Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-3093

[RFE] Ensure layer isn't unnecessarily re-pushed in c/image

    • Low
    • 1
    • rhel-sst-container-tools
    • 3
    • False
    • Hide

      None

      Show
      None
    • None
    • RUN 252
    • If docs needed, set a value
    • None

      Description of problem:
      As described in (https://github.com/containers/buildah/issues/1048) when an image is already present with buildah in a seperate registry, it will force-push it anyway the first time.

      This is better described in this unfinished commit here:

      https://github.com/containers/image/pull/550

      In essence, in CI/CD pipelines where buildah is run in a fresh environment every time, it forces a lot of extra traffic and uploading if an image is pushed to a second location where it already exists. Docker does not do this and will query the second registry for the same image hashes and decide not to push it, whereas c/image will at the moment currently still re-push exactly the same content (the first time).

      An example. Pull an image, tag it, and push it again:

      $ buildah pull registry.fedoraproject.org/fedora-minimal
      $ buildah tag registry.fedoraproject.org/fedora-minimal quay.io/robbmanes/trashcan-image
      $ buildah push quay.io/robbmanes/trashcan-image

      This does exactly what you expect, and if you try to re-push the image from this system it will skip the appropriate layers:

      $ buildah push quay.io/robbmanes/trashcan-image
      Getting image source signatures
      Copying blob a3497ca15bbf skipped: already exists
      Copying config f7e02de757 done
      Writing manifest to image destination
      Storing signatures

      However, if you run the exact same operation from a new environment (such as in a container or in a CI/CD pipeline) it will re-push the same image despite absolutely nothing changing on the destination:

      $ sudo podman run -it --rm --name buildah registry.redhat.io/ubi8/buildah bash
      [root@1b1f838c9d5b /]# buildah pull registry.fedoraproject.org/fedora-minimal
      [root@1b1f838c9d5b /]# buildah tag registry.fedoraproject.org/fedora-minimal quay.io/robbmanes/trashcan-image
      [root@1b1f838c9d5b /]# buildah push quay.io/robbmanes/trashcan-image
      Getting image source signatures
      Copying blob a3497ca15bbf done
      Copying config f7e02de757 [--------------------------------------] 0.0b / 1.3KiB
      Writing manifest to image destination
      Storing signatures

      Having c/image behave in such a way that it checks the blobs on upload against the destination would prevent this from happening. Unfortunately, https://github.com/containers/image/pull/550 looks abandoned and may not be the best method moving forward from my (and others) review.

      Version-Release number of selected component (if applicable):
      Any

      How reproducible:
      Every time

      Actual results:
      Layer is not checked for matching content and is re-pushed despite no changes.

      Expected results:
      Matching layer should be detected and should not force a re-push of the same content to the destination registry.

      Additional info:
      This is reported in buildah as the component because I didn't know how to file against the main library for images in our container-tools suite (https://github.com/containers/image).

      I'll be happy to take a shot at it, time permitting as well.

              rhn-support-jnovy Jindrich Novy
              rhn-support-rmanes Robb Manes
              Aditya Rajan Aditya Rajan (Inactive)
              Yiqiao Pu Yiqiao Pu
              Votes:
              1 Vote for this issue
              Watchers:
              19 Start watching this issue

                Created:
                Updated:
                Resolved: