-
Notifications
You must be signed in to change notification settings - Fork 8.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FAB-9629] support for building multi-arch docker images #1086
Conversation
f19e83d
to
35c1e54
Compare
The issue was closed with a comment of 'stale' along with hundreds of others that received no meaningful update in more than 9 months. If you look at it, you will see that all of the associated items were completed in the Fabric 1.1 time frame. Fabric created multi-arch images for amd64 and s390x until very recently. We stopped when we moved off of the LF CI infrastructure and then eventually removed the multi-arch script when we were only doing amd64. At this point we have no CI for anything other amd64-linux. Without CI for all of the platforms, we are not in a position to maintain or publish images for any other platform. Basically, it's not the tools that are the issue, it's the infrastructure. |
@sykesm Azure can do multi-arch CI by using qemu. The image-building I've already implemented. But if you need to do multi-arch tests I can implement that as well. |
It's not just building; it's maintaining, documenting, and debugging. Every new platform and every new layer adds more scope to the work we do and new platforms tend to have a long tail. If you're interested in formally proposing this work, please take a look at https://github.com/hyperledger/fabric-rfcs and have a conversation with @denyeart to determine the best way to propose this. |
…ng buildx Signed-off-by: Aaron Simmons <paleozogt@gmail.com>
Prior to the 2.x release, the maintainers decided that we were only going to publish x86_64 Docker images. The images we publish are really only for use in our tutorials and getting started demos. They are not built or maintained for other uses. But the code is open source so people are free to clone it and use it however they like. |
@mastersingh24 The HLF Docker images aren't intended to be used in production? I find that surprising. It seems like anyone using kubernetes would just use the Docker hub images rather than building their own. |
"Anyone who uses Kubernetes" is a pretty general statement. Many organizations who are serious about running Fabric purchase support contracts from third parties, or use Blockchain-as-a-Service offerings (which most cloud providers have now), where the images, and service are built and maintained by these third parties. Consider a few other open source projects:
An open source license expressly states that software is granted "as is" (sections 7, 8 and 9 of our LICENSE, https://github.com/hyperledger/fabric/blob/master/LICENSE#L143), and we do, on a best effort, keep up with security and bug fixes, but if you are running in production, waiting a few weeks for our next release may not be an option when you are staring down a potential exploit in your Docker images, and you have no warranty to fall back on. |
@btl5037 I'm maintaining my own fork of HLF in order to have multi-arch images. I figured the community would prefer to go to an official source for such things, so I tried to contribute it back. I'm rather surprised by the pushback. I'm hearing two things. One, it needs to be aggressively tested on CI in order for it to be accepted (which I can appreciate). But I'm also hearing that the docker images aren't intended to be used (!), so why bother expanding the arches. |
As I mentioned in RocketChat, you're also missing quite a few pieces, in order for us to run our tests across these images it also requires you to create multi-arch images of the As the person who maintains our DockerHub repositories, Artifactory repositories, and our GitHub releases, the thought of adding support for all (or any one) of these would make me lose sleep. It's a monumental undertaking to keep x86 images in line across all of our repos, multiplying that by 4 would be near impossible to maintain, as we don't only have to maintain the images, but we also have to perform bug fixes that may affect only one of these platforms. I can absolutely appreciate where you are coming from, and at its face, it seems like a great idea. But given a finite set of resources, and the fact no one is screaming from the hills for this, its just not something we can undertake without a strong proposal for continued support and maintenance (of the images and the Fabric code itself), and a really, really good reason for why open source should host this work. |
You bring up some interesting points .... I'll net it out this way for you: Hyperledger Fabric is a project not a product. The official artifact for each release is actually the tarball of the source code. This is actually the same as every Apache Foundation project as well (although some do also provide binaries). Fabric also provides binaries for 3 platforms which are also under each release. And it's not that we do not appreciate your contribution; it's simply that we made a decision not to publish multi-arch images as many people were assuming that these were "product releases". And when I say they are not production images, I mean that we do not constantly scan them and update vulnerabilities. Almost any company which runs containers in production requires vulnerability scans and timely patching. We do, however, fix any security issues in the actually source as quickly as possible. We cannot and do not prevent people from using the images we publish however they like, but we also do not treat them like an official product either. |
Closing, as the decision to only produce x86 artifacts was decided by the Fabric maintainers as a part of the CICD migration several months ago. Users who wish to create artifacts for other platforms are free to do so independently. |
Apple m1 Pro requires arm-based docker fabric images. fabric-samples chain code installation is failing. its better to start this PR |
Type of change
Description
I want to be able to use Hyperledger Fabric on various architectures, including
arm64
. Since HLF is written in Go I figured this should be straightforward to support.Sadly the Docker Hub images are
x86_64
only. However, using Docker's new buildx makes building multi-arch images easy.I've modified the HLF makefiles so that the various
xxx-docker
targets build for multiple architectures. So that building the images doesn't take forever, cross-compilation on the host arch is used.Additional details
Building images is much the same as it currently is, with some additional setup:
The orderer, tools and ccenv images are built similarly.
I've published these multi-arch images to my own repo and have been using them. I can't find how the makefiles are invoked by CI, so I can't test this any further. However, I'm willing to work on integrating these changes into any CI scripts.
Related issues
HLF Jira has issue FAB-9629, but it seems to be closed as "Won't Do" without any comments. Hopefully it was closed due to no one wanting to work on it and not for some other reason.
While this PR is on master, I've also implemented this on the
release-2.0
andrelease-2.1
branches.