Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DataImportCron does not support images with sha256 digest #2689

Closed
kvaps opened this issue Apr 12, 2023 · 3 comments · Fixed by #2711
Closed

DataImportCron does not support images with sha256 digest #2689

kvaps opened this issue Apr 12, 2023 · 3 comments · Fixed by #2711
Labels
kind/bug

Comments

@kvaps
Copy link
Member

kvaps commented Apr 12, 2023
edited

CDIv1.59 I continue playing with DataImportCrons:

I created resource:

apiVersion: v1
kind: Secret
metadata:
  name: endpoint-secret
type: Opaque
stringData:
  accessKeyId: "<redacted>"
  secretKey: "<redacted>"
---
apiVersion: v1
kind: Secret
metadata:
  name: endpoint-secret
  namespace: d8-cdi
type: Opaque
stringData:
  accessKeyId: "<redacted>"
  secretKey: "<redacted>"
---
apiVersion: cdi.kubevirt.io/v1beta1
kind: DataImportCron
metadata:
  name: ubuntu-22.04
spec:
  managedDataSource: ubuntu-22.04
  schedule: "0 */12 * * *"
  garbageCollect: Outdated
  importsToKeep: 2
  template:
    spec:
      source:
        registry:
          url: docker://dev-registry.deckhouse.io/sys/deckhouse-oss@sha256:d5aba3593a2f441ea24f4dce56706efc43e3ec5a6abbadd753a074accc043779
          secretRef: endpoint-secret
      storage:
        resources:
          requests:
            storage: 10Gi
        storageClassName: linstor-thindata-r1

CDI generated DataVolume with duplicated digests in url:

apiVersion: cdi.kubevirt.io/v1beta1
kind: DataVolume
metadata:
  annotations:
    cdi.kubevirt.io/storage.bind.immediate.requested: "true"
    cdi.kubevirt.io/storage.deleteAfterCompletion: "true"
  creationTimestamp: "2023-04-12T11:34:36Z"
  generation: 17
  labels:
    app.kubernetes.io/component: storage
    app.kubernetes.io/managed-by: cdi-controller
    cdi.kubevirt.io/dataImportCron: ubuntu-22.04
  name: ubuntu-22.04-d5aba3593a2f
  namespace: default
  resourceVersion: "71972183"
  uid: c8298af3-1d34-42c5-b8e4-6ec098847ea1
spec:
  source:
    registry:
      secretRef: endpoint-secret
      url: docker://dev-registry.deckhouse.io/sys/deckhouse-oss@sha256:d5aba3593a2f441ea24f4dce56706efc43e3ec5a6abbadd753a074accc043779@sha256:d5aba3593a2f441ea24f4dce56706efc43e3ec5a6abbadd753a074accc043779
  storage:
    resources:
      requests:
        storage: 10Gi
    storageClassName: linstor-thindata-r1
status:
  claimName: ubuntu-22.04-d5aba3593a2f
  conditions:
  - lastHeartbeatTime: "2023-04-12T11:34:44Z"
    lastTransitionTime: "2023-04-12T11:34:44Z"
    message: PVC ubuntu-22.04-d5aba3593a2f Bound
    reason: Bound
    status: "True"
    type: Bound
  - lastHeartbeatTime: "2023-04-12T11:43:01Z"
    lastTransitionTime: "2023-04-12T11:34:36Z"
    status: "False"
    type: Ready
  - lastHeartbeatTime: "2023-04-12T11:43:01Z"
    lastTransitionTime: "2023-04-12T11:43:01Z"
    message: 'Unable to process data: Unable to transfer source data to scratch space:
      Failed to read registry image: Could not parse image: invalid reference format'
    reason: Error
    status: "False"
    type: Running
  phase: ImportInProgress
  progress: N/A
  restartCount: 5

log of importer pod:

I0412 11:40:52.318950       1 importer.go:103] Starting importer
I0412 11:40:52.319462       1 importer.go:168] begin import process
I0412 11:40:52.319511       1 registry-datasource.go:172] Copying proxy certs
I0412 11:40:52.319527       1 registry-datasource.go:57] Error creating allCertDir open /proxycerts/: no such file or directory
I0412 11:40:52.319557       1 data-processor.go:379] Calculating available size
I0412 11:40:52.319907       1 data-processor.go:387] Checking out block volume size.
I0412 11:40:52.319913       1 data-processor.go:399] Request image size not empty.
I0412 11:40:52.319918       1 data-processor.go:404] Target size 10737418240.
I0412 11:40:52.319956       1 data-processor.go:282] New phase: TransferScratch
I0412 11:40:52.319967       1 registry-datasource.go:92] Copying registry image to scratch space.
I0412 11:40:52.319971       1 transport.go:176] Downloading image from 'docker://dev-registry.deckhouse.io/sys/deckhouse-oss@sha256:d5aba3593a2f441ea24f4dce56706efc43e3ec5a6abbadd753a074accc043779@sha256:d5aba3593a2f441ea24f4dce56706efc43e3ec5a6abbadd753a074accc043779', copying file from 'disk' to '/scratch'
E0412 11:40:52.320017       1 transport.go:72] Could not parse image: invalid reference format
E0412 11:40:52.320030       1 data-processor.go:278] invalid reference format
Could not parse image
kubevirt.io/containerized-data-importer/pkg/importer.readImageSource
	pkg/importer/transport.go:73
kubevirt.io/containerized-data-importer/pkg/importer.copyRegistryImage
	pkg/importer/transport.go:182
kubevirt.io/containerized-data-importer/pkg/importer.CopyRegistryImage
	pkg/importer/transport.go:262
kubevirt.io/containerized-data-importer/pkg/importer.(*RegistryDataSource).Transfer
	pkg/importer/registry-datasource.go:93
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).initDefaultPhases.func2
	pkg/importer/data-processor.go:208
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessDataWithPause
	pkg/importer/data-processor.go:275
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessData
	pkg/importer/data-processor.go:184
main.handleImport
	cmd/cdi-importer/importer.go:174
main.main
	cmd/cdi-importer/importer.go:140
runtime.main
	GOROOT/src/runtime/proc.go:250
runtime.goexit
	GOROOT/src/runtime/asm_amd64.s:1571
Failed to read registry image
kubevirt.io/containerized-data-importer/pkg/importer.(*RegistryDataSource).Transfer
	pkg/importer/registry-datasource.go:95
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).initDefaultPhases.func2
	pkg/importer/data-processor.go:208
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessDataWithPause
	pkg/importer/data-processor.go:275
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessData
	pkg/importer/data-processor.go:184
main.handleImport
	cmd/cdi-importer/importer.go:174
main.main
	cmd/cdi-importer/importer.go:140
runtime.main
	GOROOT/src/runtime/proc.go:250
runtime.goexit
	GOROOT/src/runtime/asm_amd64.s:1571
Unable to transfer source data to scratch space
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).initDefaultPhases.func2
	pkg/importer/data-processor.go:213
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessDataWithPause
	pkg/importer/data-processor.go:275
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessData
	pkg/importer/data-processor.go:184
main.handleImport
	cmd/cdi-importer/importer.go:174
main.main
	cmd/cdi-importer/importer.go:140
runtime.main
	GOROOT/src/runtime/proc.go:250
runtime.goexit
	GOROOT/src/runtime/asm_amd64.s:1571
E0412 11:40:52.320089       1 importer.go:177] invalid reference format
Could not parse image
kubevirt.io/containerized-data-importer/pkg/importer.readImageSource
	pkg/importer/transport.go:73
kubevirt.io/containerized-data-importer/pkg/importer.copyRegistryImage
	pkg/importer/transport.go:182
kubevirt.io/containerized-data-importer/pkg/importer.CopyRegistryImage
	pkg/importer/transport.go:262
kubevirt.io/containerized-data-importer/pkg/importer.(*RegistryDataSource).Transfer
	pkg/importer/registry-datasource.go:93
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).initDefaultPhases.func2
	pkg/importer/data-processor.go:208
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessDataWithPause
	pkg/importer/data-processor.go:275
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessData
	pkg/importer/data-processor.go:184
main.handleImport
	cmd/cdi-importer/importer.go:174
main.main
	cmd/cdi-importer/importer.go:140
runtime.main
	GOROOT/src/runtime/proc.go:250
runtime.goexit
	GOROOT/src/runtime/asm_amd64.s:1571
Failed to read registry image
kubevirt.io/containerized-data-importer/pkg/importer.(*RegistryDataSource).Transfer
	pkg/importer/registry-datasource.go:95
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).initDefaultPhases.func2
	pkg/importer/data-processor.go:208
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessDataWithPause
	pkg/importer/data-processor.go:275
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessData
	pkg/importer/data-processor.go:184
main.handleImport
	cmd/cdi-importer/importer.go:174
main.main
	cmd/cdi-importer/importer.go:140
runtime.main
	GOROOT/src/runtime/proc.go:250
runtime.goexit
	GOROOT/src/runtime/asm_amd64.s:1571
Unable to transfer source data to scratch space
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).initDefaultPhases.func2
	pkg/importer/data-processor.go:213
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessDataWithPause
	pkg/importer/data-processor.go:275
kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessData
	pkg/importer/data-processor.go:184
main.handleImport
	cmd/cdi-importer/importer.go:174
main.main
	cmd/cdi-importer/importer.go:140
runtime.main
	GOROOT/src/runtime/proc.go:250
runtime.goexit
	GOROOT/src/runtime/asm_amd64.s:1571
@kvaps kvaps added the kind/bug label Apr 12, 2023
@akalenyu
Copy link
Collaborator

akalenyu commented Apr 12, 2023
edited

Ignore my previous comment, didn't notice the cron was applied correctly
It seems like the extra sha gets added here

containerized-data-importer/pkg/controller/dataimportcron-controller.go

Line 936 in fc7f855

digestedURL = untagDigestedDockerURL(*dv.Spec.Source.Registry.URL + "@" + cron.Annotations[AnnSourceDesiredDigest])

@aglitke
Copy link
Member

aglitke commented Apr 24, 2023

@arnongilboa Please provide some steps for using the manual annotation to specify the sha explicitly (disabling the schedule).

@arnongilboa
Copy link
Collaborator

arnongilboa commented Apr 24, 2023
edited

@arnongilboa Please provide some steps for using the manual annotation to specify the sha explicitly (disabling the schedule).

@kvaps You currently have no way to disable the the initial poller Job, or the poller CronJob. Validation webhook checks it's a legal cron schedule. You can set a once-a-year schedule (e.g. "0 0 1 1 *") but it won't help you with the initial one. If we must get rid of the poller we should add a support for a "disable" schedule value.

However, if the poller simply fails in your scenario due to secrets etc, and you know when the source image is updated and can provide its sha256 digest, you can simply do the poller work and annotate the DataImportCron with the new sha256 digest, as we do in the functests, or manually:

kubectl annotate --overwrite dic -n my_namespace my_dic cdi.kubevirt.io/storage.import.sourceDesiredDigest=sha256:12345678900987654321

@ido106 ido106 mentioned this issue May 10, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enable external trigger in DataImportCron ido106/containerized-data-importer
4 participants
@aglitke @kvaps @akalenyu @arnongilboa