This is an automated email from the ASF dual-hosted git repository.
marcoabreu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-mxnet.git
The following commit(s) were added to refs/heads/master by this push:
new bc2f13d Change docker login (#13408)
bc2f13d is described below
commit bc2f13d1476479cc3c97a0e8c1bf60063aa36b80
Author: Marco de Abreu <[email protected]>
AuthorDate: Mon Nov 26 17:06:54 2018 +0100
Change docker login (#13408)
---
ci/docker_cache.py | 48 ++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 42 insertions(+), 6 deletions(-)
diff --git a/ci/docker_cache.py b/ci/docker_cache.py
index 80fd883..fe1882a 100755
--- a/ci/docker_cache.py
+++ b/ci/docker_cache.py
@@ -30,10 +30,12 @@ import argparse
import sys
import subprocess
import json
+import time
from typing import *
import build as build_util
-
+DOCKERHUB_LOGIN_NUM_RETRIES = 5
+DOCKERHUB_RETRY_SECONDS = 5
def build_save_containers(platforms, registry, load_cache) -> int:
"""
@@ -99,7 +101,6 @@ def _upload_image(registry, docker_tag, image_id) -> None:
:param image_id: Image id
:return: None
"""
- _login_dockerhub()
# We don't have to retag the image since it is already in the right format
logging.info('Uploading %s (%s) to %s', docker_tag, image_id, registry)
push_cmd = ['docker', 'push', docker_tag]
@@ -112,9 +113,40 @@ def _login_dockerhub():
:return: None
"""
dockerhub_credentials = _get_dockerhub_credentials()
- login_cmd = ['docker', 'login', '--username',
dockerhub_credentials['username'], '--password',
- dockerhub_credentials['password']]
- subprocess.check_call(login_cmd)
+
+ for i in range(DOCKERHUB_LOGIN_NUM_RETRIES):
+ logging.info('Logging in to DockerHub')
+ # We use password-stdin instead of --password to avoid leaking
passwords in case of an error.
+ # This method will produce the following output:
+ # > WARNING! Your password will be stored unencrypted in
/home/jenkins_slave/.docker/config.json.
+ # > Configure a credential helper to remove this warning. See
+ # >
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
+ # Since we consider the restricted slaves a secure environment, that's
fine. Also, using this will require
+ # third party applications which would need a review first as well.
+ p = subprocess.run(['docker', 'login', '--username',
dockerhub_credentials['username'], '--password-stdin'],
+ stdout=subprocess.PIPE,
input=str.encode(dockerhub_credentials['password']))
+ logging.info(p.stdout)
+ if p.returncode != 0:
+ logging.error('Error logging in to DockerHub')
+ logging.error(p.stderr)
+
+ # Linear backoff
+ time.sleep(1000 * DOCKERHUB_RETRY_SECONDS * (i + 1))
+ else:
+ logging.info('Successfully logged in to DockerHub')
+ break
+ else:
+ logging.error('DockerHub login not possible after %d retries,
aborting', DOCKERHUB_LOGIN_NUM_RETRIES)
+ raise Exception('Unable to log in to DockerHub')
+
+def _logout_dockerhub():
+ """
+ Log out of DockerHub to delete local credentials
+ :return: None
+ """
+ logging.info('Logging out of DockerHub')
+ subprocess.call(['docker', 'logout'])
+ logging.info('Successfully logged out of DockerHub')
def load_docker_cache(registry, docker_tag) -> None:
@@ -217,7 +249,11 @@ def main() -> int:
args = parser.parse_args()
platforms = build_util.get_platforms()
- return build_save_containers(platforms=platforms,
registry=args.docker_registry, load_cache=True)
+ try:
+ _login_dockerhub()
+ return build_save_containers(platforms=platforms,
registry=args.docker_registry, load_cache=True)
+ finally:
+ _logout_dockerhub()
if __name__ == '__main__':
