Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: empty default snapshotter config for containerd namesapce default snapshotter label #4034

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

fix: empty default snapshotter config for containerd namesapce default snapshotter label #4034

wants to merge 1 commit into from

Conversation

wdsun1008
Copy link

fix #4033

@wdsun1008 wdsun1008 closed this Mar 25, 2025
@wdsun1008 wdsun1008 reopened this Mar 25, 2025
@wdsun1008 wdsun1008 closed this Mar 25, 2025
@wdsun1008 wdsun1008 reopened this Mar 25, 2025
@wdsun1008
Copy link
Author

@apostasie The CI errors doesn't seem to be directly related to the PR. I also can't pass this test case locally when using the main branch, and there is no corresponding output in stderr. Is this a BuildKit-related issue?

@apostasie
Copy link
Contributor

apostasie commented Mar 25, 2025
edited
Loading

@apostasie The CI errors doesn't seem to be directly related to the PR. I also can't pass this test case locally when using the main branch, and there is no corresponding output in stderr. Is this a BuildKit-related issue?

Very likely you cannot pass the test locally because your local buildkitd is probably running on the default containerd namespace.

For the build tests to pass, buildkitd has to run with --namespace nerdctl-test (see for eg how the CI is setup: https://github.com/containerd/nerdctl/blob/main/Dockerfile.d/test-integration-buildkit-nerdctl-test.service#L19)

On your laptop, probably just run something like:

CONTAINERD_NAMESPACE="nerdctl-test" containerd-rootless-setuptool.sh install-buildkit-containerd

... to install a builkitd to run the tests.

As for why the tests are failing now on the CI for your PR, I am pretty sure this is indeed your changeset causing it.
buildkit on the CI explicitly calls for overlayfs as a snapshotter, so, not passing the default snapshotter here probably makes containerd use devmapper makes nerdctl decide that we cannot export.

@AkihiroSuda might know better than me what happens in that case, but the bottom-line is very likely ^.

@apostasie
Copy link
Contributor

apostasie commented Mar 25, 2025
edited
Loading

Without your patch:

$ printf 'FROM busybox\nCMD ["echo", "build-test-stdin"]\n' | nerdctl --debug-full build -t testbuildfromstdin-52dcdf0e -f -  . >/dev/null
DEBU[0000] stateDir: /run/user/501/containerd-rootless
DEBU[0000] RootlessKit detach-netns mode: true
DEBU[0000] rootless parent main: executing "/usr/bin/nsenter" with [-r/ -w/Users/dmp/Projects/go/farcloser/lepton --preserve-credentials -m -U -t 478 -F nerdctl --debug-full build -t testbuildfromstdin-52dcdf0e -f - .]
DEBU[0000] Choosing the buildkit host "unix:///run/user/501/buildkit-default/buildkitd.sock", candidates=[unix:///run/user/501/buildkit-default/buildkitd.sock unix:///run/user/501/buildkit/buildkitd.sock]
DEBU[0000] Chosen buildkit host "unix:///run/user/501/buildkit-default/buildkitd.sock"
DEBU[0000] worker labels: map[org.mobyproject.buildkit.worker.containerd.namespace:default org.mobyproject.buildkit.worker.containerd.uuid:97d2e48d-3218-44b7-aea0-f103d2ba8803 org.mobyproject.buildkit.worker.executor:containerd org.mobyproject.buildkit.worker.hostname:lima-on-debian org.mobyproject.buildkit.worker.network:cni org.mobyproject.buildkit.worker.selinux.enabled:false org.mobyproject.buildkit.worker.snapshotter:overlayfs]
DEBU[0000] running /usr/local/bin/buildctl [--addr=unix:///run/user/501/buildkit-default/buildkitd.sock build --progress=auto --frontend=dockerfile.v0 --local=context=. --output=type=image,unpack=true,name=docker.io/library/testbuildfromstdin-52dcdf0e:latest --local=dockerfile=/tmp/docker-build-tempdockerfile-1946882079 --opt=filename=Dockerfile]
[+] Building 0.5s (5/5) FINISHED
 => [internal] load build definition from Dockerfile                                                                      0.0s
 => => transferring dockerfile: 83B                                                                                       0.0s
 => [internal] load metadata for docker.io/library/busybox:latest                                                         0.4s
 => [internal] load .dockerignore                                                                                         0.0s
 => => transferring context: 58B                                                                                          0.0s
 => CACHED [1/1] FROM docker.io/library/busybox:latest@sha256:37f7b378a29ceb4c551b1b5582e27747b855bbfaa73fa11914fe0df028  0.0s
 => => resolve docker.io/library/busybox:latest@sha256:37f7b378a29ceb4c551b1b5582e27747b855bbfaa73fa11914fe0df028dc581f   0.0s
 => exporting to image                                                                                                    0.0s
 => => exporting layers                                                                                                   0.0s
 => => exporting manifest sha256:225ef8c0dbc82af5e00f0388222c0422cf5c951bb79c41640c82c84eaece55ed                         0.0s
 => => exporting config sha256:2b0d5b3e06b405fb240f4e3f578ed5ff4bd2b63a2575645f240a8fcce67a63cc                           0.0s
 => => naming to docker.io/library/testbuildfromstdin-52dcdf0e:latest                                                     0.0s
 => => unpacking to docker.io/library/testbuildfromstdin-52dcdf0e:latest                                                  0.0s

With your patch:

$ printf 'FROM busybox\nCMD ["echo", "build-test-stdin"]\n' | nerdctl --debug-full build -t testbuildfromstdin-52dcdf0e -f -  . >/dev/null

DEBU[0000] stateDir: /run/user/501/containerd-rootless
DEBU[0000] RootlessKit detach-netns mode: true
DEBU[0000] rootless parent main: executing "/usr/bin/nsenter" with [-r/ -w/Users/dmp/Projects/go/farcloser/lepton --preserve-credentials -m -U -t 478 -F nerdctl --debug-full build -t testbuildfromstdin-52dcdf0e -f - .]
DEBU[0000] Choosing the buildkit host "unix:///run/user/501/buildkit-default/buildkitd.sock", candidates=[unix:///run/user/501/buildkit-default/buildkitd.sock unix:///run/user/501/buildkit/buildkitd.sock]
DEBU[0000] Chosen buildkit host "unix:///run/user/501/buildkit-default/buildkitd.sock"
DEBU[0000] worker labels: map[org.mobyproject.buildkit.worker.containerd.namespace:default org.mobyproject.buildkit.worker.containerd.uuid:97d2e48d-3218-44b7-aea0-f103d2ba8803 org.mobyproject.buildkit.worker.executor:containerd org.mobyproject.buildkit.worker.hostname:lima-on-debian org.mobyproject.buildkit.worker.network:cni org.mobyproject.buildkit.worker.selinux.enabled:false org.mobyproject.buildkit.worker.snapshotter:overlayfs]
DEBU[0000] running /usr/local/bin/buildctl [--addr=unix:///run/user/501/buildkit-default/buildkitd.sock build --progress=auto --frontend=dockerfile.v0 --local=context=. --output=type=docker,name=docker.io/library/testbuildfromstdin-52dcdf0e:latest --local=dockerfile=/tmp/docker-build-tempdockerfile-561891984 --opt=filename=Dockerfile]
[+] Building 0.8s (6/6) FINISHED
 => [internal] load build definition from Dockerfile                                                                      0.0s
 => => transferring dockerfile: 83B                                                                                       0.0s
 => [internal] load metadata for docker.io/library/busybox:latest                                                         0.7s
 => [auth] library/busybox:pull token for registry-1.docker.io                                                            0.0s
 => [internal] load .dockerignore                                                                                         0.0s
 => => transferring context: 58B                                                                                          0.0s
 => CACHED [1/1] FROM docker.io/library/busybox:latest@sha256:37f7b378a29ceb4c551b1b5582e27747b855bbfaa73fa11914fe0df028  0.0s
 => => resolve docker.io/library/busybox:latest@sha256:37f7b378a29ceb4c551b1b5582e27747b855bbfaa73fa11914fe0df028dc581f   0.0s
 => exporting to docker image format                                                                                      0.0s
 => => exporting layers                                                                                                   0.0s
 => => exporting manifest sha256:225ef8c0dbc82af5e00f0388222c0422cf5c951bb79c41640c82c84eaece55ed                         0.0s
 => => exporting config sha256:2b0d5b3e06b405fb240f4e3f578ed5ff4bd2b63a2575645f240a8fcce67a63cc                           0.0s
 => => sending tarball                                                                                                    0.0s

Notice the --output=, and of course the fact that it does not unpack.

@apostasie
Copy link
Contributor

apostasie commented Mar 25, 2025
edited
Loading

@wdsun1008 have a look around here:

https://github.com/containerd/nerdctl/blob/main/pkg/cmd/builder/build.go#L210

This is why the image is no longer unpacked.

For your patch to be usable, I would suggest you review all places were globalOptions.Snapshotter is being used, and review the impact of the change, or, better - alternatively - limit your patch to nerdctl run (+ when the namespace is not default), and leave the rest alone.

@wdsun1008 wdsun1008 marked this pull request as draft March 26, 2025 01:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

default snapshotter configuration overrides containerd namespace-based defaults
2 participants
@wdsun1008 @apostasie