-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SOCI Snapshotter is unable to get credentials from the credentials file #661
Labels
bug
Something isn't working
Comments
pendo324
added a commit
that referenced
this issue
Oct 31, 2023
Issue #, if available: #660 and probably #661 *Description of changes:* - Run SOCI as a systemd service - Ported from #649, which still needs more time before we can merge it *Testing done:* - e2e/unit tests - [x] I've reviewed the guidance in CONTRIBUTING.md #### License Acceptance By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Signed-off-by: Justin Alvarez <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The SOCI Snapshotter does not retrieve the registry credentials from the client (finch / nerdctl), instead the snapshotter attempts to use a credentials file, by default looking in
/root/.docker/config.json
. We do set a DOCKER_CONFIG variable in the VM, however this is set as a user's environment variable not the root environment variable (where we currently start the snapshotter as a background process).If you attempt to lazy load a container image in Finch today from a registry that requires authentication (even if you have done a
finch login
), you will see that the container image is downloaded in full before the container is started. When checking the soci-snapshotter logs you will find that it does not have registry credentials.If we go down the approach of managing the SOCI snapshotter with systemd (#660) we could then pass in a environment variable to use the credential file mounted into the VM.
Steps to reproduce
This image is being downloaded in full (see the
downloading
next to each layer).Expected behavior
Image to be lazy loaded.
To help debug the issue as quickly as possible, we recommend generating a support bundle with
finch support-bundle generate
and attaching it to this issue. This packages all Finch-related configs and logs into one file.The text was updated successfully, but these errors were encountered: