Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Bug 1823143: Try user-given registry/repository for oc adm release extract|info|mirror before defaulting to referenced image #395
Conversation
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: sallyom The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
2 similar comments
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@sallyom: An error was encountered searching for bug 1823143 on the Bugzilla server at https://bugzilla.redhat.com:
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@sallyom: An error was encountered searching for bug 1823143 on the Bugzilla server at https://bugzilla.redhat.com:
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
1 similar comment
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test e2e-cmd |
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest |
|
/hold This PR uses a bump in library-go for a not-yet-merged PR: openshift/library-go#785 |
|
/retest |
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
1 similar comment
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@soltysh I've reworked this PR, moved all changes to pkg/cli/admin/release/info.go rather than release/extract_tools.go - this is more clear. ptal, thanks. |
329df97
to
d72ae52
| if err != nil { | ||
| errs = append(errs, err) | ||
| return true, nil | ||
| } |
soltysh
May 4, 2020
Member
This could be outside of the loop.
This could be outside of the loop.
soltysh
May 4, 2020
Member
Actually looking inside ParseReference invoked at the beginning of the method that one already has that invocation see
oc/pkg/cli/image/imagesource/reference.go
Line 96
in
29e9a33
Iow. you could just check ref.Type == DestinationRegistry and drop this above code entirely.
Actually looking inside ParseReference invoked at the beginning of the method that one already has that invocation see
oc/pkg/cli/image/imagesource/reference.go
Line 96 in 29e9a33
ref.Type == DestinationRegistry and drop this above code entirely.
sallyom
May 4, 2020
Author
Contributor
thanks, i've updated. much cleaner.
userGivenImage.AsRepository() == ref.Ref.AsRepository() :) so i can drop the userGivenImage nonsense altogether
thanks, i've updated. much cleaner.
userGivenImage.AsRepository() == ref.Ref.AsRepository() :) so i can drop the userGivenImage nonsense altogether
| // try to verify user-passed image tag first, in case of mirrored images this will | ||
| // exist, and if so, use this instead of the release image-reference. If this doesn't | ||
| // exist, proceed with tag from release image-reference from the readReleaseImageReference above | ||
| givenTag := fmt.Sprintf("%s@%s", userGivenImage.AsRepository(), digest) |
soltysh
May 4, 2020
Member
tag is confusing, since this is more imageID, imageDigest, right?
tag is confusing, since this is more imageID, imageDigest, right?
soltysh
May 4, 2020
Member
I'm a bit confused, you're creating a new reference from user-passed registry and release's image SHA, right? And then you parse it once again in verifyImageExists. If this works you replace the tag contents, correct?
I'm a bit confused, you're creating a new reference from user-passed registry and release's image SHA, right? And then you parse it once again in verifyImageExists. If this works you replace the tag contents, correct?
soltysh
May 4, 2020
Member
I still don't understand why you can't just use the DockerImageReference returned from userGivenImage.AsRepository() invocation and set digest there. Iow.
newRef := userGivenImage.AsRepository() // this will clear both Tag and ID fields
newRef.ID = digest
if verifyImageExists(opts, newRef)...
This way verifyImageExists will work with already passed reference, so there's no need for double parsing.
I still don't understand why you can't just use the DockerImageReference returned from userGivenImage.AsRepository() invocation and set digest there. Iow.
newRef := userGivenImage.AsRepository() // this will clear both Tag and ID fields
newRef.ID = digest
if verifyImageExists(opts, newRef)...This way verifyImageExists will work with already passed reference, so there's no need for double parsing.
sallyom
May 4, 2020
Author
Contributor
thanks! updated, now passing imagereference.DockerImageReference to verifyImageExists, and if found, tag.From.Name = newRef.String()
thanks! updated, now passing imagereference.DockerImageReference to verifyImageExists, and if found, tag.From.Name = newRef.String()
| if err != nil { | ||
| if imagemanifest.IsImageNotFound(err) { | ||
| return false | ||
| } |
soltysh
May 4, 2020
Member
This condition is not necessary, since in both cases you just return false.
This condition is not necessary, since in both cases you just return false.
sallyom
May 4, 2020
Author
Contributor
kind of, but if imageNotFound, no logging (this means it's not a mirrored image) but for any other reason should log the error, this would indicate there was an error reading the mirrored image (it exists, but there is a problem). I'm fine not logging, too, but this was my reasoning.
kind of, but if imageNotFound, no logging (this means it's not a mirrored image) but for any other reason should log the error, this would indicate there was an error reading the mirrored image (it exists, but there is a problem). I'm fine not logging, too, but this was my reasoning.
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
09f91c9
to
b2d9989
|
/hold cancel fake bump removed |
|
/retest |
| // try to verify user-passed image first, in case of mirrored images this will | ||
| // exist, and if so, use this instead of the release image-reference. If this doesn't | ||
| // exist, proceed with release image-reference from the readReleaseImageReference above | ||
| newRef := ref.Ref.AsRepository() |
smarterclayton
May 6, 2020
Member
Assuming that the release image and the target share the same repository is a really ugly hack. I don't think it's appropriate without the user explicitly telling us where it is (perhaps via a flag, perhaps by providing an ICSP).
Assuming that the release image and the target share the same repository is a really ugly hack. I don't think it's appropriate without the user explicitly telling us where it is (perhaps via a flag, perhaps by providing an ICSP).
wking
May 6, 2020
Member
So is this "pull down any ICSPs from the cluster and teach the local oc image resolvers how to process them"? That would be great, but seems like a lot of work without vendoring more of containers/image. Or does the native oc image-resolution code already support mirrors and we'd just need to feed the ICSPs in?
So is this "pull down any ICSPs from the cluster and teach the local oc image resolvers how to process them"? That would be great, but seems like a lot of work without vendoring more of containers/image. Or does the native oc image-resolution code already support mirrors and we'd just need to feed the ICSPs in?
wking
May 6, 2020
Member
... and there is no guarantee that ICSPs that make sense for the cluster also make sense for wherever the user is running oc. Would be nice if we had image-streams for every image referenced from the release image or some such, so we could pull from there without having to reach out and hit some external registry.
... and there is no guarantee that ICSPs that make sense for the cluster also make sense for wherever the user is running oc. Would be nice if we had image-streams for every image referenced from the release image or some such, so we could pull from there without having to reach out and hit some external registry.
sallyom
May 7, 2020
Author
Contributor
so ICS is printed when mirroring image like so:
imageContentSources:
- mirrors:
- quay.io/sallyom/release-test
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
- mirrors:
- quay.io/sallyom/release-test
source: registry.svc.ci.openshift.org/ocp/release
so if an image is mirrored pass a flag to provide that info? i don't have details for how to use this info atm, i'll take a look.
so ICS is printed when mirroring image like so:
imageContentSources:
- mirrors:
- quay.io/sallyom/release-test
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
- mirrors:
- quay.io/sallyom/release-test
source: registry.svc.ci.openshift.org/ocp/release
so if an image is mirrored pass a flag to provide that info? i don't have details for how to use this info atm, i'll take a look.
soltysh
May 7, 2020
Member
OK, that's fair and w/o that information it's ok to not to have properly working disconnected mirrors working, exactly like described in the bug. The second question is I can't seem to find which piece of containers/image is responsible for that, can you point to it?
OK, that's fair and w/o that information it's ok to not to have properly working disconnected mirrors working, exactly like described in the bug. The second question is I can't seem to find which piece of containers/image is responsible for that, can you point to it?
smarterclayton
May 15, 2020
Member
It would be more appropriate right now to add a flag that is "--mirror-repository=foo/bar" (possibly that supports multiple flags via StringSlice) than to add magic lookup. In the future, reeading from an ICSP file or ICSP on the cluster might be reasonable. Right now, don't do magic.
It would be more appropriate right now to add a flag that is "--mirror-repository=foo/bar" (possibly that supports multiple flags via StringSlice) than to add magic lookup. In the future, reeading from an ICSP file or ICSP on the cluster might be reasonable. Right now, don't do magic.
smarterclayton
May 15, 2020
Member
Adding error path when image can't be found to suggest that if this is a mirrored repository to provide that flag, and to add a paragraph to help that describes how to work with mirrored repositories, would also be required to make this clear to users.
Adding error path when image can't be found to suggest that if this is a mirrored repository to provide that flag, and to add a paragraph to help that describes how to work with mirrored repositories, would also be required to make this clear to users.
sallyom
May 15, 2020
•
Author
Contributor
but how will that solve 'I can't oc adm release extract in disconnected environment'?
As/is, the cmd does that-extracts from the mirrored repository (you don't have to pass it), and succeeds if you are connected and have the correct pull secret for that repo but fails otherwise.
but how will that solve 'I can't oc adm release extract in disconnected environment'?
As/is, the cmd does that-extracts from the mirrored repository (you don't have to pass it), and succeeds if you are connected and have the correct pull secret for that repo but fails otherwise.
smarterclayton
May 15, 2020
Member
That flag would add additional search locations (like ICSP) if the first fetch fails. All locations that look at an image would support the alternates.
That flag would add additional search locations (like ICSP) if the first fetch fails. All locations that look at an image would support the alternates.
smarterclayton
May 15, 2020
Member
You would be designing in (vs adding hacks) a mechanism that says "if i get an image, if i can't get it at location A, try B, C, and D by digest". That mechanism probably should be in the lowest level client (the registry fetcher) which would transparently support this for all commands (i.e. putting code into mirror is probably wrong).
You would be designing in (vs adding hacks) a mechanism that says "if i get an image, if i can't get it at location A, try B, C, and D by digest". That mechanism probably should be in the lowest level client (the registry fetcher) which would transparently support this for all commands (i.e. putting code into mirror is probably wrong).
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
1 similar comment
|
@sallyom: This pull request references Bugzilla bug 1823143, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
… defaulting to image reference When working with mirrored release payloads, a release from a mirrored registry, mylocalregistry/ocp/release:4.5.0-0.nightly-2020-04-18-093630 mirrored from registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-04-18-093630 - Both reference 'quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2eb0a51...'. When extracting from the mirrored registry, try extracting from the user-given registry/repo/name If this fails, then try the release image-references. In disconnected environments, currently, oc adm release extract fails. Different from mirrored, when working with a tagged release that was uploaded to another repository, such as `quay.io/sallyom/release:new`, since that release wasn't mirrored, the underlying images still point to the original tag. In this case, `oc adm release extract --command openshift-install` will try the sallyom/release image but will fail, issue an info message, and then proceed to use the underlying tagged installer image - that will succeed as long as the user has access to the original release image.
…defaulting to image reference
|
@sallyom: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
closing in favor of #427 , it's less ugly, but maybe still too ugly |
|
Please see #439 and openshift/enhancements#334 for progress |
When working with mirrored release payloads, a release from a mirrored registry,
mylocalregistry/ocp/release:4.5.0-0.nightly-2020-04-18-093630mirrored fromregistry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-04-18-093630-In both, the tags reference
quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2eb0a51....In
oc adm release extract, always try extracting from the user-given release first. If this fails, then fall back to the release image-references. In disconnected environments, currently, oc adm release extract fails when the given release is mirrored from a connected registry.Different from mirrored, when working with a tagged release that was uploaded to another repository, such as
quay.io/sallyom/release:new, since that release wasn't mirrored, the underlying images still point to the original tag. In this case,oc adm release extract --command openshift-installwill try the sallyom/release image but since that image does not exist, proceed to use the underlying tagged installer image - that will succeed as long as the user has access to the original release image. Note many devs build release w/ substitutions for one or a few component images, and this is the way they sometimes push images around.To test this PR, do something like this:
you'll find the failure from master, fixed w /this PR
Scenarios i tested:
Bugs that are resolved with these changes (or the equivalent):