Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hack: workaround for bootc #684

Draft
wants to merge 1 commit into
base: development
Choose a base branch
from
Draft

hack: workaround for bootc #684

wants to merge 1 commit into from

Conversation

ralphbean
Copy link
Member

Do not merge. This is a temporary pipeline to for rpm-ostree images.

The image update here pulls in this change:
konflux-ci/release-service-utils#311

It makes it so that in the event that the layer data is absent, a null value won't be sent to pyxis which would be rejected by pyxis' input validation.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Nov 11, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@mmalina
Copy link
Contributor

mmalina commented Nov 12, 2024

@ralphbean I looked at https://github.com/konflux-ci/release-service-utils/pull/311/files and it adds a check for null values. But based on the conversation in Slack https://redhat-internal.slack.com/archives/C04PZ7H0VA8/p1731348500504399 it seemed there was a duplicate value (because the same layer was present in multiple images). Can you explain?

@ralphbean
Copy link
Member Author

ralphbean commented Nov 13, 2024
edited
Loading

Yes - take a look at registry.redhat.io/rhel9/rhel-bootc:9.5. It's a multiarch image, with three images, one per arch:

❯ skopeo inspect --raw docker://registry.redhat.io/rhel9/rhel-bootc:9.5 | jq -r '.manifests[].digest'
sha256:d15605cc5322e04e51338af9c82dff9adc4a72633e1ae5b37985373ab33873f0
sha256:1dcae0182061678c401411efe18d87da2b3abc2961f8419cd95094114e636f42
sha256:be19744979b75ffc629aa6e38e4de87f582c37f91e9acfbfd81e32d15a2b636a

Now, let's loop over those, and for each one, inspect the top_layer_id:

❯ for archful_digest in $(skopeo inspect --raw docker://registry.redhat.io/rhel9/rhel-bootc:9.5 | jq -r '.manifests[].digest'); do 
   skopeo inspect --raw docker://registry.redhat.io/rhel9/rhel-bootc@$archful_digest | jq -r '.layers[-1].digest';
done
sha256:bd9ddc54bea929a22b334e73e026d4136e5b73f5cc29942896c72e4ece69b13d
sha256:bd9ddc54bea929a22b334e73e026d4136e5b73f5cc29942896c72e4ece69b13d
sha256:bd9ddc54bea929a22b334e73e026d4136e5b73f5cc29942896c72e4ece69b13d

They're the same! That's the problem. In our task, we insert them to pyxis one after another (one arch, then the second, then the third). The first one succeeds, but the second one fails. It is rejected by pyxis, because it violates a duplicate key constraint: no two images in pyxis are allowed to have the same top_layer_id.

So, the workaround here is just to not upload that.

The reason they are duplicates is that this particular image is not squashed at build time. The last layer during build is something static that never varies. If it were squashed, then the digests would be unique.

We need a better long-term fix than this workaround.

Some options:

  • We start squashing the image at build time.
  • We modify pyxis to permit duplicate top layer ids. What side-effects would this have on (for instance) preflight and partner certification?
  • We modify our task to only upload top_layer_id in some cases, when we know the image is a problematic one like this.

@ralphbean ralphbean mentioned this pull request Nov 21, 2024
Closed
@ralphbean
hack: workaround for bootc
6cf252c 
Do not merge. This is a temporary pipeline to for rpm-ostree images.
@mmalina
Copy link
Contributor

mmalina commented Dec 5, 2024

FYI, I created a Jira to add a flag for this: https://issues.redhat.com/browse/RELEASE-1336

mmalina added a commit to mmalina/release-service-catalog that referenced this pull request Dec 5, 2024
@mmalina
feat(RELEASE-1336): skip image layers in Pyxis with skipLayers
f6b614a 
A new option is added to data file to be able to skip layer
details when create Pyxis image.

This was previously created as a one-off workaround to unblock
bootc releases here:
konflux-ci#684

Now it's an option that can be enabled as needed.

For full explanation, see the jira and also the comment
in the task script.

Signed-off-by: Martin Malina <[email protected]>
@mmalina mmalina mentioned this pull request Dec 5, 2024
Merged
mmalina added a commit to mmalina/release-service-catalog that referenced this pull request Dec 5, 2024
@mmalina
feat(RELEASE-1336): skip image layers in Pyxis with skipLayers
c64a231 
A new option is added to data file to be able to skip layer
details when create Pyxis image.

This was previously created as a one-off workaround to unblock
bootc releases here:
konflux-ci#684

Now it's an option that can be enabled as needed.

For full explanation, see the jira and also the comment
in the task script.

Signed-off-by: Martin Malina <[email protected]>
mmalina added a commit to mmalina/release-service-catalog that referenced this pull request Dec 5, 2024
@mmalina
feat(RELEASE-1336): skip image layers in Pyxis with skipLayers
d3e7596 
A new option is added to data file to be able to skip layer
details when create Pyxis image.

This was previously created as a one-off workaround to unblock
bootc releases here:
konflux-ci#684

Now it's an option that can be enabled as needed.

For full explanation, see the jira and also the comment
in the task script.

Signed-off-by: Martin Malina <[email protected]>
@mmalina
Copy link
Contributor

mmalina commented Dec 5, 2024

And now there is a PR: #730

mmalina added a commit to mmalina/release-service-catalog that referenced this pull request Dec 9, 2024
@mmalina
feat(RELEASE-1336): skip image layers in Pyxis with skipLayers
6bd5201 
A new option is added to data file to be able to skip layer
details when create Pyxis image.

This was previously created as a one-off workaround to unblock
bootc releases here:
konflux-ci#684

Now it's an option that can be enabled as needed.

For full explanation, see the jira and also the comment
in the task script.

Signed-off-by: Martin Malina <[email protected]>
mmalina added a commit to mmalina/release-service-catalog that referenced this pull request Dec 11, 2024
@mmalina
feat(RELEASE-1336): skip image layers in Pyxis with skipLayers
b08b0e4 
A new option is added to data file to be able to skip layer
details when create Pyxis image.

This was previously created as a one-off workaround to unblock
bootc releases here:
konflux-ci#684

Now it's an option that can be enabled as needed.

For full explanation, see the jira and also the comment
in the task script.

Signed-off-by: Martin Malina <[email protected]>
mmalina added a commit that referenced this pull request Dec 11, 2024
@mmalina
feat(RELEASE-1336): skip image layers in Pyxis with skipLayers (#730)
6bd8cf8 
A new option is added to data file to be able to skip layer
details when create Pyxis image.

This was previously created as a one-off workaround to unblock
bootc releases here:
#684

Now it's an option that can be enabled as needed.

For full explanation, see the jira and also the comment
in the task script.

Signed-off-by: Martin Malina <[email protected]>
@openshift-merge-robot
Copy link
Collaborator

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do-not-merge/work-in-progress needs-rebase
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ralphbean @mmalina @openshift-merge-robot