You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Artifact storage is intended to hold the build results for various components, as well as large binaries that are needed for distribution or builds.

As a proposed design, the artifacts are stored in a file system hierarchy on S3DF, and an (optional?) database is used to track metadata about the artifacts and help in locating them, if necessary.

Update: The "registry" DockerHub image (https://hub.docker.com/_/registry) can allow us to have a local image registry.  This may be usable as the basis of a general-purpose binary artifact storage.


Proposed Artifact Storage Layout
ARTIFACT_TOP=/sdf/group/ad/eed/build_system/artifact_storage

$ARTIFACT_TOP/<component>/build_results/<tag>/...
$ARTIFACT_TOP/<component>/data/...


Attempt to start a basic local registry using the image:

  1. Pull registry image
    1. pnispero@PC100942:~/BuildSystem/artifact_storage$ docker pull registry:2
      2: Pulling from library/registry
      619be1103602: Pulling fs layer
      862815ae87dc: Pulling fs layer
      74e12953df95: Pulling fs layer
      6f0ce73649a0: Waiting
      ef4f267ce8ed: Waiting
  2. Run the registry
    1. pnispero@PC100942:~/BuildSystem/artifact_storage$ docker run -d \
        -p 5000:5000 \
        --restart=always \
        --name registry \
        -v /mnt/registry:/var/lib/registry \
        registry:2
      6fc1b5baf2faded8842cec71a382a1b9b3a7b6ce6a664c376c2f7a824e3ea17a
  3. Push an image to registry
    1. docker tag pnispero/rocky9-env:latest localhost:5000/rocky9-env
    2. docker push localhost:5000/rocky9-env
  4. Check /mnt/registry/ and also shell into the registry container and check /var/lib/registry
    1. pnispero@PC100942:~/BuildSystem/artifact_storage$ ls /mnt/registry/docker/registry/v2/
      blobs/        repositories/
      pnispero@PC100942:~/BuildSystem/artifact_storage$ ls /mnt/registry/docker/registry/v2/repositories/
      rocky9-env
    2. pnispero@PC100942:~$ docker exec -it registry /bin/sh
      / # ls /var/lib/
      apk/       misc/      registry/  udhcpd/
      / # ls /var/lib/registry/docker/registry/v2/
      blobs/         repositories/  test.txt
      / # ls /var/lib/registry/docker/registry/v2/repositories/rocky9-env/
  5. We'll do something similar when deploying the container to kubernetes, and we can mount sdf as the volume. I also added a 'test.txt' to see if you can store other things besides the images.

The more complicated part will be to run an externally-accessible registry, not localhost, setting up tls/authentication, load balancing,


How to add insecure registry for Linux, rootless mode

  1.  ~/.config/docker/daemon.json
  2. Add that file, with this line {"insecure-registries" : ["134.79.23.192:5000"]}
  3. Then restart your docker deamon, and should be able to push

Adding official registry hostname 'ad-build-registry' to cluster

  1. How this works:
    1. When you make a 'loadbalancer' ingress resource, and specify the 'host' field to be 'ad-build-registry', the cloud provider (in this case its S3DF) will assign an external IP address to that 'host'. Then any traffic to that external IP will be routed to the load balancer to whatever service your running (which is the registry in this case). The ip address assignment is dynamic (it will assign instantly no need to fill a form), but the ip itself is fixed, and will not change unless you delete the resource I believe.
    2. Once S3DF assigns an IP to the host 'ad-build-registry', then you can ask IT to add the host 'ad-build-registry' with the IP address given by S3DF to add to the slac DNS.
  • No labels