image: add banger image cache prune for OCI cache cleanup
OCI layer blobs accumulate forever — every pull writes layers to
~/.cache/banger/oci/blobs/sha256/<hex> via go-containerregistry's
filesystem cache, and nothing ever evicts them. The cache is purely
a re-pull-avoidance (every flattened image is independent of the
blobs that sourced it), so it's a perfect candidate for an opt-in
operator-driven prune.
New surface:
* api: ImageCachePruneParams{DryRun}, ImageCachePruneResult
{BytesFreed, BlobsFreed, DryRun, CacheDir}.
* daemon: ImageService.PruneOCICache walks layout.OCICacheDir for
a (bytes, blobs) tally, then — outside dry-run — atomically
renames the cache aside, recreates it empty, and rm -rf's the
aside dir. The rename-then-rm avoids leaving the cache in a
half-removed state if a pull starts mid-prune (the in-flight
pull's open files survive the rename via standard Linux
semantics; it just sees a fresh empty cache afterwards). Missing
cache dir is treated as zero — fresh installs that have never
pulled an OCI image don't error.
* dispatch: image.cache.prune RPC (paramHandler-wrapped, mirroring
every other image RPC). Documented-methods test list updated.
* cli: `banger image cache` group with a `prune` subcommand
(--dry-run flag). Output is a single line: "freed 1.2 GiB
across 47 blob(s) in /var/cache/banger/oci" or "would free …".
formatBytes helper for the size pretty-print.
docs/oci-import.md: replaced the "Tech debt: cache eviction" bullet
with a "Cache lifecycle" section describing the new command and
the in-flight-pull caveat.
Tests: PruneOCICache covers the happy path (real prune empties the
cache, recreates an empty dir, doesn't leak the .pruning- aside),
the dry-run path (returns size, leaves blobs intact), and the
fresh-install path (cache dir absent → zero result, no error).
Smoke at JOBS=4 still green; live exercise against an empty cache
on a system install prints the expected zero summary.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
182bccf8af
commit
4d8dca6b72
7 changed files with 360 additions and 9 deletions
|
|
@ -131,14 +131,26 @@ Unknown distros fall back to `ID_LIKE`, then error cleanly.
|
|||
| Extraction scratch | `$TMPDIR/banger-pull-<rand>/` |
|
||||
| Published image | `~/.local/state/banger/images/<id>/rootfs.ext4` |
|
||||
|
||||
## Cache lifecycle
|
||||
|
||||
OCI layer blobs accumulate as you pull images. Banger flattens every
|
||||
pull into a self-contained ext4, so the cache is purely a re-pull
|
||||
avoidance — losing it only costs network round-trips on the next
|
||||
pull of the same image. Reclaim disk with:
|
||||
|
||||
```
|
||||
banger image cache prune --dry-run # report size only
|
||||
banger image cache prune # remove every cached blob
|
||||
```
|
||||
|
||||
Run with the daemon idle; an in-flight pull racing against prune may
|
||||
fail and need a retry.
|
||||
|
||||
## Tech debt
|
||||
|
||||
- **Auth**. When we add private-registry support, the natural path
|
||||
is `authn.DefaultKeychain`, which honours `~/.docker/config.json`
|
||||
and the standard credential helpers.
|
||||
- **Cache eviction**. OCI layer blobs accumulate forever. A `banger
|
||||
image cache prune` command is a cheap follow-up when disk usage
|
||||
becomes a complaint.
|
||||
- **Non-systemd rootfses**. The guest agents assume systemd. Adding
|
||||
openrc / s6 / busybox-init variants means keeping parallel unit
|
||||
trees keyed on `/etc/os-release`.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue