Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a temporary "scratch" volume to plugins #363

Merged
merged 13 commits into from
Nov 20, 2024
Merged

Provide a temporary "scratch" volume to plugins #363

merged 13 commits into from
Nov 20, 2024

Conversation

ZoogieZork
Copy link
Contributor

@ZoogieZork ZoogieZork commented Nov 18, 2024
edited
Loading

Description

Plugins are now provided with a temporary named volume which is automatically deleted after the plugin runs. The name of this volume is passed to the plugin via the engine var temp_vol_name.

This sets the framework for plugins which, in turn, execute a tool via a container (i.e. docker run). These plugins can mount this named volume into the sub-container in order to pass files back and forth. For example, the plugin can prepare config files and pass them to the sub-container, then receive result files written by the sub-container.

  • Docker SDK added to dependencies, kicking off migrating away from running the Docker CLI via subprocess.run().
  • Renamed the engine's docker package to oci to side-step the name conflict with the Docker SDK.
  • The Plugin Runner utility now mounts the target directory in the engine container, which is then inherited by the plugin container. This more closely matches (not perfectly, but closer) the deployed engine.
  • Invalid JSON files passed to the Plugin Runner (e.g. engine-vars.json) are now treated as an error instead of a warning. This is because we need to merge the temp_vol_name and engine_id settings into the provided JSON. If there's an actual need to test passing invalid JSON to the plugin, it can be done via the debug shell. :)

Motivation and Context

Support for plugins which execute tools via sub-containers.

How Has This Been Tested?

Tested in non-prod environment.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation change

Checklist

  • My code follows conforms to the coding standards.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@ZoogieZork
Rename "docker" to "oci".
752d32e 
Side-step name conflict with Docker SDK for Python.
@ZoogieZork
Add Docker SDK.
45a579e
@ZoogieZork
Fix crash on invalid JSON in secret.
a52c874
@ZoogieZork
Provide a temp named volume to each plugin.
3dca211 
The temporary volume allows containers-within-containers to share a
writable "scratch space" which is deleted after the plugin completes.
Otherwise, if a container launches another container, it would need to
know what is safe to bind mount from the host (since bind mounts are
always mounted from the host system).
@ZoogieZork
Mount target dir with same path in container.
e7ad042 
This more closely matches the way the deployed engine container
mounts the "/work" directory from the host.

This is important for plugin containers that want to mount the source
directory into a sub-container.
@ZoogieZork
Provide a temporary volume to the plugin.
5b710ac
@ZoogieZork
Merge branch 'main' into zoogiezork/oci-support
7c5d2dc
@ZoogieZork
Move temp vol mount and pass mount point.
0d68426 
Moved the temporary named volume mount point from /work/tmp to
/tmp/work. If the container mounts /work as read-only, then Docker can't
mkdir /work/tmp.  /tmp is a safer choice since it should always be
writable.

We also now pass the mount point in the temp_vol_name engine var so that
if we change it again later, plugins will be able to adapt.
@ZoogieZork
Merge branch 'main' into zoogiezork/oci-support
3368f28
@ZoogieZork
Use plugin ID instead of name in vol name.
32b5647
@ZoogieZork ZoogieZork marked this pull request as ready for review November 19, 2024 22:24
@ZoogieZork ZoogieZork requested a review from a team as a code owner November 19, 2024 22:24
@ZoogieZork
Mount target dir in engine and inherit.
79551a8 
We now mount the target dir in the engine and inherit the volume in the
plugin container. This is much closer to the deployed engine and denies
the assumption that the host path matches the mount path.
@ZoogieZork
Revert target path examples.
fb3e321 
The mount dir is no longer matched to the host dir.
@ZoogieZork
Pass the engine ID.
a8f0242
mdfleury-wbd
mdfleury-wbd approved these changes Nov 20, 2024
View reviewed changes
Copy link
Contributor

@mdfleury-wbd mdfleury-wbd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't like the oci name 🤷

@ZoogieZork ZoogieZork merged commit b218c9b into main Nov 20, 2024
5 checks passed
@ZoogieZork ZoogieZork deleted the zoogiezork/oci-support branch November 20, 2024 21:36
@ZoogieZork
Copy link
Contributor Author

I don't like the oci name 🤷

Yeah, my reasoning is that the module is mostly concerned with building OCI images, which isn't necessarily specific to Docker (i.e., Docker in this case is just an implementation detail). We can still rename it later if we come up with a better name, it just needed to not conflict with import docker.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdfleury-wbd mdfleury-wbd mdfleury-wbd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ZoogieZork @mdfleury-wbd