Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-26732

Race condition in "Docker - Delete unused manifests and images" can cause assets to be mistakenly deleted

    XMLWordPrintable

    Details

    • Release Note:
      Yes
    • Notability:
      2

      Description

      If a docker layer is deployed right before the "Delete unused manifests and images" task starts on a repository, and the manifest referencing it is deployed right after the task starts, it can result in the deployed layer being mistakenly deleted.

      The reason this can happen is when the layer is processed its referencing manifest is not yet present.

      Expected: The task should never delete a layer or manifest that is actually in use. Given the inevitable time delays that occur while constructing the tree of tag, manifest, and layer references I think the only reasonable solution here is to introduce a time delay. Manifests and layers deployed within a certain period before the GC task starts should not be deleted. I propose a default 24 hours for this delay that is configurable in the task

      But if someone has a better solution.. I'd be happy to hear about it.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mchernikov Maksym Chernikov
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title