From 36db074da8f176b4eba1a97216de7c31567c93de Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Mon, 20 Apr 2026 16:49:05 -0500 Subject: [PATCH 1/2] chore: remove overlaybd from rchab MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Overlaybd was an accelerated-container-image format that rchab converted images into on demand via POST /flyio/v1/buildOverlaybdImage. The platform side of the feature — flyd's ImageRef.Layers handling and the overlaybd snapshotter on hosts — was removed in nomad-firecracker#3341 (merged 2025-05-22). Since then, any flyctl client with [experimental] lazy_load_images = true in fly.toml was producing a silently-broken deploy: rchab would happily convert and return an overlaybd hash, but flaps/flyd ignored the resulting layer manifest. Cut the dead code at the source: - Drop the two overlaybd build stages from the Dockerfile (the accelerated-container-image snapshotter and the libaio/libnl/cmake- based overlaybd build). Drop the runtime apk deps those binaries linked against (libcurl, e2fsprogs-libs, libaio, libnl3, libssl3, zlib, zstd-libs — the base docker:24.0.7-alpine3.19 image supplies what dockerd itself needs). - Delete dockerproxy/overlaybd.go. - Stop registering /flyio/v1/buildOverlaybdImage in main.go. Old flyctl clients with lazy_load_images still set will now get an explicit 404 from rchab. dockerfile_builder.go:312 catches that and warns 'failed to build lazy-loaded image, not using lazy-loading', falling through to a normal image build — strictly better than the silent platform-side breakage they get today. A follow-up PR against flyctl will remove the client-side call path and warn on the lazy_load_images flag so customers know to drop it from fly.toml. Cuts ~90 lines and a couple of minutes off every Dockerfile build. --- Dockerfile | 27 +---------------- dockerproxy/main.go | 1 - dockerproxy/overlaybd.go | 62 ---------------------------------------- 3 files changed, 1 insertion(+), 89 deletions(-) delete mode 100644 dockerproxy/overlaybd.go diff --git a/Dockerfile b/Dockerfile index be9f046..e98501d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,3 @@ -FROM golang:1.21-alpine AS overlaybd_snapshotter_build -WORKDIR /work -RUN apk add git make -RUN git clone --branch v1.0.4 https://github.com/containerd/accelerated-container-image.git -RUN cd accelerated-container-image \ - && make \ - && make install - -FROM alpine:3.19 AS overlaybd_build -WORKDIR /work -RUN apk add bash cmake curl-dev e2fsprogs-dev gcc g++ gflags-dev git gtest-dev make libaio-dev libnl3-dev linux-headers openssl-dev patch pkgconf sudo zlib-dev zstd-dev -RUN git clone https://github.com/superfly/overlaybd \ - && cd overlaybd \ - && git submodule update --init -RUN mkdir -p overlaybd/build \ - && cd overlaybd/build \ - && cmake .. -RUN cd overlaybd/build \ - && make -j$(nproc) \ - && make install - FROM golang:1.21 as dockerproxy_build WORKDIR /app COPY dockerproxy . @@ -26,14 +5,10 @@ RUN GOOS=linux GARCH=amd64 CGO_ENABLED=0 go build -o dockerproxy -ldflags "-X ma FROM docker:24.0.7-alpine3.19 ARG BUILD_SHA -RUN apk add bash pigz sysstat procps lsof util-linux-misc xz curl sudo libcurl e2fsprogs e2fsprogs-libs libaio libnl3 libssl3 zlib zstd-libs +RUN apk add bash pigz sysstat procps lsof util-linux-misc xz curl sudo e2fsprogs COPY etc/docker/daemon.json /etc/docker/daemon.json COPY --from=dockerproxy_build /app/dockerproxy /dockerproxy COPY --from=docker/buildx-bin:v0.12 /buildx /usr/libexec/docker/cli-plugins/docker-buildx -COPY --from=overlaybd_snapshotter_build /opt/overlaybd/snapshotter /opt/overlaybd/snapshotter -COPY --from=overlaybd_snapshotter_build /etc/overlaybd-snapshotter /etc/overlaybd-snapshotter -COPY --from=overlaybd_build /opt/overlaybd /opt/overlaybd -COPY --from=overlaybd_build /etc/overlaybd /etc/overlaybd COPY ./entrypoint ./entrypoint COPY ./docker-entrypoint.d/* ./docker-entrypoint.d/ ENV DOCKER_TMPDIR=/data/docker/tmp diff --git a/dockerproxy/main.go b/dockerproxy/main.go index 200389d..6143145 100644 --- a/dockerproxy/main.go +++ b/dockerproxy/main.go @@ -120,7 +120,6 @@ func main() { httpMux.Handle("/", wrapCommonMiddlewares(dockerProxy())) httpMux.Handle("/flyio/v1/prune", wrapCommonMiddlewares(pruneHandler(dockerClient))) httpMux.Handle("/flyio/v1/extendDeadline", wrapCommonMiddlewares((extendDeadline()))) - httpMux.Handle("/flyio/v1/buildOverlaybdImage", wrapCommonMiddlewares(overlaybdImageHandler())) httpMux.Handle("/flyio/v1/settings", wrapCommonMiddlewares(settingsHandler())) httpServer := &http.Server{ diff --git a/dockerproxy/overlaybd.go b/dockerproxy/overlaybd.go deleted file mode 100644 index d35ac78..0000000 --- a/dockerproxy/overlaybd.go +++ /dev/null @@ -1,62 +0,0 @@ -package main - -import ( - "bytes" - "encoding/json" - "io" - "net/http" - "os" - "os/exec" - "regexp" - "strings" -) - -const converterBin = "/opt/overlaybd/snapshotter/convertor" - -type Body struct { - Repo string `json:"repo"` - Input string `json:"input"` - Output string `json:"output"` - Creds string `json:"creds"` -} - -func overlaybdImageHandler() http.HandlerFunc { - return func(w http.ResponseWriter, r *http.Request) { - var body Body - if err := json.NewDecoder(r.Body).Decode(&body); err != nil { - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte(err.Error())) - return - } - - log.Infof("exec: %s -r %s -i %s -o %s -u ", converterBin, body.Repo, body.Input, body.Output) - - cmd := exec.Command(converterBin, "-r", body.Repo, "-i", body.Input, "-o", body.Output, "-u", body.Creds) - - var output bytes.Buffer - cmd.Stdout = io.MultiWriter(os.Stdout, &output) - cmd.Stderr = io.MultiWriter(os.Stderr, &output) - if err := cmd.Run(); err != nil { - w.WriteHeader(http.StatusInternalServerError) - w.Write(output.Bytes()) - return - } - - outStr := strings.TrimSpace(output.String()) - lines := strings.Split(outStr, "\n") - log.Info(lines) - hashLine := lines[len(lines)-2] - log.Info(hashLine) - - hashRegex := regexp.MustCompile(`sha256:[a-f0-9]{64}`) - hash := hashRegex.FindString(hashLine) - - if hash == "" { - w.WriteHeader(http.StatusInternalServerError) - w.Write([]byte("could not find image hash")) - return - } - w.WriteHeader(http.StatusOK) - w.Write([]byte(hash)) - } -} From f07f6436584f7f461b005d3e75de5d013f75cfd2 Mon Sep 17 00:00:00 2001 From: Jon Phenow Date: Mon, 20 Apr 2026 16:54:37 -0500 Subject: [PATCH 2/2] chore: drop e2fsprogs runtime dep (#43) Added alongside the other overlaybd runtime libs in #32 for overlaybd's ext4 layer construction. Nothing else in the image uses mke2fs/e2fsck/resize2fs/tune2fs. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e98501d..e013d87 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ RUN GOOS=linux GARCH=amd64 CGO_ENABLED=0 go build -o dockerproxy -ldflags "-X ma FROM docker:24.0.7-alpine3.19 ARG BUILD_SHA -RUN apk add bash pigz sysstat procps lsof util-linux-misc xz curl sudo e2fsprogs +RUN apk add bash pigz sysstat procps lsof util-linux-misc xz curl sudo COPY etc/docker/daemon.json /etc/docker/daemon.json COPY --from=dockerproxy_build /app/dockerproxy /dockerproxy COPY --from=docker/buildx-bin:v0.12 /buildx /usr/libexec/docker/cli-plugins/docker-buildx