Move from docker.io #8165
Move from docker.io #8165
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: edsantiago The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
edsantiago
added
do-not-merge/hold
|
Just trying to see what fails in CI, and what I need to focus on. |
edsantiago
force-pushed
the
move_from_dockerio
branch
5 times, most recently
from
a7085c4
to
c9274c1
Compare
| result.WaitWithDefaultTimeout() | ||
| Expect(result).Should(Exit(0)) | ||
| Expect(len(result.OutputToStringArray())).To(Equal(2)) | ||
| Expect(len(result.OutputToStringArray())).To(Equal(3)) |
There was a problem hiding this comment.
Because nginx was already fetched from quay; and now alpine+busybox are as well.
| result.WaitWithDefaultTimeout() | ||
| Expect(result.ExitCode()).To(Equal(0)) | ||
| Expect(result.OutputToString()).To(Equal(cid)) |
There was a problem hiding this comment.
I've taken the liberty of making this an actual test, with output checking and all (not just "it exits zero")
edsantiago
force-pushed
the
move_from_dockerio
branch
from
c9274c1
to
31131fe
Compare
| Expect(session.LineInOutputContainsTag("quay.io/libpod/alpine", "latest")).To(BeTrue()) | ||
| Expect(session.LineInOutputContainsTag("quay.io/libpod/busybox", "latest")).To(BeTrue()) | ||
| Expect(session.LineInOutputContainsTag("localhost/foo", "a")).To(BeTrue()) | ||
| Expect(session.LineInOutputContainsTag("localhost/foo", "b")).To(BeTrue()) | ||
| Expect(session.LineInOutputContainsTag("localhost/foo", "c")).To(BeTrue()) | ||
| Expect(session.LineInOutputContainsTag("localhost/bar", "a")).To(BeTrue()) | ||
| Expect(session.LineInOutputContainsTag("localhost/bar", "b")).To(BeTrue()) |
There was a problem hiding this comment.
This was a complete NOP. Plus, LineInOutputContainsTag() was broken. See below.
| @@ -383,7 +379,10 @@ func tagOutputToMap(imagesOutput []string) map[string]string { | |||
| if len(tmp) < 2 { | |||
| continue | |||
| } | |||
| m[tmp[0]] = tmp[1] | |||
There was a problem hiding this comment.
This was completely broken: for a list containing foo:a, foo:b, foo:c, ... well, you can figure it out.
| @@ -383,7 +379,10 @@ func tagOutputToMap(imagesOutput []string) map[string]string { | |||
| if len(tmp) < 2 { | |||
| continue | |||
| } | |||
| m[tmp[0]] = tmp[1] | |||
| if m[tmp[0]] == nil { | |||
There was a problem hiding this comment.
WARNING: please review carefully, because I don't speak Golang, and there is almost certainly a more idiomatic way to do this.
|
When I first heard about this mirroring approach, I thought it would be: "we will set up our own mirror, and cache what we need from docker.io". What I now understand is (and please correct me if I'm wrong): "we will use mirror.gcr.io which is owned and set up by some random party out of our control, and it includes a small handful of the images we need, but not all of them, and we have no way to populate it with what we need, so we have to use quay anyway". If the latter is true; and given that most of this PR is |
|
Well, miracle of miracles, tests are passing. I'm still not sure whether to proceed with a full |
test/e2e/exists_test.go
Outdated
| @@ -39,6 +39,7 @@ var _ = Describe("Podman image|container exists", func() { | |||
| Expect(session).Should(Exit(0)) | |||
| }) | |||
| It("podman image exists in local storage by short name", func() { | |||
| Skip("FIXME-8165: shortnames don't seem to work with quay") | |||
There was a problem hiding this comment.
This seems... pretty large? Any idea what's going on?
There was a problem hiding this comment.
I don't, not on this or any of the other two FIXMEs. They worry me too, but my goal was to get tests passing and then dive deeper. I lost too much time on the map problem. I can dive deeper into these other problems today, I just want to know if the approach in this PR is reasonable.
There was a problem hiding this comment.
I have no issue with the approach - it seems like a quick and easy fix to get things migrated away from Dockerhub.
test/e2e/images_test.go
Outdated
| @@ -240,6 +240,7 @@ WORKDIR /test | |||
| }) | |||
|
|
|||
| It("podman pull by digest and list --all", func() { | |||
| Skip("FIXME-8165: 'rmi -af' fails with 'layer not known'") | |||
There was a problem hiding this comment.
This one makes me deeply uncomfortable - it's that easy to break our storage in such a way that we can't fix it with rmi?
There was a problem hiding this comment.
This was much, much harder to reproduce than I had expected. Added script to #6510 (comment)
| @@ -35,7 +35,7 @@ var _ = Describe("Podman image tree", func() { | |||
|
|
|||
| It("podman image tree", func() { | |||
| SkipIfRemote("Does not work on remote client") | |||
| dockerfile := `FROM docker.io/library/busybox:latest | |||
| dockerfile := `FROM quay.io/libpod/busybox:latest | |||
There was a problem hiding this comment.
I wonder if we don't have builds that are just using shortnames, not pre-pulled images.
If we completely rip docker.io out of registries.conf, I wonder how much breaks...
Signed-off-by: Chris Evich <cevich@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com>
edsantiago
force-pushed
the
move_from_dockerio
branch
from
31131fe
to
c17f888
Compare
Followon to containers#7965 (mirror registry). mirror.gcr.io doesn't cache all the images we need, and I can't find a way to add to its cache, so let's just use quay.io for those images that it can't serve. Tools used: skopeo copy --all docker://docker.io/library/alpine:3.10.2 \ docker://quay.io/libpod/alpine:3.10.2 ...and also: docker.io/library/alpine:3.2 docker.io/library/busybox:latest docker.io/library/busybox:glibc docker.io/library/busybox:1.30.1 docker.io/library/redis:alpine docker.io/libpod/alpine-with-bogus-seccomp:label docker.io/libpod/alpine-with-seccomp:label docker.io/libpod/alpine_healthcheck:latest docker.io/libpod/badhealthcheck:latest Since most of those were new quay.io/libpod images, they required going in through the quay.io GUI, image, settings, Make Public. Signed-off-by: Ed Santiago <santiago@redhat.com>
edsantiago
force-pushed
the
move_from_dockerio
branch
from
c17f888
to
20e1043
Compare
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
edsantiago
removed
the
do-not-merge/hold
|
@containers/podman-maintainers PTACL ("C" for "Careful"). Some particular points to note:
November 1 is this weekend. I don't think this PR is perfect, but I think it's a major step toward getting our CI to pass once docker cuts us off. I will be out all of tomorrow (Thursday) with no means of communication. I will likely check in Friday morning but cannot promise a full day at work. |
|
LGTM |
That can't happen in the e2e tests (see 53fe386) as references to docker.io will either go to the gcr mirror or quay.io/libpod. LGTM but a third pair of eyes would be appreciated before merging |
| @@ -39,6 +39,7 @@ var _ = Describe("Podman image|container exists", func() { | |||
| Expect(session).Should(Exit(0)) | |||
| }) | |||
| It("podman image exists in local storage by short name", func() { | |||
| Skip("FIXME-8165: shortnames don't seem to work with quay (#8176)") | |||
There was a problem hiding this comment.
@vrothberg FYI for short names work
There was a problem hiding this comment.
@TomSweeneyRedHat @vrothberg late followup: this does not seem to be related to shortnames. #8176 is too weird for me to describe in a helpful title.
| @@ -59,7 +59,7 @@ WantedBy=multi-user.target | |||
| Expect(stop.ExitCode()).To(Equal(0)) | |||
| }() | |||
|
|
|||
| create := podmanTest.Podman([]string{"create", "--name", "redis", "redis"}) | |||
| create := podmanTest.Podman([]string{"create", "--name", "redis", redis}) | |||
There was a problem hiding this comment.
Just double-checking is removing the quotes here intended/valid?
There was a problem hiding this comment.
@TomSweeneyRedHat @baude, late followup, yes, unquoting "redis" is deliberate: that gives us a variable that references an FQIN.
|
Just one question, otherwise LGTM and it's all green. I'm fine with merging now and fixing later if necessary. |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
Followon to #7965 (mirror registry). mirror.gcr.io doesn't
cache all the images we need, and I can't find a way to
add to its cache, so let's just use quay.io for those
images that it can't serve.
Tools used:
skopeo copy --all docker://docker.io/library/alpine:3.10.2
docker://quay.io/libpod/alpine:3.10.2
...and also:
Since most of those were new quay.io/libpod images, they required
going in through the quay.io GUI, image, settings, Make Public.
Signed-off-by: Ed Santiago santiago@redhat.com