Destroy command deletes all similar images of other projects too

[matteotanca-sardex]

• Bug Report

container.yml

version: "2"
settings:

  conductor:
    base: ubuntu:16.04
    environment:  # List or mapping of environment variables
      - DISTRO=xenial

  project_name: site1

services:
  web:
    from: ubuntu:16.04
    roles:
      - apache2
      - sardex/site1-web
    depends_on:
      - "mysql_database"
    ports:
      - "127.0.0.1:80:80"
      - "127.0.0.1:443:443"
    volumes:
      - "$PWD/sources/site1:/var/www/html:rw"
    entrypoint: ["/etc/init.d/startup.sh"]
    command: ["start"]

  mysql_database:
    from: ubuntu:16.04
    roles:
      - mysql
      - sardex/site1-db
    ports:
      - "127.0.0.1:3306:3306"
    entrypoint: ["/etc/init.d/startup.sh"]
    command: ["start"]

registries: {}

version: "2"
settings:

  conductor:
    base: ubuntu:16.04
    environment:  # List or mapping of environment variables
      - DISTRO=xenial

  project_name: site2
  
services:
  web:
    from: ubuntu:16.04
    roles:
      - apache2
      - sardex/site2-web
    depends_on:
      - "mysql_database"
    ports:
      - "127.0.0.1:80:80"
      - "127.0.0.1:443:443"
    volumes:
      - "$PWD/sources/site2:/var/www/html:rw"
    entrypoint: ["/etc/init.d/startup.sh"]
    command: ["start"]

  mysql_database:
    from: ubuntu:16.04
    roles:
      - mysql
      - sardex/site2-db
    ports:
      - "127.0.0.1:3306:3306"
    entrypoint: ["/etc/init.d/startup.sh"]
    command: ["start"]

registries: {}

OS / ENVIRONMENT

bug version
Ansible Container, version 0.9.2
Linux, matteo-pc, 4.13.0-45-generic, #50~16.04.1-Ubuntu SMP Wed May 30 11:18:27 UTC 2018, x86_64
3.6.5 (default, May  3 2018, 10:08:28) 
[GCC 5.4.0 20160609] /home/matteo/.virtualenvs/sites-53tickPf/bin/python3.6

SUMMARY

After building those two container.yml, if I destroy one project, both projects conductors are deleted so I have to rebuild both.

STEPS TO REPRODUCE

• put two simple roles or just one for container.yml;
• build my two container.yml projects
• destroy one of them
• You can see both projects conductors deleted.

EXPECTED RESULTS

I expect that destroy command doesn't destroy other projects images.

ACTUAL RESULTS

Both conductors, site1-conductor and site2-conductor images are deleted.

[Voronenko]

@matteotanca-sardex to make process more quickier - would you mind preparing workable POC either in form of gist or repo using public roles only ?

[matteotanca-sardex]

https://github.com/matteotanca-sardex/ac-bug-944-poc

I've included a log for the destroy output.

After building the two projects, try to destroy one of them. It will destroy the images of other project too.

[Voronenko]

@matteotanca-sardex Thank you for your efforts and input!

[Voronenko]

Confirmed

docker images | grep site                                                                                                                                                  (pyenv: ansible-container) 
site1-web                                   latest                             1b49aeed10c2        About a minute ago   258MB
site2-web                                   20180628125242                     1b49aeed10c2        About a minute ago   258MB
site2-web                                   latest                             1b49aeed10c2        About a minute ago   258MB
site2-conductor                             latest                             f4869f34a3c7        9 minutes ago        640MB
site1-conductor                             latest                             f4869f34a3c7        9 minutes ago        640MB

running destroy in any subfolder generates excessive removal playbook

      - docker_image:
            state: absent
            force: yes
            name: site1-web:20180628124610
        tags: destroy
      - docker_image:
            state: absent
            force: yes
            name: site1-web:latest
        tags: destroy
      - docker_image:
            state: absent
            force: yes
            name: site2-web:latest
        tags: destroy
      - docker_image:
            state: absent
            force: yes
            name: site1-conductor:latest
        tags: destroy
      - docker_image:
            state: absent
            force: yes
            name: site2-conductor:latest
        tags: destroy

[matteotanca-sardex]

I changed the title, in this case, there is only one role, identical for both projects, and all images are deleted if you destroy one project. The docker layer for the executed role is the same so it deletes all images.

If you try to put a var in the rule and change the value of the var, like var=site1 for the first project and var=site2 for the second, only conductor images are deleted for all similar projects if you destroy one of them. However without conductor you need to rebuild all of them to be able to run them. The docker layer for the rule is a little bit different so are the created images. Seems like that it is taking the base image and the rule layer as a reference to decide what to delete.

https://github.com/matteotanca-sardex/ac-bug-944-poc find the branch withvars To build the second project you need to do not cache container or will take docker layer from project1. Once you destroy one of them, only the conductor image is deleted from the other project.

I guess all commands, run, build, destroy, should work with project name as namespace. If the rule have vars and their value change in another project, we do not need to take the cached docker layer from a different project.

Thanks for your work!

[Voronenko]

Addressed in https://github.com/ansible/ansible-container/pull/950

[l4r1k4]

I'm using sa-ansible-container and I can confirm this is solved.