search

cnrancher / hangar

Multi-platform container image command-line utility.
https://hangar.cnrancher.com
Apache License 2.0
12 stars 6 forks source link

Remove skopeo dependency #27

Closed STARRY-S closed 5 months ago

STARRY-S commented 7 months ago

考虑在后续移除 skopeo 二进制依赖,改用 containers/image API。 提高 Hangar 的镜像拷贝速度,使该工具更易用,便于开发维护。

移除 skopeo 二进制依赖的附加改动:

  1. 优化 Retry 和 Timeout 逻辑,在登录、镜像拷贝失败时重试。 避免出现 TLS handshake timeout 错误。
  2. 增加 login/logout 子命令,功能同 skopeo login/logout
  3. 移除 Save/Load 命令的 saved-image-cache 缓存文件夹,改为实时读取/写入压缩包,避免不必要的存储空间浪费。
  4. 考虑增加 docker-daemondocker-archive 协议支持。
  5. zstd 压缩格式效果不明显,考虑移除。
  6. 移除不必要的分片压缩功能,可用其他工具替代。
  7. 压缩包由 tar.gz 格式改为 zip 格式,新增 hangar archive 子命令,用于对压缩包执行一些操作。 此改动会使 Hangar v1.7 版本与旧版本存在不兼容。
  8. 命令行参数进行了许多调整,将 mirror-validate 等 Validate 命令改为 mirror validate (Mirror 的子命令形式); 同时移除了 --repo-type=harbor--harbor-https 等选项,改为自动识别 Registry 类型。
    除此之外 loadload validate 命令将支持指定镜像列表文件,如果指定了镜像列表,将只 Load (Validate)列表中的部分镜像。
  9. 支持对 SIGINT/SIGTERM 信号处理,在执行 Ctrl-C 时会释放资源再退出程序。
  10. 精简 Hangar 的日志输出。
  11. 新增了 hangar inspect 命令,功能与 skopeo inspect 类似,用于查看 Registry Server 中的镜像 Manifest。
  12. 移除指定 Registry URL 和密码的环境变量。
  13. 因为移除了 cache 缓存文件夹机制,compress/decompress 子命令已被移除。
  14. 优化 hangar completion 子命令,用于生成 Shell 补全脚本。
  15. containers/signature API 使用了 libgpgme 等 C 库,因此新版本的 Hangar 需要启用 CGO,编译生成的二进制文件存在动态库依赖,因此后续的 Release 将不再包含 Hangar 二进制文件。 考虑后续在 OBS 中为 openSUSE 等 Linux 发行版构建 Hangar 安装包。
  16. mirror 命令除了支持 “Mirror” 格式的镜像列表外,还将支持 save 命令使用的镜像列表格式。

Consider removing the skopeo binary dependency and using containers/image API to refactor the major codes of this project to make it much easier to use and develop.

Additional changes to remove the skopeo binary dependency:

  1. Optimize Retry and Timeout logic to retry when login or image copy fails. Avoid TLS handshake timeout errors.
  2. Add login and logout subcommands, the function is the same as skopeo login/logout.
  3. Remove the saved-image-cache cache folder of the Save/Load command and instead read/write the compressed package in real time to avoid unnecessary waste of storage space.
  4. Add docker-daemon and docker-archive protocol support.
  5. Since the effect of the zstd compression format is not obvious, consider removing it.
  6. Remove unnecessary fragment (part) compression function since other tools can replace it.
  7. The archive format was changed to zip from tar.gz, and adding hangar archive subcommand for operations to the archive file. This change will make Hangar v1.7 incompatible with older versions.
  8. Command line parameters have many adjustments, the Validate commands like mirror-validate were changed to mirror validate (subcommand of mirror command); Some options like --repo-type=harbor and --harbor-https will be removed and the Registry type will be automatically detected.
    the load and load validate commands will support specifying an image list file. If an image list is specified, only some of the images in the list will be loaded (and validated).
  9. Handle SIGINT/SIGTERM signal and exit program gracefully.
  10. Simplified Hangar’s log output.
  11. Added hangar inspect command, (similar to skopeo inspect), for inspecting the manifest of images on registry server.
  12. Remove environment variables for specifying the URL & password of the registry server.
  13. The compress/decompress subcommands were removed since the saved-image-cache directory logic was removed.
  14. Optimize the hangar completion subcommand for generating Shell completion scripts.
  15. The containers/signature API uses libgpgme and other C libraries, so CGO was enabled to build Hangar. The built binary file has dynamic library dependencies, so the GitHub Releases will no longer contain Hangar binary files. Will consider adding Hangar to OBS for building packages of openSUSE and other Linux distributions.
  16. The mirror command will support both "Mirror" format and default format image list (used by save command).
STARRY-S commented 7 months ago
  1. Remove the saved-image-cache cache folder of the Save/Load command and instead read/write the compressed package in real time to avoid unnecessary waste of storage space.

The format of the compressed archive needs to be changed from the non-index archive tar (tar.gz) format to index archive zip format to support this feature, however, Golang's zip standard library does not support appending new files to the existing zip archive (hangar sync command needs this) (https://github.com/golang/go/issues/15626).

Therefore, Hangar needs to modify and add some new functions based on the Go zip standard library to allow it to append new files to the zip archive without decompressing the entire zip file.

Update:
Created a new repository github.com/STARRY-S/zip and added the Updater functions based on Go archive/zip standard library.

STARRY-S commented 6 months ago

Since containers/images API (skopeo) does not support the containerd transport protocol (see https://github.com/containers/image/issues/1572), and both K3s and RKE2 are using containerd as container-runtime, only the old RKE1 is using Docker Daemon as runtime.

So Hangar won't support docker-daemon and docker-archive protocol currently, and Hangar will consider adding containerd protocol support when the containers/images API supports it.

STARRY-S commented 6 months ago

Available to test on version v1.7.0-beta.4.

Documents of v1.7: https://hangar.cnrancher.com/docs/next/

rootwuj commented 5 months ago

版本:v1.7.0-beta.4

验证通过。测试内容如下:

  1. 检查hangar v1.7文档所有文本内容
  2. 按照文档说明,检查所有支持的命令的使用
    • 命令:login/logout/mirror/save/load/sync
    • 高级用法:
    • validate子命令,用于验证已拷贝的容器镜像
    • hangar archive ls 命令查看压缩包中存储的镜像信息
    • hangar inspect命令可获取镜像仓库中镜像的 Manifest
    • hangar convert-list 命令将镜像列表从 Default 格式转换为 Mirror 格式
    • hangar generate-list 命令用于生成 Rancher 镜像列表
  3. 特殊场景验证
    • 执行save/load命令过程中敲Ctrl-C 强行中止:检查 ~/.cache/hangar_cache 目录里的所有缓存文件夹,缓存文件夹会清理
    • 执行load命令时监测 ~/.cache/hangar_cache 目录中存储的文件体积:文件体积不会持续增加 
      # 另起一个终端执行:
watch du -d 1 -h ~/.cache/hangar_cache
    • 正常执行save/load命令,完成后检查缓存文件夹:save、load结束缓存文件夹会删除
  4. 性能测试(和v1.6版本对比)

环境:所有环境配置相同:aws 东京,4c8g 100G存储,docker 23.0 版本:

  • hangar:v1.6.0,v1.7.0-beta.4
  • Harbor:v2.8.4 (http hangar从内网推送镜像)

命令:hangar v1.6和v1.7使用相同的命令,并发数相同

测试结果:

Hangar版本 Mirror时间 save时间 save占用存储 save失败数 load时间 load失败数
v1.6 9分17秒 18分30秒 44G saved-image-cache
44G saved-images.tar.gz		 失败0 19分钟 失败0
v1.7 9分15秒 14分钟 44G save_images.zip
4.0K /root/.cache/hangar_cache		 失败1 10分钟 失败6

备注:

  1. v1.6 load命令,前10分钟在read tar包
  2. v1.7save/load失败的镜像,单独再save/load一次,可以成功

结果分析:

  1. v1.7版本对比v1.6版本改为实时读取/写入压缩包,避免缓存文件占用存储空间
  2. v1.7版本对比v1.6版本save/load速度有很大提升

Version: v1.7.0-beta.4

Verification passed. The test content is as follows:

  1. Check all text contents of hangar v1.7 document
  2. Check the use of all supported commands
    • Command: login/logout/mirror/save/load/sync
    • Advanced usage:
    • validate subcommand, used to verify the copied container image
    • hangar archive ls command to view the image information stored in the compressed package
    • hangar inspect command can obtain the manifest of the image in the image warehouse
    • hangar convert-listcommand converts the mirror list from Default format to Mirror format
    • hangar generate-listcommand is used to generate a Rancher image list
  3. Special scenario verification
    • Press Ctrl-C during the execution of the save/load command to force abort: check all cache folders in the ~/.cache/hangar_cache directory, the cache folders will be cleared
    • Monitor the file size stored in the ~/.cache/hangar_cache directory when executing the load command: the file size will not continue to increase 
      # Start a new terminal and execute:
watch du -d 1 -h ~/.cache/hangar_cache
    • Execute the save/load command normally, and check the cache folder after completion: the cache folder will be deleted after saving or loading.
  4. Performance test (compared with v1.6)

Environment: All environment configurations are the same: aws, 4c8g 100G storage, docker 23.0 Version:

  • hangar: v1.6.0, v1.7.0-beta.4
  • Harbor: v2.8.4

Command: hangar v1.6 and v1.7 use the same command, and the number of concurrency is the same

Test Results:

Hangar Mirror time Save time Save storage Save failures Load time load failures
v1.6 9m17s 18m30s 44G saved-image-cache
44G saved-images.tar.gz		 failed 0 19m failed 0
v1.7 9m15s 14m 44G save_images.zip
4.0K /root/.cache/hangar_cache		 Failed 1 10m Failed 6

Remark:

  1. v1.6 load command, read tar package in the first 10 minutes
  2. The image that fails to save/load in v1.7 can be successfully saved/loaded again.

Result analysis:

  1. Compared with v1.6 version, v1.7 version changes to real-time reading/writing of compressed packages to avoid cache files occupying storage space.
  2. The save/load speed of version v1.7 has been greatly improved compared to version v1.6.