containerd / zfs Goto Github PK

View Code? Open in Web Editor NEW

67.0 16.0 29.0 3.44 MB

ZFS snapshotter plugin for containerd

License: Apache License 2.0

Go 100.00%

containerd zfs

zfs's Introduction

containerd ZFS snapshotter plugin

ZFS snapshotter plugin for containerd.

This plugin is tested on Linux with Ubuntu. It should be compatible with FreeBSD.

Usage

The plugin is built-in by default since containerd 1.1. No need to recompile containerd or execute a proxy snapshotter process.

Set up a ZFS filesystem. The ZFS filesystem name is arbitrary but the mount point needs to be /var/lib/containerd/io.containerd.snapshotter.v1.zfs, when the containerd root is set to /var/lib/containerd.

$ zfs create -o mountpoint=/var/lib/containerd/io.containerd.snapshotter.v1.zfs your-zpool/containerd

Start containerd.
e.g. ctr pull --snapshotter=zfs ...

Project details

The zfs plugin is a containerd sub-project, licensed under the Apache 2.0 license. As a containerd sub-project, you will find the:

information in our containerd/project repository.

zfs's People

Contributors

Stargazers

Watchers

zfs's Issues

Add CI for FreeBSD

We should run the unit test on FreeBSD, probably using Vagrant on macOS instances of GHA.

ZFS Snapshotter - Excessive ZFS Snapshots?

Description

Seem to be having an issue with containerd ZFS snapshotter potentially not cleaning up snapshots?

Looking at systemd logs, I noticed message such as (not sure if related):

k3s01 k3s[1094942]: E0901 10:54:34.173751 1094942 cri_stats_provider.go:455] "Failed to get the info of the filesystem with mountpoint" err="unable to find data in memory cache" mountpoint="/var/lib/containerd/io.containerd.snapshotter.v1.zfs"

k3s01 k3s[1094942]: E0901 10:54:34.173789 1094942 kubelet.go:1298] "Image garbage collection failed once. Stats initialization may not have completed yet" err="invalid capacity 0 on image filesystem"

Containerd zfs dataset ranges between 34% to 80% capacity depending on when various cleanup and garbage collection happens. It has never reached zero.

This number of snapshots seems high:

$ zfs list -r -t snapshot rpool/containerd | wc -l
1347

For less than 70 containers:

$ sudo crictl ps | wc -l
68

Steps to reproduce the issue

Describe the results you received and expected

Expecting more snapshots to be deleted overtime, but unsure how to verify existing snapshots are actually valid or not.

What version of containerd are you using?

containerd github.com/containerd/containerd 1.5.9-0ubuntu3

Any other relevant information

$ runc --version
runc version 1.1.0-0ubuntu1
spec: 1.0.2-dev
go: go1.17.3
libseccomp: 2.5.3

$ sudo crictl info
{
  "status": {
    "conditions": [
      {
        "type": "RuntimeReady",
        "status": true,
        "reason": "",
        "message": ""
      },
      {
        "type": "NetworkReady",
        "status": true,
        "reason": "",
        "message": ""
      }
    ]
  },
  "cniconfig": {
    "PluginDirs": [
      "/usr/lib/cni"
    ],
    "PluginConfDir": "/etc/cni/net.d",
    "PluginMaxConfNum": 1,
    "Prefix": "eth",
    "Networks": [
      {
        "Config": {
          "Name": "cni-loopback",
          "CNIVersion": "0.3.1",
          "Plugins": [
            {
              "Network": {
                "type": "loopback",
                "ipam": {},
                "dns": {}
              },
              "Source": "{\"type\":\"loopback\"}"
            }
          ],
          "Source": "{\n\"cniVersion\": \"0.3.1\",\n\"name\": \"cni-loopback\",\n\"plugins\": [{\n  \"type\": \"loopback\"\n}]\n}"
        },
        "IFName": "lo"
      },
      {
        "Config": {
          "Name": "cbr0",
          "CNIVersion": "0.3.1",
          "Plugins": [
            {
              "Network": {
                "type": "flannel",
                "ipam": {},
                "dns": {}
              },
              "Source": "{\"delegate\":{\"forceAddress\":true,\"hairpinMode\":true,\"isDefaultGateway\":true},\"type\":\"flannel\"}"
            },
            {
              "Network": {
                "type": "portmap",
                "capabilities": {
                  "portMappings": true
                },
                "ipam": {},
                "dns": {}
              },
              "Source": "{\"capabilities\":{\"portMappings\":true},\"type\":\"portmap\"}"
            }
          ],
          "Source": "{\n  \"name\":\"cbr0\",\n  \"cniVersion\":\"0.3.1\",\n  \"plugins\":[\n    {\n      \"type\":\"flannel\",\n      \"delegate\":{\n        \"hairpinMode\":true,\n        \"forceAddress\":true,\n        \"isDefaultGateway\":true\n      }\n    },\n    {\n      \"type\":\"portmap\",\n      \"capabilities\":{\n        \"portMappings\":true\n      }\n    }\n  ]\n}"
        },
        "IFName": "eth0"
      }
    ]
  },
  "config": {
    "containerd": {
      "snapshotter": "zfs",
      "defaultRuntimeName": "runc",
      "defaultRuntime": {
        "runtimeType": "",
        "runtimeEngine": "",
        "PodAnnotations": [],
        "ContainerAnnotations": [],
        "runtimeRoot": "",
        "options": {},
        "privileged_without_host_devices": false,
        "baseRuntimeSpec": ""
      },
      "untrustedWorkloadRuntime": {
        "runtimeType": "",
        "runtimeEngine": "",
        "PodAnnotations": [],
        "ContainerAnnotations": [],
        "runtimeRoot": "",
        "options": {},
        "privileged_without_host_devices": false,
        "baseRuntimeSpec": ""
      },
      "runtimes": {
        "runc": {
          "runtimeType": "io.containerd.runc.v2",
          "runtimeEngine": "",
          "PodAnnotations": [],
          "ContainerAnnotations": [],
          "runtimeRoot": "",
          "options": {
            "BinaryName": "",
            "CriuImagePath": "",
            "CriuPath": "",
            "CriuWorkPath": "",
            "IoGid": 0,
            "IoUid": 0,
            "NoNewKeyring": false,
            "NoPivotRoot": false,
            "Root": "",
            "ShimCgroup": "",
            "SystemdCgroup": false
          },
          "privileged_without_host_devices": false,
          "baseRuntimeSpec": ""
        }
      },
      "noPivot": false,
      "disableSnapshotAnnotations": true,
      "discardUnpackedLayers": false
    },
    "cni": {
      "binDir": "/usr/lib/cni",
      "confDir": "/etc/cni/net.d",
      "maxConfNum": 1,
      "confTemplate": ""
    },
    "registry": {
      "configPath": "",
      "mirrors": {},
      "configs": {},
      "auths": {},
      "headers": {
        "User-Agent": [
          "containerd/1.5.9-0ubuntu3"
        ]
      }
    },
    "imageDecryption": {
      "keyModel": "node"
    },
    "disableTCPService": true,
    "streamServerAddress": "127.0.0.1",
    "streamServerPort": "0",
    "streamIdleTimeout": "4h0m0s",
    "enableSelinux": false,
    "selinuxCategoryRange": 1024,
    "sandboxImage": "k8s.gcr.io/pause:3.5",
    "statsCollectPeriod": 10,
    "systemdCgroup": false,
    "enableTLSStreaming": false,
    "x509KeyPairStreaming": {
      "tlsCertFile": "",
      "tlsKeyFile": ""
    },
    "maxContainerLogSize": 16384,
    "disableCgroup": false,
    "disableApparmor": false,
    "restrictOOMScoreAdj": false,
    "maxConcurrentDownloads": 3,
    "disableProcMount": false,
    "unsetSeccompProfile": "",
    "tolerateMissingHugetlbController": true,
    "disableHugetlbController": true,
    "ignoreImageDefinedVolumes": false,
    "netnsMountsUnderStateDir": false,
    "containerdRootDir": "/var/lib/containerd",
    "containerdEndpoint": "/run/containerd/containerd.sock",
    "rootDir": "/var/lib/containerd/io.containerd.grpc.v1.cri",
    "stateDir": "/run/containerd/io.containerd.grpc.v1.cri"
  },
  "golang": "go1.18",
  "lastCNILoadStatus": "OK"
}

$ uname -a
Linux k3s01 5.15.0-47-generic containerd/containerd#51-Ubuntu SMP Thu Aug 11 07:51:15 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Show configuration if it is related to CRI plugin.

$ cat /etc/containerd/config.toml 
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
version = 2

[cgroup]
  path = ""

[debug]
  address = ""
  format = ""
  gid = 0
  level = ""
  uid = 0

[grpc]
  address = "/run/containerd/containerd.sock"
  gid = 0
  max_recv_message_size = 16777216
  max_send_message_size = 16777216
  tcp_address = ""
  tcp_tls_cert = ""
  tcp_tls_key = ""
  uid = 0

[metrics]
  address = ""
  grpc_histogram = false

[plugins]

  [plugins."io.containerd.gc.v1.scheduler"]
    deletion_threshold = 0
    mutation_threshold = 100
    pause_threshold = 0.02
    schedule_delay = "0s"
    startup_delay = "100ms"

  [plugins."io.containerd.grpc.v1.cri"]
    disable_apparmor = false
    disable_cgroup = false
    disable_hugetlb_controller = true
    disable_proc_mount = false
    disable_tcp_service = true
    enable_selinux = false
    enable_tls_streaming = false
    ignore_image_defined_volumes = false
    max_concurrent_downloads = 3
    max_container_log_line_size = 16384
    netns_mounts_under_state_dir = false
    restrict_oom_score_adj = false
    sandbox_image = "k8s.gcr.io/pause:3.5"
    selinux_category_range = 1024
    stats_collect_period = 10
    stream_idle_timeout = "4h0m0s"
    stream_server_address = "127.0.0.1"
    stream_server_port = "0"
    systemd_cgroup = false
    tolerate_missing_hugetlb_controller = true
    unset_seccomp_profile = ""

    [plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/usr/lib/cni"
      conf_dir = "/etc/cni/net.d"
      conf_template = ""
      max_conf_num = 1

    [plugins."io.containerd.grpc.v1.cri".containerd]
      default_runtime_name = "runc"
      disable_snapshot_annotations = true
      discard_unpacked_layers = false
      no_pivot = false
      snapshotter = "zfs"

      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
        base_runtime_spec = ""
        container_annotations = []
        pod_annotations = []
        privileged_without_host_devices = false
        runtime_engine = ""
        runtime_root = ""
        runtime_type = ""

        [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]

      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]

        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
          base_runtime_spec = ""
          container_annotations = []
          pod_annotations = []
          privileged_without_host_devices = false
          runtime_engine = ""
          runtime_root = ""
          runtime_type = "io.containerd.runc.v2"

          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
            BinaryName = ""
            CriuImagePath = ""
            CriuPath = ""
            CriuWorkPath = ""
            IoGid = 0
            IoUid = 0
            NoNewKeyring = false
            NoPivotRoot = false
            Root = ""
            ShimCgroup = ""
            SystemdCgroup = false

      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
        base_runtime_spec = ""
        container_annotations = []
        pod_annotations = []
        privileged_without_host_devices = false
        runtime_engine = ""
        runtime_root = ""
        runtime_type = ""

        [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]

    [plugins."io.containerd.grpc.v1.cri".image_decryption]
      key_model = "node"

    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]

    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
      tls_cert_file = ""
      tls_key_file = ""

  [plugins."io.containerd.internal.v1.opt"]
    path = "/opt/containerd"

  [plugins."io.containerd.internal.v1.restart"]
    interval = "10s"

  [plugins."io.containerd.metadata.v1.bolt"]
    content_sharing_policy = "shared"

  [plugins."io.containerd.monitor.v1.cgroups"]
    no_prometheus = false

  [plugins."io.containerd.runtime.v1.linux"]
    no_shim = false
    runtime = "runc"
    runtime_root = ""
    shim = "containerd-shim"
    shim_debug = false

  [plugins."io.containerd.runtime.v2.task"]
    platforms = ["linux/amd64"]

  [plugins."io.containerd.service.v1.diff-service"]
    default = ["walking"]

  [plugins."io.containerd.snapshotter.v1.aufs"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.btrfs"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.devmapper"]
    async_remove = false
    base_image_size = ""
    pool_name = ""
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.native"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.overlayfs"]
    root_path = ""

  [plugins."io.containerd.snapshotter.v1.zfs"]
    root_path = ""

[proxy_plugins]

[stream_processors]

  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
    path = "ctd-decoder"
    returns = "application/vnd.oci.image.layer.v1.tar"

  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
    path = "ctd-decoder"
    returns = "application/vnd.oci.image.layer.v1.tar+gzip"

[timeouts]
  "io.containerd.timeout.shim.cleanup" = "5s"
  "io.containerd.timeout.shim.load" = "5s"
  "io.containerd.timeout.shim.shutdown" = "3s"
  "io.containerd.timeout.task.state" = "2s"

[ttrpc]
  address = ""
  gid = 0
  uid = 0

Move zfs code into root

I think you can move the zfs code into the root of the repo so that users can just import the snapshotter without having to dig deeper. What do you think?

Containerd doesn't seem to be cleaning up after deleted containers

I've been running a microk8s instance on a server as a way to experiment with k8s. Today I was running low on disk and discovered this:

$ zfs list -r rpool/containerd -o name,used,creation | sort -k 2 -h
[...]
rpool/containerd/3487   3.91G  Wed Jun 26 23:41 2019
rpool/containerd/3530   3.91G  Thu Jun 27 12:03 2019
rpool/containerd/3582   3.91G  Thu Jun 27 14:05 2019
rpool/containerd/3594   3.91G  Thu Jun 27 14:17 2019
rpool/containerd/3754   3.91G  Fri Jun 28 11:47 2019
rpool/containerd/3961   3.91G  Mon Jul 22 12:05 2019
rpool/containerd/4015   3.91G  Mon Jul 22 14:54 2019
rpool/containerd/4650   3.91G  Wed Aug  7 11:32 2019
rpool/containerd/4658   3.91G  Wed Aug  7 11:35 2019
rpool/containerd/5798   3.91G  Thu Sep  5 12:17 2019
rpool/containerd/5852   3.91G  Thu Sep  5 14:58 2019
rpool/containerd/5971   3.91G  Fri Sep  6 12:24 2019
rpool/containerd/5983   3.91G  Fri Sep  6 12:47 2019
rpool/containerd/6027   3.91G  Fri Sep  6 14:27 2019
rpool/containerd/7364   3.91G  Sun Nov 17 19:48 2019
rpool/containerd/754    3.91G  Thu May  9 13:32 2019
rpool/containerd/784    3.91G  Thu May  9 13:57 2019
rpool/containerd/796    3.91G  Thu May  9 14:15 2019
rpool/containerd/821    3.91G  Sun May 12 16:58 2019
rpool/containerd/846    3.91G  Mon May 13  8:19 2019
rpool/containerd/874    3.91G  Mon May 13  9:40 2019
rpool/containerd/987    3.91G  Wed May 15 15:34 2019
rpool/containerd/2461   4.94G  Fri May 31 15:07 2019
rpool/containerd/2650   4.94G  Fri Jun  7 10:35 2019

These are left over from containers that are not longer listed in microk8s.ctr -n k8s.io container ls.

zfs plugin fails to load with error="invalid zfs configuration"

When running a containerd build with the zfs plugin registered, the plugin fails to load due to error="invalid zfs configuration". The failure occurs here and appears to be due to the ic.Config being nil.

Port unit tests to FreeBSD

The current unit tests are // +build linux and are not trivially-enabled on FreeBSD due to dependencies like github.com/containerd/continuity/testutil/loopback. Before we enable CI (#44), it'd be useful to get the tests to run.

implement Usage

Unlike btrfs, just returning USED field should be ok for zfs, I guess

https://linux.die.net/man/8/zfs

used
   The amount of space consumed by this dataset and all its descendents

related: containerd/containerd#1801 (btrfs)

travis not working

https://travis-ci.org/AkihiroSuda/containerd-zfs/builds/247436767

...
Setting up ubuntu-zfs (8~trusty) ...
Processing triggers for libc-bin (2.19-0ubuntu6.13) ...
modprobe: FATAL: Module zfs not found.
The command "sudo apt-add-repository -y ppa:zfs-native/stable && sudo apt-get update && sudo apt-get -y install ubuntu-zfs && sudo modprobe zfs" failed and exited with 1 during .

Using deprecated versions of github.com/containerd/containerd

Hi!
A lot of outdated github.com/containerd/containerd are referenced in go.sum file.

Limit for snapshot size

I am wondering how snapshot size limits are configured or if this is still unsupported. I can see Usage was implemented with #38 but if I am not mistaken maxSnapshotSize never gets assigned from configuration?

Use defered destroy for better performance

Currently destroying containers is very slow, especially on pools with slow media.

Issue is especially painful after reboot when large about of containers is recreated

Is there any reason to not replace DestroyDefault with DestroyDeferDeletion?

ZFS datasets not cleaned up

Hi,

It seems ZFS datasets from old containers aren't cleaned up by the snapshotter. Every time I reboot my server, new datasets are created for the new containers, and the old ones aren't cleaned up.

Right now I use the following script every now and then to cleanup old datasets:

# Get currently mounted ZFS filesystems
mount | grep -oP "rpool/containerd/[0-9]+" > zfs_mounts.txt

# Get ZFS datasets
zfs list -H -r rpool/containerd -o name | grep -oP "rpool/containerd/[0-9]+" > zfs_datasets.txt

# Compare
comm -13 zfs_mounts.txt zfs_datasets.txt > zfs_to_delete.txt

# Perform cleanup
cat zfs_to_delete.txt | xargs -I {} zfs destroy -r {}

Also the number used for the datasets is ever increasing, old numbers aren't reused. Also because of this bug, my datasets are well in the 90.000 now.

Data corruption on container image storage

Hi,

I'm experiencing data corruption because of this plugin on my ZFS file system.

My server is running Ubuntu 20.04 with root on ZFS on an NVMe drive, with k3s and this plugin for containerd. I've setup a separate dataset for container image according to the documentation, and the datasets within it are sometimes experiencing corruption when my server get's rebooted.

In an attempt to fix it - since the datasets hold images that can be re-downloaded anyway - I've stopped k3s and all pods, deleted all image and datasets, and rebooted my server.

Before the cleanup:

jeroen@mediaserver:~$ sudo zpool status rpool -v
  pool: rpool
 state: ONLINE
status: One or more devices has experienced an error resulting in data
        corruption.  Applications may be affected.
action: Restore the file in question if possible.  Otherwise restore the
        entire pool from backup.
   see: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-8A
  scan: scrub repaired 0B in 00:00:08 with 0 errors on Fri Apr  8 10:58:29 2022
config:

        NAME                                    STATE     READ WRITE CKSUM
        rpool                                   ONLINE       0     0     0
          5ca738f2-6682-b54e-a259-6dac8cafcbbb  ONLINE       0     0     0

errors: Permanent errors have been detected in the following files:

        <0xfb52>:<0x0>
        rpool/containerd/8715:<0x0>
        rpool/containerd/8712:<0x0>

The cleanup:

systemctl stop k3s

# Stop and remove all pods
crictl --runtime-endpoint="unix:///run/containerd/containerd.sock" pods -q | xargs -P10 -n1 -I {} crictl stopp {}
ip netns list | cut -d' ' -f 1 | xargs -n1 ip netns delete; crictl --runtime-endpoint="unix:///run/containerd/containerd.sock" rmp -af
crictl --runtime-endpoint="unix:///run/containerd/containerd.sock" rmp -a

# Stop and remove all containers
crictl --runtime-endpoint="unix:///run/containerd/containerd.sock" ps -q | xargs crictl --runtime-endpoint="unix:///run/containerd/containerd.sock" rm
crictl --runtime-endpoint="unix:///run/containerd/containerd.sock" rm -a

# Prune images
crictl --runtime-endpoint="unix:///run/containerd/containerd.sock" images -q | xargs -n 1 crictl --runtime-endpoint="unix:///run/containerd/containerd.sock" rmi 2>/dev/null

# Cleanup old ZFS volumes
zfs list -o name | grep "rpool/containerd/" | xargs -n 1 zfs destroy -R

After the cleanup:

jeroen@mediaserver:~$ sudo zpool status rpool -v
  pool: rpool
 state: ONLINE
status: One or more devices has experienced an error resulting in data
        corruption.  Applications may be affected.
action: Restore the file in question if possible.  Otherwise restore the
        entire pool from backup.
   see: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-8A
  scan: scrub repaired 0B in 00:00:20 with 0 errors on Tue May  3 16:53:59 2022
config:

        NAME                                    STATE     READ WRITE CKSUM
        rpool                                   ONLINE       0     0     0
          5ca738f2-6682-b54e-a259-6dac8cafcbbb  ONLINE       0     0     0

errors: Permanent errors have been detected in the following files:

        <0xfb52>:<0x0>
        <0x89be>:<0x0>
        <0x88d2>:<0x0>

The ZFS corruption errors persist, and have become unrecognizable.

Dataset overview for rpool:

jeroen@mediaserver:~$ zfs list rpool -r
NAME                                               USED  AVAIL     REFER  MOUNTPOINT
rpool                                             18.9G   427G      192K  /
rpool/ROOT                                        12.3G   427G      192K  none
rpool/ROOT/ubuntu_saxjsv                          12.3G   427G     2.88G  /
rpool/ROOT/ubuntu_saxjsv/srv                       192K   427G      192K  /srv
rpool/ROOT/ubuntu_saxjsv/usr                      68.4M   427G      192K  /usr
rpool/ROOT/ubuntu_saxjsv/usr/local                68.2M   427G     66.5M  /usr/local
rpool/ROOT/ubuntu_saxjsv/var                      6.67G   427G      192K  /var
rpool/ROOT/ubuntu_saxjsv/var/games                 192K   427G      192K  /var/games
rpool/ROOT/ubuntu_saxjsv/var/lib                  6.15G   427G     1.43G  /var/lib
rpool/ROOT/ubuntu_saxjsv/var/lib/AccountsService   204K   427G      204K  /var/lib/AccountsService
rpool/ROOT/ubuntu_saxjsv/var/lib/NetworkManager   4.63M   427G      292K  /var/lib/NetworkManager
rpool/ROOT/ubuntu_saxjsv/var/lib/apt               307M   427G     65.0M  /var/lib/apt
rpool/ROOT/ubuntu_saxjsv/var/lib/dpkg              156M   427G     35.1M  /var/lib/dpkg
rpool/ROOT/ubuntu_saxjsv/var/log                   531M   427G      335M  /var/log
rpool/ROOT/ubuntu_saxjsv/var/mail                  192K   427G      192K  /var/mail
rpool/ROOT/ubuntu_saxjsv/var/snap                  264K   427G      192K  /var/snap
rpool/ROOT/ubuntu_saxjsv/var/spool                1.60M   427G      236K  /var/spool
rpool/ROOT/ubuntu_saxjsv/var/www                   200K   427G      200K  /var/www
rpool/USERDATA                                     859M   427G      192K  /
rpool/USERDATA/jeroen_ciqwh3                       857M   427G      784M  /home/jeroen
rpool/USERDATA/root_ciqwh3                        1.68M   427G      436K  /root
rpool/containerd                                  2.56G   427G     1.82M  /var/lib/containerd/io.containerd.snapshotter.v1.zfs
rpool/containerd/8908                              596K   427G      596K  legacy
rpool/containerd/8909                              176K   427G      628K  legacy
rpool/containerd/8910                             5.81M   427G     5.81M  legacy
rpool/containerd/8911                             1.91M   427G     7.25M  legacy
rpool/containerd/8912                              148K   427G     7.29M  legacy
rpool/containerd/8913                              576K   427G     7.29M  legacy
rpool/containerd/8914                              576K   427G     7.29M  legacy
rpool/containerd/8915                              176K   427G      628K  legacy
rpool/containerd/8916                              176K   427G      628K  legacy
rpool/containerd/8917                              176K   427G      628K  legacy
rpool/containerd/8918                              176K   427G      628K  legacy
rpool/containerd/8919                              176K   427G      628K  legacy
rpool/containerd/8920                             10.1M   427G     10.1M  legacy
rpool/containerd/8921                              176K   427G      628K  legacy
rpool/containerd/8922                             10.1M   427G     10.1M  legacy
rpool/containerd/8923                             10.2M   427G     10.2M  legacy
rpool/containerd/8924                              176K   427G      628K  legacy
rpool/containerd/8925                             15.7M   427G     25.8M  legacy
rpool/containerd/8926                             18.0M   427G     28.0M  legacy
rpool/containerd/8927                             22.9M   427G     32.9M  legacy
rpool/containerd/8928                              172K   427G     25.8M  legacy
rpool/containerd/8929                              132K   427G     25.8M  legacy
rpool/containerd/8930                              208K   427G      208K  legacy
rpool/containerd/8931                              224K   427G     25.8M  legacy
rpool/containerd/8932                             59.0M   427G     59.0M  legacy
rpool/containerd/8933                              152K   427G      216K  legacy
rpool/containerd/8934                              152K   427G      224K  legacy
rpool/containerd/8935                              160K   427G      240K  legacy
rpool/containerd/8936                             37.7M   427G     37.8M  legacy
rpool/containerd/8937                              176K   427G      628K  legacy
rpool/containerd/8938                              176K   427G      628K  legacy
rpool/containerd/8939                              172K   427G     28.1M  legacy
rpool/containerd/8940                              176K   427G      628K  legacy
rpool/containerd/8941                             5.82M   427G     5.82M  legacy
rpool/containerd/8942                              132K   427G     28.1M  legacy
rpool/containerd/8943                              200K   427G      200K  legacy
rpool/containerd/8944                              224K   427G     28.1M  legacy
rpool/containerd/8945                              152K   427G      208K  legacy
rpool/containerd/8946                              176K   427G      628K  legacy
rpool/containerd/8947                              176K   427G      628K  legacy
rpool/containerd/8948                             10.3M   427G     10.4M  legacy
rpool/containerd/8949                              176K   427G      628K  legacy
rpool/containerd/8950                              176K   427G      628K  legacy
rpool/containerd/8951                              176K   427G      628K  legacy
rpool/containerd/8952                              176K   427G      628K  legacy
rpool/containerd/8953                             37.7M   427G     47.9M  legacy
rpool/containerd/8954                             2.17M   427G     7.30M  legacy
rpool/containerd/8955                             32.9M   427G     40.1M  legacy
rpool/containerd/8956                             37.7M   427G     48.0M  legacy
rpool/containerd/8957                              904K   427G      904K  legacy
rpool/containerd/8958                             67.8M   427G     67.8M  legacy
rpool/containerd/8959                             10.4M   427G     48.0M  legacy
rpool/containerd/8960                              176K   427G      628K  legacy
rpool/containerd/8961                              176K   427G      628K  legacy
rpool/containerd/8962                              172K   427G     32.9M  legacy
rpool/containerd/8963                              208K   427G      208K  legacy
rpool/containerd/8964                              208K   427G      208K  legacy
rpool/containerd/8965                             31.4M   427G     79.1M  legacy
rpool/containerd/8966                              448K   427G     59.1M  legacy
rpool/containerd/8967                             2.14M   427G     42.0M  legacy
rpool/containerd/8968                              132K   427G     32.9M  legacy
rpool/containerd/8969                             19.9M   427G     20.7M  legacy
rpool/containerd/8970                             14.6M   427G     71.0M  legacy
rpool/containerd/8971                              716K   427G      716K  legacy
rpool/containerd/8972                             1.16M   427G     1.20M  legacy
rpool/containerd/8973                             1.35M   427G     1.35M  legacy
rpool/containerd/8974                             5.96M   427G     5.96M  legacy
rpool/containerd/8975                             24.7M   427G     72.5M  legacy
rpool/containerd/8976                             2.03M   427G     81.0M  legacy
rpool/containerd/8977                             1.81M   427G     1.86M  legacy
rpool/containerd/8978                             24.7M   427G     72.5M  legacy
rpool/containerd/8979                             1.59M   427G     72.3M  legacy
rpool/containerd/8980                              772K   427G     1.82M  legacy
rpool/containerd/8981                              392K   427G     42.0M  legacy
rpool/containerd/8982                              224K   427G     32.9M  legacy
rpool/containerd/8983                             2.70M   427G     4.39M  legacy
rpool/containerd/8984                              792K   427G     73.1M  legacy
rpool/containerd/8985                             10.3M   427G     12.0M  legacy
rpool/containerd/8986                             3.15M   427G     75.1M  legacy
rpool/containerd/8987                              792K   427G     73.1M  legacy
rpool/containerd/8988                              328K   427G     1.53M  legacy
rpool/containerd/8989                              452K   427G     81.1M  legacy
rpool/containerd/8990                              204K   427G      776K  legacy
rpool/containerd/8991                             2.71M   427G     6.96M  legacy
rpool/containerd/8992                             1.75M   427G     76.4M  legacy
rpool/containerd/8993                             12.9M   427G     18.8M  legacy
rpool/containerd/8994                             37.7M   427G     49.5M  legacy
rpool/containerd/8995                              448K   427G     73.2M  legacy
rpool/containerd/8996                              448K   427G     73.2M  legacy
rpool/containerd/8997                             5.10M   427G     6.52M  legacy
rpool/containerd/8998                             1.76M   427G     8.58M  legacy
rpool/containerd/8999                             42.2M   427G      108M  legacy
rpool/containerd/9000                              384K   427G     76.4M  legacy
rpool/containerd/9001                              160K   427G      792K  legacy
rpool/containerd/9002                              164K   427G     8.63M  legacy
rpool/containerd/9003                             5.93M   427G     5.93M  legacy
rpool/containerd/9004                             37.7M   427G     38.3M  legacy
rpool/containerd/9005                              152K   427G     76.4M  legacy
rpool/containerd/9006                             6.14M   427G     6.14M  legacy
rpool/containerd/9007                             3.40M   427G     11.9M  legacy
rpool/containerd/9008                              184K   427G     76.4M  legacy
rpool/containerd/9009                              312K   427G     18.8M  legacy
rpool/containerd/9010                              184K   427G     76.4M  legacy
rpool/containerd/9011                              392K   427G     12.0M  legacy
rpool/containerd/9012                              412K   427G     76.4M  legacy
rpool/containerd/9013                              272K   427G     6.57M  legacy
rpool/containerd/9014                             3.41M   427G     76.5M  legacy
rpool/containerd/9015                             2.35M   427G     8.14M  legacy
rpool/containerd/9016                             10.1M   427G     10.1M  legacy
rpool/containerd/9017                             1.30M   427G     76.5M  legacy
rpool/containerd/9018                             32.0M   427G     42.0M  legacy
rpool/containerd/9019                             23.2M   427G     72.6M  legacy
rpool/containerd/9020                              308K   427G     8.14M  legacy
rpool/containerd/9021                             1.45M   427G     6.95M  legacy
rpool/containerd/9022                              384K   427G     6.97M  legacy
rpool/containerd/9023                              316K   427G     7.14M  legacy
rpool/containerd/9024                              636K   427G     7.59M  legacy
rpool/containerd/9025                              216K   427G     42.0M  legacy
rpool/containerd/9026                              344K   427G     7.81M  legacy
rpool/containerd/9027                              244K   427G      244K  legacy
rpool/containerd/9028                              292K   427G     7.93M  legacy
rpool/containerd/9029                              176K   427G     7.93M  legacy
rpool/containerd/9030                              176K   427G     7.93M  legacy
rpool/containerd/9031                              120K   427G      252K  legacy
rpool/containerd/9032                             2.72M   427G     8.72M  legacy
rpool/containerd/9033                              148K   427G     7.93M  legacy
rpool/containerd/9034                             37.7M   427G     37.8M  legacy
rpool/containerd/9035                             4.63M   427G     10.5M  legacy
rpool/containerd/9036                              528K   427G     7.95M  legacy
rpool/containerd/9037                              212K   427G     10.5M  legacy
rpool/containerd/9038                             12.8M   427G     21.8M  legacy
rpool/containerd/9039                              304K   427G     21.9M  legacy
rpool/containerd/9040                             66.0M   427G     86.4M  legacy
rpool/containerd/9041                              288K   427G     20.8M  legacy
rpool/containerd/9042                              176K   427G      628K  legacy
rpool/containerd/9043                              528K   427G     7.95M  legacy
rpool/containerd/9044                              188K   427G      108M  legacy
rpool/containerd/9045                              196K   427G      108M  legacy
rpool/containerd/9046                              196K   427G      108M  legacy
rpool/containerd/9047                              196K   427G      108M  legacy
rpool/containerd/9048                             1.20M   427G      108M  legacy
rpool/containerd/9049                                8K   427G      108M  legacy
rpool/containerd/9050                                0B   427G      108M  legacy
rpool/containerd/9051                                0B   427G      108M  legacy
rpool/containerd/9052                             2.41M   427G      108M  legacy
rpool/containerd/9053                             16.8M   427G      125M  legacy
rpool/containerd/9054                              432K   427G     72.7M  legacy
rpool/containerd/9055                             10.4M   427G     48.0M  legacy
rpool/containerd/9056                              560K   427G     86.4M  legacy
rpool/containerd/9057                             10.4M   427G     48.5M  legacy
rpool/containerd/9058                             1.12M   427G      125M  legacy
rpool/containerd/9059                             74.3M   427G      122M  legacy
rpool/containerd/9060                             2.50M   427G     87.1M  legacy
rpool/containerd/9061                             30.1M   427G     78.4M  legacy
rpool/containerd/9062                              172K   427G     78.4M  legacy
rpool/containerd/9063                              124K   427G     78.4M  legacy
rpool/containerd/9064                              496K   427G     78.5M  legacy
rpool/containerd/9065                              504K   427G      122M  legacy
rpool/containerd/9066                              176K   427G      628K  legacy
rpool/containerd/9067                              528K   427G     7.95M  legacy
rpool/containerd/9068                              111M   427G      111M  legacy
rpool/containerd/9069                              176K   427G      628K  legacy
rpool/containerd/9070                              528K   427G     7.95M  legacy
rpool/containerd/9071                              168K   427G      111M  legacy
rpool/containerd/9072                             3.04M   427G      112M  legacy
rpool/containerd/9073                              176K   427G      628K  legacy
rpool/containerd/9074                              528K   427G     7.95M  legacy
rpool/containerd/9075                              176K   427G      628K  legacy
rpool/containerd/9076                              528K   427G     7.95M  legacy
rpool/containerd/9077                              176K   427G      628K  legacy
rpool/containerd/9078                              528K   427G     7.95M  legacy
rpool/containerd/9079                              176K   427G      628K  legacy
rpool/containerd/9080                              528K   427G     7.95M  legacy
rpool/containerd/9081                              176K   427G      628K  legacy
rpool/containerd/9082                              528K   427G     7.95M  legacy
rpool/containerd/9083                              176K   427G      628K  legacy
rpool/containerd/9084                              528K   427G     7.95M  legacy
rpool/containerd/9085                              176K   427G      628K  legacy
rpool/containerd/9086                              528K   427G     7.95M  legacy
rpool/containerd/9087                              176K   427G      628K  legacy
rpool/containerd/9088                              528K   427G     7.95M  legacy
rpool/containerd/9089                              176K   427G      628K  legacy
rpool/containerd/9090                              528K   427G     7.95M  legacy
rpool/containerd/9091                              176K   427G      628K  legacy
rpool/containerd/9092                              528K   427G     7.95M  legacy
rpool/containerd/9093                              176K   427G      628K  legacy
rpool/containerd/9094                              176K   427G      628K  legacy
rpool/containerd/9095                             4.46M   427G     9.50M  legacy
rpool/containerd/9096                             6.13M   427G     6.13M  legacy
rpool/containerd/9097                              392K   427G     9.52M  legacy
rpool/containerd/9098                              360K   427G     9.56M  legacy
rpool/containerd/9099                             11.0M   427G     20.0M  legacy
rpool/containerd/9100                             2.72M   427G     8.71M  legacy
rpool/containerd/9101                             4.63M   427G     10.5M  legacy
rpool/containerd/9102                              212K   427G     10.5M  legacy
rpool/containerd/9103                             12.8M   427G     21.8M  legacy
rpool/containerd/9104                              304K   427G     21.9M  legacy
rpool/containerd/9105                              104M   427G      122M  legacy
rpool/containerd/9106                              188K   427G     20.0M  legacy
rpool/containerd/9107                             21.9M   427G     40.6M  legacy
rpool/containerd/9108                              200K   427G     40.6M  legacy
rpool/containerd/9109                              544K   427G     40.6M  legacy
rpool/containerd/9110                              280K   427G     40.7M  legacy
rpool/containerd/9111                             1.66M   427G     41.8M  legacy
rpool/containerd/9112                             41.6M   427G     80.9M  legacy
rpool/containerd/9113                              484K   427G     80.9M  legacy
rpool/containerd/9114                              344M   427G      424M  legacy
rpool/containerd/9115                             16.9M   427G      139M  legacy
rpool/containerd/9116                              348K   427G      139M  legacy
rpool/containerd/9117                             2.29M   427G      139M  legacy
rpool/containerd/9118                              176K   427G      628K  legacy
rpool/containerd/9119                              176K   427G      628K  legacy
rpool/containerd/9120                             59.0M   427G     59.0M  legacy
rpool/containerd/9121                              288K   427G      424M  legacy
rpool/containerd/9122                              472K   427G      424M  legacy
rpool/containerd/9123                             67.8M   427G     67.8M  legacy
rpool/containerd/9124                             1.52M   427G      424M  legacy
rpool/containerd/9125                             17.3M   427G     22.4M  legacy
rpool/containerd/9126                              156K   427G     22.4M  legacy
rpool/containerd/9127                              236M   427G      302M  legacy
rpool/containerd/9128                              156K   427G     22.4M  legacy
rpool/containerd/9129                              156K   427G     22.4M  legacy
rpool/containerd/9130                              156K   427G     22.5M  legacy
rpool/containerd/9131                              900K   427G     22.6M  legacy
rpool/containerd/9132                              480K   427G     59.1M  legacy
rpool/containerd/9133                             35.4M   427G     91.8M  legacy
rpool/containerd/9134                             1.48M   427G     93.0M  legacy
rpool/containerd/9135                             90.6M   427G      183M  legacy
rpool/containerd/9136                             1.73M   427G      184M  legacy
rpool/containerd/9137                              424K   427G      184M  legacy
rpool/containerd/9138                              160K   427G      184M  legacy
rpool/containerd/9139                              200K   427G      184M  legacy
rpool/containerd/9140                              308K   427G      184M  legacy
rpool/containerd/9141                              460K   427G      184M  legacy
rpool/containerd/9142                             2.85M   427G      184M  legacy
rpool/containerd/9143                              294M   427G      592M  legacy
rpool/containerd/9144                             1.22M   427G      593M  legacy
rpool/containerd/9145                             18.3M   427G      611M  legacy
rpool/containerd/9146                             1.11M   427G      611M  legacy
rpool/containerd/9147                              312K   427G      611M  legacy
rpool/containerd/9148                              244K   427G      611M  legacy
rpool/containerd/9149                              252K   427G      611M  legacy
rpool/containerd/9150                              252K   427G      611M  legacy
rpool/containerd/9151                              252K   427G      611M  legacy
rpool/containerd/9152                              316K   427G      611M  legacy
rpool/containerd/9153                              348K   427G      611M  legacy
rpool/containerd/9154                              656K   427G      611M  legacy
rpool/containerd/9155                             5.88M   427G      430M  legacy
rpool/containerd/9156                             5.26M   427G      430M  legacy
rpool/containerd/9157                              176K   427G      628K  legacy
rpool/containerd/9158                              528K   427G     7.95M  legacy

How to proceed from here?

`make test` locally failing with containerd@f3b85a91b09cdd786fc3ad624b98618cd0e3313e

    --- FAIL: TestZFS/Basic (0.90s)
        helpers.go:23: unmount /tmp/snapshot-suite-zfs-211154264/work/nextnextlayer
        helpers.go:25: Could not umount /tmp/snapshot-suite-zfs-211154264/work/nextnextlayer invalid argument
        helpers.go:23: unmount /tmp/snapshot-suite-zfs-211154264/work/nextlayer
        helpers.go:23: unmount /tmp/snapshot-suite-zfs-211154264/work/preparing
        helpers.go:73: drwx------ /tmp/snapshot-suite-zfs-211154264
        helpers.go:73: drwxrwxrwx /tmp/snapshot-suite-zfs-211154264/root
        helpers.go:73: drwxrwxrwx /tmp/snapshot-suite-zfs-211154264/work
        helpers.go:73: drwxrwxrwx /tmp/snapshot-suite-zfs-211154264/work/nextlayer
        helpers.go:73: drwxrwxrwx /tmp/snapshot-suite-zfs-211154264/work/nextnextlayer
        helpers.go:73: drwxrwxrwx /tmp/snapshot-suite-zfs-211154264/work/preparing
        loopback_linux.go:34: Created loop device /dev/loop19 (using /tmp/containerd-test-loopback287795486)
        loopback_linux.go:38: Removing loop device /dev/loop19
        loopback_linux.go:46: Removing temporary file /tmp/containerd-test-loopback287795486

The test passes with containerd/containerd#1103

Datasets don't seem to be cleaned up properly on image removal.

When removing an image, the associated snapshot is removed but the zfs filesystem is left behind:

% sudo zfs list -r dataz/k8s/containerd -t all
NAME                   USED  AVAIL  REFER  MOUNTPOINT
dataz/k8s/containerd   184K  3.41T   184K  /dataz/k8s/containerd

% sudo CONTAINERD_SNAPSHOTTER=zfs ctr images pull docker.io/library/busybox:latest
docker.io/library/busybox:latest:                                                 resolved       
...snip...
unpacking linux/amd64 sha256:4b6ad3a68d34da29bf7c8ccb5d355ba8b4babcad1f99798204e7abb43e54ee3d...
done

% sudo zfs list -r dataz/k8s/containerd -t all
NAME                              USED  AVAIL  REFER  MOUNTPOINT
dataz/k8s/containerd             2.03M  3.41T   960K  /dataz/k8s/containerd
dataz/k8s/containerd/5           1.09M  3.41T  1.09M  legacy
dataz/k8s/containerd/5@snapshot     0B      -  1.09M  -

% sudo CONTAINERD_SNAPSHOTTER=zfs ctr images rm docker.io/library/busybox:latest
docker.io/library/busybox:latest

% sudo zfs list -r dataz/k8s/containerd -t all
NAME                     USED  AVAIL  REFER  MOUNTPOINT
dataz/k8s/containerd    1.27M  3.41T   184K  /dataz/k8s/containerd
dataz/k8s/containerd/5  1.09M  3.41T  1.09M  legacy

It seems to work for removing snapshots and also removing the read/write images created during container execution. It just seems to leave behind the base image filesystem.

Please let me know if there's any more information I can provide.

Remove(): attempt roll-back on error

https://github.com/AkihiroSuda/containerd-zfs/blob/38d2d2b98fcc5b66d53b61a63e104ac35ae5deb9/snapshot/zfs/zfs.go#L271