-
Notifications
You must be signed in to change notification settings - Fork 377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Figure out docker-daemon: tagging canonicalization rules #72
Comments
Note that AFAICT our projectatomic/docker and docker/docker behave differently wrt how images are tagged (or retrieved, need to look that up) |
@runcom What do you mean exactly? Examples? |
This, for instance, is valid for projectatomic/docker but not docker/docker - upstream does have that reference as just "busybox" (per docker inspect)
These last two, same as above, in docker/docker you just get "busybox:latest" in RepoTags |
Oh. Thanks for pointing this out, I would have never thought to look there. Does that mean that we should be vendoring in |
Alternatively,
This suggests that the different canonicalization projectatomic/docker does might not be handled consistently, i.e. the |
I fear it's like you said, and docker load doesn't get the canonicalization - I'm trying right now though. |
With projectatomic/docker, after switching from docker/docker with busybox already in storage: $ docker pull busybox
Using default tag: latest
Trying to pull repository docker.io/library/busybox ...
latest: Pulling from docker.io/library/busybox
Digest: sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6
Status: Downloaded newer image for docker.io/busybox:latest
$ docker images | grep busybox
busybox latest 2b8fd9751c4c 10 weeks ago 1.093 MB
docker.io/busybox latest 2b8fd9751c4c 10 weeks ago 1.093 MB
$ docker inspect busybox | grep busybox
"busybox:latest",
"docker.io/busybox:latest", on RHELs we can safely assume people are using projectatomic/docker so only the second lines are valid. Though, I feel we'll need to deal with both because we can't expect people to be using projectatomic/docker. |
(Mostly notes to self:) Yeah, this is the “Add --add-registry and --block-registry options to docker daemon” patch.
In In
This is compensated for in the reference lookup code ( So, OTOH, an explicit |
@runcom If ^^^ is correct (I will take another look on Monday, actually testing all of that instead of just reading code), it seems to me that it would be best for This should in one place deal with Though, admittedly, it is not at all clear that the user intent was to use the first hostname on the list for unqualified references… OTOH just storing an unqualified tag and extending the lookup code to also look up for unqualified tags seems worse, then we can have The only certain thing is that I am confused and I will need to return to this on Monday :) (Sure, the |
Correction: Every reference, qualified or unqualified, is looked up directly as expected. So, the case of |
Overall, the lookup behavior of projectatomic/docker ends up being like this: row indicates how the image was tagged, column what is being looked up.
(With docker/docker, the table is all ✔️ ; all of these references are canonicalized to Locally, the situation is somewhat surprising but understandable: unqualified references have an indeterminate host name, so The trouble with this is (as identified earlier by Scott McCarty) is that The fallout for |
… and, equally important, this way |
@mtrmac could you open a bugzilla so I can fix this in our projectatomic/docker repo with a reproducer and expected behavior? |
Filed as https://bugzilla.redhat.com/show_bug.cgi?id=1397198 , feel free to reassign to a different version or product. Now searching in bugzilla, it seems there may be other concerns / risks as well, but those are up to projectatomic/docker; as far as |
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
For |
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers/image#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers/image#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers/image#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers/image#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers/image#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers/image#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers/image#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers/image#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…load) This makes the tagging behavior consistent with (docker pull) for projectatomic/docker, and does not change behavior for docker/docker. See the added comment, and containers/image#72 , for more explanation. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Right now docker-daemon: destination just passes the input string as a tag in the stream. Docker seems to be doing some canonicalization, but it is unclear what exactly the rules are.
docker pull busybox
gets the image tagged asdocker.io/busybox
(perdocker inspect
)docker-daemon:busybox
gets it tagged asdocker:busybox
docker-daemon:docker.io/library/busybox
gets it tagged asdocker.io/busybox
docker inspect busybox:latest
findsdocker.io/busybox:latest
docker inspect docker.io/busybox.latest
does not findbusybox:latest
We need to figure out what is going on, document the relevant formats, and perhaps do some normalization in
daemonReference
.cc @baude
The text was updated successfully, but these errors were encountered: