forked from wrenn/wrenn
Add disk_size_mb, auto-expand base images, admin templates endpoint
Disk sizing: - Add disk_size_mb column to sandboxes table (default 20480 = 20GB) - Add disk_size_mb to CreateSandboxRequest proto, passed through the full chain: service → RPC → host agent → sandbox manager → devicemapper - devicemapper.CreateSnapshot takes separate cowSizeBytes param so the sparse CoW file can be sized independently from the origin - EnsureImageSizes() runs at host agent startup: expands any base image smaller than 20GB via truncate + resize2fs (sparse, no extra physical disk). Sandboxes then get the full 20GB via fast dm-snapshot path - FlattenRootfs shrinks output images with resize2fs -M so stored templates are compact; EnsureImageSizes re-expands on next startup Admin templates visibility: - Add GET /v1/admin/templates endpoint listing all templates across teams - Frontend admin templates page uses listAdminTemplates() instead of team-scoped listSnapshots() - Platform templates (team_id = all-zeros UUID) now visible to all teams: GetTemplateByTeam, ListTemplatesByTeam, ListTemplatesByTeamAndType queries include platform team_id in WHERE clause
This commit is contained in:
74
internal/sandbox/images.go
Normal file
74
internal/sandbox/images.go
Normal file
@ -0,0 +1,74 @@
|
||||
package sandbox
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
)
|
||||
|
||||
// DefaultDiskSizeMB is the standard disk size for base images. Images smaller
|
||||
// than this are expanded at startup so that dm-snapshot sandboxes see the full
|
||||
// size without per-sandbox copies. The expansion is sparse — only metadata
|
||||
// changes; no physical disk is consumed beyond the original content.
|
||||
const DefaultDiskSizeMB = 20480 // 20 GB
|
||||
|
||||
// EnsureImageSizes walks the images directory and expands any rootfs.ext4 that
|
||||
// is smaller than the target size. This is idempotent: images already at or
|
||||
// above the target size are left untouched. Should be called once at host agent
|
||||
// startup before any sandboxes are created.
|
||||
func EnsureImageSizes(imagesDir string, targetMB int) error {
|
||||
if targetMB <= 0 {
|
||||
targetMB = DefaultDiskSizeMB
|
||||
}
|
||||
targetBytes := int64(targetMB) * 1024 * 1024
|
||||
|
||||
entries, err := os.ReadDir(imagesDir)
|
||||
if err != nil {
|
||||
return fmt.Errorf("read images dir: %w", err)
|
||||
}
|
||||
|
||||
for _, entry := range entries {
|
||||
if !entry.IsDir() {
|
||||
continue
|
||||
}
|
||||
rootfs := filepath.Join(imagesDir, entry.Name(), "rootfs.ext4")
|
||||
info, err := os.Stat(rootfs)
|
||||
if err != nil {
|
||||
continue // not every template dir has a rootfs.ext4
|
||||
}
|
||||
|
||||
if info.Size() >= targetBytes {
|
||||
continue // already large enough
|
||||
}
|
||||
|
||||
slog.Info("expanding base image",
|
||||
"template", entry.Name(),
|
||||
"from_mb", info.Size()/(1024*1024),
|
||||
"to_mb", targetMB,
|
||||
)
|
||||
|
||||
// Expand the file (sparse — instant, no physical disk used).
|
||||
if err := os.Truncate(rootfs, targetBytes); err != nil {
|
||||
return fmt.Errorf("truncate %s: %w", rootfs, err)
|
||||
}
|
||||
|
||||
// Check filesystem before resize.
|
||||
if out, err := exec.Command("e2fsck", "-fy", rootfs).CombinedOutput(); err != nil {
|
||||
// e2fsck returns 1 if it fixed errors, which is fine.
|
||||
if exitErr, ok := err.(*exec.ExitError); ok && exitErr.ExitCode() > 1 {
|
||||
return fmt.Errorf("e2fsck %s: %s: %w", rootfs, string(out), err)
|
||||
}
|
||||
}
|
||||
|
||||
// Grow the ext4 filesystem to fill the new file size.
|
||||
if out, err := exec.Command("resize2fs", rootfs).CombinedOutput(); err != nil {
|
||||
return fmt.Errorf("resize2fs %s: %s: %w", rootfs, string(out), err)
|
||||
}
|
||||
|
||||
slog.Info("base image expanded", "template", entry.Name(), "size_mb", targetMB)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@ -5,6 +5,7 @@ import (
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"sync"
|
||||
"time"
|
||||
@ -51,8 +52,8 @@ type sandboxState struct {
|
||||
slot *network.Slot
|
||||
client *envdclient.Client
|
||||
uffdSocketPath string // non-empty for sandboxes restored from snapshot
|
||||
dmDevice *devicemapper.SnapshotDevice
|
||||
baseImagePath string // path to the base template rootfs (for loop registry release)
|
||||
dmDevice *devicemapper.SnapshotDevice
|
||||
baseImagePath string // path to the base template rootfs (for loop registry release)
|
||||
|
||||
// parent holds the snapshot header and diff file paths from which this
|
||||
// sandbox was restored. Non-nil means re-pause should use "Diff" snapshot
|
||||
@ -94,7 +95,7 @@ func New(cfg Config) *Manager {
|
||||
|
||||
// Create boots a new sandbox: clone rootfs, set up network, start VM, wait for envd.
|
||||
// If sandboxID is empty, a new ID is generated.
|
||||
func (m *Manager) Create(ctx context.Context, sandboxID, template string, vcpus, memoryMB, timeoutSec int) (*models.Sandbox, error) {
|
||||
func (m *Manager) Create(ctx context.Context, sandboxID, template string, vcpus, memoryMB, timeoutSec, diskSizeMB int) (*models.Sandbox, error) {
|
||||
if sandboxID == "" {
|
||||
sandboxID = id.FormatSandboxID(id.NewSandboxID())
|
||||
}
|
||||
@ -105,6 +106,9 @@ func (m *Manager) Create(ctx context.Context, sandboxID, template string, vcpus,
|
||||
if memoryMB <= 0 {
|
||||
memoryMB = 512
|
||||
}
|
||||
if diskSizeMB <= 0 {
|
||||
diskSizeMB = 20480 // 20 GB default
|
||||
}
|
||||
|
||||
if template == "" {
|
||||
template = "minimal"
|
||||
@ -115,7 +119,7 @@ func (m *Manager) Create(ctx context.Context, sandboxID, template string, vcpus,
|
||||
|
||||
// Check if template refers to a snapshot (has snapfile + memfile + header + rootfs).
|
||||
if snapshot.IsSnapshot(m.cfg.ImagesDir, template) {
|
||||
return m.createFromSnapshot(ctx, sandboxID, template, vcpus, memoryMB, timeoutSec)
|
||||
return m.createFromSnapshot(ctx, sandboxID, template, vcpus, memoryMB, timeoutSec, diskSizeMB)
|
||||
}
|
||||
|
||||
// Resolve base rootfs image: /var/lib/wrenn/images/{template}/rootfs.ext4
|
||||
@ -139,7 +143,8 @@ func (m *Manager) Create(ctx context.Context, sandboxID, template string, vcpus,
|
||||
// Create dm-snapshot with per-sandbox CoW file.
|
||||
dmName := "wrenn-" + sandboxID
|
||||
cowPath := filepath.Join(m.cfg.SandboxesDir, fmt.Sprintf("%s.cow", sandboxID))
|
||||
dmDev, err := devicemapper.CreateSnapshot(dmName, originLoop, cowPath, originSize)
|
||||
cowSize := int64(diskSizeMB) * 1024 * 1024
|
||||
dmDev, err := devicemapper.CreateSnapshot(dmName, originLoop, cowPath, originSize, cowSize)
|
||||
if err != nil {
|
||||
m.loops.Release(baseRootfs)
|
||||
return nil, fmt.Errorf("create dm-snapshot: %w", err)
|
||||
@ -853,6 +858,17 @@ func (m *Manager) FlattenRootfs(ctx context.Context, sandboxID, name string) (in
|
||||
// Clean up dm device and loop device now that flatten is complete.
|
||||
m.cleanupDM(sb)
|
||||
|
||||
// Shrink the flattened image to its minimum size so stored templates are
|
||||
// compact. EnsureImageSizes will re-expand them on the next agent startup.
|
||||
if out, err := exec.Command("e2fsck", "-fy", outputPath).CombinedOutput(); err != nil {
|
||||
if exitErr, ok := err.(*exec.ExitError); ok && exitErr.ExitCode() > 1 {
|
||||
slog.Warn("e2fsck before shrink failed (non-fatal)", "output", string(out), "error", err)
|
||||
}
|
||||
}
|
||||
if out, err := exec.Command("resize2fs", "-M", outputPath).CombinedOutput(); err != nil {
|
||||
slog.Warn("resize2fs -M failed (non-fatal)", "output", string(out), "error", err)
|
||||
}
|
||||
|
||||
sizeBytes, err := snapshot.DirSize(m.cfg.ImagesDir, name)
|
||||
if err != nil {
|
||||
slog.Warn("failed to calculate template size", "error", err)
|
||||
@ -891,7 +907,7 @@ func (m *Manager) DeleteSnapshot(name string) error {
|
||||
// in ImagesDir/{snapshotName}/. Uses UFFD for lazy memory loading.
|
||||
// The template's rootfs.ext4 is a flattened standalone image — we create a
|
||||
// dm-snapshot on top of it just like a normal Create.
|
||||
func (m *Manager) createFromSnapshot(ctx context.Context, sandboxID, snapshotName string, vcpus, _, timeoutSec int) (*models.Sandbox, error) {
|
||||
func (m *Manager) createFromSnapshot(ctx context.Context, sandboxID, snapshotName string, vcpus, _, timeoutSec, diskSizeMB int) (*models.Sandbox, error) {
|
||||
imagesDir := m.cfg.ImagesDir
|
||||
|
||||
// Read the header.
|
||||
@ -936,7 +952,8 @@ func (m *Manager) createFromSnapshot(ctx context.Context, sandboxID, snapshotNam
|
||||
|
||||
dmName := "wrenn-" + sandboxID
|
||||
cowPath := filepath.Join(m.cfg.SandboxesDir, fmt.Sprintf("%s.cow", sandboxID))
|
||||
dmDev, err := devicemapper.CreateSnapshot(dmName, originLoop, cowPath, originSize)
|
||||
cowSize := int64(diskSizeMB) * 1024 * 1024
|
||||
dmDev, err := devicemapper.CreateSnapshot(dmName, originLoop, cowPath, originSize, cowSize)
|
||||
if err != nil {
|
||||
source.Close()
|
||||
m.loops.Release(baseRootfs)
|
||||
|
||||
Reference in New Issue
Block a user