remove build volumes mount point empty dir when committing the final image #235
Comments
|
this is pretty interesting behaviour of buildah - I'm wondering if we should get some support from it here |
|
Now my own images use a workaround, putting the following task at the very last of the playbook: # to clean up the mount point empty direcotires, we need:
# - place this task at last of this play, that is, the 'buildah commit' will be called immediately
# - ran by 'raw' module, then 'buildah umount' will not be inserted before commit
# - provide SYS_ADMIN capacity
# - each new mount point must be bind directly in /mnt directory
# - /mnt contains only mount point directories
#
# to clean up dynamic mounted files by runtime engin, we also require SYS_ADMIN capacity
- name: cleanup mount point directories
changed_when: False
vars:
dy_mounts:
- /run/.containerenv
- /etc/resolv.conf
- /etc/hosts
- /etc/hostname
cmds:
- find /mnt -mindepth 1 -maxdepth 1 -exec umount {} + -exec rmdir {} +
- ls -1 {{ dy_mounts | join(' ') }} 2>/dev/null | xargs -r umount
- rm -f {{ dy_mounts | join(' ') }}
- find /run -mindepth 1 -delete
raw: sh -ec {{ cmds | join(' ; ') | quote }} |
1 similar comment
|
Now my own images use a workaround, putting the following task at the very last of the playbook: # to clean up the mount point empty direcotires, we need:
# - place this task at last of this play, that is, the 'buildah commit' will be called immediately
# - ran by 'raw' module, then 'buildah umount' will not be inserted before commit
# - provide SYS_ADMIN capacity
# - each new mount point must be bind directly in /mnt directory
# - /mnt contains only mount point directories
#
# to clean up dynamic mounted files by runtime engin, we also require SYS_ADMIN capacity
- name: cleanup mount point directories
changed_when: False
vars:
dy_mounts:
- /run/.containerenv
- /etc/resolv.conf
- /etc/hosts
- /etc/hostname
cmds:
- find /mnt -mindepth 1 -maxdepth 1 -exec umount {} + -exec rmdir {} +
- ls -1 {{ dy_mounts | join(' ') }} 2>/dev/null | xargs -r umount
- rm -f {{ dy_mounts | join(' ') }}
- find /run -mindepth 1 -delete
raw: sh -ec {{ cmds | join(' ; ') | quote }} |
|
Looks like a pretty good solution to your problem. The main issue here for me is that ansible-bender would be removing something from the final images which users can't configure - a valid use case may be to have a directory populated, then put a mount on top during the build and keep the old, default data in the final image. As I said earlier, I think this would be worth discussing with buildah upstream if they can do something about the lingering files/directories. |
|
i agree, the previous work around is specific, and we should not remove intended files/dirs. That is, for the building toolset, the build-time mounts should not create a new nor remove an existent path. But the building engine and the ansible-bender as a wrapper cannot easily archive both. There is still an issue introduced by ansible buildan connection. The python modules (not raw module) have to connect the container 3 times. At the last time, ansible tries to cleanup the temp files and then mount the built time volumes again, and left an empty directories there. The ansible pipelining feature may be a solution of this issue. |
When building the image with build-time volumes, such as playbook-dir:/src, an empty dir
/srcwill left in the final image. Can we mount the build-time volumes in eachbuildah run ...command, instead of inbuildah fromcommand, and at time of commit, execute another run command to remove all the empty mount point folders?The text was updated successfully, but these errors were encountered: