[jira] [Comment Edited] (MESOS-10130) Docker Manifest list support
[ https://issues.apache.org/jira/browse/MESOS-10130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17111226#comment-17111226 ] Stéphane Cottin edited comment on MESOS-10130 at 5/19/20, 2:48 PM: --- I made the same tests :) The bug is on the nexus side, it did not respect the accept header and always return manifest lists. I will create an issue in the Sonatype's jira. Update: https://issues.sonatype.org/browse/NEXUS-23969 Btw, should manifest lists be supported by Mesos ? IMO It makes sense because it run on multiple architectures. was (Author: kaalh): I made the same tests :) The bug is on the nexus side, it did not respect the accept header and always return manifest lists. I will create an issue in the Sonatype's jira. Btw, should manifest lists be supported by Mesos ? IMO It makes sense because it run on multiple architectures. > Docker Manifest list support > > > Key: MESOS-10130 > URL: https://issues.apache.org/jira/browse/MESOS-10130 > Project: Mesos > Issue Type: Improvement > Components: containerization >Reporter: Stéphane Cottin >Priority: Major > Labels: containerization > > Sonatype Nexus 3.22+, and probably other docker registry solutions, now > serves manifest lists. > [https://issues.sonatype.org/browse/NEXUS-18546] > Apache Mesos does not support yet this part of the Image Manifest V2S2 spec. > https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list > This is not a critical issue as Sonatype Nexus is not a dependency of Apache > Mesos, but as we cannot use Nexus > 3.21.2, this leads to side security > issues. > [https://support.sonatype.com/hc/en-us/articles/360046233714] > Apache Mesos should support the whole Image Manifest V2S2 specification. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (MESOS-10130) Docker Manifest list support
[
https://issues.apache.org/jira/browse/MESOS-10130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17111231#comment-17111231
]
Qian Zhang commented on MESOS-10130:
{quote}Btw, should manifest lists be supported by Mesos ? IMO It makes sense
because it run on multiple architectures.
{quote}
Yes, I agree.
> Docker Manifest list support
>
>
> Key: MESOS-10130
> URL: https://issues.apache.org/jira/browse/MESOS-10130
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
>Reporter: Stéphane Cottin
>Priority: Major
> Labels: containerization
>
> Sonatype Nexus 3.22+, and probably other docker registry solutions, now
> serves manifest lists.
> [https://issues.sonatype.org/browse/NEXUS-18546]
> Apache Mesos does not support yet this part of the Image Manifest V2S2 spec.
> https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list
> This is not a critical issue as Sonatype Nexus is not a dependency of Apache
> Mesos, but as we cannot use Nexus > 3.21.2, this leads to side security
> issues.
> [https://support.sonatype.com/hc/en-us/articles/360046233714]
> Apache Mesos should support the whole Image Manifest V2S2 specification.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (MESOS-10130) Docker Manifest list support
[ https://issues.apache.org/jira/browse/MESOS-10130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17111226#comment-17111226 ] Stéphane Cottin commented on MESOS-10130: - I made the same tests :) The bug is on the nexus side, it did not respect the accept header and always return manifest lists. I will create an issue in the Sonatype's jira. Btw, should manifest lists be supported by Mesos ? IMO It makes sense because it run on multiple architectures. > Docker Manifest list support > > > Key: MESOS-10130 > URL: https://issues.apache.org/jira/browse/MESOS-10130 > Project: Mesos > Issue Type: Improvement > Components: containerization >Reporter: Stéphane Cottin >Priority: Major > Labels: containerization > > Sonatype Nexus 3.22+, and probably other docker registry solutions, now > serves manifest lists. > [https://issues.sonatype.org/browse/NEXUS-18546] > Apache Mesos does not support yet this part of the Image Manifest V2S2 spec. > https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list > This is not a critical issue as Sonatype Nexus is not a dependency of Apache > Mesos, but as we cannot use Nexus > 3.21.2, this leads to side security > issues. > [https://support.sonatype.com/hc/en-us/articles/360046233714] > Apache Mesos should support the whole Image Manifest V2S2 specification. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (MESOS-10130) Docker Manifest list support
[
https://issues.apache.org/jira/browse/MESOS-10130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17111207#comment-17111207
]
Qian Zhang commented on MESOS-10130:
[~kaalh] I think for multi-arch images in
[https://registry-1.docker.io|https://registry-1.docker.io/], it support both
manifest list and manifest. For example I can get manifest list and manifest
for the image `alpine:latest`:
{code:java}
$ DH_TOKEN=$(curl -fsSL
"https://auth.docker.io/token?service=registry.docker.io=repository:library/alpine:pull;
| jq -er '.token')
# Get manifest list
$ curl -s -S -L -i --raw -H "Authorization: Bearer ${DH_TOKEN}" -H "Accept:
application/vnd.docker.distribution.manifest.list.v2+json" -y 60
https://registry-1.docker.io:443/v2/library/alpine/manifests/latest
HTTP/1.1 200 Connection establishedHTTP/1.1 200 OK
Content-Length: 1638
Content-Type: application/vnd.docker.distribution.manifest.list.v2+json
Docker-Content-Digest:
sha256:9a839e63dad54c3a6d1834e29692c8492d93f90c59c978c1ed79109ea4fb9a54
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:9a839e63dad54c3a6d1834e29692c8492d93f90c59c978c1ed79109ea4fb9a54"
Date: Tue, 19 May 2020 12:58:33 GMT
Strict-Transport-Security:
max-age=31536000{"manifests":[{"digest":"sha256:39eda93d15866957feaee28f8fc5adb545276a64147445c64992ef69804dbf01","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"amd64","os":"linux"},"size":528},{"digest":"sha256:0ff8a9dffabb5ed8dcba4ee898f62683305b75b4086f433ee722db99138f4f53","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm","os":"linux","variant":"v6"},"size":528},{"digest":"sha256:19c4e520fa84832d6deab48cd911067e6d8b0a9fa73fc054c7b9031f1d89e4cf","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm","os":"linux","variant":"v7"},"size":528},{"digest":"sha256:ad295e950e71627e9d0d14cdc533f4031d42edae31ab57a841c5b9588eacc280","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm64","os":"linux","variant":"v8"},"size":528},{"digest":"sha256:b28e271d721b3f6377cb5bae6cd4506d2736e77ef6f70ed9b0c4716da8bdf17c","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"386","os":"linux"},"size":528},{"digest":"sha256:e095eb9ac24e21bf2621f4d243274197ef12b91c67cde023092301b2db1e073c","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"ppc64le","os":"linux"},"size":528},{"digest":"sha256:41ba0806c6113064dd4cff12212eea3088f40ae23f182763ccc07f430b3a52f8","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"s390x","os":"linux"},"size":528}],"mediaType":"application\/vnd.docker.distribution.manifest.list.v2+json","schemaVersion":2}
# Get manifest
$ curl -s -S -L -i --raw -H "Authorization: Bearer ${DH_TOKEN}" -H "Accept:
application/vnd.docker.distribution.manifest.v2+json" -y 60
https://registry-1.docker.io:443/v2/library/alpine/manifests/latest
HTTP/1.1 200 Connection establishedHTTP/1.1 200 OK
Content-Length: 528
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest:
sha256:39eda93d15866957feaee28f8fc5adb545276a64147445c64992ef69804dbf01
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:39eda93d15866957feaee28f8fc5adb545276a64147445c64992ef69804dbf01"
Date: Tue, 19 May 2020 12:56:23 GMT
Strict-Transport-Security: max-age=31536000{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 1507,
"digest":
"sha256:f70734b6a266dcb5f44c383274821207885b549b75c8e119404917a61335981a"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 2813316,
"digest":
"sha256:cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08"
}
]
}{code}
> Docker Manifest list support
>
>
> Key: MESOS-10130
> URL: https://issues.apache.org/jira/browse/MESOS-10130
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
>Reporter: Stéphane Cottin
>Priority: Major
> Labels: containerization
>
> Sonatype Nexus 3.22+, and probably other docker registry solutions, now
> serves manifest lists.
> [https://issues.sonatype.org/browse/NEXUS-18546]
> Apache Mesos does not support yet this part of the Image Manifest V2S2 spec.
> https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list
> This is not a critical issue as Sonatype Nexus is not a dependency of Apache
> Mesos, but as we cannot use Nexus > 3.21.2, this leads to side security
> issues.
>
[jira] [Commented] (MESOS-10130) Docker Manifest list support
[ https://issues.apache.org/jira/browse/MESOS-10130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17111059#comment-17111059 ] Stéphane Cottin commented on MESOS-10130: - [~qianzhang] This appends when proxying a registry which supports multi-arch images, like https://registry-1.docker.io. I have not yet tested hosted registries, I guess they also serves manifest lists for multi-arch images. AFAIK there is no way to disable this. > Docker Manifest list support > > > Key: MESOS-10130 > URL: https://issues.apache.org/jira/browse/MESOS-10130 > Project: Mesos > Issue Type: Improvement > Components: containerization >Reporter: Stéphane Cottin >Priority: Major > Labels: containerization > > Sonatype Nexus 3.22+, and probably other docker registry solutions, now > serves manifest lists. > [https://issues.sonatype.org/browse/NEXUS-18546] > Apache Mesos does not support yet this part of the Image Manifest V2S2 spec. > https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list > This is not a critical issue as Sonatype Nexus is not a dependency of Apache > Mesos, but as we cannot use Nexus > 3.21.2, this leads to side security > issues. > [https://support.sonatype.com/hc/en-us/articles/360046233714] > Apache Mesos should support the whole Image Manifest V2S2 specification. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (MESOS-10130) Docker Manifest list support
[ https://issues.apache.org/jira/browse/MESOS-10130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17111010#comment-17111010 ] Qian Zhang edited comment on MESOS-10130 at 5/19/20, 9:27 AM: -- [~kaalh] Is the use of manifest list in Nexus 3.22+ optional or required? I guess it should be optional (for backward compatibility) so Mesos can still work with it via manifest, right? was (Author: qianzhang): [~kaalh] Is the use of manifest list in Nexus 3.22+ optional or required? I guess it should be optional so Mesos can still work with it via manifest, right? > Docker Manifest list support > > > Key: MESOS-10130 > URL: https://issues.apache.org/jira/browse/MESOS-10130 > Project: Mesos > Issue Type: Improvement > Components: containerization >Reporter: Stéphane Cottin >Priority: Major > Labels: containerization > > Sonatype Nexus 3.22+, and probably other docker registry solutions, now > serves manifest lists. > [https://issues.sonatype.org/browse/NEXUS-18546] > Apache Mesos does not support yet this part of the Image Manifest V2S2 spec. > https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list > This is not a critical issue as Sonatype Nexus is not a dependency of Apache > Mesos, but as we cannot use Nexus > 3.21.2, this leads to side security > issues. > [https://support.sonatype.com/hc/en-us/articles/360046233714] > Apache Mesos should support the whole Image Manifest V2S2 specification. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (MESOS-10130) Docker Manifest list support
[ https://issues.apache.org/jira/browse/MESOS-10130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17111010#comment-17111010 ] Qian Zhang commented on MESOS-10130: [~kaalh] Is the use of manifest list in Nexus 3.22+ optional or required? I guess it should be optional so Mesos can still work with it via manifest, right? > Docker Manifest list support > > > Key: MESOS-10130 > URL: https://issues.apache.org/jira/browse/MESOS-10130 > Project: Mesos > Issue Type: Improvement > Components: containerization >Reporter: Stéphane Cottin >Priority: Major > Labels: containerization > > Sonatype Nexus 3.22+, and probably other docker registry solutions, now > serves manifest lists. > [https://issues.sonatype.org/browse/NEXUS-18546] > Apache Mesos does not support yet this part of the Image Manifest V2S2 spec. > https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list > This is not a critical issue as Sonatype Nexus is not a dependency of Apache > Mesos, but as we cannot use Nexus > 3.21.2, this leads to side security > issues. > [https://support.sonatype.com/hc/en-us/articles/360046233714] > Apache Mesos should support the whole Image Manifest V2S2 specification. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (MESOS-7884) Support containerd on Mesos.
[ https://issues.apache.org/jira/browse/MESOS-7884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17110980#comment-17110980 ] Qian Zhang commented on MESOS-7884: --- [~xiaowei-cuc] I do not think we have an immediate plan for this. Can you please let us know your specific use cases? Like why do you need containerd support? What feature are missing with the Docker support in our current Docker containerizer? > Support containerd on Mesos. > > > Key: MESOS-7884 > URL: https://issues.apache.org/jira/browse/MESOS-7884 > Project: Mesos > Issue Type: Epic > Components: containerization >Reporter: Gilbert Song >Priority: Major > Labels: containerd, containerizer > > containerd v1.0 is very close (v1.0.0 alpha 4 now) to the formal release. We > should consider support containerd on Mesos, either by refactoring the docker > containerizer or introduce a new containerd containerizer. Design and > suggestions are definitely welcome. > https://github.com/containerd/containerd -- This message was sent by Atlassian Jira (v8.3.4#803005)
