search

GoogleCloudPlatform / artifact-registry-yum-plugin

Apache License 2.0
6 stars 14 forks source link

Plugin "artifact-registry" can't be imported #18

Closed verdverm closed 2 years ago

verdverm commented 2 years ago

I've gone through all of the setup, and tried all of the auth methods & config.

From a VM which created the registry, uploaded the package, and can list the package...

When running sudo yum makecache I always get a 403 for repodata/repomd.xml

...
.../repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
illfelder commented 2 years ago

There are many variables that could cause you to get a 403. The most common issue is that your VM is either not using a service account or your service account does not have the cloud-platform scope.

Some information is documented here: https://cloud.google.com/artifact-registry/docs/os-packages/rpm/configure

verdverm commented 2 years ago

Note, this VM has the correct credentials, as indicated by being able to create the registry and upload a package into the registry.

I missed the following line Plugin "artifact-registry" can't be imported

Installing:
 yum-plugin-artifact-registry               noarch               1:20210719.00-g1.el7               google-compute-engine               111 k
Downloading packages:
dadac789b0ef67861bdae0e71fd1cea95d2a0d4d83a3c219960961d7edddd253-yum-plugin-artifact-registry-20210719.00-g1.el7.noarc | 111 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 1:yum-plugin-artifact-registry-20210719.00-g1.el7.noarch                                                                   1/1 
  Verifying  : 1:yum-plugin-artifact-registry-20210719.00-g1.el7.noarch                                                                   1/1 

Installed:
  yum-plugin-artifact-registry.noarch 1:20210719.00-g1.el7                                                                                    

Complete!
$ sudo yum makecache
Plugin "artifact-registry" can't be imported
Loaded plugins: fastestmirror
...

The base centos image is centos-7-v20211028

hopkiw commented 2 years ago

That indicates the plugin crashed or errored on loading. Try invoking the plugin directly just to see if it likes your environment:

$ python /usr/lib/yum-plugins/artifact-registry.py
illfelder commented 2 years ago

Another clarification question to help us reproduce or debug - what distro are you using?

verdverm commented 2 years ago 
# python /usr/lib/yum-plugins/artifact-registry.py
Traceback (most recent call last):
  File "/usr/lib/yum-plugins/artifact-registry.py", line 17, in <module>
    from artifact_registry._vendor.google.auth.transport import requests
  File "/usr/lib/python2.7/site-packages/artifact_registry/_vendor/google/auth/transport/requests.py", line 35, in <module>
    caught_exc,
  File "/usr/lib/python2.7/site-packages/six.py", line 692, in raise_from
    raise value
ImportError: The requests library is not installed, please install the requests package to use the requests transport.

/usr/lib/python2.7/site-packages/artifact_registry/_vendor looks to have the expected files, seeing .py[,c,o] files

Also

# yum install python2-requests
Plugin "artifact-registry" can't be imported
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.mirror.lstn.net
 * epel: mirror.steadfastnet.com
 * extras: mirror.steadfastnet.com
 * updates: centos.mirror.lstn.net
Package python2-requests-2.6.0-0.el7.noarch is obsoleted by python-requests-2.6.0-10.el7.noarch which is already installed
Nothing to do
verdverm commented 2 years ago

@illfelder

The base centos image is centos-7-v20211028 from gcloud supplied images

hopkiw commented 2 years ago

I think you've root caused it :) your VM thinks it has python-requests installed, but we see ImportError raised when attempting to use it. For a more direct test:

$ python -c 'import requests; print(requests)'
verdverm commented 2 years ago 
# python -c 'import requests; print(requests)'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 58, in <module>
    from . import utils
  File "/usr/lib/python2.7/site-packages/requests/utils.py", line 32, in <module>
    from .exceptions import InvalidURL
  File "/usr/lib/python2.7/site-packages/requests/exceptions.py", line 10, in <module>
    from urllib3.exceptions import HTTPError as BaseHTTPError
  File "/usr/lib/python2.7/site-packages/urllib3/__init__.py", line 10, in <module>
    from .connectionpool import (
  File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 31, in <module>
    from .connection import (
  File "/usr/lib/python2.7/site-packages/urllib3/connection.py", line 45, in <module>
    from .util.ssl_ import (
  File "/usr/lib/python2.7/site-packages/urllib3/util/__init__.py", line 5, in <module>
    from .request import SKIP_HEADER, SKIPPABLE_HEADERS, make_headers
  File "/usr/lib/python2.7/site-packages/urllib3/util/request.py", line 5, in <module>
    from ..exceptions import UnrewindableBodyError
ImportError: cannot import name UnrewindableBodyError

Is this an upstream error? (with the library)

hopkiw commented 2 years ago

Well it is trying to pull something in from urllib3, a dependency of requests. This issue is somewhere in your OS with regards to installed software. I may try uninstalling and reinstalling all relevant python packages.

verdverm commented 2 years ago

Ah, is this possibly because pip was used to install requests?

hopkiw commented 2 years ago

Yes, we don't support mixed pip/package installations. You can try to make that work but you'll have to follow up on issues like this. Suggest you use all packages from the OS, instead.

verdverm commented 2 years ago

Thanks @hopkiw & @illfelder for taking the time to help debug this.

I've been able to successfully auth against GAR Yum!

Any idea when it may go GA?

illfelder commented 2 years ago

That's fantastic! We consider Apt and Yum support feature complete for GA, but want sufficient user validation before calling it GA. Any feedback would be greatly appreciated!

verdverm commented 2 years ago

We'll let you know how it goes. We are mirroring ~10 repos and ~125G, to create private snapshots to support air gapped setups with reproducibility

illfelder commented 2 years ago

That's fantastic - look forward to hearing back about any issues or limitations you run into!

verdverm commented 2 years ago

I submitted some feedback on GAR via the docs site, do you see that?

I'm happy to repeat on GitHub in another issue here or another repo if it is more appropriate.

illfelder commented 2 years ago

Yep! We saw the documentation feedback (thank you for submitting it!) and had internally triaged it right before you posted this github issue.

verdverm commented 2 years ago

@illfelder Following up on our experience, broadly we cannot use it in the current state.

A minimal reproducer for the download would be to mirror google-cloud-sdk. The update to this package on the centos-7-v20211105 fails coming from GAR with an unexpected EOF (iirc).

cuda can be used to see the upload fail timeout. (base,epel,and microsoft also failed on looped package upload)

repos:

verdverm commented 2 years ago

We are now trying a patched version of https://github.com/tellapart/yum-gs-iam to serve repo mirrors directly out of GCS

hopkiw commented 2 years ago

@verdverm this is great feedback, thank you. I think we will consider removing the dependency on those python packages since many customers have mixed environments. I believe Max is out this week but we'll incorporate this feedback. Feel free to continue using this issue for documenting your experience.

illfelder commented 2 years ago

Hi @verdverm, thanks for the feedback! We identified an issue a few weeks back where large package uploads caused issues and timed out. Those issues should have been resolved a little over a week ago. If you still see an issue attempting to upload large packages, please let us know so we can investigate further.