Closed
Bug 1175561
Opened 9 years ago
Closed 9 years ago
docker-worker: pull images by hash
Categories
(Taskcluster :: Workers, defect)
Taskcluster
Workers
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: rail, Assigned: rail)
References
Details
(Whiteboard: [relsec])
Attachments
(1 file)
I tried to use hashes instead of tags for docker images, but for some reason it fails with the following error: [taskcluster] taskId: LYA4WRr2SQ2OfgRbPVMPxQ, workerId: i-cd990c06 [taskcluster] Error: Pulling docker image "rail/funsize-update-generator@sha256:77901eadbdf52da5b36fdbf811b273d9098ede055e99dac6aa2f365c2be09536" has failed this may indicate an Error with the registry used or an authentication error in the worker try pulling the image locally. Error: Error: HTTP code is 500 which indicates error: server error - Invalid repository name (funsize-update-generator@sha256), only [a-z0-9-_.] are allowed The task is here: https://tools.taskcluster.net/task-graph-inspector/#4h4baOrCT6-jNtExvxlaOg/LYA4WRr2SQ2OfgRbPVMPxQ/ The payload looks like this: ... "payload": { "image": "rail/funsize-update-generator@sha256:77901eadbdf52da5b36fdbf811b273d9098ede055e99dac6aa2f365c2be09536", ...
Assignee | ||
Comment 1•9 years ago
|
||
IIRC, we use dockerode in docker-worker. Looks like it tries to parse the string in https://github.com/apocas/dockerode/blob/master/lib/util.js#L28 and fails to detect sha256. CC'ing James, who wrote that! https://github.com/apocas/dockerode/commit/d868c39bb9df117e54f78881b97fdb2b7ca81fd2 :)
Assignee | ||
Comment 2•9 years ago
|
||
Also looks like this is a v2 feature of docker hub API...
Assignee | ||
Comment 3•9 years ago
|
||
Upstream bug: https://github.com/apocas/dockerode/issues/152
See Also: → https://github.com/apocas/dockerode/issues/152
Assignee | ||
Comment 4•9 years ago
|
||
Submitted a PR to upstream: https://github.com/apocas/dockerode/pull/153
Assignee | ||
Comment 5•9 years ago
|
||
The PR has been merged, waiting on next release.
Assignee: nobody → rail
Assignee | ||
Comment 6•9 years ago
|
||
Attachment #8629527 -
Flags: review?(garndt)
Assignee | ||
Comment 7•9 years ago
|
||
BTW, TC CI seems failing due to unrelated issue: https://tools.taskcluster.net/task-graph-inspector/#WbazMkfERLWrjABUsxkqXg/ [taskcluster] taskId: yqOUvftATbCSMfElML90yA, workerId: i-541b24a3 taskcluster/worker-ci:0.0.2 exists in the cache. [taskcluster] Error: Docker configuration could not be created. This may indicate an authentication error when validating scopes necessary for running the task. Error: Cannot run task using docker privileged mode. Worker must be enabled to allow running of privileged tasks. [taskcluster] Unsuccessful task run with exit code: -1 completed in 4.668 seconds
Comment 8•9 years ago
|
||
Error above was from a different issue that's been fixed. Taskgraph reran and the only failure that's persisting is a known issue with our custom registry proxy that's only used for tests. This looks good to me and has been merged https://github.com/taskcluster/docker-worker/commit/5b26c5d227b87ab864e48189f3812b78e8dee1f0 This will roll out into a new ami soon after https://github.com/taskcluster/docker-worker/pull/115 is reviewed and merged.
Updated•9 years ago
|
Attachment #8629527 -
Flags: review?(garndt) → review+
Comment 9•9 years ago
|
||
Also, I will resolve this bug once the new ami is deployed
Assignee | ||
Comment 10•9 years ago
|
||
Thanks! \o/
Updated•9 years ago
|
Whiteboard: [relsec]
Updated•9 years ago
|
Component: TaskCluster → Docker-Worker
Product: Testing → Taskcluster
Assignee | ||
Comment 11•9 years ago
|
||
I just tested the new ami and it looks like it's working! \o/ https://tools.taskcluster.net/task-inspector/#cEc1JVRDTy2q1JQ3oKnGPQ/
Updated•9 years ago
|
Blocks: q3-bb-tc-migration
Comment 13•9 years ago
|
||
Nope, it was rolled out to a few of the workers already, but then a bug about artifact upload was discovered and needed to be fixed before I continued to roll out the ami changes. Tomorrow morning the new ami will be rolled out to the other workers and this bug closed once complete.
Flags: needinfo?(garndt)
Assignee | ||
Comment 14•9 years ago
|
||
Thanks!
Comment 15•9 years ago
|
||
AMIs were rolled out earlier today. All should be good.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Updated•5 years ago
|
Component: Docker-Worker → Workers
You need to log in
before you can comment on or make changes to this bug.
Description
•