Merge pull request rancher-sandbox#9745 from mook-as/moby-container-snapshotter

Allow users to select moby storage driver

Author: jandubois

e2e/backend.e2e.spec.ts

@@ -21,6 +21,9 @@ test.describe.serial('KubernetesBackend', () => {
 
   test.beforeAll(async({ colorScheme }, testInfo) => {
     [electronApp, page] = await startSlowerDesktop(testInfo, {
+      kubernetes: {
+        enabled: false,
+      },
       virtualMachine: {
         mount: {
           type: MountType.REVERSE_SSHFS,

pkg/rancher-desktop/assets/specs/command-api.yaml

@@ -617,6 +617,10 @@ components:
                   x-rd-usage: allowed image names
                   items:
                     type: string
+            mobyStorageDriver:
+              type: string
+              enum: [classic, snapshotter, auto]
+              x-rd-usage: override Moby storage driver selection
         virtualMachine:
           type: object
           properties:

pkg/rancher-desktop/backend/__tests__/backendHelper.spec.ts

@@ -0,0 +1,160 @@
+/** @jest-environment node */
+
+import _ from 'lodash';
+
+import type { VMExecutor } from '@pkg/backend/backend';
+import type BackendHelperType from '@pkg/backend/backendHelper';
+import mockModules from '@pkg/utils/testUtils/mockModules';
+
+const modules = mockModules({
+  electron: undefined,
+});
+
+describe('BackendHelper', () => {
+  let BackendHelper: typeof BackendHelperType;
+  beforeAll(async() => {
+    BackendHelper = (await import('@pkg/backend/backendHelper')).default;
+  });
+
+  describe('configureMobyStorage', () => {
+    const snapshotterDir = '/var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.overlayfs/snapshots/';
+    const classicDir = '/var/lib/docker/image/overlay2/imagedb/content/sha256/'; // no-spell-check
+    const DOCKER_DAEMON_JSON = '/etc/docker/daemon.json';
+
+    interface Options {
+      hasSnapshotter: boolean;
+      hasClassic:     boolean;
+      useWASM:        boolean;
+      storageDriver:  'classic' | 'snapshotter' | 'auto';
+    }
+
+    class mockExecutor implements Partial<VMExecutor> {
+      readonly options: Omit<Options, 'useWASM' | 'storageDriver'> & { existingConfig?: string; };
+      readonly backend = 'mock';
+      result:           any;
+
+      constructor(options: typeof this.options) {
+        this.options = options;
+      }
+
+      execCommand(...command: string[]): Promise<void>;
+      execCommand(options: unknown, ...command: string[]): Promise<void>;
+      execCommand(options: unknown, ...command: string[]): Promise<string>;
+      execCommand(options?: unknown, ...command: string[]): Promise<void> | Promise<string> {
+        if (typeof options === 'string') {
+          command.unshift(options);
+        }
+        switch (command[0]) {
+        case '/usr/bin/find':
+          expect(options).toHaveProperty('capture', true);
+          if (command.includes(snapshotterDir)) {
+            return Promise.resolve(this.options.hasSnapshotter ? 'some text\n' : '\n');
+          }
+          if (command.includes(classicDir)) {
+            return Promise.resolve(this.options.hasClassic ? 'not empty\n' : '\n');
+          }
+          break;
+        case 'mkdir':
+          return Promise.resolve();
+        }
+        throw new Error(`Unexpected command: ${ JSON.stringify(command) }`);
+      }
+
+      readFile(filePath: string): Promise<string> {
+        if (filePath === DOCKER_DAEMON_JSON) {
+          if (this.options.existingConfig) {
+            return Promise.resolve(this.options.existingConfig);
+          }
+          return Promise.reject<string>(new Error('file does not exist'));
+        }
+        throw new Error(`Unexpected readFile: ${ filePath }`);
+      }
+
+      writeFile(filePath: string, fileContents: string): Promise<void> {
+        expect(filePath).toEqual(DOCKER_DAEMON_JSON);
+        const config = JSON.parse(fileContents);
+
+        this.result = config;
+        expect(config).toHaveProperty('features.containerd-snapshotter');
+        return Promise.resolve();
+      }
+    }
+
+    async function runTest(options: Options): Promise<boolean> {
+      const vmx = new mockExecutor(options);
+
+      await BackendHelper.configureMobyStorage(
+        vmx as unknown as VMExecutor,
+        options.storageDriver,
+        options.useWASM);
+
+      expect(vmx.result).toHaveProperty('features.containerd-snapshotter');
+
+      return vmx.result.features['containerd-snapshotter'] ?? false;
+    }
+
+    function generateCases(alwaysUseWASM: boolean) {
+      const cases: Omit<Options, 'storageDriver'>[] = [];
+      const bools = [true, false];
+
+      for (const hasSnapshotter of bools) {
+        for (const hasClassic of bools) {
+          if (!alwaysUseWASM) {
+            for (const useWASM of bools) {
+              cases.push({ hasSnapshotter, hasClassic, useWASM });
+            }
+          } else {
+            cases.push({ hasSnapshotter, hasClassic, useWASM: true });
+          }
+        }
+      }
+
+      return cases;
+    }
+
+    it.concurrent.each(generateCases(false))(
+      'should use classic storage driver when specified (snapshotter:$hasSnapshotter classic:$hasClassic wasm:$useWASM)', async(options) => {
+        await expect(runTest({ ...options, storageDriver: 'classic' })).resolves.toBeFalsy();
+      });
+
+    it.concurrent.each(generateCases(false))(
+      'should use snapshotter storage driver when specified (snapshotter:$hasSnapshotter classic:$hasClassic wasm:$useWASM)', async(options) => {
+        await expect(runTest({ ...options, storageDriver: 'snapshotter' })).resolves.toBeTruthy();
+      });
+
+    it.concurrent.each(generateCases(true))(
+      'should choose storage driver based on WASM configuration when set to auto (snapshotter:$hasSnapshotter classic:$hasClassic)', async(options) => {
+        await expect(runTest({ ...options, useWASM: true, storageDriver: 'auto' })).resolves.toBeTruthy();
+      });
+
+    it.concurrent.each`
+    hasSnapshotter   | hasClassic | expected
+    ${ true }        | ${ true }  | ${ true }
+    ${ true }        | ${ false } | ${ true }
+    ${ false }       | ${ true }  | ${ false }
+    ${ false }       | ${ false } | ${ true }
+    `('should choose storage driver based on existing usage when set to auto and WASM disabled (snapshotter:$hasSnapshotter classic:$hasClassic)', async(options) => {
+      await expect(runTest({ ...options, useWASM: false, storageDriver: 'auto' })).resolves.toBe(options.expected);
+    });
+
+    it('should preserve existing docker daemon settings', async() => {
+      const existingConfig = {
+        hello: 'world',
+      };
+
+      const vmx = new mockExecutor({
+        hasSnapshotter:  false,
+        hasClassic:      true,
+        existingConfig:  JSON.stringify(existingConfig),
+      });
+
+      await BackendHelper.configureMobyStorage(
+        vmx as unknown as VMExecutor,
+        'auto',
+        false);
+
+      expect(vmx.result).toHaveProperty('features.containerd-snapshotter');
+      expect(vmx.result).toHaveProperty('hello', 'world');
+    });
+  });
+});

pkg/rancher-desktop/backend/backendHelper.ts

@@ -373,20 +373,61 @@ export default class BackendHelper {
    * Configure the Moby containerd-snapshotter feature if WASM support is
    * requested, or if we have not previously run the daemon.
    */
-  static async writeMobyConfig(vmx: VMExecutor, configureWASM: boolean) {
+  static async configureMobyStorage(vmx: VMExecutor, storageDriver: 'classic' | 'snapshotter' | 'auto', configureWASM: boolean) {
+    // Due to issues with a botched migration, we will need to provide more logic
+    // to determine whether to use the containerd-snapshotter backend for moby
+    // storage.  See https://github.com/rancher-sandbox/rancher-desktop/issues/9732
+    // for more details.
+
+    // If this directory is not empty, we assume that there is data in the containerd snapshotter.
+    const snapshotterDir = '/var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.overlayfs/snapshots/';
+    // If this directory is not empty, we assume that there is data in the classic storage.
+    const classicDir = '/var/lib/docker/image/overlay2/imagedb/content/sha256/'; // no-spell-check
+
+    let useSnapshotter: boolean | undefined;
+
+    // Check if a directory (in the VM) has any subdirectories or files.
+    async function dirHasChildren(dir: string): Promise<boolean> {
+      try {
+        const stdout = await vmx.execCommand(
+          { root: true, expectFailure: true, capture: true },
+          '/usr/bin/find', dir, '-maxdepth', '0', '-not', '-empty');
+
+        return stdout.trim().length > 0;
+      } catch {
+        // Directory does not exist.
+        return false;
+      }
+    }
+
+    // If `storageDriver` is explicitly set, use that setting.
+    if (storageDriver !== 'auto') {
+      useSnapshotter = (storageDriver === 'snapshotter');
+    } else if (configureWASM) {
+      // WASM requires the containerd snapshotter.
+      useSnapshotter = true;
+    } else {
+      // If there is data in the containerd snapshotter store, use it.
+      if (await dirHasChildren(snapshotterDir)) {
+        useSnapshotter = true;
+      }
+    }
+    if (useSnapshotter === undefined) {
+      // If there is no data in the classic storage, use containerd snapshotter.
+      useSnapshotter = !(await dirHasChildren(classicDir));
+    }
+
     let config: Record<string, any>;
-    let found = false;
 
     try {
       config = JSON.parse(await vmx.readFile(DOCKER_DAEMON_JSON));
-      found = true;
     } catch (err: any) {
       await vmx.execCommand({ root: true }, 'mkdir', '-p', path.dirname(DOCKER_DAEMON_JSON));
       config = {};
     }
     config['min-api-version'] = '1.41';
     config['features'] ??= {};
-    config['features']['containerd-snapshotter'] ||= configureWASM || !found;
+    config['features']['containerd-snapshotter'] = useSnapshotter;
 
     if (config['features']['containerd-snapshotter']) {
       // If we are using the containerd snapshotter, create /var/lib/docker/image
@@ -396,9 +437,9 @@ export default class BackendHelper {
     await vmx.writeFile(DOCKER_DAEMON_JSON, jsonStringifyWithWhiteSpace(config), 0o644);
   }
 
-  static async configureContainerEngine(vmx: VMExecutor, configureWASM: boolean) {
+  static async configureContainerEngine(vmx: VMExecutor, configureWASM: boolean, mobyStorageDriver: 'classic' | 'snapshotter' | 'auto') {
     await BackendHelper.installContainerdShims(vmx, configureWASM);
     await BackendHelper.writeContainerdConfig(vmx, configureWASM);
-    await BackendHelper.writeMobyConfig(vmx, configureWASM);
+    await BackendHelper.configureMobyStorage(vmx, mobyStorageDriver, configureWASM);
   }
 }

pkg/rancher-desktop/backend/k3sHelper.ts

@@ -21,6 +21,7 @@ import { Architecture, VMExecutor } from './backend';
 import * as K8s from '@pkg/backend/k8s';
 import { KubeClient } from '@pkg/backend/kube/client';
 import { loadFromString, exportConfig } from '@pkg/backend/kubeconfig';
+import { ContainerEngine } from '@pkg/config/settings';
 import mainEvents from '@pkg/main/mainEvents';
 import { isUnixError } from '@pkg/typings/unix.interface';
 import DownloadProgressListener from '@pkg/utils/DownloadProgressListener';
@@ -32,7 +33,7 @@ import paths from '@pkg/utils/paths';
 import { executable } from '@pkg/utils/resources';
 import safeRename from '@pkg/utils/safeRename';
 import { jsonStringifyWithWhiteSpace } from '@pkg/utils/stringify';
-import { defined, RecursivePartial, RecursiveTypes } from '@pkg/utils/typeUtils';
+import { defined, RecursivePartial, RecursiveReadonly, RecursiveTypes } from '@pkg/utils/typeUtils';
 import { showMessageBox } from '@pkg/window';
 
 import type Electron from 'electron';
@@ -77,9 +78,17 @@ interface cacheData {
  * RequiresRestartSeverityChecker is a function that will be used to determine
  * whether a given settings change will require a reset (i.e. deleting user
  * workloads).
+ * @param currentValue The current value of the setting.
+ * @param desiredValue The desired value of the setting.
+ * @param allSettings The full merged settings object.
+ * @returns 'restart' if a restart is required, 'reset' if a reset is required,
+ *         or false if no restart is required.
  */
-type RequiresRestartSeverityChecker<K extends keyof RecursiveTypes<K8s.BackendSettings>> =
-  (currentValue: RecursiveTypes<K8s.BackendSettings>[K], desiredValue: RecursiveTypes<K8s.BackendSettings>[K]) => 'restart' | 'reset';
+type RequiresRestartSeverityChecker<K extends keyof RecursiveTypes<K8s.BackendSettings>> = (
+  currentValue: RecursiveTypes<K8s.BackendSettings>[K],
+  desiredValue: RecursiveTypes<K8s.BackendSettings>[K],
+  allSettings: RecursiveReadonly<K8s.BackendSettings>,
+) => 'restart' | 'reset' | false;
 
 /**
  * RequiresRestartCheckers defines a mapping of settings (in dot-separated form)
@@ -1199,6 +1208,36 @@ export default class K3sHelper extends events.EventEmitter {
   ): K8s.RestartReasons {
     const results: K8s.RestartReasons = {};
     const NotFound = Symbol('not-found');
+    const mergedSettings = _.merge({}, currentSettings, desiredSettings);
+
+    function restartIfKubernetesEnabled() {
+      return mergedSettings.kubernetes.enabled ? 'restart' : false;
+    }
+
+    /**
+     * defaultRestartReasonCheckers contains the restart reason checkers shared
+     * between backends.
+     */
+    const defaultRestartReasonCheckers: RequiresRestartCheckers = {
+      'containerEngine.mobyStorageDriver': (current, desired, allSettings) => {
+        // We only need to restart if running moby.
+        return allSettings.containerEngine.name === ContainerEngine.MOBY ? 'restart' : false;
+      },
+      'kubernetes.version': (current, desired, allSettings) => {
+        if (!allSettings.kubernetes.enabled) {
+          return false;
+        }
+        return semver.gt(current || '0.0.0', desired) ? 'reset' : 'restart';
+      },
+      'containerEngine.allowedImages.enabled':            undefined,
+      'containerEngine.name':                             undefined,
+      'experimental.containerEngine.webAssembly.enabled': undefined,
+      'experimental.kubernetes.options.spinkube':         undefined,
+      'kubernetes.enabled':                               undefined,
+      'kubernetes.options.flannel':                       restartIfKubernetesEnabled,
+      'kubernetes.options.traefik':                       restartIfKubernetesEnabled,
+      'kubernetes.port':                                  restartIfKubernetesEnabled,
+    };
 
     /**
      * Check the given settings against the last-applied settings to see if we
@@ -1217,13 +1256,19 @@ export default class K3sHelper extends events.EventEmitter {
         return;
       }
       if (!_.isEqual(current, desired)) {
-        results[key] = {
-          current, desired, severity: checker ? checker(current, desired) : 'restart',
-        };
+        const severity = checker ? checker(current, desired, mergedSettings) : 'restart';
+
+        if (severity) {
+          results[key] = { current, desired, severity };
+        }
       }
     }
 
-    for (const [key, checker] of Object.entries(checkers)) {
+    for (const [key, checker] of Object.entries({ ...defaultRestartReasonCheckers, ...checkers })) {
+      if (checker === null) {
+        // The custom checker wants to delete a default checker.
+        continue;
+      }
       // We need the casts here because TypeScript can't match up the key with
       // its corresponding checker.
       cmp(key as any, checker as any);

pkg/rancher-desktop/backend/kube/lima.ts

@@ -429,22 +429,7 @@ export default class LimaKubernetesBackend extends events.EventEmitter implement
       currentConfig,
       desiredConfig,
       {
-        'kubernetes.version': (current: string, desired: string) => {
-          if (semver.gt(current || '0.0.0', desired)) {
-            return 'reset';
-          }
-
-          return 'restart';
-        },
-        'application.adminAccess':                          undefined,
-        'containerEngine.allowedImages.enabled':            undefined,
-        'containerEngine.name':                             undefined,
-        'experimental.containerEngine.webAssembly.enabled': undefined,
-        'experimental.kubernetes.options.spinkube':         undefined,
-        'kubernetes.port':                                  undefined,
-        'kubernetes.enabled':                               undefined,
-        'kubernetes.options.traefik':                       undefined,
-        'kubernetes.options.flannel':                       undefined,
+        'application.adminAccess': undefined,
       },
       extra,
     );