HTTP import with DIC - Design Proposal #243
Conversation
Signed-off-by: Ido Aharon <[email protected]>
kubevirt-bot
added
the
dco-signoff: yes
kubevirt-bot
added
the
needs-ok-to-test
|
Hi @ido106. Thanks for your PR. I'm waiting for a kubevirt member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| ## Motivation | ||
| Currently, the DataImportCron allows the import of Registry Imports only. Recently, there was a demand to also allow HTTP import types. | ||
| The problem that arises from HTTP imports is that there is no convention between the different sources, so it's hard to know when the image is updated for each source in a generic way, which will make the polling process more difficult than standard registry sources. | ||
| One possible solution If the URL is static is to use a Get request with an If-Modified-Since header where we specify the date from which we want to check if there was a change. If there was a change since the specified date, the request will return with a status of 200OK, and then we know that the image has been updated since that date. |
There was a problem hiding this comment.
So we can do the If-Modified-Since header on a schedule right? We know the time the job kicked off last so we pass that with the header. Do we know if all http servers support that header, I suspect not all of them do.
There was a problem hiding this comment.
It may be that not all servers will support this header and then we will have to use another way.
Alex suggested that we can offload polling entirely to the user
@akalenyu
There was a problem hiding this comment.
Yeah just something I thought about.. we could provide an example poller impl.
and require folks to supply a poller URL at the webhook level for HTTP sources (or "static" to bypass polling altogether)
There was a problem hiding this comment.
Maybe limit the options of 'poller' type to a few known ones, including 'bypass' and 'if-modified-since'. We could expand that later if we identify more options. Maybe include the template idea from below, not sure.
There was a problem hiding this comment.
I still like offloading the polling logic to the user. But second thoughts about running it on their behalf since it means a user app will run in the CDI namespace. We could always just disable our poller and have them create their own cronjobs
There was a problem hiding this comment.
Maybe we can do it with the checksum like @awels suggested, but there is no unique convention for the file structure
|
|
||
| # Design | ||
|
|
||
| If the URL is static: |
There was a problem hiding this comment.
I don't understand what you mean by If the URL is static by definition the URL passed to the Datavolume or DataImportCron is static, it cannot be modified. Is there some other property we are interested in? I don't get it.
There was a problem hiding this comment.
Sometimes the image has the same URL and then we can use the way I mentioned, but sometimes the suffix changes when you upload a new version and we want to identify such a case, so we have to use another way.
When such case happens we want to update the AnnSourceDesiredDigest annotation to be the new suffix.
There was a problem hiding this comment.
Honestly, I don't think we should consider that particular scenario. From my perspective that is a completely different file. The URL that is passed in is always static and cannot change. There would be no mechanism that allows us to reliably know if a different file is newer than the original. I guess we could consider a 'template' url in combination with some version scheme, but that would be an enhancement IMO.
| If the URL is static: | ||
| * Make a GET request with the If-Modified-Since Header starting from the date stored in the AnnLastCronTime annotation | ||
| * If the returned status is 200OK, perform import again | ||
| * Update AnnLastCronTime to time.Now() |
There was a problem hiding this comment.
Have you considered that some sources provide a separate file with the hash of the image? For instance the fedora cloud images have a file that contains the checksum of the file. So we could download that file and verify the hash against what we have and decide if a new one exists that way.
There was a problem hiding this comment.
Good point. The question is what percentage of sources support this and whether all sources provide the file in the same format?
For example https://cloud.debian.org/images/cloud/bookworm/daily/latest/SHA512SUMS looks different from the file you mentioned
There was a problem hiding this comment.
As far as I can tell these are the areas where this file structure diverges:
- Hash algorithm (MD5 in tinycore, SHA512 in debian, SHA256 in Fedora)
- File structure (
filename hashin most but fedora doesSHA256 (filename) = hash)
There was a problem hiding this comment.
Maybe we can catalog these, if there is a limited number of permutations of these formats, maybe we can implement them, and only support those limited number of options. I understand there might be many, but if we capture the most common ones, that might be enough.
| spec: | ||
| source: | ||
| http: | ||
| url: "http://tinycorelinux.net/14.x/x86/release/Core-14.0.iso" |
There was a problem hiding this comment.
Just to bring home the point of the separate file, http://tinycorelinux.net/14.x/x86_64/release/ also contains a file with an md5 hash. So I think it might make sense to extend the http source with a hash_url that contains a hash of the actual source. Then we just need to write some code to parse that and compare it.
There was a problem hiding this comment.
If the URL is static then it can help, if it changes so we need to find out the new suffix in addition to the hashcode to know the new URL. There could be other issues like the format of the checksum file.
This can help with Fedora case, for example Fedora-Cloud-Base-38-1.6.x86_64.qcow2 supposed to stay the same.
Maybe we can use the name of the version that is in the same file you mentioned (e.g CorePure64-14.0.iso). The question is whether the name always changes when the hashcode changes or it is possible to push changes to an existing image even if it is not named differently.
There was a problem hiding this comment.
If for some sources the filename Fedora-Cloud-Base-38-1.6.x86_64 changes things get more
tricky for us, we might need some API on the DV level that is similar to sourceRef which derives
the new filename from the checksum file at creation time
There was a problem hiding this comment.
Maybe some templating type thing could be useful. But I think we should start out with just considering 'static' URLs, get that working properly, then expand to more complex use cases if what we have is not sufficiently powerful.
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
kubevirt-bot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with /lifecycle rotten |
kubevirt-bot
added
lifecycle/rotten
|
@ido106 Do you still want to continue with this proposal? If so I'll remove the lifecycle labels. |
|
Rotten issues close after 30d of inactivity. /close |
|
@kubevirt-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/reopen |
|
@ido106: Reopened this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@awels So as far as I understand, you suggest that at first we only handle instances that support the If-Modified-Since header, while assuming static links only ? |
|
@ido106 welcome back, glad you are doing well. Yes, lets start simple and then enhance if we find that what we did is not sufficient. |
|
@awels Thanks ! |
|
@arnongilboa what do you think? |
Signed-off-by: Ido Aharon <[email protected]>
|
Rotten issues close after 30d of inactivity. /close |
|
@kubevirt-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/reopen |
|
@arnongilboa: Reopened this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Supporting HTTP header If-Modified-Since smells like a good starting point. |
|
Rotten issues close after 30d of inactivity. /close |
|
@kubevirt-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/remove-lifecycle rotten |
kubevirt-bot
removed
the
lifecycle/rotten
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
kubevirt-bot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with /lifecycle rotten |
kubevirt-bot
added
lifecycle/rotten
|
Yes the general idea is sound, the problem is the details. In particular how do you detect changed images when the http server doesn't provide the needed details. But the feature definitely something we want. |
|
Rotten issues close after 30d of inactivity. /close |
|
@kubevirt-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Ido Aharon [email protected]