Mark images for deletion on release deletion

Change-type: minor

Author: joshbwlng

config/confd/templates/env.tmpl

@@ -5,6 +5,9 @@ ASYNC_TASK_ATTEMPT_LIMIT={{getenv "ASYNC_TASK_ATTEMPT_LIMIT"}}
 ASYNC_TASK_CREATE_SERVICE_INSTALLS_ENABLED={{getenv "ASYNC_TASK_CREATE_SERVICE_INSTALLS_ENABLED"}}
 ASYNC_TASK_CREATE_SERVICE_INSTALLS_BATCH_SIZE={{getenv "ASYNC_TASK_CREATE_SERVICE_INSTALLS_BATCH_SIZE"}}
 ASYNC_TASK_CREATE_SERVICE_INSTALLS_MAX_TIME_MS={{getenv "ASYNC_TASK_CREATE_SERVICE_INSTALLS_MAX_TIME_MS"}}
+ASYNC_TASK_DELETE_REGISTRY_IMAGES_ENABLED={{getenv "ASYNC_TASK_DELETE_REGISTRY_IMAGES_ENABLED"}}
+ASYNC_TASK_DELETE_REGISTRY_IMAGES_BATCH_SIZE={{getenv "ASYNC_TASK_DELETE_REGISTRY_IMAGES_BATCH_SIZE"}}
+ASYNC_TASK_DELETE_REGISTRY_IMAGES_OFFSET_SECONDS={{getenv "ASYNC_TASK_DELETE_REGISTRY_IMAGES_OFFSET_SECONDS"}}
 COOKIE_SESSION_SECRET={{getenv "COOKIE_SESSION_SECRET"}}
 CONTRACTS_PUBLIC_REPO_OWNER={{getenv "CONTRACTS_PUBLIC_REPO_OWNER"}}
 CONTRACTS_PUBLIC_REPO_NAME={{getenv "CONTRACTS_PUBLIC_REPO_NAME"}}

docker-compose.test-custom.yml

@@ -74,6 +74,7 @@ services:
     environment: &env
       API_HOST: 127.0.0.1
       API_VPN_SERVICE_API_KEY: api_vpn_service_api_key
+      ASYNC_TASK_DELETE_REGISTRY_IMAGES_ENABLED: true
       BLUEBIRD_DEBUG: 1
       BLUEBIRD_LONG_STACK_TRACES: 0
       COOKIE_SESSION_SECRET: fuschia

src/features/images/hooks/delete-registry-images.ts

@@ -0,0 +1,76 @@
+import { sbvrUtils, hooks, permissions } from '@balena/pinejs';
+import _ from 'lodash';
+import type { DeleteRegistryImagesTaskParams } from '../tasks/delete-registry-images.js';
+import {
+	ASYNC_TASK_ATTEMPT_LIMIT,
+	ASYNC_TASK_DELETE_REGISTRY_IMAGES_BATCH_SIZE,
+	ASYNC_TASK_DELETE_REGISTRY_IMAGES_ENABLED,
+	ASYNC_TASK_DELETE_REGISTRY_IMAGES_OFFSET_SECONDS,
+	ASYNC_TASKS_ENABLED,
+} from '../../../lib/config.js';
+
+interface DeleteRequestCustomObject {
+	imagesToCleanup?: DeleteRegistryImagesTaskParams['images'];
+}
+
+if (ASYNC_TASKS_ENABLED && ASYNC_TASK_DELETE_REGISTRY_IMAGES_ENABLED) {
+	hooks.addPureHook('DELETE', 'resin', 'image', {
+		PRERUN: async (args) => {
+			const { api, request } = args;
+			const affectedIds = await sbvrUtils.getAffectedIds(args);
+			if (affectedIds.length === 0) {
+				return;
+			}
+
+			// Get information required to mark the image for deletion on
+			// the registry before the record is deleted from our database.
+			const images = await api.get({
+				resource: 'image',
+				options: {
+					$select: ['is_stored_at__image_location', 'content_hash'],
+					$filter: {
+						id: { $in: affectedIds },
+						content_hash: { $ne: null },
+					},
+				},
+			});
+			if (images.length > 0) {
+				(request.custom as DeleteRequestCustomObject).imagesToCleanup =
+					images.map((image) => [
+						image.is_stored_at__image_location,
+						image.content_hash!,
+					]);
+			}
+		},
+		POSTRUN: async ({ request, tx }) => {
+			const { imagesToCleanup } = request.custom as DeleteRequestCustomObject;
+			if (imagesToCleanup == null || imagesToCleanup.length === 0) {
+				return;
+			}
+
+			const chunks = _.chunk(
+				imagesToCleanup,
+				ASYNC_TASK_DELETE_REGISTRY_IMAGES_BATCH_SIZE,
+			);
+			await Promise.all(
+				chunks.map((chunk) =>
+					sbvrUtils.api.tasks.post({
+						resource: 'task',
+						passthrough: { req: permissions.root, tx },
+						body: {
+							is_executed_by__handler: 'delete_registry_images',
+							is_executed_with__parameter_set: {
+								images: chunk,
+							} satisfies DeleteRegistryImagesTaskParams,
+							is_scheduled_to_execute_on__time: new Date(
+								Date.now() +
+									ASYNC_TASK_DELETE_REGISTRY_IMAGES_OFFSET_SECONDS * 1000,
+							),
+							attempt_limit: ASYNC_TASK_ATTEMPT_LIMIT,
+						},
+					}),
+				),
+			);
+		},
+	});
+}

src/features/images/hooks/index.ts

@@ -0,0 +1 @@
+import './delete-registry-images.js';

src/features/images/tasks/delete-registry-images.ts

@@ -0,0 +1,174 @@
+import { permissions, sbvrUtils, tasks } from '@balena/pinejs';
+import _ from 'lodash';
+import { generateToken } from '../../registry/registry.js';
+import {
+	ASYNC_TASK_DELETE_REGISTRY_IMAGES_BATCH_SIZE,
+	REGISTRY2_HOST,
+} from '../../../lib/config.js';
+import { requestAsync } from '../../../infra/request-promise/index.js';
+import { setTimeout } from 'node:timers/promises';
+
+const { api } = sbvrUtils;
+
+// For registry API requests
+const DELAY = 200;
+const RATE_LIMIT_DELAY_BASE = 1000;
+const RATE_LIMIT_RETRIES = 5;
+
+const schema = {
+	type: 'object',
+	properties: {
+		images: {
+			type: 'array',
+			items: {
+				type: 'array',
+				items: {
+					type: 'string',
+				},
+				maxItems: 2,
+				minItems: 2,
+			},
+		},
+	},
+	required: ['images'],
+};
+
+export type DeleteRegistryImagesTaskParams = {
+	images: Array<[repo: string, hash: string]>;
+};
+
+const handlerName = 'delete_registry_images';
+const logHeader = handlerName.replace(/_/g, '-');
+tasks.addTaskHandler(
+	handlerName,
+	async (options) => {
+		try {
+			const images =
+				(options.params as DeleteRegistryImagesTaskParams).images ?? [];
+			if (images.length === 0) {
+				return {
+					status: 'succeeded',
+				};
+			}
+
+			// Chunk by batch size in case we need to tune after tasks have been created
+			for (const chunk of _.chunk(
+				images,
+				ASYNC_TASK_DELETE_REGISTRY_IMAGES_BATCH_SIZE,
+			)) {
+				// Avoid deleting any blobs that are still referenced by other images
+				// This shouldn't normally be necessary as is_stored_at__image_location
+				// should be enforced as unique at the database level, but just in case
+				const stillReferenced = await api.resin.get({
+					resource: 'image',
+					passthrough: { req: permissions.rootRead },
+					options: {
+						$select: ['id', 'is_stored_at__image_location', 'content_hash'],
+						$filter:
+							chunk.length === 1
+								? {
+										is_stored_at__image_location: chunk[0][0],
+										content_hash: chunk[0][1],
+									}
+								: {
+										$or: chunk.map(([repo, hash]) => ({
+											is_stored_at__image_location: repo,
+											content_hash: hash,
+										})),
+									},
+					},
+				});
+				const safeToDelete = chunk.filter(
+					([repo, hash]) =>
+						!stillReferenced.some(
+							(image) =>
+								image.is_stored_at__image_location === repo &&
+								image.content_hash === hash,
+						),
+				);
+				for (const [repo, hash] of safeToDelete) {
+					if (repo === '' || hash === '') {
+						console.warn(
+							`[${logHeader}] Skipping deletion of image with empty repo or hash: ${repo}/${hash}`,
+						);
+						continue;
+					}
+					await markForDeletion(repo, hash);
+				}
+			}
+
+			return {
+				status: 'succeeded',
+			};
+		} catch (e) {
+			console.error(`[${logHeader}] Error marking images for deletion: ${e}`);
+			return {
+				error: `${e}`,
+				status: 'failed',
+			};
+		}
+	},
+	schema,
+);
+
+// Make an API call to the registry service to mark images for deletion on next garbage collection
+async function markForDeletion(repo: string, hash: string) {
+	// Generate an admin-level token with delete permission
+	const token = generateToken('admin', REGISTRY2_HOST, [
+		{
+			name: repo,
+			type: 'repository',
+			actions: ['delete'],
+		},
+	]);
+
+	// Need to make requests one image at a time, no batch endpoint available
+	for (let retries = 0; retries < RATE_LIMIT_RETRIES; retries++) {
+		const [{ statusCode, statusMessage, headers }] = await requestAsync({
+			url: `https://${REGISTRY2_HOST}/v2/${repo}/manifests/${hash}`,
+			headers: { Authorization: `Bearer ${token}` },
+			method: 'DELETE',
+		});
+
+		// Return on success or not found
+		if (statusCode === 202 || statusCode === 404) {
+			await setTimeout(DELAY);
+			return;
+		} else if (statusCode === 429) {
+			// Default delay value to exponential backoff
+			let delay = RATE_LIMIT_DELAY_BASE * Math.pow(2, retries);
+
+			// Use the retry-after header value if available
+			const retryAfterHeader = headers?.['retry-after'];
+			if (retryAfterHeader) {
+				const headerDelay = parseInt(retryAfterHeader, 10);
+				if (!isNaN(headerDelay)) {
+					delay = headerDelay * 1000;
+				} else {
+					const retryDate = Date.parse(retryAfterHeader);
+					const waitMillis = retryDate - Date.now();
+					if (waitMillis > 0) {
+						delay = waitMillis;
+					}
+				}
+			}
+
+			// Apply some jitter for good measure
+			delay += Math.random() * 1000;
+
+			console.warn(
+				`[${logHeader}] Received 429 for ${repo}/${hash}. Retrying in ${delay}ms...`,
+			);
+			await setTimeout(delay);
+		} else {
+			throw new Error(
+				`Failed to mark ${repo}/${hash} for deletion: [${statusCode}] ${statusMessage}`,
+			);
+		}
+
+		// If we get here, it means we ran out of retries due to rate limiting
+		throw new Error(
+			`Failed to mark ${repo}/${hash} for deletion: exceeded retry limit due to rate limiting`,
+		);
+	}
+}

src/features/images/tasks/index.ts

@@ -0,0 +1 @@
+import './delete-registry-images.js';

src/features/registry/registry.ts

@@ -553,7 +553,7 @@ const authorizeRequest = async (
 	);
 };
 
-const generateToken = (
+export const generateToken = (
 	subject = '',
 	audience: string,
 	access: Access[],

src/hooks.ts

@@ -12,6 +12,7 @@ import './features/field-size-limits/hooks.js';
 import './features/hostapp/hooks/index.js';
 import './features/organizations/hooks/index.js';
 import './features/releases/hooks/index.js';
+import './features/images/hooks/index.js';
 import './features/service-install/hooks/index.js';
 import './features/supervisor-app/hooks/index.js';
 import './features/tags/hooks.js';

src/lib/config.ts

@@ -456,6 +456,18 @@ export const ASYNC_TASK_CREATE_SERVICE_INSTALLS_MAX_TIME_MS = intVar(
 	'ASYNC_TASK_CREATE_SERVICE_INSTALLS_MAX_TIME_MS',
 	30 * 1000,
 );
+export const ASYNC_TASK_DELETE_REGISTRY_IMAGES_ENABLED = boolVar(
+	'ASYNC_TASK_DELETE_REGISTRY_IMAGES_ENABLED',
+	false,
+);
+export const ASYNC_TASK_DELETE_REGISTRY_IMAGES_BATCH_SIZE = intVar(
+	'ASYNC_TASK_DELETE_REGISTRY_IMAGES_BATCH_SIZE',
+	1000,
+);
+export let ASYNC_TASK_DELETE_REGISTRY_IMAGES_OFFSET_SECONDS = intVar(
+	'ASYNC_TASK_DELETE_REGISTRY_IMAGES_OFFSET_SECONDS',
+	60 * 60 * 24 * 30, // 30 days
+);
 
 export const USERNAME_BLACKLIST = ['root'];
 
@@ -726,4 +738,10 @@ export const TEST_MOCK_ONLY = {
 		guardTestMockOnly();
 		PINEJS_QUEUE_INTERVAL_MS = v;
 	},
+	set ASYNC_TASK_DELETE_REGISTRY_IMAGES_OFFSET_SECONDS(
+		v: typeof ASYNC_TASK_DELETE_REGISTRY_IMAGES_OFFSET_SECONDS,
+	) {
+		guardTestMockOnly();
+		ASYNC_TASK_DELETE_REGISTRY_IMAGES_OFFSET_SECONDS = v;
+	},
 };

src/tasks.ts

@@ -1 +1,2 @@
 import './features/ci-cd/tasks/index.js';
+import './features/images/tasks/index.js';