Add support for rmi --force for nerdctl images #3587
Conversation
|
Needs rebase |
manugupt1
force-pushed
the
img-rmif
branch
2 times, most recently
from
7ec96d9 to
b16fed6
Compare
Signed-off-by: Manu Gupta <[email protected]>
| if cid, ok := runningImages[found.Image.Name]; !options.Force && ok { | ||
| return fmt.Errorf("conflict: unable to delete %s - image is being used by running container %s", found.Req, cid) |
There was a problem hiding this comment.
docker's behavior in this case is to untag but not delete. With this change nerdctl's behavior will be untag and delete?
# ubuntu:24.04 being used by a running container, untag only
$ d rmi -f ubuntu:24.04
Untagged: ubuntu:24.04
# ubuntu:21.10 not being used, untag and delete.
$ d rmi -f ubuntu:21.10
Untagged: ubuntu:21.10
Deleted: sha256:ff46b78279f207db3b8e57e20dee7cecef3567d09489369d80591f150f9c8154There was a problem hiding this comment.
I saw the same behavior, but the docs seem to be same as the behavior in this PR
https://docs.docker.com/reference/cli/docker/image/rm/
From the docs
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB)
test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB)
test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB)
docker rmi -f fd484f19954f
Untagged: test1:latest
Untagged: test:latest
Untagged: test2:latest
Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8
There was a problem hiding this comment.
I did a bit of digging, I am not sure what the default behavior is but the pull behavior seems to be different between docker and nerdctl.
Let's first pull from docker and look at the digest and image tag.
tldr nerdctl tags image id with digest id, but it is supposed to be with config sha.
To achieve this properly, we need to first modify the pull code and then only delete the config-sha.
Personally, I am okay with having the images deletedd since docker will have to pull the digest again in both the scenarios. Let me know what do you think
➜ ~ docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
Digest: sha256:768e5c6f5cb6db0794eec98dc7a967f40631746c32232b78a3105fb946f3ab83
Status: Image is up to date for busybox:latest
docker.io/library/busybox:latest
docker.io/library/busybox:latest
➜ ~ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 27a71e19c956 3 weeks ago 4.27MB
Then let's look at the nerdctl part
rization: server message: insufficient_scope: authorization failed
➜ nerdctl git:(img-rmif) ✗ sudo nerdctl pull busybox
docker.io/library/busybox:latest: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:768e5c6f5cb6db0794eec98dc7a967f40631746c32232b78a3105fb946f3ab83: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:22f27168517de1f58dae0ad51eacf1527e7e7ccc47512d3946f56bdbe913f564: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:27a71e19c95622dce4d60d4a3760707495c9875f5c5322c5bd535214799593ce: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 1.4 s total: 10.6 K (7.5 KiB/s)
➜ nerdctl git:(img-rmif) ✗ sudo nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
busybox latest 768e5c6f5cb6 6 seconds ago linux/amd64 4.317MB 2.157MB
debian latest 1dc55ed68717 3 months ago linux/amd64 132.1MB 49.56MB
➜ nerdctl git:(img-rmif) ✗
There was a problem hiding this comment.
since docker will have to pull the digest again in both the scenarios.
can you explain this a bit?
In docker's case, it doesn't actually delete the image right? so if I re-pull the image using the same tag, then it just associate the tag with the <none>:<none> image left previously?
~/ ➜ d run -it -d ubuntu:22.04 sleep 30
8f8f03e6c804a70fe6fba790b0d894b97389ba2e94283c37282aa9079fdc7976
~/ ➜ d rmi -f ubuntu:22.04
Untagged: ubuntu:22.04
~/ ➜ d images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 0e5e4a57c249 6 weeks ago 106MB
~/ ➜ d pull ubuntu:22.04
22.04: Pulling from library/ubuntu
Digest: sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97
Status: Downloaded newer image for ubuntu:22.04
docker.io/library/ubuntu:22.04
~/ ➜ d images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 22.04 0e5e4a57c249 6 weeks ago 106MBThere was a problem hiding this comment.
Notice the original comments:
// If an image is associated with a running/paused containers, `docker rmi -f imageName` // untags `imageName` (left a `<none>` image) without deletion; `docker rmi -rf imageID` fails. // In both cases, `nerdctl rmi -f` will fail.
what's the new behavior of nerdctl rmi -f imageName and nerdctl rmi -f imageID?
There was a problem hiding this comment.
what's the new behavior of nerdctl rmi -f imageName and nerdctl rmi -f imageID?
It does delete, so we need to skip the untag part, I will check, what can be done.
can you explain this a bit?
the image ids for the same image are different in docker and nerdctl.
For docker, it uses the config-sha256, for nerdctl it uses digest / index-sha256
No description provided.