DO NOT MERGE: set up a local registry, cache images #22726
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: edsantiago The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
Ephemeral COPR build failed. @containers/packit-build please check. |
edsantiago
force-pushed
the
pull-from-local-registry
branch
5 times, most recently
from
684512b
to
c82b31a
Compare
test/e2e/pull_test.go
Outdated
| @@ -38,7 +38,8 @@ var _ = Describe("Podman pull", func() { | |||
|
|
|||
| session := podmanTest.Podman([]string{"pull", "quay.io/libpod/ibetthisdoesntexist:there"}) | |||
| session.WaitWithDefaultTimeout() | |||
| Expect(session).To(ExitWithError(125, "nitializing source docker://quay.io/libpod/ibetthisdoesntexist:there: reading manifest there in quay.io/libpod/ibetthisdoesntexist: unauthorized: access to the requested resource is not authorized")) | |||
| // FIXME: uncomfortable hardcoding of localhost:56789 | |||
| Expect(session).To(ExitWithError(125, "nitializing source docker://quay.io/libpod/ibetthisdoesntexist:there: reading manifest there in localhost:56789/libpod/ibetthisdoesntexist: manifest unknown")) | |||
There was a problem hiding this comment.
heads up, tests should still pass locally and I don't think we want to setup a local registry there right?
Thus I would think we need a regex or a Or() matcher to match both strings anyway
There was a problem hiding this comment.
This is thorny. As tests are currently written, e2e tests hard-force the use of test/registries.conf. No matter where they're run (CI, laptop, anywhere). This may need to be reevaluated, but I'm not bothering with any of that until I find out if this approach is viable.
There was a problem hiding this comment.
yes sure keep testing, just keep in mind that the end result must still work locally
contrib/cirrus/runner.sh
Outdated
| set -x | ||
| # shellcheck disable=SC2154 | ||
| exec bin/podman run --rm --privileged --net=host --cgroupns=host \ | ||
| -v `mktemp -d -p /var/tmp`:/var/tmp:Z \ | ||
| --tmpfs /tmp:mode=1777 \ | ||
| --expose 56789 \ |
There was a problem hiding this comment.
this does not do anything, not sure if you were expecting anything with that or if this serves documentation purposes.
There was a problem hiding this comment.
I need the container to be able to talk to host:56789. --port does the opposite, IIRC: host can talk to container. I'll look at logs and see what happens.
There was a problem hiding this comment.
The container uses --network=host so it shares the network namespace with the host so from a network POV there should be no functional difference
There was a problem hiding this comment.
Duh. Thanks, I missed that.
edsantiago
force-pushed
the
pull-from-local-registry
branch
7 times, most recently
from
03825bc
to
48e506f
Compare
contrib/cirrus/local-cache-registry
Outdated
|
|
||
| # Run the registry container. | ||
| must_pass podman run --quiet -d \ | ||
| -p ${PODMAN_REGISTRY_PORT}:5000 \ |
There was a problem hiding this comment.
I recommend to use --network host and set -e REGISTRY_HTTP_ADDR=0.0.0.0:${PODMAN_REGISTRY_PORT} instead.
Reason by using already a podman container you sort of conflict with later running containers networking wise. The network reload tests that nuke iptables,etc... will cause issues for connectivity one way or another.
There was a problem hiding this comment.
ohhhhhh.. thank you. That's probably the cause of the hangs in the 700-kube tests.
edsantiago
force-pushed
the
pull-from-local-registry
branch
10 times, most recently
from
293a60b
to
88fa517
Compare
edsantiago
force-pushed
the
pull-from-local-registry
branch
2 times, most recently
from
6cc76b9
to
3bc7dbf
Compare
On each test VM: - bring up a local registry - copy all images used by tests, from quay to this registry - change the registries.conf used by tests so it points to this reg Yes, this is stupid as it stands. It gains us nothing. It's just a proof of concept. If it works, the registry setup and cache will be moved to automation_images, so each CI VM will come preloaded with a cache registry. And if it doesn't work, this PR is a much much faster way to find out than a constant flurry of spinning up new images. Signed-off-by: Ed Santiago <santiago@redhat.com>
edsantiago
force-pushed
the
pull-from-local-registry
branch
from
3bc7dbf
to
80ed2a7
Compare
On each test VM:
Yes, this is stupid as it stands. It gains us nothing. It's just
a proof of concept. If it works, the registry setup and cache
will be moved to automation_images, so each CI VM will come
preloaded with a cache registry. And if it doesn't work, this
PR is a much much faster way to find out than a constant
flurry of spinning up new images.
Signed-off-by: Ed Santiago santiago@redhat.com