[Tools-discuss] Upcoming disruptive changes to Docker Hub and CI services

Martin Thomson <mt@lowentropy.net> Tue, 06 October 2020 00:55 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tools-discuss@ietfa.amsl.com
Delivered-To: tools-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4765D3A0844 for <tools-discuss@ietfa.amsl.com>; Mon, 5 Oct 2020 17:55:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=Gl+O47OG; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=B3K/A6er
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wWY_-Ry_VPuz for <tools-discuss@ietfa.amsl.com>; Mon, 5 Oct 2020 17:55:57 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B20743A083F for <tools-discuss@ietf.org>; Mon, 5 Oct 2020 17:55:57 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 28643C73 for <tools-discuss@ietf.org>; Mon, 5 Oct 2020 20:55:57 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute1.internal (MEProxy); Mon, 05 Oct 2020 20:55:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:date:from:to:subject:content-type; s= fm3; bh=psu6+1PurVceaC1bDhATz+0/R+IXQYUt9mQh3vmkTa8=; b=Gl+O47OG FgYuYUHZnkFuk9OtgiNudKyfiTskyeT8c1x1bDV6zREaDkRgYl7vxhJa0V1arUND qanZMyyGyUDMNuN/hIXpzwnXq1Ho09T+nNpBWcIEfp88cw62xQ20Sy2Xydct7tod CVJvwvGf8dn72LpfIvyro4rxrwwIH6/vpFkukXuNDoN2w9BwyT79z6/+N45Lr0k0 SP81oMOeaQzCEULQusnuFTlpKDWDsef2CznPAuU9RVwlurQmPhSH/JmINZZJ4BSx 5oFcY1OD5NGYHZ5YnDQe9sVhbM7DYTqsdD0iNAjrjj609oDVgFChtDc1vo4itoh+ llX+iM2gDB6ujQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=psu6+1PurVceaC1bDhATz+0/R+IXQ YUt9mQh3vmkTa8=; b=B3K/A6erkHmN+XaPXz/U7SRUVL2ckHlR5Z24rk5gIsSkY 0DPxD07juBEQz3eV5nIUt/WP3ggFnGui3Fq83N2CdiRL1rsv8ZL2xya/xDE1hfff aRwSOA1KVafeq8wz47LmoCjlx80xJjl7hlWbn/4Eqopkim4C0RyCIvmVP3kwwwCI 7NuFqFgWKrU6ggtrdozt+kipVrPQjDZuN+rEqZBfjefz9Ydt9+fU1kHOVCojfJN+ JtipQnLvNDtg+tJZFyq+NnbmXgPcEkvZRd0/sCFd08lKL2pJSxtrXlvgtuKu07zq 6Oyzb5jGikPT3swGCpPnuMAy2I7kBsYTLniTpnUxw==
X-ME-Sender: <xms:nMB7X89reB-AX0BiKSWQzW7smxqMPECRtNxFA53nkewvZ1SoFnPy-w> <xme:nMB7X0v968MDrAtI5Zh-Tj5-gOM9BWw5l7skUPoymJFoQlRKsaczbYS3rtj5ijBDO kxWY3Y5c_hUHh0D0HQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrgeefgdegudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre ertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghn thhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepteegudefffefffefgeffvdefte egffefvefgveelvdeuhffhteehkeduudduleelnecuffhomhgrihhnpeguohgtkhgvrhdr tghomhdptghirhgtlhgvtghirdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:nMB7XyCTkPMor347mjN7iiJwpAE3Bt57IKxeQkndhYpufsY2qYRqww> <xmx:nMB7X8fQID9lHvGVzgeEnrtmSJAUplJAEwjm1HKwHSRy8ZgZkaIqww> <xmx:nMB7XxNzQ6LUVHjd2W-y2wFuJvmRXgj7JqbbsFrkeAkx72MMunc1Zg> <xmx:nMB7X3bhtouogCmS6W0eMFQ7UUiuZKGIkIurawswBjV7w9Y2JezcnA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 800E620090; Mon, 5 Oct 2020 20:55:56 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-382-ge235179-fm-20200928.002-ge2351794
Mime-Version: 1.0
Message-Id: <db7705a3-0aa6-4e21-af16-4aef84320bec@www.fastmail.com>
Date: Tue, 06 Oct 2020 11:55:31 +1100
From: "Martin Thomson" <mt@lowentropy.net>
To: tools-discuss@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tools-discuss/-KkhHprTSmY1_-XeETNKims9NvQ>
Subject: [Tools-discuss] Upcoming disruptive changes to Docker Hub and CI services
X-BeenThere: tools-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Tools Discussion <tools-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tools-discuss>, <mailto:tools-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tools-discuss/>
List-Post: <mailto:tools-discuss@ietf.org>
List-Help: <mailto:tools-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tools-discuss>, <mailto:tools-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2020 00:55:59 -0000

For those people using Circle or Travis for continuous integration of their drafts, a change to the way that Docker Hub authorizes access to docker images will likely break all continuous integration builds.

https://docs.docker.com/docker-hub/download-rate-limit/ and https://www.docker.com/blog/scaling-docker-to-serve-millions-more-developers-network-egress/ explain that limits will be applied to client IP ranges, which obviously leads to CI services being adversely affected.

This will likely break any flow that doesn't use GitHub Actions.  GitHub use their own image repository so are unaffected.

Circle have provided this information: https://circleci.com/docs/2.0/private-images/  Anyone looking to avoid this rate limiting will (likely) need to make some manual changes to their .circleci/config.yml file and build configuration.  I'm not currently aware of any way to avoid this extra configuration step.  Any ideas for how this might be automated or how automation might help would be appreciated.