Migrate away from docker.io #7534
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
Marked Until naming is resolved, images live in my personal |
| @@ -12,7 +12,7 @@ load helpers | |||
| random_2=$(random_string 30) | |||
|
|
|||
| HOST_PORT=8080 | |||
| SERVER=http://localhost:$HOST_PORT | |||
| SERVER=http://127.0.0.1:$HOST_PORT | |||
There was a problem hiding this comment.
This is completely weird. When running podman as root, 'localhost' no longer seems to work, at least with alpine: wget barfs with ECONNREFUSED. It works fine with rootless. I gave up trying to track it down, and explicit IPv4 home seems like a better idea anyway.
There was a problem hiding this comment.
Weird, but localhost is hard coded within container/image and podman to represent locally built images.
| PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"alpine_labels"} | ||
| PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"latest"} | ||
| PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"edsantiago"} | ||
| PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"} |
There was a problem hiding this comment.
Please offer suggestions here.
| @@ -116,8 +116,7 @@ function _assert_mainpid_is_conmon() { | |||
| @test "sdnotify : container" { | |||
| # Sigh... we need to pull a humongous image because it has systemd-notify. | |||
| # FIXME: is there a smaller image we could use? | |||
| _FEDORA=registry.fedoraproject.org/fedora:31 | |||
|
|
|||
| local _FEDORA="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/fedora:31" | |||
There was a problem hiding this comment.
Should we update this to 32? Or eliminate the version altogether?
There was a problem hiding this comment.
We need explicit :31 because fedora:latest removed systemd-notify, causing an uninterruptible hang in the tests. Shame on me for not including a code comment. I will fix that.
| PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"alpine_labels"} | ||
| PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"latest"} | ||
| PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"edsantiago"} | ||
| PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"} |
| # busybox-extras : provides httpd needed in 500-networking.bats | ||
| # | ||
| podman rmi -f testimage &> /dev/null || true | ||
| podman build --squash-all -t testimage - <<EOF |
There was a problem hiding this comment.
Would we want to switch this to --timestamp=0 or some other timestamp, to keep it consistent once this is available to Podman?
There was a problem hiding this comment.
I considered that but couldn't think of a reason - it'll be useful to have a number of tools built-in, and it would be super useful to figure out a way some day to include registry and systemd, but if/when that happens we'll change the YMD tag. Do you see value in reproducible/comparable images?
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: edsantiago, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
@edsantiago, what's the motivation to migrate away? I assume the latest policy changes of Docker Hub but it would be nice to mention it in the commit message for historical reasons. |
CI and system tests currently pull some images from docker.io.
Eliminate that, by:
- building a custom image containing much of what we need
for testing; and
- copying other needed images to quay.io
(Reason: effective 2020-11-01 docker.io will limit the
number of image pulls).
The principal change is to create a new quay.io/libpod/testimage,
using the new test/system/build-testimage script, instead of
relying on quay.io/libpod/alpine_labels. We also switch to
using a hardcoded :YYYYMMDD tag, instead of :latest, in an
attempt to futureproof our CI. This image includes 'httpd'
from busybox-extras, which we use in our networking test
(previously we had to pull and run busybox from docker.io).
The testimage can and should be extended as needed for future
tests, e.g. adding test file content or other useful tools.
For the '--pull' tests which require actually pulling from
the registry, I've created an image with the same name but
tagged :00000000 so it will never be pulled by default.
Since this image is only used minimally, it's just busybox.
Unfortunately there remain two cases we cannot solve in
this tiny alpine-based image:
1) docker registry
2) systemd
For those, I've (manually) run:
podman pull [ docker.io/library/registry:2.7 | registry.fedoraproject.org/fedora:31 ]
podman tag !$ quay.io/...
podman push !$
...and amended the calling tests accordingly.
I've tried to make the the smallest reasonable diff, not the
smallest possible one. I hope it's a reasonable tradeoff.
Signed-off-by: Ed Santiago <[email protected]>
edsantiago
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
Yes, Docker Hub pull limit. I updated commit message to reflect that. Since |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
CI and system tests currently pull some images from docker.io.
Eliminate that, by:
for testing; and
The principal change is to create a new quay.io/libpod/testimage,
using the new test/system/build-testimage script, instead of
relying on quay.io/libpod/alpine_labels. We also switch to
using a hardcoded :YYYYMMDD tag, instead of :latest, in an
attempt to futureproof our CI. This image includes 'httpd'
from busybox-extras, which we use in our networking test
(previously we had to pull and run busybox from docker.io).
The testimage can and should be extended as needed for future
tests, e.g. adding test file content or other useful tools.
For the '--pull' tests which require actually pulling from
the registry, I've created an image with the same name but
tagged :00000000 so it will never be pulled by default.
Since this image is only used minimally, it's just busybox.
Unfortunately there remain two cases we cannot solve in
this tiny alpine-based image:
For those, I've (manually) run:
...and amended the calling tests accordingly.
I've tried to make the the smallest reasonable diff, not the
smallest possible one. I hope it's a reasonable tradeoff.
Signed-off-by: Ed Santiago [email protected]