-
Notifications
You must be signed in to change notification settings - Fork 640
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add layer discovery/location to the image spec #15
Comments
On Fri, Apr 08, 2016 at 10:10:06PM -0700, Brendan Burns wrote:
That's an important part of a complete distribution system, but it's
If different clients retrieve CAS objects differently but still share
I think an optional CAS-over-HTTPS spec is part of the plan, it just
|
@wking @brendandburns Yes, I agree this is something we need to sort out in the TOB as soon as possible. Having the spec only container a manifest describing CAS objects and a way to serialize a filesystem to a CAS object doesn't help the 99% use case today of downloading the manifest and then knowing where to find the CAS objects. I will raise this on the TOB mailing list again so we can start the discussion and make it a layer of this project. Thank you. |
+1, an optional but well-known mechanism for locating these layers seems On Sun, Apr 10, 2016 at 1:26 AM, Brandon Philips notifications@github.com
|
Glad it was not just me. This exact issue was brought up on the initial call. |
I have raised this discussion to the TOB to put it into scope for this project. I will provide an update to this issue once that discussion is done. We can discuss the technical details here in the meantime. |
-1 The fact that we have the potential to resolve images in N different ways is a feature of OCI. By going down this route, we risk irrecoverably coupling identity and locality in the specification. When you define a target transport, it becomes very easy to have the specification grow towards that transport, limiting the possibilities with other transports. When we start looking at the existing formats, the commonality is that their transport, naming, format and runtime are all tightly coupled. While vertical integration of implementations may make sense when solving a specific problem, doing so in specifications leads to inflexible and incompatible systems. This needs to be avoided in OCI. We can look at this by taking a small bit of pseudocode. Resolving download locations of layers is the easiest problem here: for layer in manifest.layers:
location = resolve(layer.digest)
fetcher.add(layer, location) Above, we have a Such pseudocode can also be adapted to SSH, IPFS, BitTorrent and myriad other patterns for image storage. Ideally, one would be able to adapt OCI to their specific environment, rather than be tied to the limitations of distribution implementations today or only those defined in OCI. We also have the risk of the the scope of such a specification growing into defining the behavior of a CAS system. There still aren't many extant CAS systems in existence such that we can generically define their expected behavior. |
On Tue, Apr 12, 2016 at 11:34:27AM -0700, Stephen Day wrote:
I agree with this, which is why I'm advocating a CAS API for testing
Agreed, which is another reason it makes sense to put any
I'm not clear on how you'd use IPFS to back a generic CAS API, because
|
@wking Thanks for the response!
This lends somewhat to my larger point: how can we interface with CAS systems that have disparate hash algorithms? It is doable, but seems a little out of scope.
There would either have to be a mapping into IPFS's CAS system, which may force the implementation to interact oddly with IPFS. IPFS is probably just the beginning in a set of second-generation CAS systems. |
A couple of comments from an LF perspective:
|
On Tue, Apr 12, 2016 at 01:00:42PM -0700, Stephen Day wrote:
I agree with both “doable” (IPFS-hash hints? Then a client can fetch
The manifest format in this repo is just another way to map a
Let's call that the “pluggable CAS” approach. I think we (also?) want switching at the registry level 2, so
Let's call this the “registered protocol” approach. The registered protocol approach makes it easy to use IPFS, or the
|
On Tue, Apr 12, 2016 at 01:14:44PM -0700, Chris Aniszczyk wrote:
For this to work, I think we need clarity on whether there is one TDC |
I am not sure what existing formats you're referring, but to take one example: in appc there's no tight coupling between naming and transport, or with runtimes (of which there are multiple). There's also an attempt at a next-generation discovery (naming) spec in abd which decouples transport/naming/format entirely. I don't think either of these specs are perfect but they should serve as evidence that it's possible to define these different aspects of the image container in a way that is pluggable, optional, and composable.
hmm? How can it be done today in a known way if it's not defined anywhere? you seem to be suggesting that implementers/developers of the spec should just assume they should use the current version of the registry? Maybe I don't understand.
+100 on being able to adapt OCI to different environments, but I really don't follow your leap to the second point there about limitations - where is there any hint of this proposal being restrictive or prescriptive? The OP is pretty clear on it being entirely optional for implementers, but provided as a means of avoiding unnecessary fragmentation and making the spec usable. |
On Wed, Apr 13, 2016 at 01:45:06AM -0700, Jonathan Boulle wrote:
That has: … for example, with different scheme names representing different Which sounds like “registered protocol” approach 1 :).
I think the connection is 2: When you define a target transport, it becomes very easy to have the That's “it will be tempting to leak abstractions”, not “it will be |
Folks who feel that transport is out-of-scope can also just ignore the optional parts of the spec, or use another spec with which they're fully comfortable. Separate repositories seems like an implementation detail. |
Agreed that a repo is an implementation detail. As a reminder we have other On Wed, Apr 13, 2016 at 3:13 PM Jonathan Boulle notifications@github.com
|
On Wed, Apr 13, 2016 at 12:21:28PM -0700, Brandon Philips wrote:
Sure, but it's not trivial to pack that into one repository. Folks |
It is an effort that would involve defining a CAS system, which is less than straightforward. I really think this would be a distraction that could unnecessarily complicate the image specification process. I am not asking us to assume the current registry api version, but it is a sufficient target for getting something up and running (not sure why this isn't listed under "two independent experimental implementations from OCI members"). I'm sure and hope others will have targets that are just as sufficient. The whole point is that we need to firewall the image specification process from making assumptions about the transport. Even an optional specification will taint this process. Let's define an image spec and see what the community at large does with it. This doesn't us preclude from building up knowledge to inform a transport specification, but let's get the image specification out the door first. |
On Tue, Apr 12, 2016 at 2:34 PM Stephen Day notifications@github.com
We have other optional layers in this project too. The reason they are
In any case I am +1 on making this an optional layer here. |
@philips And that may continue to be the case. The difference will be in how the image is transported over HTTPS. Why is it so important that this optional layer be defined at this point in time? Why not at least wait till we have a version of the image specification out before leaping? We already have ways to store images that can be used as guidance to build out the image specification. |
@philips, any updates on this topic? I see this issue has been put into the "post-v1.0.0" milestone, so does that mean image distribution method will be part of OCI image spec after the 1.0.0 release? Thanks. |
@qianzhangxa this is certainly an important requirement for folks. It came up numerous times this week at LinuxCon EU. Getting the distribution of images in for v1.0 seems somewhat tangling with getting release of aspects of the Docker distribution API vs creating an entirely new alternative. |
any progress on this? |
OCI now has imported Docker's distribution specification into distribution-spec. I'm not sure what the plan is for releases of that. |
I think this is substantially focused on the https://github.com/opencontainers/distribution-spec Closing this issue. Feel free to open a new issue defining additional refinement needed. |
Signed-off-by: Sajay Antony <sajaya@microsoft.com>
If a client has a URL/URI/file for an image spec. manifest, how does the client then know how to download/obtain the relevant layers?
This seems like its an important part of the image spec. that is currently not defined anywhere. Given the image manifest as its currently defined, I don't think that anyone will actually be able to distribute image manifests in a way where multiple different client implementations can figure out how to get the layers.
If we enter a world where each client does it differently, then the whole point of having a standardize specification will be lost, so I think we need to have some sort of guidance for this in the image spec.
I don't know that we have to require every implementation of specification to implement this part of the spec, but we should at least make it optional so that we don't end up with N different implementations.
It could be something as simple as:
https://my-server.com/layers/
Or we could actually add fields to the image spec that give a URL, but regardless we need something in order to begin implementation.
The text was updated successfully, but these errors were encountered: