Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

problem deleting image or tag 16.6.1 #2867

Open
Gabrielandre02 opened this issue Dec 14, 2023 · 13 comments
Open

problem deleting image or tag 16.6.1 #2867

Gabrielandre02 opened this issue Dec 14, 2023 · 13 comments

Comments

@Gabrielandre02
Copy link

Gabrielandre02 commented Dec 14, 2023

Whenever I try to delete an image or a tag, I'm getting this error but the logs in the registry aren't showing anything, nor are those in Gitlab.
This installation was via a Linux package, I made the backup and left it in a new configuration with Docker Swarm, using Traefik as a reverse proxy

image

LOGS GITLAB:

gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,401 INFO Included extra file "/etc/supervisor/conf.d/cron.conf" during parsing
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,402 INFO Included extra file "/etc/supervisor/conf.d/gitaly.conf" during parsing
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,402 INFO Included extra file "/etc/supervisor/conf.d/gitlab-pages.conf" during parsing
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,402 INFO Included extra file "/etc/supervisor/conf.d/gitlab-workhorse.conf" during parsing
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,402 INFO Included extra file "/etc/supervisor/conf.d/groups.conf" during parsing
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,402 INFO Included extra file "/etc/supervisor/conf.d/mail_room.conf" during parsing
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,403 INFO Included extra file "/etc/supervisor/conf.d/nginx.conf" during parsing
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,403 INFO Included extra file "/etc/supervisor/conf.d/puma.conf" during parsing
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,403 INFO Included extra file "/etc/supervisor/conf.d/sidekiq.conf" during parsing
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,403 INFO Included extra file "/etc/supervisor/conf.d/sshd.conf" during parsing
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,403 INFO Set uid to user 0 succeeded
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,413 INFO RPC interface 'supervisor' initialized
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:07,413 INFO supervisord started with pid 1
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:08,418 INFO spawned: 'gitaly' with pid 897
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:08,423 INFO spawned: 'puma' with pid 898
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:08,428 INFO spawned: 'gitlab-workhorse' with pid 899
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:08,446 INFO spawned: 'sidekiq' with pid 900
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:08,451 INFO spawned: 'gitlab-pages' with pid 901
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:08,476 INFO spawned: 'sshd' with pid 907
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:08,504 INFO spawned: 'nginx' with pid 908
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:08,517 INFO spawned: 'cron' with pid 909
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:09,595 INFO success: gitaly entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:09,596 INFO success: puma entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:09,596 INFO success: gitlab-workhorse entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:09,597 INFO success: sidekiq entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:09,598 INFO success: gitlab-pages entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:09,598 INFO success: sshd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:09,599 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:49:09,599 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 09:55:20,380 INFO reaped unknown pid 1052
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 10:05:54,121 INFO reaped unknown pid 1084
gitlab_gitlab.1.6ovng6s6zitt@SRVDOCKER02    | 2023-12-14 10:09:14,909 INFO reaped unknown pid 1190

LOGS REGISTRY:

{"auth.user.name":"","err.code":"digest invalid","err.message":"provided digest did not match uploaded content","go.version":"go1.20.8","http.request.host":"registry_registry:5000","http.request.id":"09c7cdce-048b-4c9d-89e0-c368efc1b13f","http.request.method":"DELETE","http.request.remoteaddr":"10.0.1.232:48710","http.request.uri":"/v2/compmon/application/panorama_tunnel_ssh/nginx/manifests/alpine","http.request.useragent":"GitLab/16.6.1","http.response.contenttype":"application/json; charset=utf-8","http.response.duration":"7.641504ms","http.response.status":400,"http.response.written":98,"level":"error","msg":"response completed with error","time":"2023-12-15T12:18:36.491871799-03:00","vars.name":"compmon/application/panorama_tunnel_ssh/nginx","vars.reference":"alpine"}
registry_registry.1.og01zgrjx0v9@SRVDOCKER02    | 10.0.1.232 - - [15/Dec/2023:12:18:36 -0300] "DELETE /v2/compmon/application/panorama_tunnel_ssh/nginx/manifests/alpine HTTP/1.1" 400 98 "" "GitLab/16.6.1"

application_json.log

{"severity":"INFO","time":"2023-12-15T15:17:23.240Z","meta.caller_id":"ContainerRegistry::DeleteContainerRepositoryWorker","correlation_id":"5d8fd23d3c5c78765a575cda99fdafd7","meta.root_caller_id":"Cronjob","meta.feature_category":"container_registry","meta.client_id":"ip/","container_repository_id":85,"container_repository_path":"compmon/application/panorama_tunnel_ssh/nginx","project_id":189,"third_party_cleanup_tags_service":true}
{"severity":"ERROR","time":"2023-12-15T15:17:23.298Z","meta.caller_id":"ContainerRegistry::DeleteContainerRepositoryWorker","correlation_id":"5d8fd23d3c5c78765a575cda99fdafd7","meta.root_caller_id":"Cronjob","meta.feature_category":"container_registry","meta.client_id":"ip/","service_class":"Projects::ContainerRepository::DeleteTagsService","container_repository_id":85,"project_id":189,"message":"could not delete tags: alpine"}
@Gabrielandre02 Gabrielandre02 changed the title problem deleting image or tag problem deleting image or tag 16.6.1 Dec 15, 2023
@ymazzer
Copy link
Contributor

ymazzer commented Dec 19, 2023

Hi,

We are facing the same issue. In addition to the reported details, the gitlab registry cleanup policy when enabled will generate plenty of logs in both sides due to images not being deleted.

We got several instances, but the one we are facing this issue in is using registry 2.8.x instead of 2.7.x.

It seems related to several things :

  • Gitlab has deprecated external registry support in 16.x

  • Such an issue has been reported before

    • Gitlab uses image deletion by manifest which needs to be enabled on the registry
    • But it seems something has changed between registry 2.7.x and 2.8.x since gitlab uses an url like /v2/<repository>/manifests/<tag> in 16.6.2 and /v2/<repository>/manifests/<digest without sha256 prefix> making the deletion fail

    Is there any documented way to use gitlab registry with sameersbn image ?

@sachilles
Copy link
Collaborator

Hi,

unfortunately I've been using only the integration of the docker registry into GitLab as pointed out in https://github.com/sameersbn/docker-gitlab/blob/master/docs/container_registry.md#gitlab-container-registry.

However, following https://docs.gitlab.com/ee/administration/packages/container_registry.html#self-compiled-installations, the integrated registry could be activated by using another image.

Did anyone try this?

@ymazzer
Copy link
Contributor

ymazzer commented Jan 5, 2024

Hi @sachilles,

unfortunately I've been using only the integration of the docker registry into GitLab as pointed out in https://github.com/sameersbn/docker-gitlab/blob/master/docs/container_registry.md#gitlab-container-registry.

This is what we did, didn't you met the issue we are facing? Did you try to delete container images from gitlab interface or using the cleanup policy?

However, following https://docs.gitlab.com/ee/administration/packages/container_registry.html#self-compiled-installations, the integrated registry could be activated by using another image.

Did anyone try this?

I didn't have time to try this out yet, I wanted to try using the integrated gitlab registry, directly from the main gitlab image by passing the registry disk to the main service, but I'm not sure it will work out of the box :\

@avvertix
Copy link
Contributor

avvertix commented Jan 6, 2024

I'm also experiencing errors when deleting images from the container registry. I noticed the problem after upgrading to 16.6. I suppose it is connected to Gitlab forking the Docker distribution registry. In my case I'm currently using registry:2.7.1 from Docker Distribution to host container registry images. @ymazzer @sachilles are you using the same version?

@avvertix
Copy link
Contributor

avvertix commented Jan 6, 2024

I actually stumbled on https://gitlab.com/gitlab-org/container-registry/-/issues/958#note_1471217687 that consider my setup (using registry:2.7.1) as a third party registry that will not be supported in the future.

In that thread is suggested to switch to the gitlab-container-registry version as declared in the Omnibus package. Apparently for Gitlab 16.6.2 the gitlab-container-registry version is v3.86.1-gitlab.

I tried the switch

  1. I made a copy of the configuration file /etc/docker/registry/config.yml (apparently without an initial configuration file it won't start)
  2. Replaced the registry docker image and mounted the new configuration file
   registry:
-    image: registry:2.7.1
+    image: "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v3.86.1-gitlab"
     volumes:
+      - ./registry:/etc/docker/registry
       - /data/gitlab/registry:/registry
       - ./certs:/certs

I experienced an issue with file system permission during deletion, but I haven't figured out the correct user to switch to. I indeed temporary solved it by allowing write to everyone.

@sachilles
Copy link
Collaborator

sachilles commented Jan 8, 2024

Hi @ymazzer,

This is what we did, didn't you met the issue we are facing? Did you try to delete container images from gitlab interface or using the cleanup policy?

I have the same problem. It doesn't matter if I try to delete container images via the GitLab web interface or via the cleanup policy. The result is the same. (I'm using the "official" self-hosted docker registry in version 2.8.1.)

I didn't have time to try this out yet, I wanted to try using the integrated gitlab registry, directly from the main gitlab image by passing the registry disk to the main service, but I'm not sure it will work out of the box :\

Okay, I guess the proposed way is to migrate the content of the "official" self-hosted docker registry (see https://gitlab.com/gitlab-org/gitlab/-/issues/423459).

@sachilles
Copy link
Collaborator

sachilles commented Jan 8, 2024

Dear @avvertix,

I found somewhere (see https://gitlab.com/gitlab-org/gitlab/-/issues/423459) that the suggested way is to migrate the entire contents of the Docker registry by using the GitLab container registry, as several changes were included after the container registry was forked by the GitLab maintainers. (My first attempt to replace the Docker registry with the GitLab container registry failed).

However, please make sure to backup the entire Docker registry data directories before the necessary migration.

Once I (or someone else) is successful, we will update the corresponding configuration files and documentation.

@Gabrielandre02
Copy link
Author

Gabrielandre02 commented Jan 8, 2024

@avvertix,
This solution solved the problem and related to deleting the images.
Tested on version 16.7.0. however I had to clean all the images within the registry.

Thanks

@avvertix
Copy link
Contributor

avvertix commented Jan 9, 2024

https://gitlab.com/gitlab-org/gitlab/-/issues/423459 that the suggested way is to migrate the entire contents of the Docker registry by using the GitLab container registry

Dear @sachilles I also saw the link you shared, but my interpretation is that the issue refers to the migration from filesystem metadata (or object storage) to the database storage for the images metadata. As far as I understood migrating to the database metadata is in beta and not yet fully complete that's why I didn't try that way.

I saw a workaround following the feedback issue on the use of external registries.

I totally agree that my approach is just a workaround, but probably could make easier the migration path until all official migrations tools are available.

@avvertix
Copy link
Contributor

avvertix commented Jan 9, 2024

however I had to clean all the images within the registry.

@Gabrielandre02 could you tell me more about why you had to clean all the images, as in the end I was able to use the same storage directory by ensuring that the user within the docker image had access to the filesystem. (btw seems that in my case the user on the host os didn't have write permission on a parent folder in the storage, after I ensured that all the folders/files are writeable by the current user everything worked without changing nothing)

@ymazzer
Copy link
Contributor

ymazzer commented Jan 11, 2024

Hi @sachilles @avvertix,

I just tried out the simple following procedure:

  • Starting from a registry:2.8, I replaced the image by the latest gitlab-registry registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v3.88.0-gitlab
  • I changed registry mounted folder ownership to 1000:1000 and then started the registry and tried building an OCI image.
  • Everything worked like a charm, I can now push/pull images from images and from my dev box as well as delete images from the gitlab interface or sidekiq jobs.
# docker-compose.yml
# [...]
  registry:
    #image: registry:2.8
    image: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v3.88.0-gitlab
    restart: unless-stopped
    expose:
      - "5000"
    ports:
      - "127.0.0.1:5000:5000"
    volumes:
      - ./registry-config.yml:/etc/docker/registry/config.yml # this has changed as described before by @avvertix 
      - /opt/gitlab/disk/data/shared/registry:/var/lib/registry/docker/registry
      - /etc/ssl/private/registry.my-registry.com:/certs
    environment:
      REGISTRY_LOG_LEVEL: info
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
      REGISTRY_AUTH_TOKEN_REALM: https://my-gitlab.com/jwt/auth
      REGISTRY_AUTH_TOKEN_SERVICE: container_registry
      REGISTRY_AUTH_TOKEN_ISSUER: gitlab-issuer
      REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/cert.crt
      REGISTRY_STORAGE_DELETE_ENABLED: "true"
    networks:
      - web
# [...]

Hope this will help.

PS: I obviously made a backup before doing the operation.

@etlam
Copy link

etlam commented Mar 5, 2024

Will there be an update of the docs and an “official” way for migrating to the new docker image?

@sachilles
Copy link
Collaborator

@etlam Yes, the project-related docs will be updated possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants