Keep but deprecate registry v2 schema1 logic and revert to libtrust-key-based engine ID #39365
Conversation
tiborvass
force-pushed
the
deprecate-v2-schema1
branch
from
fd2e9b8
to
04593cc
Compare
distribution/push_v2.go
Outdated
| logrus.Warnf("failed to upload schema2 manifest: %v - falling back to schema1", err) | ||
|
|
||
| logrus.Warnf("[DEPRECATION NOTICE] schema1 support will be removed in an upcoming release. Please contact admins of the %s registry NOW to avoid future disruption. Waiting 13 annoying seconds...", reference.Domain(ref)) | ||
| time.Sleep(13 * time.Second) |
There was a problem hiding this comment.
We could randomize it?
If this needs more discussion, might be good to move it to a separate PR to unblock this one
| @@ -14,4 +14,4 @@ export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | |||
| . ${SCRIPTDIR}/toml | |||
| . ${SCRIPTDIR}/changelog-well-formed | |||
| . ${SCRIPTDIR}/changelog-date-descending | |||
| . ${SCRIPTDIR}/deprecate-integration-cli | |||
| #. ${SCRIPTDIR}/deprecate-integration-cli | |||
There was a problem hiding this comment.
Guess this was to make CI pass?
daemon/daemon.go
Outdated
| trustKey, err := libtrust.LoadKeyFile(config.TrustKeyPath) | ||
| switch { | ||
| case err == nil: | ||
| d.ID = trustKey.PublicKey().KeyID() |
There was a problem hiding this comment.
Can we write the ID to the new file in this case? That way we're able to preserve the ID once we really remove this logic.
FWIW, the format of the ID is not formalized (the new code uses an UUID for convenience), so storing the old ID format in the new location should not be a problem
There was a problem hiding this comment.
@thaJeztah @justincormack the only problem I see here is that we would put a non-UUID into a file called engine_uuid. Should we rename the file to engine_id ?
There was a problem hiding this comment.
Makes sense to me; it's used to store an ID (and we describe it in the API that the format is not specified)
distribution/push_v2.go
Outdated
| logrus.Warnf("failed to upload schema2 manifest: %v - falling back to schema1", err) | ||
|
|
||
| logrus.Warnf("[DEPRECATION NOTICE] schema1 support will be removed in an upcoming release. Please contact admins of the %s registry NOW to avoid future disruption. Waiting 13 annoying seconds...", reference.Domain(ref)) | ||
| time.Sleep(13 * time.Second) |
There was a problem hiding this comment.
We could randomize it?
If this needs more discussion, might be good to move it to a separate PR to unblock this one
|
@thaJeztah @justincormack since this PR reverts v2 schema1 removal, and that libtrust key is needed to push with v2 schema1, I'm afraid we need to revert the engine ID change altogether. Migrating from libtrust key to engine UUID would mean removing the libtrust key, and thus breaking users who rely on pushing v2 schema1. So we will only be able to remove the libtrust key when we decide to remove support for pushing v2 schema1. But now that libtrust key stays, it makes little sense to introduce another engine ID. |
tiborvass
force-pushed
the
deprecate-v2-schema1
branch
from
db063e0
to
0bd619b
Compare
Codecov Report
@@ Coverage Diff @@
## master #39365 +/- ##
=========================================
Coverage ? 37.35%
=========================================
Files ? 610
Lines ? 45235
Branches ? 0
=========================================
Hits ? 16897
Misses ? 26046
Partials ? 2292 |
tiborvass
force-pushed
the
deprecate-v2-schema1
branch
2 times, most recently
from
2afb14b
to
3cb4c1f
Compare
tiborvass
changed the title
|
@thaJeztah @tonistiigi @justincormack PTAL I updated the code, the title, and the description based on the discussions. Removed the annoying sleep, will PR it separately. |
tiborvass
force-pushed
the
deprecate-v2-schema1
branch
3 times, most recently
from
fa1920c
to
f18350d
Compare
This reverts commit 13b7d11. Signed-off-by: Tibor Vass <tibor@docker.com>
tiborvass
force-pushed
the
deprecate-v2-schema1
branch
from
f18350d
to
eb1e31c
Compare
Signed-off-by: Tibor Vass <tibor@docker.com>
This reverts commit 98fc091 in order to keep registry v2 schema1 handling and libtrust-key-based engine ID. Because registry v2 schema1 was not officially deprecated and registries are still relying on it, this patch puts its logic back. However, registry v1 relics are not added back since v1 logic has been removed a while ago. This also fixes an engine upgrade issue in a swarm cluster. It was relying on the Engine ID to be the same upon upgrade, but the mentioned commit modified the logic to use UUID and from a different file. Since the libtrust key is always needed to support v2 schema1 pushes, that the old engine ID is based on the libtrust key, and that the engine ID needs to be conserved across upgrades, adding a UUID-based engine ID logic seems to add more complexity than it solves the problems. Hence reverting the engine ID changes as well. Signed-off-by: Tibor Vass <tibor@docker.com>
tiborvass
force-pushed
the
deprecate-v2-schema1
branch
3 times, most recently
from
65f8392
to
ecc8c8a
Compare
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
This will add a warning log in the daemon, and will send the message to be displayed by the CLI. Signed-off-by: Tibor Vass <tibor@docker.com>
…revert Signed-off-by: Tibor Vass <tibor@docker.com>
tiborvass
force-pushed
the
deprecate-v2-schema1
branch
from
ecc8c8a
to
3f1cdd5
Compare
| @@ -14,6 +14,7 @@ import ( | |||
| "github.com/docker/docker/layer" | |||
| dockerreference "github.com/docker/docker/reference" | |||
| "github.com/docker/docker/registry" | |||
| "github.com/docker/libtrust" | |||
There was a problem hiding this comment.
FWIW; had a chat with @dmcgowan, and there's a desire to get rid of this dependency; not sure if it's worth doing so as part of this PR (if we plan to remove it in the next release); his suggestion was to copy the parts we use into this repository (somewhere in pkg or internal perhaps?), so that we can remove the dependency
There was a problem hiding this comment.
@thaJeztah Sure I can do that in a followup, don't want to add more changes to this PR which is already big.
thaJeztah
added
impact/changelog
impact/deprecation
status/2-code-review
area/distribution
and removed
status/0-triage
labels
|
SGTM As much as I would prefer quay.io to support v2 schema2 pushes, at this point it fails to handle it. I just tried and daemon says: |
|
Thanks for the reviews. |
|
This message should not have been added on pull, that can be unnecessarily confusing for users as there is nothing that must be done now related to pull and just causes noise. If a user is pushing to a registry which still only supports v1, then they do need to contact their registry administrator to upgrade. distribution/distribution#2976 |
Partially reverts #37874
This partially reverts 98fc091.
Because registry v2 schema1 was not officially deprecated and
registries are still relying on it, this patch puts its logic back.
However, registry v1 relics are not added back since v1 logic has been
removed a while ago.
This also fixes an engine upgrade issue in a swarm cluster. It was relying
on the Engine ID to be the same upon upgrade, but the mentioned commit
modified the logic to use UUID and from a different file.
Since the libtrust key is always needed to support v2 schema1 pushes,
that the old engine ID is based on the libtrust key, and that the engine ID
needs to be conserved across upgrades, adding a UUID-based engine ID logic
seems to add more complexity than it solves the problems.
For that reason, this patch also reverts the engine ID changes.
This reverts commit 13b7d11.
Added a test to guard the daemon ID when upgrading.
This also adds a deprecation message to the user as well as in the logs.