背景
当前 ciro 版本
$ ciro versioncrio version 1.22.1Version: 1.22.1GitCommit: 63ca93845d5fe05cdca826367afcb601ece8d7adGitTreeState: cleanBuildDate: 2022-01-29T08:15:54ZGoVersion: go1.16.13Compiler: gcPlatform: linux/amd64Linkmode: dynamicBuildTags: exclude_graphdriver_devicemapper, seccompSeccompEnabled: trueAppArmorEnabled: false
遇到问题,通过crictl下载大于1GB镜像时候,经常hung住15~30分钟,有一定失败率,下载10GB本地仓库基本有时候需要1个小时,甚至经常失败
sudo /usr/local/bin/crictl pull <image-name>FATA[0333] pulling image: rpc error: code = Unknown desc = writing blob: storing blob to file "/var/tmp/storage038803475/2": happened during read: unexpected EOFFailed to pull image "xxxx.xxxx/gpu/app/py-gpu-service:cuda11-0.0.1.dev.2": rpc error: code = Unknown desc = writing blob: storing blob to file "/var/tmp/storage989958523/4": happened during read: context canceled
打开 crio debug日志 /etc/crio/crio.conf
[crio.runtime]...# Changes the verbosity of the logs based on the level it is set to. Options# are fatal, panic, error, warn, info, debug and trace. This option supports# live configuration reload.log_level = "info"
$ sudo systemctl restart crio
/var/log/message
Failed to retrieve partial blob: blob type not supported for partial retrieval
错误描述参考
- buildah pull sometimes hangs forever (v1.23.0) #3662 ```latex buildah pull sometimes hangs forever. Running it with —log-level debug shows this error and hangs immediately thereafter:
Failed to retrieve partial blob: blob type not supported for partial retrieval I’m pulling images that are constructed in an iterative fashion (each image is constructed from the previous one) and the reproducibility seems to vary depending on the layer. For instance, I have an image that only adds an environment variable (the filesystem diff is empty) and that one seems to reproduce the issue more than the others.
Besides, the images are constructed with buildah but then pushed to the local docker daemon which, in turn, pushes them to an AWS ECR registry.
vbauerster/mpb#100 包导致, 需要升级 Update to github.com/vbauerster/mpb v7.1.5 to fix [vbauerster/mpb#100](https://github.com/vbauerster/mpb/issues/100) .<a name="DFfJL"></a>### 修复方法crio 升级 1.23 版本<a name="z2uzU"></a>## 解决步骤<a name="KkiOV"></a>### 域名重定向配置x509不支持ignoreCN 问题私有仓库和`gcr.io`,`quay.io`,`k8s.gcr.io`不能通过https访问,可以通过perfix重定向通过ip访问```bash[[registry]]prefix = "docker.io"insecure = falseblocked = falselocation = "registry.docker-cn.com"[[registry.mirror]]location = "docker.mirrors.ustc.edu.cn"insecure = true[[registry.mirror]]location = "hub-mirror.c.163.com"insecure = true[[registry]]prefix = "docker.your-comany.local"insecure = trueblocked = falselocation = "harbor:port"[[registry]]prefix = "gcr.io"insecure = trueblocked = falselocation = "grc-mirrors-have-proxy_ip_1:port"[[registry.mirror]]location = "grc-mirrors-have-proxy_ip_2:port"insecure = true[[registry]]prefix = "quay.io"insecure = trueblocked = falselocation = "quay-mirrors-have-proxy_ip_1:port"[[registry.mirror]]location = "quay-mirrors-have-proxy_ip_2:port"insecure = true[[registry]]prefix = "k8s.gcr.io"insecure = trueblocked = falselocation = "k8s-grc-mirrors-have-proxy_ip_1:port"[[registry.mirror]]location = "k8s-grc-mirrors-have-proxy_ip_1:port"insecure = true
代理配置修改
之前更新以后,发现 pull image 时候也会卡住,由于 harbor 使用ceph 对象网关进行镜像存储,crio镜像时候harbor返回 对象网关地址,在对象网关机器发现,通过代理地址下载连接对象网关。如果使用代理需要修改代理配置
Environment="HTTP_PROXY=http://squit_proxy_ip:port" "HTTPS_PROXY=http://squit_proxy_ip:port" "NO_PROXY=localhost,127.0.0.1,docker.yourcomany.loca,gcr.io,quay.io,k8s.gcr.io,内网网段/24"
更新版本
编辑仓库/etc/yum.repo.d/
[devel_kubic_libcontainers_stable_cri-o_1.23]baseurl = http://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:/cri-o:/1.23/CentOS_7/gpgcheck = 1gpgkey = http://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:/cri-o:/1.23/CentOS_7/repodata/repomd.xml.keyname = CRI-O 1.23 (CentOS_$releasever)
更新crio
$ sudo yum install$ sudo yum install cri-o-1.23.2-5.1.el7$ sudo systemctl restark crio$ sudo systemctl restart kubelet
若有收获,就点个赞吧
0 人点赞
