From b5bd190e24d19f59dfe8e66bdee0b1298bcfd02f Mon Sep 17 00:00:00 2001 From: Andrew Bonney Date: Tue, 12 Jan 2021 09:42:20 +0000 Subject: [PATCH] Improve image and network cleanup procedure This adds periodic cleanup of the directory which zun uses to temporarily cache images loaded from Glance to avoid it becoming too large. Docker image cleanup is adjusted to make it less aggressive as the 'until' filtering has been seen to clear images which were created more recently than one hour. The network pruning is removed as this causes zun to become out of sync with Docker which can prevent creation of new containers on pruned networks. Finally, the default is to leave cleanup disabled so that it can be enabled purely based upon user preference. As Systemd timers cannot be disabled, this is achieved via a file presence check with can be overridden for manual execution. Change-Id: I4532d9975a2e68a12a7755ca3798a59f4928593c --- defaults/main.yml | 7 +++---- .../zun-docker-cleanup-471cd731f6963c61.yaml | 7 +++++++ tasks/zun_compute.yml | 5 +++++ templates/zun-docker-cleanup.j2 | 20 +++++++++++++------ 4 files changed, 29 insertions(+), 10 deletions(-) create mode 100644 releasenotes/notes/zun-docker-cleanup-471cd731f6963c61.yaml diff --git a/defaults/main.yml b/defaults/main.yml index 035f408..bf34030 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -101,14 +101,13 @@ zun_docker_api_version: false zun_docker_bind_host: "{{ openstack_service_bind_address | default('0.0.0.0') }}" zun_docker_bind_port: 2375 +# Should Docker image cache data be periodically cleaned up? +zun_docker_prune_images: False + # Time period for which to clean up old Docker data. The options are hour, day, # month, or year. (string value) zun_docker_prune_frequency: hour -# Which Docker data to clean up when running the above periodic task -zun_docker_prune_images: True -zun_docker_prune_networks: True - ## Manually specified zun UID/GID # Deployers can specify a UID for the zun user as well as the GID for the # zun group if needed. This is commonly used in environments where shared diff --git a/releasenotes/notes/zun-docker-cleanup-471cd731f6963c61.yaml b/releasenotes/notes/zun-docker-cleanup-471cd731f6963c61.yaml new file mode 100644 index 0000000..2fb5611 --- /dev/null +++ b/releasenotes/notes/zun-docker-cleanup-471cd731f6963c61.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Adds a 'zun-docker-cleanup' script to the Zun compute virtualenv which can + be used to clean up cached Docker images held on compute hosts. This can be + run on a timer by setting the 'zun_docker_prune_images' variable or + executed manually by adding '--force' to the script. diff --git a/tasks/zun_compute.yml b/tasks/zun_compute.yml index 57b11dd..4d32053 100644 --- a/tasks/zun_compute.yml +++ b/tasks/zun_compute.yml @@ -295,6 +295,11 @@ group: "root" mode: "0755" +- name: Set state for timed data cleanup + file: + path: "/var/tmp/zun-docker-cleanup.disabled" + state: "{{ zun_docker_prune_images | ternary('absent', 'touch') }}" + - name: Remove legacy systemd docker override file: path: "/etc/systemd/system/docker.service.d/zun-docker.conf" diff --git a/templates/zun-docker-cleanup.j2 b/templates/zun-docker-cleanup.j2 index 8ae8939..42cce24 100644 --- a/templates/zun-docker-cleanup.j2 +++ b/templates/zun-docker-cleanup.j2 @@ -1,7 +1,15 @@ #!/bin/bash -{% if zun_docker_prune_images %} -docker image prune -a -f --filter "until=1h" -{% endif %} -{% if zun_docker_prune_networks %} -docker network prune -f --filter "until=1h" -{% endif %} + +# If the disabled file is present, don't allow the script +# to run unless it is forced. +if [ -e "/var/tmp/zun-docker-cleanup.disabled" ] && [ "$1" != "--force" ]; then + echo "Timed cleanup of Docker data is disabled" + echo "To force a cleanup, re-run this script with '--force'" + exit 0 +fi + +# Clear dangling images from Docker +docker image prune -f + +# Clear old images from Zun cache directory +find /var/cache/zun -amin +1440 -type f -exec rm -fv {} \;