Applying patch from https://github.com/moby/buildkit/pull/2369#3
Applying patch from https://github.com/moby/buildkit/pull/2369#3jmacelroy merged 2 commits intov0.8.3-okteto8from
Conversation
closes moby#2088 hosts mutex is called on initialization, meaning GetResolver might block if it is in the middle of auth exchange. This is currently bad in the case where the Job initialization needs to register a name before timeout is reached. Authorizer stores the current session.Group so if it is overwritten for another resolver it means that session might have been dropped and authentication will fail. I haven't been able to reproduce this issue so not 100% it fixes the case but even if it is a different race it looks incorrect anyway. For the Job registration, we might want to do some follow-up change that avoids running things before job ID is registered.
|
We can't go with v0.9.0 release due to the 401 issue that we hit often with preview environments. With this commit the intention is to pull in the fix for moby#2367 which is affecting Sirona and apply it to our custom v0.8.3 branch that is now more custom. I have run some simple tests on my dev machine using Feel free to pull down a us.gcr image @pchico83 and once this is approved I'll merge and create a build for hub.docker.com |
pchico83
left a comment
There was a problem hiding this comment.
@jmacelroy not sure if we should release it to cloud, or send the new image to sirona to validate if it's working first
@pchico83 before sending it to Sirona, maybe we can update staging and try some website preview deployments to make sure it keeps working and we don't face new (different) issues. |
Right, what I mean is that we don't need an OE release to send it to Sirona. Nor even updating Cloud with it. |
While the change doesn't seem high risk I also don't want to cause churn for Sirona if this build has issues. I'd like to try out some more manual testing and I'd like to soak in staging at least a day. I'll mention this to Sirona and let them decide, I know they want the fix but I don't know how aggressive they want to be. What do you think @pchico83 @ifbyol ? |
Perfect! |
|
There is already a lot of discussions inside of Sirona around Okteto's stability. Anything we can do on our side to mitigate this would be great. I agree with @jmacelroy idea of putting it first in cloud (assuming we can monitor build failure rates or something like that) to increase our confidence that this change won't cause regressions. |
closes moby#2367
closes moby#2088
hosts mutex is called on initialization, meaning GetResolver might
block if it is in the middle of auth exchange. This is currently bad
in the case where the Job initialization needs to register a name before
timeout is reached.
Authorizer stores the current session.Group so if it is
overwritten for another resolver it means that session might
have been dropped and authentication will fail. I haven't been able
to reproduce this issue so not 100% it fixes the case but even if it is
a different race it looks incorrect anyway.
For the Job registration, we might want to do some follow-up change
that avoids running things before job ID is registered.