Hi Steve When you say the registry would require a machine with plenty of disk space, do you have an estimate of storage needed?
Regards 2016-02-20 14:21 GMT+01:00 Steven Dake (stdake) <std...@cisco.com>: > Infra folks, > > I'd like to see a full CI/CD pipeline of Kolla to an OpenStack > infrastructure hosted registry. > > With docker registry 2.2 and earlier a Docker push of Kolla containers > took 5-10 hours. This is because of design problems in Docker which made a > push each layer of each Docker image repeatedly. This has been rectified > in docker-regitery 2.3 (the latest hub tagged docker registry). The 5-10 > hour upload times are now down to about 15 minutes. Now it takes > approximately 15 minutes to push all 115 kolla containers on a gigabit > network. > > Kolla in general wants to publish to a docker registry at least per tag, > and possibly per commit (or alternatively daily). We already build Kolla > images in the gate, and although sometimes our jobs time out on CentOS the > build on Ubuntu is about 12 minutes. The reason our jobs time out on > CentOS is because we lack local to the infrastructure mirrors as is > available on Ubuntu from a recent patch I believe that Monty offered. > > We have one of two options going forward > > 1. We could publish to the docker hub registry > 2. We could publish to docker-registry.openstack.org > > Having a docker-registry.openstack.org would be my preference, but > requires a machine with plenty of disk space and a copy of docker 1.10.1 or > later running on it. The docker-registry 2.3 and later runs as a container > inside Docker. The machine could be Ubuntu or CentOS – we have gate > scripts for both that do the machine setup which the infrastructure team > could begin with[1][2] I don't care which distro is used for docker > registry – it reallly shouldn't matter as it will be super lightweight and > really only need a /var/lib/docker that is fast and large. Kolla dev's can > help get the docker registry setup and provide guidance to the > infrastructure team on how to setup Docker, but I'm unclear of OpenStack > has resources to make this particular request happen. > > NB the machine need not be baremetal – it really doesn't matter. It does > need fast bi-directional networking and fast disk IO to meet the gate > timeout requirements and Operator requirements that a pull is speedy. The > other change needed is a CentOS mirror internal to the infrastructure, so > our CentOS jobs don't time out and we can push per cmmit (or we could add a > nightly job). > > This is something new OpenStack hasn't done before, so feedback from the > infrastructure team welcome if that team is willing to maintain a > docker-registry.openstack.org. The other challenge here will be > authentication – we setup our gate Docker without TLS because we throw away > the VMs but infra will want to setup TLS with the docker registry. Folks > wanting to use the docker reigstry service from OpenStack will need to be > able to put TLS credentials in the gating in some way. I'm not sure we > want to just check these credentials into our repository – which means they > need to somehow be injected into our VMs to protect the security of the > Docker images. > > If infra decides they don’t want to take on a > docker-registry.openstack.org, guidance on how to get our credentials > securely into our built VM would be helpful. > > One final note – Docker can be setup to use Swift as a storage backend, or > alternatively can use straight up disk space on the node. It can also > publish to an AWS storage backend and has many other storage backend modes. > > Regards > -steve > > > [1] https://github.com/openstack/kolla/blob/master/tools/setup_RedHat.sh > [2] https://github.com/openstack/kolla/blob/master/tools/setup_Debian.sh > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev