-
Notifications
You must be signed in to change notification settings - Fork 645
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multi-Architecture Builds Succeed But Fail to Push #1709
Comments
@ichasepucks : Thanks for reporting, I'll try to reproduce your issue via some GitHub action mac workflow |
FWIW, I'm trying to have some colleagues reproduce this. So far, one with an Intel Mac and an old version of Docker, |
If you look in your build listing you see I think plugin builds it for a single platform "linux/arm64" and later on it try to push as a multi platform image. When I look in the plugin sources BuildXService:134 buildAndLoadSinglePlatform() there is only support for single platform at a time, while BuildXService:147 pushMultiPlatform() performs multiplatform push. I actualy tryied to do a multiplatform build with the maven-plugin with a number of different configuration all accoding to the documentation but never suceeded and I connsider this a bug or a not yet supported fetaure. |
What is needed here i to rewrite the
This was the easy part, then there are a number of test-cases that needs to be modified and adopted to the fact that multiplatform builds can be done and single platform builds don't need to be native. |
After some iterations I finally understood how the plugin works and have åcome to a conclusion that that is works fine as it is, and reasons for it. The basic reason is that multiplatform images cant be loaded in your local docker repo you have on your machine. It only have support for single platform but it can actualy be a foreign platform. Later on when you run deploy it will rerun This all works fine for me, so disregards all my previous comments. |
Hi @rohanKanojia this was really bugging me again so I built the plugin locally and started trying some things. I've narrowed this down to using the configuration. https://github.com/fabric8io/docker-maven-plugin/blob/master/src/main/java/io/fabric8/maven/docker/service/BuildXService.java#L76-L79 However, I don't know why this is causing the problem. I'm not sure what you'd recommend to resolve this? An option to ignore config could work but probably should understand why it's causing the failure more? Edit: |
@rohanKanojia I would be willing to submit a PR for this if you could provide the necessary background info and some guidance on a potential approach. |
@ichasepucks : Do you have something in mind that you would like to propose to fix this? I will try my best to help you. Problem is that I don't have mac machine, I'm not sure I would be able to reproduce the issue. Do you have some minimal reproducer project that I can build to reproduce the problem? |
@rohanKanojia thanks for responding. I don't currently have a simple generic repro but I may be able to create one. I think my first question is why is the config added by default on new versions of Docker, here? One solution is to add a configuration option that only adds this when present. By default, I would expect most users to have their config directory already set up and configured how they need? Just trying to make sure I'm not missing an obvious reason for this bit of code. |
Actually looks like this is a duplicate of #1701. I verified this works with version 0.43.3. This was broken in https://github.com/fabric8io/docker-maven-plugin/pull/1703/files. |
@ichasepucks : I see. let me look into this. |
@ichasepucks : Could you please share the location where you've installed docker-buildx? Is it in
|
Related to fabric8io#1709 Currently Docker CLI on Mac OS don't seem to respect `--config` flag. When DMP tries to override default Docker config directory by providing `--config` flag, Docker CLI is no longer able to recognize buildx options. This seems to happening for scenarios where docker-buildx is installed in `~/.docker/cli-plugins`, whenever `docker --config new/path/config` is provided docker CLI uses new config path (which does not contain buildx). Add a workaround to copy `docker-buildx` binary to temporary config directory created for docker buildx build. This seems to make docker recognize buildx even after config override. Signed-off-by: Rohan Kumar <[email protected]>
@ichasepucks : I think this comment is very accurate description of the issue you're facing docker/for-mac#6928 (comment)
I think we can add a workaround in DMP code to copy I have pushed code related to above mentioned approach in this branch https://github.com/rohanKanojia/docker-maven-plugin/tree/pr/buildx-push-fails-mac . Could you please try out this branch and confirm if it is working for your environment? |
Hi @rohanKanojia this still doesn't work. The problem is not resolving buildx. The problem is that we should not be setting a docker |
Could you please elaborate what error you faced while running it? I had tested it on MacOS via GitHub action Docker Maven Plugin supports reading registry credentials from maven settings.xml, properties apart from default docker config. We need to set I think we can try to set |
@rohanKanojia the error is the same as originally reported. I have server entries for the repositories I need authentication to but I still get a Edit: I see |
@ichasepucks : Could you please set a breakpoint on this line and see what value is being picked inside AuthConfig? docker-maven-plugin/src/main/java/io/fabric8/maven/docker/service/BuildXService.java Line 76 in 1ead2bb
Run |
@rohanKanojia debugged this a bit more and I think I see what's going on now. The AuthConfig object is non null and contains the configuredRepository which is the same as I defined in the Is there a way I can get more than 1 registry in the AuthConfig object? |
@ichasepucks : I think we already handle case of fetching auth config from base images. Could you please set a breakpoint here and see what's happening here? docker-maven-plugin/src/main/java/io/fabric8/maven/docker/BuildMojo.java Lines 141 to 146 in 1ead2bb
|
@rohanKanojia BuildMojo doesn't appear to be used during the buildx push operation. When I added logging to the BuildMojo code I can see the source registry is created as expected in the config.json but since this code path doesn't execute in the buildx push path the authconfig doesn't contain the source registry credentials. I think this is the source of the issue. Does this make sense? |
@ichasepucks : Are you able to get issue fixed if you copy paste this code in RegistryService : docker-maven-plugin/src/main/java/io/fabric8/maven/docker/service/RegistryService.java Line 70 in 1ead2bb
|
@rohanKanojia sorry I didn't follow the request. Can you tell me where you want that line copied to or clarify what you want me to try? |
@ichasepucks : I just tried making modifications in RegistryService. I want you to try out this branch (I haven't tested it myself though since I don't have same environment as you) . |
@rohanKanojia you got it! This is working now! |
@ichasepucks : Would you like to submit a PR to fix this issue? |
I'm not sure what I would do different from your code changes? Happy to submit your changes from my own fork if that is helpful to you. |
@ichasepucks : I just did a spike. I think we would also need to adapt existing tests + write new tests |
@rohanKanojia I see. I could possibly do that in the next week or 2 if you don't have time to add them. Thanks. |
@ichasepucks : oh okay, I will try to complete it in coming weekend. |
@ichasepucks : I've merged #1751 Could you please give a try to Docker Maven Plugin 0.44-SNASHOT and provide feedback whether it's working as expected for your use case? |
@rohanKanojia I can confirm that 0.44-SNAPSHOT is working as expected for me. Thanks! |
@ichasepucks : Thanks a lot, I'll ask some other users as well and will cut a release next week. |
@ichasepucks : I've released 0.44.0 that contains fix for your issue. Would appreciate if you could try it out and provide feedback. |
@rohanKanojia 0.44.0 works for me. Thanks. |
Description
I'm able to run the build goal successfully, which is able to auth and pull down images.
However, the push goal fails with a 403.
To make things even more confusing, if I copy the command and execute it locally in the shell the push command works as expected. Specifically this command which was copied verbatim from the debug output from DMP.
I've tried every authentication mechanism specified in the documentation and they all result in the same behavior.
Both the source registry and destination registry are internally hosted on Artifactory and are v2 Docker registries. They require auth for all requests. The fact that I'm able to build successfully proves that I have authentication configured correctly. On the surface it appears that the HEAD request may not be sending authentication credentials but all the other requests do?
I'm running on an M1 Macbook with the latest Docker Desktop. As far as I can tell, this seems to be an issue only on Mac or with recent versions of Docker. This actually works from our Linux AMD64 based CI infrastructure. However, that infra is using Docker 20.x.x. I know from other issues reported that there is some variation in behavior between older Docker clients and newer.
At this point, I'm not sure how to debug this any further. I'm open to debug builds or even some hints on where to dig into the code. I spent some time looking at it but there was nothing obvious.
Info
mvn -v
) : 3.9.2The text was updated successfully, but these errors were encountered: