetImageOpts{Platform: platform})
docker pull: warn when pulled single-arch image does not match --platform This takes the same approach as was implemented on `docker build`, where a warning is printed if `FROM --platform=...` is used (added in 399695305c67aae1010e6754f90f9078aa39e742) Before: docker rmi armhf/busybox docker pull --platform=linux/s390x armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest docker.io/armhf/busybox:latest With this change: docker rmi armhf/busybox docker pull --platform=linux/s390x armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest WARNING: image with reference armhf/busybox was found but does not match the specified platform: wanted linux/s390x, actual: linux/arm64 docker.io/armhf/busybox:latest And daemon logs print: WARN[2021-04-26T11:19:37.153572667Z] ignoring platform mismatch on single-arch image error="image with reference armhf/busybox was found but does not match the specified platform: wanted linux/s390x, actual: linux/arm64" image=armhf/busybox When pulling without specifying `--platform, no warning is currently printed (but we can add a warning in future); docker rmi armhf/busybox docker pull armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest docker.io/armhf/busybox:latest Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-26 06:41:40 -04:00
// Note that this is a special case where GetImage returns both an image
// and an error: https://github.com/docker/docker/blob/v20.10.7/daemon/images/image.go#L175-L183
if errdefs.IsNotFound(err) && img != nil {
po := streamformatter.NewJSONProgressOutput(outStream, false)
progress.Messagef(po, "", `WARNING: %s`, err.Error())
logrus.WithError(err).WithField("image", image).Warn("ignoring platform mismatch on single-arch image")
} else if err != nil {
return err
docker pull: warn when pulled single-arch image does not match --platform This takes the same approach as was implemented on `docker build`, where a warning is printed if `FROM --platform=...` is used (added in 399695305c67aae1010e6754f90f9078aa39e742) Before: docker rmi armhf/busybox docker pull --platform=linux/s390x armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest docker.io/armhf/busybox:latest With this change: docker rmi armhf/busybox docker pull --platform=linux/s390x armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest WARNING: image with reference armhf/busybox was found but does not match the specified platform: wanted linux/s390x, actual: linux/arm64 docker.io/armhf/busybox:latest And daemon logs print: WARN[2021-04-26T11:19:37.153572667Z] ignoring platform mismatch on single-arch image error="image with reference armhf/busybox was found but does not match the specified platform: wanted linux/s390x, actual: linux/arm64" image=armhf/busybox When pulling without specifying `--platform, no warning is currently printed (but we can add a warning in future); docker rmi armhf/busybox docker pull armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest docker.io/armhf/busybox:latest Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-04-26 06:41:40 -04:00
}
}
return nil
}
func (i *ImageService) pullImageWithReference(ctx context.Context, ref reference.Named, platform *specs.Platform, metaHeaders map[string][]string, authConfig *registry.AuthConfig, outStream io.Writer) error {
// Include a buffer so that slow client connections don't affect
// transfer performance.
progressChan := make(chan progress.Progress, 100)
writesDone := make(chan struct{})
ctx, cancelFunc := context.WithCancel(ctx)
go func() {
progressutils.WriteDistributionProgress(cancelFunc, outStream, progressChan)
close(writesDone)
}()
ctx = namespaces.WithNamespace(ctx, i.contentNamespace)
// Take out a temporary lease for everything that gets persisted to the content store.
// Before the lease is cancelled, any content we want to keep should have it's own lease applied.
ctx, done, err := tempLease(ctx, i.leases)
if err != nil {
return err
}
defer done(ctx)
cs := &contentStoreForPull{
ContentStore: i.content,
leases: i.leases,
}
imageStore := &imageStoreForPull{
ImageConfigStore: distribution.NewImageConfigStoreFromStore(i.imageStore),
ingested: cs,
leases: i.leases,
}
imagePullConfig := &distribution.ImagePullConfig{
Config: distribution.Config{
MetaHeaders: metaHeaders,
AuthConfig: authConfig,
ProgressOutput: progress.ChanOutput(progressChan),
RegistryService: i.registryService,
ImageEventLogger: i.LogImageEvent,
MetadataStore: i.distributionMetadataStore,
ImageStore: imageStore,
ReferenceStore: i.referenceStore,
},
DownloadManager: i.downloadManager,
Platform: platform,
}
err = distribution.Pull(ctx, ref, imagePullConfig, cs)
close(progressChan)
<-writesDone
return err
}
// GetRepository returns a repository from the registry.
func (i *ImageService) GetRepository(ctx context.Context, ref reference.Named, authConfig *registry.AuthConfig) (dist.Repository, error) {
return distribution.GetRepository(ctx, ref, &distribution.ImagePullConfig{
Config: distribution.Config{
AuthConfig: authConfig,
RegistryService: i.registryService,
},
})
}
func tempLease(ctx context.Context, mgr leases.Manager) (context.Context, func(context.Context) error, error) {
nop := func(context.Context) error { return nil }
_, ok := leases.FromContext(ctx)
if ok {
return ctx, nop, nil
}
// Use an expiration that ensures the lease is cleaned up at some point if there is a crash, SIGKILL, etc.
opts := []leases.Opt{
leases.WithRandomID(),
leases.WithExpiration(24 * time.Hour),
leases.WithLabels(map[string]string{
"moby.lease/temporary": time.Now().UTC().Format(time.RFC3339Nano),
}),
}
l, err := mgr.Create(ctx, opts...)
if err != nil {
return ctx, nop, errors.Wrap(err, "error creating temporary lease")
}
ctx = leases.WithLease(ctx, l.ID)
return ctx, func(ctx context.Context) error {
return mgr.Delete(ctx, l)
}, nil
}