Closed blenessy closed 3 weeks ago
Thanks for reporting this issue. It seems like the cause for this failure lies on the container registry site, which answers with error 504: Unable to locate the requested resource
. I think I've observed this error a few times myself.
The generate
command (which uses the upstream genpolicy
tool under the hood) will download the container manifests and layers to generate the dm-verity hashes for the policy. If the registry isn't able to serve the image, the generate command will fail.
I'm not exactly sure what causes these inconsistencies in container registries. In your case, this seems to be a problem internal to docker registry, but I've observed similar issues with ghcr.io. Sadly, there is not much we can do about it. I'll see if we can include a retry loop somewhere on our side or upstream.
Did this happen only once, or can you reproduce this issue when calling generate multiple times?
Notice that the result of the generate is cached in the layers-cache.json
of your workspace, so you might want to remove this file when retrying to reproduce this error.
Hi @katexochen !
Did this happen only once, or can you reproduce this issue when calling generate multiple times?
Nah I cannot reproduce this, in fact I've only seen this once. Considering the 504 (gateway timeout)... I think I just got unlucky to hit a maintenance slot of docker.l5d.io.
I'll see if we can include a retry loop somewhere on our side or upstream. It is a very good idea to retry at least server errors (HTTP 5xx). I would probably also retry intermittent connection problems.
From our e2e tests:
[2024-06-05T05:45:37Z INFO genpolicy::registry] Pulling manifest and config for "docker.l5d.io/buoyantio/emojivoto-voting-svc:v11"
thread 'main' panicked at src/registry.rs:116:17:
Failed to pull container image manifest and config - error: RequestError(
reqwest::Error {
kind: Request,
url: Url {
scheme: "https",
cannot_be_a_base: false,
username: "",
password: None,
host: Some(
Domain(
"docker.l5d.io",
),
),
port: None,
path: "/v2/buoyantio/emojivoto-voting-svc/manifests/v11",
query: None,
fragment: None,
},
source: hyper::Error(
Io,
Os {
code: 104,
kind: ConnectionReset,
message: "Connection reset by peer",
},
),
},
)
Maybe we can upload the image somewhere else if this is specific to docker.l5d.io.
I am testing contrast for the first time. I finished the Getting Started steps successfully, now I'm working myself through the Confidential emoji voting example.
When I run the following command for the first time, the contrast cli crashes:
Re-running the command finishes successfully (and I can find the annotations in the yaml file):