Skip to content

Commit 13322c7

Browse files
smarterclaytonsmarterclayton
committed
Add oc image append which adds layers to a schema1/2 image
This command can take zero or more gzipped layer tars (in Docker layer format) and append them to an existing image or a scratch image and then push the new image to a registry. Layers in the existing image are pushed as well. The caller can mutate the provided config as it goes.
1 parent 07a1627 commit 13322c7

File tree

6 files changed

+1240
-0
lines changed

6 files changed

+1240
-0
lines changed

pkg/image/apis/image/dockertypes.go

+23
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,29 @@ func Convert_compatibility_to_api_DockerImage(in *public.DockerV1CompatibilityIm
6868
return nil
6969
}
7070

71+
// Convert_DockerV1CompatibilityImage_to_DockerImageConfig takes a Docker registry digest
72+
// (schema 2.1) and converts it to the external API version of Image.
73+
func Convert_DockerV1CompatibilityImage_to_DockerImageConfig(in *public.DockerV1CompatibilityImage, out *public.DockerImageConfig) error {
74+
*out = public.DockerImageConfig{
75+
ID: in.ID,
76+
Parent: in.Parent,
77+
Comment: in.Comment,
78+
Created: in.Created,
79+
Container: in.Container,
80+
DockerVersion: in.DockerVersion,
81+
Author: in.Author,
82+
Architecture: in.Architecture,
83+
Size: in.Size,
84+
OS: "linux",
85+
ContainerConfig: in.ContainerConfig,
86+
}
87+
if in.Config != nil {
88+
out.Config = &public.DockerConfig{}
89+
*out.Config = *in.Config
90+
}
91+
return nil
92+
}
93+
7194
// Convert_imageconfig_to_api_DockerImage takes a Docker registry digest (schema 2.2) and converts it
7295
// to the external API version of Image.
7396
func Convert_imageconfig_to_api_DockerImage(in *public.DockerImageConfig, out *docker10.DockerImage) error {

pkg/image/dockerlayer/add/add.go

+356
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,356 @@
1+
package add
2+
3+
import (
4+
"compress/gzip"
5+
"context"
6+
"encoding/json"
7+
"fmt"
8+
"io"
9+
"runtime"
10+
"time"
11+
12+
"github.com/docker/distribution"
13+
"github.com/docker/distribution/manifest/schema2"
14+
digest "github.com/opencontainers/go-digest"
15+
16+
"github.com/openshift/origin/pkg/image/apis/image/docker10"
17+
"github.com/openshift/origin/pkg/image/dockerlayer"
18+
)
19+
20+
// get base manifest
21+
// check that I can access base layers
22+
// find the input file (assume I can stream)
23+
// start a streaming upload of the layer to the remote registry, while calculating digests
24+
// get back the final digest
25+
// build the new image manifest and config.json
26+
// upload config.json
27+
// upload the rest of the layers
28+
// tag the image
29+
30+
const (
31+
// dockerV2Schema2LayerMediaType is the MIME type used for schema 2 layers.
32+
dockerV2Schema2LayerMediaType = "application/vnd.docker.image.rootfs.diff.tar.gzip"
33+
// dockerV2Schema2ConfigMediaType is the MIME type used for schema 2 config blobs.
34+
dockerV2Schema2ConfigMediaType = "application/vnd.docker.container.image.v1+json"
35+
)
36+
37+
// DigestCopy reads all of src into dst, where src is a gzipped stream. It will return the
38+
// sha256 sum of the underlying content (the layerDigest) and the sha256 sum of the
39+
// tar archive (the blobDigest) or an error. If the gzip layer has a modification time
40+
// it will be returned.
41+
// TODO: use configurable digests
42+
func DigestCopy(dst io.ReaderFrom, src io.Reader) (layerDigest, blobDigest digest.Digest, modTime *time.Time, size int64, err error) {
43+
algo := digest.Canonical
44+
// calculate the blob digest as the sha256 sum of the uploaded contents
45+
blobhash := algo.Hash()
46+
// calculate the diffID as the sha256 sum of the layer contents
47+
pr, pw := io.Pipe()
48+
layerhash := algo.Hash()
49+
ch := make(chan error)
50+
go func() {
51+
defer close(ch)
52+
gr, err := gzip.NewReader(pr)
53+
if err != nil {
54+
ch <- fmt.Errorf("unable to create gzip reader layer upload: %v", err)
55+
return
56+
}
57+
if !gr.Header.ModTime.IsZero() {
58+
modTime = &gr.Header.ModTime
59+
}
60+
_, err = io.Copy(layerhash, gr)
61+
ch <- err
62+
}()
63+
64+
n, err := dst.ReadFrom(io.TeeReader(src, io.MultiWriter(blobhash, pw)))
65+
if err != nil {
66+
return "", "", nil, 0, fmt.Errorf("unable to upload new layer (%d): %v", n, err)
67+
}
68+
if err := pw.Close(); err != nil {
69+
return "", "", nil, 0, fmt.Errorf("unable to complete writing diffID: %v", err)
70+
}
71+
if err := <-ch; err != nil {
72+
return "", "", nil, 0, fmt.Errorf("unable to calculate layer diffID: %v", err)
73+
}
74+
75+
layerDigest = digest.NewDigestFromBytes(algo, layerhash.Sum(make([]byte, 0, layerhash.Size())))
76+
blobDigest = digest.NewDigestFromBytes(algo, blobhash.Sum(make([]byte, 0, blobhash.Size())))
77+
return layerDigest, blobDigest, modTime, n, nil
78+
}
79+
80+
func NewEmptyConfig() *docker10.DockerImageConfig {
81+
config := &docker10.DockerImageConfig{
82+
DockerVersion: "",
83+
// Created must be non-zero
84+
Created: (time.Time{}).Add(1 * time.Second),
85+
OS: runtime.GOOS,
86+
Architecture: runtime.GOARCH,
87+
}
88+
return config
89+
}
90+
91+
func AddScratchLayerToConfig(config *docker10.DockerImageConfig) distribution.Descriptor {
92+
layer := distribution.Descriptor{
93+
MediaType: dockerV2Schema2LayerMediaType,
94+
Digest: digest.Digest(dockerlayer.GzippedEmptyLayerDigest),
95+
Size: int64(len(dockerlayer.GzippedEmptyLayer)),
96+
}
97+
AddLayerToConfig(config, layer, dockerlayer.EmptyLayerDiffID)
98+
return layer
99+
}
100+
101+
func AddLayerToConfig(config *docker10.DockerImageConfig, layer distribution.Descriptor, diffID string) {
102+
if config.RootFS == nil {
103+
config.RootFS = &docker10.DockerConfigRootFS{Type: "layers"}
104+
}
105+
config.RootFS.DiffIDs = append(config.RootFS.DiffIDs, diffID)
106+
config.Size += layer.Size
107+
}
108+
109+
func UploadSchema2Config(ctx context.Context, blobs distribution.BlobService, config *docker10.DockerImageConfig, layers []distribution.Descriptor) (*schema2.DeserializedManifest, error) {
110+
// ensure the image size is correct before persisting
111+
config.Size = 0
112+
for _, layer := range layers {
113+
config.Size += layer.Size
114+
}
115+
configJSON, err := json.Marshal(config)
116+
if err != nil {
117+
return nil, err
118+
}
119+
return putSchema2ImageConfig(ctx, blobs, dockerV2Schema2ConfigMediaType, configJSON, layers)
120+
}
121+
122+
// putSchema2ImageConfig uploads the provided configJSON to the blob store and returns the generated manifest
123+
// for the requested image.
124+
func putSchema2ImageConfig(ctx context.Context, blobs distribution.BlobService, mediaType string, configJSON []byte, layers []distribution.Descriptor) (*schema2.DeserializedManifest, error) {
125+
b := schema2.NewManifestBuilder(blobs, mediaType, configJSON)
126+
for _, layer := range layers {
127+
if err := b.AppendReference(layer); err != nil {
128+
return nil, err
129+
}
130+
}
131+
m, err := b.Build(ctx)
132+
if err != nil {
133+
return nil, err
134+
}
135+
manifest, ok := m.(*schema2.DeserializedManifest)
136+
if !ok {
137+
return nil, fmt.Errorf("unable to turn %T into a DeserializedManifest, unable to store image", m)
138+
}
139+
return manifest, nil
140+
}
141+
142+
/*
143+
func (r *InstantiateREST) completeInstantiate(ctx apirequest.Context, tag string, target *imageapi.ImageStream, imageInstantiate *imageapi.ImageStreamTagInstantiate, layerBody io.Reader, mediaType string) (runtime.Object, error) {
144+
// TODO: load this from the default registry function
145+
insecure := true
146+
147+
ref, u, err := registryTarget(target, r.defaultRegistry)
148+
if err != nil {
149+
return nil, err
150+
}
151+
152+
// verify the user has access to the From image, if any is specified
153+
baseImageName, baseImageRepository, err := r.resolveTagInstantiateToImage(ctx, target, imageInstantiate)
154+
if err != nil {
155+
return nil, err
156+
}
157+
158+
// no layer, so we load our base image (if necessary)
159+
var created time.Time
160+
var baseImage *imageapi.Image
161+
var sourceRepo distribution.Repository
162+
if len(baseImageName) > 0 {
163+
image, err := r.imageRegistry.GetImage(ctx, baseImageName, &metav1.GetOptions{})
164+
if err != nil {
165+
return nil, err
166+
}
167+
baseImage = image
168+
sourceRepo, err = r.repository.Repository(ctx, u, baseImageRepository, insecure)
169+
if err != nil {
170+
return nil, errors.NewInternalError(fmt.Errorf("could not contact integrated registry: %v", err))
171+
}
172+
glog.V(4).Infof("Using base image for instantiate of tag %s: %s from %s", imageInstantiate.Name, baseImageName, baseImageRepository)
173+
created = image.DockerImageMetadata.Created.Time
174+
}
175+
176+
imageRepository := imageapi.DockerImageReference{Namespace: ref.Namespace, Name: ref.Name}.Exact()
177+
repo, err := r.repository.Repository(ctx, u, imageRepository, insecure)
178+
if err != nil {
179+
return nil, errors.NewInternalError(fmt.Errorf("could not contact integrated registry: %v", err))
180+
}
181+
182+
var imageLayer *imageapi.ImageLayer
183+
var imageLayerDiffID digest.Digest
184+
if layerBody != nil {
185+
desc, diffID, modTime, err := uploadLayer(ctx, layerBody, repo, mediaType)
186+
if err != nil {
187+
return nil, errors.NewInternalError(fmt.Errorf("unable to upload new image layer: %v", err))
188+
}
189+
imageLayer = &imageapi.ImageLayer{
190+
Name: desc.Digest.String(),
191+
LayerSize: desc.Size,
192+
MediaType: mediaType,
193+
}
194+
imageLayerDiffID = diffID
195+
196+
if modTime != nil && created.Before(*modTime) {
197+
created = *modTime
198+
}
199+
}
200+
201+
target, image, err := instantiateImage(
202+
ctx, r.gr,
203+
repo, sourceRepo, r.imageStreamRegistry, r.imageRegistry,
204+
target, baseImage, imageInstantiate, created,
205+
imageLayer, imageLayerDiffID,
206+
*ref,
207+
)
208+
if err != nil {
209+
glog.V(4).Infof("Failed cloning into tag %s: %v", imageInstantiate.Name, err)
210+
return nil, err
211+
}
212+
213+
return newISTag(tag, target, image, false)
214+
}
215+
216+
217+
// instantiateImage assembles the new image, saves it to the registry, then saves an image and tags the
218+
// image stream.
219+
func instantiateImage(
220+
ctx apirequest.Context, gr schema.GroupResource,
221+
repo, sourceRepo distribution.Repository,
222+
base *docker10.DockerImageConfig,
223+
layer *imageapi.ImageLayer, diffID digest.Digest,
224+
imageReference imageapi.DockerImageReference,
225+
) (*imageapi.ImageStream, *imageapi.Image, error) {
226+
227+
228+
// create a new config.json representing the image
229+
imageConfig := *base
230+
imageConfig.Size = 0
231+
imageConfig.RootFS = &docker10.DockerConfigRootFS{Type: "layers"},
232+
233+
// TODO: resolve
234+
// History []DockerConfigHistory
235+
// OSVersion string
236+
// OSFeatures []string
237+
}
238+
layers, err := calculateUpdatedImageConfig(ctx, &imageConfig, base, layer, diffID, sourceRepo)
239+
if err != nil {
240+
return nil, nil, errors.NewInternalError(fmt.Errorf("unable to generate a new image configuration: %v", err))
241+
}
242+
configJSON, err := json.Marshal(&imageConfig)
243+
if err != nil {
244+
return nil, nil, errors.NewInternalError(fmt.Errorf("unable to marshal the new image config.json: %v", err))
245+
}
246+
247+
// generate a manifest for that config.json
248+
glog.V(5).Infof("Saving layer %s onto %q with configJSON:\n%s", diffID, imageInstantiate.Name, configJSON)
249+
blobs := repo.Blobs(ctx)
250+
image, err := importer.SerializeImageAsSchema2Manifest(ctx, blobs, configJSON, layers)
251+
if err != nil {
252+
return nil, nil, errors.NewInternalError(fmt.Errorf("unable to generate a new image manifest: %v", err))
253+
}
254+
255+
// create the manifest as an image
256+
imageReference.ID = image.Name
257+
image.DockerImageReference = imageReference.Exact()
258+
if err := images.CreateImage(ctx, image); err != nil && !errors.IsAlreadyExists(err) {
259+
return nil, nil, err
260+
}
261+
return stream, image, err
262+
}
263+
264+
// calculateUpdatedImageConfig generates a new image config.json with the provided info.
265+
func calculateUpdatedImageConfig(
266+
ctx apirequest.Context,
267+
imageConfig *imageapi.DockerImageConfig,
268+
base *imageapi.Image,
269+
layer *imageapi.ImageLayer,
270+
diffID digest.Digest,
271+
sourceRepo distribution.Repository,
272+
) ([]imageapi.ImageLayer, error) {
273+
var layers []imageapi.ImageLayer
274+
275+
// initialize with the base
276+
if base != nil {
277+
layers = append(layers, base.DockerImageLayers...)
278+
for i := range layers {
279+
imageConfig.Size += layers[i].LayerSize
280+
}
281+
282+
// need to look up the rootFS
283+
manifests, err := sourceRepo.Manifests(ctx)
284+
if err != nil {
285+
return nil, err
286+
}
287+
m, err := manifests.Get(ctx, digest.Digest(base.Name))
288+
if err != nil {
289+
return nil, err
290+
}
291+
var contents []byte
292+
switch t := m.(type) {
293+
case *schema2.DeserializedManifest:
294+
if t.Config.MediaType != manifest.DockerV2Schema2ConfigMediaType {
295+
return nil, fmt.Errorf("unrecognized config: %s", t.Config.MediaType)
296+
}
297+
contents, err = sourceRepo.Blobs(ctx).Get(ctx, t.Config.Digest)
298+
if err != nil {
299+
return nil, fmt.Errorf("unreadable config %s: %v", t.Config.Digest, err)
300+
}
301+
302+
existingImageConfig := &imageapi.DockerImageConfig{}
303+
if err := json.Unmarshal(contents, existingImageConfig); err != nil {
304+
return nil, fmt.Errorf("manifest unreadable %s: %v", base.Name, err)
305+
}
306+
if existingImageConfig.RootFS == nil || existingImageConfig.RootFS.Type != "layers" {
307+
return nil, fmt.Errorf("unable to find rootFs description from base image %s", base.Name)
308+
}
309+
imageConfig.OS = existingImageConfig.OS
310+
imageConfig.Architecture = existingImageConfig.Architecture
311+
imageConfig.OSFeatures = existingImageConfig.OSFeatures
312+
imageConfig.OSVersion = existingImageConfig.OSVersion
313+
imageConfig.RootFS.DiffIDs = existingImageConfig.RootFS.DiffIDs
314+
315+
case *schema1.SignedManifest:
316+
digest := digest.FromBytes(t.Canonical)
317+
contents, err = sourceRepo.Blobs(ctx).Get(ctx, digest)
318+
if err != nil {
319+
return nil, fmt.Errorf("unreadable config %s: %v", digest, err)
320+
}
321+
for _, layer := range t.FSLayers {
322+
imageConfig.RootFS.DiffIDs = append(imageConfig.RootFS.DiffIDs, layer.BlobSum.String())
323+
}
324+
default:
325+
return nil, fmt.Errorf("unrecognized manifest: %T", m)
326+
}
327+
}
328+
329+
// add the optional layer if provided
330+
if layer != nil {
331+
// the layer goes at the front - the most recent image is always first
332+
layers = append(layers, *layer)
333+
imageConfig.Size += layer.LayerSize
334+
imageConfig.RootFS.DiffIDs = append(imageConfig.RootFS.DiffIDs, diffID.String())
335+
}
336+
337+
// add the scratch layer in if no other layers exist
338+
if len(layers) == 0 {
339+
layers = append(layers, imageapi.ImageLayer{
340+
Name: dockerlayer.GzippedEmptyLayerDigest.String(),
341+
LayerSize: int64(len(dockerlayer.GzippedEmptyLayer)),
342+
MediaType: manifest.DockerV2Schema2LayerMediaType,
343+
})
344+
imageConfig.RootFS.DiffIDs = append(imageConfig.RootFS.DiffIDs, dockerlayer.EmptyLayerDiffID.String())
345+
imageConfig.Size += layers[0].LayerSize
346+
}
347+
348+
// the metav1 serialization of zero is not parseable by the Docker daemon, therefore
349+
// we must store a zero+1 value
350+
if imageConfig.Created.IsZero() {
351+
imageConfig.Created = metav1.Time{imageConfig.Created.Add(1 * time.Second)}
352+
}
353+
354+
return layers, nil
355+
}
356+
*/

0 commit comments

Comments
 (0)