Cirrus: Use google mirror for docker.io #7965
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
cevich
force-pushed
the
use_caching_mirror
branch
2 times, most recently
from
b9d0507
to
bc0ff2f
Compare
cevich
changed the title
cevich
force-pushed
the
use_caching_mirror
branch
from
bc0ff2f
to
24cd804
Compare
|
@vrothberg PTAL, I've succeeded in making podman really, really, really mad 😁 |
|
But I suggest to configure the mirror there as well. I see beauty in the CI and my local tests to execute the same code. |
Interesting, that wasn't a line I changed. I wonder if this |
|
@vrothberg interesting, so I see there are several tests which fail, and the error mentions |
That's good news! Using mirrors is transparent to Podman, in the sense that Podman does not know about them. Whatever mirror we end up pulling from, the image will be tagged as the one initially referenced. So it's good that we see Note that the debug logs reveal which mirrors we pull from. |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cevich, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
Ahh that is what I was hoping to learn - how to observe it. I want to run at least once manually, to verify the mirror is in use. Not because I don't believe you, but because I don't blindly trust my own work... |
openshift-ci-robot
added
the
needs-rebase
cevich
force-pushed
the
use_caching_mirror
branch
from
95369b2
to
36cb04c
Compare
openshift-ci-robot
removed
the
needs-rebase
cevich
force-pushed
the
use_caching_mirror
branch
from
36cb04c
to
8d22b44
Compare
cevich
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
@baude PTAL, I marked the one problematic test as skipped, referencing the issue I opened. |
There was a problem hiding this comment.
I'd love the system tests to use test/registries.conf as well. Can we export REGISTRIES_CONF_PATH in the Makefile?
Cc @edsantiago
Oh, good idea! |
cevich
force-pushed
the
use_caching_mirror
branch
from
8d22b44
to
6f7c5da
Compare
|
Rebased / force-pushed with suggested changes. |
cevich
force-pushed
the
use_caching_mirror
branch
from
6f7c5da
to
2165e5f
Compare
Okay, SGTM, and then I can drop the test "fix" from this PR as you suggested as well... |
|
@vrothberg errr, I just read Note that Docker Hub delayed the upcoming changes to mid '21.. At the end, there's a section that says they are going to enforce pull-limits (in less than a week) 😢 Assuming this is true, we need to keep the exclusive mirroring in place. That implies (for this PR) we either skip the failing tests or fix them inline. Is the digest-pulling problem caused by the mirror not retaining them or something? |
Signed-off-by: Chris Evich <cevich@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com>
See issue containers#8023 Signed-off-by: Chris Evich <cevich@redhat.com>
cevich
force-pushed
the
use_caching_mirror
branch
from
f75cd62
to
2e71c53
Compare
It’s a bit awkward in that even the generic What we would ideally want to do is to significantly extend the progress API to actually support a wide range of events, and to allow individual transports to contribute events. That’s a fair bit of work, and API change, and all that. So a “short-term” (clearly forever actually) mirror-specific mini-feature would probably be more appropriate, as long as it is easy enough to maintain. On c/image level, I’m rather unhappy with adding environment variables that impact behavior of a library in a way non-obvious to callers; a (Alternatively, just running |
|
I'm giving up for today, without actually having got anywhere. Current stumbling block is Lines 43 to 44 in 3a62b4d mirror.gcr.io, and I can't figure out any way to force-cache it (do we have access to that mirror? If we don't, then IMO this exercise in using it is simply postponing a pain point because anything not under our control cannot be relied upon).
I've tried many variations of (presumably because All for today. I'll see if the morning brings fresh insights. |
[[registry]]
prefix="docker.io"
location="quay.io/libpod"
[[registry]]
prefix="docker.io/library"
location="quay.io/libpod"@edsantiago, the upper snippet should handle the described scenario. The longest matching prefix will be selected and hence |
@mtrmac we have a TON of tests which both display and consume stderr/stdout from podman. Anything that significantly impacts output stands a good chance of needlessly breaking lots of tests, or at best blowing up the size of our test logs (which already require secondary processing for humans to look at). Re: Add support in c/image and an option in podman. We could potentially face (or will face) the same |
@vrothberg want me to set that here (since this PR touches that file already), then I think all we need is to just manually move some images over to quay, no? |
|
I'm on it, see #8165 |
|
@edsantiago OIC whatcha doin', okay I won't touch this PR's commits then. In case you didn't know: As long as the sha's (from rebasing) match up in your PR to this one, merging your's (when it's done) will automatically merge this one. |
Followon to containers#7965 (mirror registry). mirror.gcr.io doesn't cache all the images we need, and I can't find a way to add to its cache, so let's just use quay.io for those images that it can't serve. Tools used: skopeo copy --all docker://docker.io/library/alpine:3.10.2 \ docker://quay.io/libpod/alpine:3.10.2 ...and also: docker.io/library/alpine:3.2 docker.io/library/busybox:latest docker.io/library/busybox:glibc docker.io/library/busybox:1.30.1 docker.io/library/redis:alpine docker.io/libpod/alpine-with-bogus-seccomp:label docker.io/libpod/alpine-with-seccomp:label docker.io/libpod/alpine_healthcheck:latest docker.io/libpod/badhealthcheck:latest Since most of those were new quay.io/libpod images, they required going in through the quay.io GUI, image, settings, Make Public. Signed-off-by: Ed Santiago <santiago@redhat.com>
|
Since #8165 merged, I am closing this PR. |
|
Thanks Dan. Curious...I thought it would have automatically closed this one since the commit SHAs were the same. No matter. |
github-actions
bot
added
the
locked - please file new issue/PR
In Nov. 2020 Docker inc. will be limiting (in some unknown way) the rate of image pulls. In order for this limit to not randomly break automated testing, or require extensive code changes, we need to introduce a transparent mirror. Fortunately Google provides a transparent mirror of the docker hub, and we're already using GCP for all our test-VMs and containers. Unfortunately, measuring the use/non-use of the mirror is very difficult w/o achieve without test-breaking operational changes. However, based on test-failures discovered in the making of this PR, the mirror does appear to be in-use and transparent to (most) tests.