From Fedora Project Wiki
(→‎Task Table: Update the task table.)
 
(43 intermediate revisions by 3 users not shown)
Line 6: Line 6:


== Summary ==
== Summary ==
This is a proposal for a change to the Fedora Infrastructure and Fedora Release Engineering tooling to provide a scalable Docker Registry solution for Fedora that is integrated with the [[Changes/Layered_Docker_Image_Build_Service|Fedoar Docker Layered Image Build Service]].
This is a proposal for a change to the Fedora Infrastructure and Fedora Release Engineering tooling to provide a scalable container registry solution for Fedora that is integrated with the [[Changes/Layered_Docker_Image_Build_Service|Fedora Docker Layered Image Build Service]].


== Owner ==
== Owner ==
Line 13: Line 13:
This should link to your home wiki page so we know who you are.  
This should link to your home wiki page so we know who you are.  
-->
-->
* Name: [[User:Maxamillion| Adam Miller]]
* Name: [[User:Maxamillion| Adam Miller]] and [[User:Bowlofeggs| Randy Barlow]]
<!-- Include you email address that you can be reached should people want to contact you about helping with your change, status is requested, or technical issues need to be resolved. If the change proposal is owned by a SIG, please also add a primary contact person. -->
<!-- Include you email address that you can be reached should people want to contact you about helping with your change, status is requested, or technical issues need to be resolved. If the change proposal is owned by a SIG, please also add a primary contact person. -->
* Email: maxamillion@fedoraproject.org
* Email: maxamillion@fedoraproject.org and bowlofeggs@fedoraproject.org
* Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> -->
* Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> -->
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
Line 26: Line 26:


== Current status ==
== Current status ==
* Targeted release: [[Releases/25 | Fedora 25 ]]  
* Targeted release: [[Releases/26 | Fedora 26 ]]  
* Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}  
* Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}  
<!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page  
<!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page  
Line 36: Line 36:
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
-->
-->
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1345756 #1345756]


== Detailed Description ==
== Detailed Description ==


<pre>
=== Background ===
  +-----------+              +------------------------+
  |  koji    |<--------------+ fedpkg container build |
  +--+--------+              +------------------------+
      |  ^
      v  |
  +------+----+
  |          |          +----------------------+
  |  OSBS    |          | docker/distribution  |
  |          +--------->| registry            +-+
  +-----------+          |                      | |
                          | (candidate builds)  | |
                          +----------------------+ +
                                                  |
                                                  |
          +-----------------+                    |
          |                +<--------------------+
          |      Pulp      |
          |                +------------+
          +----+------------+            |
                |                        |
                v                        |
+-------------------------+              v
| +--------+ +--------+  |      +-----------------------+
| |  Crane | |  Crane |  |      | Pulp Published Stable |
| +------+-+ +--+-----+  |      | Image Layeres and    |
|    ^  |      |  ^    |      | Metadata              |
|    |  |      |  |    |      +--------+--------------+
|    |  |      |  |    |              |
|    |  |      |  |    |              |
|    |  |      |  |    |              |
|    |  v      v  |    |              v
| +--+--------------+-+  |    +--------------------+
| | Fedora Infra      |  |    | Mirror Manager    |
| | HAProxy          |  |    | master mirror      |
| +-------------------+  |    +-----------------+--+
+---------+---------------+                      |
    ^    |                                      |
    |    |                                      |
    |    |                                      |
    |    |                                      v
    |    |                            +-----------------------------+
    |    |                            |                            |
    |    |  +------------------------>| "Mirror Network"            |
    |    |  |                        | (All our volunteer mirrors) |
    |    |  |  +---------------------+                            |
    |    |  |  |                    +-----------------------------+
    |    |  |  |
    |    |  |  |
    |    |  |  |
    |    |  |  |
    |    |  |  |
    |    v  |  v
  +--+--------+-----+
  | Users          |
  | (docker pull)  |
  +-----------------+
</pre>
https://maxamillion.fedorapeople.org/FedoraPulpDocker.txt


=== Background ===
The Fedora project wishes to begin distributing new types of content
than it has in the past. One of the types that has been identified as a
goal are container images. Adam Miller has already done the work that
will allow packagers to build container images, but we still need a way to
distribute those builds to Fedora's users. Adam Miller's implementation
helpfully drops the builds we want into a container registry.


'''registry''': a collection of docker image repositories
'''registry''': a collection of container image repositories


'''repository''': named after an image and is a collection of multiple tags of an that image
'''repository''': named after an image and is a collection of multiple tags of an that image


'''tag''': an arbitrary string assigned to a specific docker image (identified by the image's sha256 checksum) NOTE: The "latest" tag is special and is assumed if no tag is provided. This is true also for a 'docker pull' operation and an image tagged "latest" will be the default image pulled by users.
'''tag''': an arbitrary string assigned to a specific container image (identified by the image's sha256 checksum) NOTE: The "latest" tag is special and is assumed if no tag is provided. This is true also for a 'docker pull' operation and an image tagged "latest" will be the default image pulled by users.


=== Proposal ===
=== Proposal ===


Pulp[0] + Crane[1] + MirrorManager[2] + Docker Distribution[3]
In summary, the proposal is to deploy the docker distribution registry at <code>registry.fedoraproject.org</code>, which will serve the container registry API to Fedora's users. Users will fetch all API data from this endpoint, except for the container blobs. Fedora will serve 302 redirects for all requests for container blobs to <code>cdn.registry.fedoraproject.org</code>. The CDN will handle serving the large blob files to the users.
 
* Pulp is a platform for managing repositories of content, such as software packages, and making it available to a large numbers of consumers. It is also capable of managing docker content.
 
* Crane is a stand-alone python flask wsgi application written by the Pulp team to serve as a API entry point for the docker client and will answer to an user's 'docker pull'. It does not however create content manifests or provide hosting for docker image content, instead it depends on someone creating the manifest metadata themselves or having pulp publish it and serves 302 redirects to the docker client so they can find where the docker images actually live.
 
* MirrorManager is what Fedora uses to manage the public mirror network and distribute content.


* Docker Distribution is the defacto standard open source implementation of the Docker Registry V2 API spec[5]. It provides many features but the ability to have it's back-end storage be provided by a "mirror network" much like the one Fedora has at it's disposal is not one of them. The reason we need this in place is because the mechanism by which you could push a docker image directly to Pulp in Docker Registry v1 no longer exists in v2 so we must instead perform a "sync" operation between the two. (This is a common problem for all known "third party" v2 registry implementations).
* Docker Distribution is the defacto standard open source implementation of the Docker Registry V2 API spec.


=== Workflow ===
=== Workflow ===


* OSBS will perform Builds, as these builds complete they will be pushed to the docker-distribution (v2) registry, these will be considered "candidate images". Pulp will sync and publish the candidate repository.
* OSBS will perform Builds, as these builds complete they will be pushed to the docker-distribution (v2) registry, these will be considered "candidate images". These will be stored in candidate repositories on the docker-distribution registry.
* Testing will occur using the "candidate images" (details of how we want to handle that are outside the scope of this proposal).
* Testing will occur using the "candidate images" (details of how we want to handle that are outside the scope of this proposal).
* A "candidate image" will be marked stable once it's criteria have been satisfied to do so. (This is vague because this is a topic of ongoing discussion and work to decide what criteria an image will need to abide by before being considered "stable" and promoted as such)
* A "candidate image" will be marked stable once it's criteria have been satisfied to do so. (This is vague because this is a topic of ongoing discussion and work to decide what criteria an image will need to abide by before being considered "stable" and promoted as such)
* Once stable, pulp will publish that repository's content to a directory, we will split that content and sync the image layers along with their metadata to Mirror Manager master mirror. We will also sync the repo metadata published by Pulp to somewhere Crane can pick it up. (This could and will likely be something that Bodhi triggers via the Pulp REST API)
* Once stable, the images will be pushed into stable repositories in the docker-distribution registry.
* Mirror Manager will distribute to the mirrors the image layers and their metadata.
* The docker clients will request Manifests from <code>registry.fedoraproject.org</code>. Requests for blobs will receive a <code>302 Redirect</code> to <code>cdn.registry.fedoraproject.org</code> which will serve the blob files.
* Crane will get the new repository metadata and will serve redirects to the new content relative to download.fedoraproject.org which will perform another redirect (via MirrorManager) where the docker client upon a "docker pull" will find it's content.


=== Signing ===


=== Technical Details ===
For the initial implementation of the Fedora Docker registry, we will not be signing the images. This will still be safe for our users, as the manifests will be served by <code>registry.fedoraproject.org</code> only (the CDN will not be serving manifests or any metadata) and only over TLS. Container manifests reference the blob layers by checksum and the client does verify the checksums of the layers it downloads. Thus we will rely on TLS to safely transmit the checksums of the blobs to the end user, and we will rely on their client to validate the checksums of the blobs it downloads from the CDN.
Some more in depth technical items around this solution that I think the Fedora Infrastructure Team are likely interested in:


==== Pulp Requirements ====
We may revisit signing in the future when there are more available choices for us to use as an added layer of security.
* An AMPQ message queue, currently qpid and rabbitmq are supported upstream. However, the requirement appears to stem from the use of Celery[5] and Celery upstream supports redis[6] as a broker backend so I have requested that it be made available as supported option Pulp[7]. This will obviously take some amount of dev time, but we can plan for that if adding a message queue to Fedora Infra is a show stopper.
* MongoDB, this is currently a hard requirement but postgresql is planned replace MongoDB in the future[8] (probably a year-ish timeline on that). The question is, can we wait that long from a Fedora Project standpoint for the new feature before having a solution in place? I imagine some of this will need to be planned/scoped as time goes on and we learn more but it's worth keeping in mind
* Storage. I've been told Pulp likes a lot of storage, I don't know hard numbers for what we'd need since we're getting into uncharted territory but I've heard that a few hundred GB is not uncommon in pulp deployments when combining the MongoDB storage needs with all the artifacts in the repos.
 
==== Crane Requirements ====
* Crane is just a small python wsgi app written in flask


==== General Notes ====
==== General Notes ====
A couple of things to note about maintenance and uptime considerations:
A couple of things to note about maintenance and uptime considerations:


The Intermediate docker-distribution registry is needed for builds in koji+OSBS
The Intermediate docker-distribution registry is needed for builds in koji+OSBS.


Pulp will be required for "promotion" of builds from candidate to testing or stable
Much of the current design was discussed on the infrastructure mailing list[1].


Crane will be required for end users out in the world to access in order to actually pull down Docker images from us.
All new components in this design should be able to be locked down, similar to the "Fedora internal" components like koji (builders, etc) and bodhi (signing, etc).


The only service here that needs to be public end-user facing (i.e. wide open to the internet and not have access locked to a FAS group) is Crane. All other components should be able to be locked down similar to the "Fedora internal" components koji (builders, etc), bodhi (signing, etc) and similar.
* [1] https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/thread/IMK3IKNMVYMEBV5S7BCYHNSVA2BGSWZ3/
 
* [0] http://www.pulpproject.org/
* [1] https://github.com/pulp/crane
* [2] https://github.com/fedora-infra/mirrormanager2/
* [3] https://github.com/docker/distribution/
* [3] https://github.com/docker/distribution/
* [4] https://docs.docker.com/registry/spec/api/
* [4] https://docs.docker.com/registry/spec/api/
* [5] http://www.celeryproject.org/
* [5] https://github.com/docker/distribution/issues/1825
* [6] http://redis.io/
* [6] https://github.com/docker/docker/pull/23014
* [7] https://pulp.plan.io/issues/1900
* [7] https://docs.docker.com/registry/spec/manifest-v2-2/#/image-manifest-field-descriptions
* [8] https://pulp.plan.io/issues/1803
* [8] https://github.com/docker/docker/pull/22866


== Benefit to Fedora ==
== Benefit to Fedora ==
This will allow for Fedora to provide packages, software, and other content in the form of a Docker Image as an officially released artifact from the Fedora Project that is released and hosted much in the same way RPMs are today. These images can then be included in the distribution in various ways. This could potentially be used by the [[Modularization]] effort or by any other part of the [[Fedora.next]] initiative that may arise.
This will allow for Fedora to provide packages, software, and other content in the form of container images as officially released artifacts from the Fedora Project that are released much in the same way RPMs are today. These images can then be included in the distribution in various ways. This could potentially be used by the [[Modularization]] effort or by any other part of the [[Fedora.next]] initiative that may arise.


== Scope ==
== Scope ==
Line 170: Line 100:
Proposal owners shall have to:
Proposal owners shall have to:
* Implement the proposed Design of a Scaled-Out Docker Registry
* Implement the proposed Design of a Scaled-Out Docker Registry
** Deploy Pulp
* Deploy Docker-Distribution Registry
** Deploy Crane
** Deploy Docker-Distribution Registry
** Integrate with MirrorManager for content distribution
* Document the system
* Document the system


Line 224: Line 151:
| <!-- task      -->
| <!-- task      -->
| <!-- subtask    --> Deploy solution, including ansible playbooks added for Fedora Infrastructure Ansible repo
| <!-- subtask    --> Deploy solution, including ansible playbooks added for Fedora Infrastructure Ansible repo
| <!-- responsible--> [[User:Maxamillion| Adam Miller]]
| <!-- assists    -->
| <!-- consulted  -->
| <!-- informed  -->
| <!-- status    -->0%
|-
| <!-- task      -->
| <!-- subtask    --> Deploy Pulp
| <!-- responsible--> [[User:Maxamillion| Adam Miller]]
| <!-- assists    -->
| <!-- consulted  -->
| <!-- informed  -->
| <!-- status    -->0%
|-
| <!-- task      -->
| <!-- subtask    --> Deploy Crane
| <!-- responsible--> [[User:Maxamillion| Adam Miller]]
| <!-- responsible--> [[User:Maxamillion| Adam Miller]]
| <!-- assists    -->
| <!-- assists    -->
Line 248: Line 159:
| <!-- task      -->
| <!-- task      -->
| <!-- subtask    --> Deploy docker-distribution registry
| <!-- subtask    --> Deploy docker-distribution registry
| <!-- responsible--> [[User:Maxamillion| Adam Miller]]
| <!-- assists    -->
| <!-- consulted  -->
| <!-- informed  -->
| <!-- status    -->0%
|-
| <!-- task      -->
| <!-- subtask    --> Integrate with MirrorManager for content distribution
| <!-- responsible--> [[User:Maxamillion| Adam Miller]]
| <!-- responsible--> [[User:Maxamillion| Adam Miller]]
| <!-- assists    -->
| <!-- assists    -->
Line 275: Line 178:


* maxamillion [[User:Maxamillion| Adam Miller]]
* maxamillion [[User:Maxamillion| Adam Miller]]
* bowlofeggs (rbarlow) [[User:Rbarlow | Randy Barlow]]
* bowlofeggs [[User:Bowlofeggs | Randy Barlow]]


==== Various Task Notes ====
==== Various Task Notes ====
Line 347: Line 250:
-->
-->


[[Category:ChangeAnnounced]]
[[Category:ChangePageIncomplete]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->

Latest revision as of 22:31, 12 April 2017


Fedora Scale-Out Docker Registry

Summary

This is a proposal for a change to the Fedora Infrastructure and Fedora Release Engineering tooling to provide a scalable container registry solution for Fedora that is integrated with the Fedora Docker Layered Image Build Service.

Owner

  • Name: Adam Miller and Randy Barlow
  • Email: maxamillion@fedoraproject.org and bowlofeggs@fedoraproject.org
  • Release notes owner:

Current status

Detailed Description

Background

The Fedora project wishes to begin distributing new types of content than it has in the past. One of the types that has been identified as a goal are container images. Adam Miller has already done the work that will allow packagers to build container images, but we still need a way to distribute those builds to Fedora's users. Adam Miller's implementation helpfully drops the builds we want into a container registry.

registry: a collection of container image repositories

repository: named after an image and is a collection of multiple tags of an that image

tag: an arbitrary string assigned to a specific container image (identified by the image's sha256 checksum) NOTE: The "latest" tag is special and is assumed if no tag is provided. This is true also for a 'docker pull' operation and an image tagged "latest" will be the default image pulled by users.

Proposal

In summary, the proposal is to deploy the docker distribution registry at registry.fedoraproject.org, which will serve the container registry API to Fedora's users. Users will fetch all API data from this endpoint, except for the container blobs. Fedora will serve 302 redirects for all requests for container blobs to cdn.registry.fedoraproject.org. The CDN will handle serving the large blob files to the users.

  • Docker Distribution is the defacto standard open source implementation of the Docker Registry V2 API spec.

Workflow

  • OSBS will perform Builds, as these builds complete they will be pushed to the docker-distribution (v2) registry, these will be considered "candidate images". These will be stored in candidate repositories on the docker-distribution registry.
  • Testing will occur using the "candidate images" (details of how we want to handle that are outside the scope of this proposal).
  • A "candidate image" will be marked stable once it's criteria have been satisfied to do so. (This is vague because this is a topic of ongoing discussion and work to decide what criteria an image will need to abide by before being considered "stable" and promoted as such)
  • Once stable, the images will be pushed into stable repositories in the docker-distribution registry.
  • The docker clients will request Manifests from registry.fedoraproject.org. Requests for blobs will receive a 302 Redirect to cdn.registry.fedoraproject.org which will serve the blob files.

Signing

For the initial implementation of the Fedora Docker registry, we will not be signing the images. This will still be safe for our users, as the manifests will be served by registry.fedoraproject.org only (the CDN will not be serving manifests or any metadata) and only over TLS. Container manifests reference the blob layers by checksum and the client does verify the checksums of the layers it downloads. Thus we will rely on TLS to safely transmit the checksums of the blobs to the end user, and we will rely on their client to validate the checksums of the blobs it downloads from the CDN.

We may revisit signing in the future when there are more available choices for us to use as an added layer of security.

General Notes

A couple of things to note about maintenance and uptime considerations:

The Intermediate docker-distribution registry is needed for builds in koji+OSBS.

Much of the current design was discussed on the infrastructure mailing list[1].

All new components in this design should be able to be locked down, similar to the "Fedora internal" components like koji (builders, etc) and bodhi (signing, etc).

Benefit to Fedora

This will allow for Fedora to provide packages, software, and other content in the form of container images as officially released artifacts from the Fedora Project that are released much in the same way RPMs are today. These images can then be included in the distribution in various ways. This could potentially be used by the Modularization effort or by any other part of the Fedora.next initiative that may arise.

Scope

Proposal owners

Proposal owners shall have to:

  • Implement the proposed Design of a Scaled-Out Docker Registry
  • Deploy Docker-Distribution Registry
  • Document the system

Task matrix

This is a RACI matrix for tasks required to implement the RelEng Automation Workflow Engine. Work is tracked in Taiga: http://taiga.cloud.fedoraproject.org/project/acarter-fedora-docker-atomic-tooling/wiki/home


Is this current?

It is, as of 2017-04-12

Definitions

Here, we're using what Wikipedia calls "RACI (alternative scheme)":


Responsible
The person responsible for the performance of the task. There should be exactly one person with this assignment for each task.
Assists
Those who assist completion of the task.
Consulted
Those whose opinions are sought; and with whom there is two-way communication.
Informed
Those who are kept up-to-date on progress; and with whom there is one-way communication.

Task Table

This an early cut. Please feel free to add new tasks as appropriate — just let one of the coordinators know.
Task Subtask Responsible Assists Consulted Informed Current Status
Implement the proposed design of a Scaled-Out Docker Registry Adam Miller 0%
Deploy solution, including ansible playbooks added for Fedora Infrastructure Ansible repo Adam Miller 0%
Deploy docker-distribution registry Adam Miller 0%
Document the system Adam Miller 0%

Glossary of Nicknames

Various Task Notes

Functional Requirements

The following features are functional requirements

  • Users must be able to perform a 
    docker pull registry.fedoraproject.org/fedora
    and have the actual image layer data come from a local mirror via mirrormanager.

Other developers

  • (anything here)?

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

Once the service is deployed, users can perform the following on their systems to test. 

$ dnf -y install docker
$ systemctl start docker
$ docker pull registry.fedoraproject.org/fedora

N/A (not a System Wide Change)

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? No (not a System Wide Change)
  • Blocks product? N/A

Documentation

FIXME

Release Notes

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/FedoraDockerRegistry&oldid=490791"