Improve image and network cleanup procedure

This adds periodic cleanup of the directory which zun uses to temporarily cache images loaded from Glance to avoid it becoming too large. Docker image cleanup is adjusted to make it less aggressive as the 'until' filtering has been seen to clear images which were created more recently than one hour. The network pruning is removed as this causes zun to become out of sync with Docker which can prevent creation of new containers on pruned networks. Finally, the default is to leave cleanup disabled so that it can be enabled purely based upon user preference. As Systemd timers cannot be disabled, this is achieved via a file presence check with can be overridden for manual execution. Change-Id: I4532d9975a2e68a12a7755ca3798a59f4928593c
2021-01-12 09:42:20 +00:00 · 2021-01-12 09:42:20 +00:00 · b5bd190e24
commit b5bd190e24
parent 695af8ba41
4 changed files with 29 additions and 10 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -101,14 +101,13 @@ zun_docker_api_version: false
 zun_docker_bind_host: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
 zun_docker_bind_port: 2375

+# Should Docker image cache data be periodically cleaned up?
+zun_docker_prune_images: False
+
 # Time period for which to clean up old Docker data. The options are hour, day,
 # month, or year. (string value)
 zun_docker_prune_frequency: hour

-# Which Docker data to clean up when running the above periodic task
-zun_docker_prune_images: True
-zun_docker_prune_networks: True
-
 ## Manually specified zun UID/GID
 # Deployers can specify a UID for the zun user as well as the GID for the
 # zun group if needed. This is commonly used in environments where shared
--- a/releasenotes/notes/zun-docker-cleanup-471cd731f6963c61.yaml
+++ b/releasenotes/notes/zun-docker-cleanup-471cd731f6963c61.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Adds a 'zun-docker-cleanup' script to the Zun compute virtualenv which can
+    be used to clean up cached Docker images held on compute hosts. This can be
+    run on a timer by setting the 'zun_docker_prune_images' variable or
+    executed manually by adding '--force' to the script.
--- a/tasks/zun_compute.yml
+++ b/tasks/zun_compute.yml
@ -295,6 +295,11 @@
    group: "root"
    mode: "0755"

+- name: Set state for timed data cleanup
+  file:
+    path: "/var/tmp/zun-docker-cleanup.disabled"
+    state: "{{ zun_docker_prune_images | ternary('absent', 'touch') }}"
+
 - name: Remove legacy systemd docker override
  file:
    path: "/etc/systemd/system/docker.service.d/zun-docker.conf"
--- a/templates/zun-docker-cleanup.j2
+++ b/templates/zun-docker-cleanup.j2
@ -1,7 +1,15 @@
 #!/bin/bash
-{% if zun_docker_prune_images %}
-docker image prune -a -f --filter "until=1h"
-{% endif %}
-{% if zun_docker_prune_networks %}
-docker network prune -f --filter "until=1h"
-{% endif %}
+
+# If the disabled file is present, don't allow the script
+# to run unless it is forced.
+if [ -e "/var/tmp/zun-docker-cleanup.disabled" ] && [ "$1" != "--force" ]; then
+    echo "Timed cleanup of Docker data is disabled"
+    echo "To force a cleanup, re-run this script with '--force'"
+    exit 0
+fi
+
+# Clear dangling images from Docker
+docker image prune -f
+
+# Clear old images from Zun cache directory
+find /var/cache/zun -amin +1440 -type f -exec rm -fv {} \;