Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

model: container-registry.mirrors different settings representation #1791

Merged
merged 2 commits into from
Nov 10, 2021
Merged

model: container-registry.mirrors different settings representation #1791

merged 2 commits into from
Nov 10, 2021

Conversation

etungsten
Copy link
Contributor

@etungsten etungsten commented Oct 28, 2021
edited
Loading

Issue number:
Fixes #1780

Description of changes:

Author: Erikson Tung <etung@amazon.com>
Date:   Wed Oct 27 19:02:01 2021 -0700

    model: change `container-registry.mirrors` type
    
    Changes the model for `container-registry.mirrors` from a `HashMap` to a vector of
    structs.
    Adds a custom deserializer to deserialize from either a TOML table or a
    TOML sequence.


Author: Erikson Tung <etung@amazon.com>
Date:   Thu Oct 28 12:03:20 2021 -0700

    migrations: 'container-registry.mirrors' model type migration

Testing done:
Unit test passes.
On a live host, I can specify registry mirrors in both ways. Either as a map of registry to endpoints or an array of tables with registry and endpoints as object fields.

With the following userdata:

[[settings.container-registry.mirrors]]
registry = "*"
endpoint = ["https://registry-0.acme.com","https://registry-1.acme.com"]

[[settings.container-registry.mirrors]]
registry = "example"
endpoint = [ "hello", "hellohello"]

On K8s variants, the containerd config registry mirrors configuration gets rendered correctly:

bash-5.0# cat /var/lib/bottlerocket/datastore/current/live/settings/container-registry/mirrors 
[{"endpoint":["https://registry-0.acme.com","https://registry-1.acme.com"],"registry":"*"},{"endpoint":["hello","hellohello"],"registry":"example"}]

bash-5.0# cat /etc/containerd/config.toml 
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."*"]
endpoint = ["https://registry-0.acme.com", "https://registry-1.acme.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."example"]
endpoint = ["hello", "hellohello"]

On ECS variants, the docker daemon json file generated correctly for docker.io registry mirrors and docker runs fine:
userdata:

[[settings.container-registry.mirrors]]
registry = "docker.io"
endpoint = ["https://registry-0.acme.com","https://registry-1.acme.com"]

[[settings.container-registry.mirrors]]
registry = "example"
endpoint = [ "hello", "hellohello"]

docker daemon.json:

{
  "log-driver": "journald",
  "live-restore": true,
  "max-concurrent-downloads": 10,
  "storage-driver": "overlay2",
  "exec-opts": ["native.cgroupdriver=cgroupfs"],
  "data-root": "/var/lib/docker",
  "selinux-enabled": true,
  "default-ulimits": { "nofile": { "Name": "nofile", "Soft": 1024, "Hard": 4096 } }
      ,
  "registry-mirrors": ["https://registry-0.acme.com", "https://registry-1.acme.com"]
}

host-containers services registry mirrors config also gets generated correctly:

bash-5.0# cat /etc/host-containers/host-ctr.toml 
[mirrors."a"]
endpoints = ["aaaa", "bbb"]
[mirrors."b"]
endpoints = ["cccc", "dddd"]
[mirrors."docker.io"]
endpoints = ["https://registry-0.acme.com", "https://registry-1.acme.com"]

Test migration upgrades and downgrades and the container-registry.mirrors setting gets migrated successfully:
With the following userdata:

[settings.container-registry.mirrors]
"docker.io" = ["https://registry-0.acme.com","https://registry-1.acme.com"]
"a" = ["aaaa","bbb"]
"b" = ["cccc","dddd"]

On current version Bottlerocket:

bash-5.0# cat /var/lib/bottlerocket/datastore/current/live/settings/container-registry/mirrors/
a            b            docker%2Eio  
bash-5.0# cat /var/lib/bottlerocket/datastore/current/live/settings/container-registry/mirrors/a 
["aaaa","bbb"]
bash-5.0#cat /var/lib/bottlerocket/datastore/current/live/settings/container-registry/mirrors/docker%2Eio 
["https://registry-0.acme.com","https://registry-1.acme.com"]
bash-5.0# updog update -r -n
Starting update to 1.4.0
Cannot schedule shutdown without logind support, proceeding with immediate shutdown.
Update applied: aws-k8s-1.21 1.4.0

Checking after upgrade:

bash-5.0# cat /var/lib/bottlerocket/datastore/current/live/settings/container-registry/mirrors 
[{"endpoint":["cccc","dddd"],"registry":"b"},{"endpoint":["aaaa","bbb"],"registry":"a"},{"endpoint":["https://registry-0.acme.com",bash-5.0# signpost rollback-to-inactivey":"docker.io"}]

Checking containerd config:

bash-5.0# cat /etc/containerd/config.toml 
....

[plugins."io.containerd.grpc.v1.cri".registry.mirrors."a"]
endpoint = ["aaaa", "bbb"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."b"]
endpoint = ["cccc", "dddd"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-0.acme.com", "https://registry-1.acme.com"]

After downgrading back:

bash-5.0# cat /var/lib/bottlerocket/datastore/current/live/settings/container-registry/mirrors/docker%2Eio 
["https://registry-0.acme.com","https://registry-1.acme.com"]

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@etungsten etungsten requested review from tjkirch and bcressey October 28, 2021 22:59
@etungsten etungsten mentioned this pull request Oct 28, 2021
Closed
etungsten
etungsten commented Oct 28, 2021
View reviewed changes
sources/models/src/lib.rs Outdated Show resolved Hide resolved
@etungsten etungsten requested review from jpculp and zmrow October 28, 2021 23:21
tjkirch
tjkirch reviewed Oct 29, 2021
View reviewed changes
Copy link
Contributor

@tjkirch tjkirch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, this seems like a friendlier solution.

README.md Show resolved Hide resolved
Release.toml Outdated Show resolved Hide resolved
packages/containerd/containerd-config-toml_k8s Show resolved Hide resolved
packages/os/host-ctr-toml Show resolved Hide resolved
sources/api/migration/migrations/v1.3.1/registry-mirror-representation/src/main.rs Outdated Show resolved Hide resolved
sources/models/src/lib.rs Outdated Show resolved Hide resolved
sources/models/src/lib.rs Outdated Show resolved Hide resolved
@etungsten etungsten force-pushed the bwildcard branch 2 times, most recently from 82c4bc1 to cd7bee2 Compare October 30, 2021 00:14
tjkirch
tjkirch reviewed Nov 1, 2021
View reviewed changes
Copy link
Contributor

@tjkirch tjkirch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM assuming ECS testing is OK; couple small items remain above.

sources/models/src/de.rs Outdated Show resolved Hide resolved
@etungsten
model: change container-registry.mirrors type
a64a4c7 
Changes the model for `container-registry.mirrors` from a `HashMap` to a vector of
structs.
Adds a custom deserializer to deserialize from either a TOML table or a
TOML sequence.
@etungsten
Copy link
Contributor Author

Pushes above addresses @tjkirch 's comments. Adds more testing to the PR description.

@etungsten etungsten requested a review from tjkirch November 1, 2021 16:57
@etungsten
Copy link
Contributor Author

Push above removes snafu as a dependency from the migration.

tjkirch
tjkirch previously approved these changes Nov 1, 2021
View reviewed changes
jpculp
jpculp previously approved these changes Nov 3, 2021
View reviewed changes
zmrow
zmrow previously approved these changes Nov 3, 2021
View reviewed changes
Copy link
Contributor

@zmrow zmrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔩

Wow nice work!

@etungsten etungsten force-pushed the bwildcard branch 4 times, most recently from faf9311 to 45b2cd2 Compare November 9, 2021 22:28
@etungsten
Copy link
Contributor Author

etungsten commented Nov 9, 2021
edited
Loading

Sorry about the repeat force pushes. Please take a look at the backward and forward migrations for the new changes.

Pushes above addresses @bcressey 's comment. I also realized cases where the migration would fail if the registry contained . in the name or if they were quoted so I had to adjust the forward migration to fix it. Tested the migrations fully and they work as expected.

Updated the PR description with updated migration testing info.

@etungsten etungsten requested review from tjkirch and bcressey November 9, 2021 22:41
@tjkirch tjkirch dismissed stale reviews from jpculp and themself November 9, 2021 22:59

(important change to code)

@tjkirch tjkirch dismissed zmrow’s stale review November 9, 2021 23:00

(important change to code)

@etungsten
Copy link
Contributor Author

push above addresses @tjkirch 's comments. I retested the migrations and they worked as expected. registry set to * gets dropped on downgrade:

bash-5.0# cat /etc/containerd/config.toml 
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."b"]
endpoint = ["cccc", "dddd"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."*"]
endpoint = ["aaaa", "bbb"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-0.acme.com", "https://registry-1.acme.com"]
bash-5.0# signpost rollback-to-inactive
bash-5.0# reboot
...

On next boot:

bash-5.0# cat /etc/containerd/config.toml 
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."b"]
endpoint = ["cccc", "dddd"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-0.acme.com", "https://registry-1.acme.com"]

@etungsten
Copy link
Contributor Author

Push above removes an outdated comment and a redundant to_string() call

zmrow
zmrow approved these changes Nov 10, 2021
View reviewed changes
Copy link
Contributor

@zmrow zmrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧦

@etungsten etungsten merged commit 8d9d34c into bottlerocket-os:develop Nov 10, 2021
@etungsten etungsten deleted the bwildcard branch November 10, 2021 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpculp jpculp jpculp approved these changes

@zmrow zmrow zmrow approved these changes

@bcressey bcressey bcressey approved these changes

@tjkirch tjkirch tjkirch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Wildcard Container Registry Mirrors
5 participants
@etungsten @tjkirch @bcressey @zmrow @jpculp