SolvedPortus Garbage Collector removes all tags
40 Answers
Share
OriginalβοΈAccepted Answer
@robgiovanardi I think I found your solution!!!!, and oh my god, the idea I just wrote 5minutes ago, inspred by #2275 (comment) , gave full reward !!!!
have a look out there : https://github.com/Ashtonian/server-setup/blob/bc9ac031a18f1c686da5a662d3cf969009a50c38/portus/docker-compose.yml
So Yesssss! there exist PORTUS_BACKGROUND_GARBAGE_COLLECTION_XXXX variables to activate and configure Garbage collection !!! :D :D :D thank you sooo much @kylegoetz and Ashtonian
And so, what you need to do, is to ad the following env. variables to both your background and your portus services in docker-compose.yml
- PORTUS_DELETE_ENABLED=true
- PORTUS_DELETE_CONTRIBUTORS=false
- PORTUS_DELETE_GARBAGE_COLLECTOR_ENABLED=true
- PORTUS_DELETE_GARBAGE_COLLECTOR_OLDER_THAN=30
- PORTUS_DELETE_GARBAGE_COLLECTOR_KEEP_LATEST=5Honestly, I'll try as soon aspossible to set that only for the background, just to check if it works, cause there 's a potential non-necessary copy-paste in this example.
I have a lot of other work on Portus, so I can't do that this weekend, I am so dying that you do that and give me feedback even before I run it
The whole docker-compose.yml, so we don't lose it
I found it seraching github with string PORTUS_BACKGROUND_REGISTRY_ENABLED, and got only 4 results in code, in the whole of github.com as of 15/02/2020!!
Even funnier,
version: "3.7"
services:
portus:
image: opensuse/portus:2.4.3
# env_file:
# - ./portus.env
environment:
- PORTUS_MACHINE_FQDN_VALUE=portus.ashlab.dev
- PORTUS_DB_HOST=db
- PORTUS_DB_DATABASE=portus_production
- PORTUS_DB_PASSWORD=${DATABASE_PASSWORD}
- PORTUS_DB_POOL=5
- PORTUS_SECRET_KEY_BASE=${SECRET_KEY_BASE}
- PORTUS_KEY_PATH=/certificates/portus.ashlab.dev/privatekey.key
- PORTUS_PASSWORD=${PORTUS_PASSWORD}
- PORTUS_CHECK_SSL_USAGE_ENABLED=false
- PORTUS_SIGNUP_ENABLED=false
- RAILS_SERVE_STATIC_FILES=true
- PORTUS_GRAVATAR_ENABLED=true
- PORTUS_DELETE_ENABLED=true
- PORTUS_DELETE_CONTRIBUTORS=false
- PORTUS_DELETE_GARBAGE_COLLECTOR_ENABLED=true
- PORTUS_DELETE_GARBAGE_COLLECTOR_OLDER_THAN=30
- PORTUS_DELETE_GARBAGE_COLLECTOR_KEEP_LATEST=5
- PORTUS_ANONYMOUS_BROWSING_ENABLED=false
- PORTUS_OAUTH_GITHUB_ENABLED=true
- PORTUS_OAUTH_GITHUB_CLIENT_ID=${PORTUS_OAUTH_GITHUB_CLIENT_ID}
- PORTUS_OAUTH_GITHUB_CLIENT_SECRET=${PORTUS_OAUTH_GITHUB_CLIENT_SECRET}
- PORTUS_OAUTH_GITHUB_ORGANIZATION=karsto
# # - PORTUS_OAUTH_GITHUB_TEAM=''
# # - PORTUS_OAUTH_GITHUB_DOMAIN=''
# - PORTUS_SECURITY_CLAIR_SERVER=http://clair:6060
# ports:
# - 3000:3000
depends_on:
- db
links:
- db
volumes:
- traefik_certs_raw:/certificates:ro
# - secrets:/certificates:ro
networks:
- portus
- public
labels:
- "traefik.enable=true"
# - "traefik.http.middlewares.sslHeaders.headers.SSLHost=portus.ashlab.dev"
- "traefik.http.routers.portus.rule=Host(`portus.ashlab.dev`)"
- "traefik.http.routers.portus.middlewares=https_redirect, sslHeaders"
- "traefik.http.routers.portus.service=portus"
- "traefik.http.routers.portus.tls=true"
- "traefik.http.routers.portus.tls.certresolver=le"
- "traefik.http.services.portus.loadbalancer.server.port=3000"
- "traefik.http.services.portus.loadbalancer.server.scheme=http"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" # Standard move to default when traefik fixes behavior
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
# - "traefik.http.middlewares.sslHeaders.headers.framedeny=true"
# - "traefik.http.middlewares.sslHeaders.headers.sslredirect=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSSeconds=315360000"
# - "traefik.http.middlewares.sslHeaders.headers.browserXSSFilter=true"
# - "traefik.http.middlewares.sslHeaders.headers.contentTypeNosniff=true"
# - "traefik.http.middlewares.sslHeaders.headers.forceSTSHeader=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSIncludeSubdomains=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSPreload=true"
deploy:
labels:
- "traefik.enable=true"
# - "traefik.http.middlewares.sslHeaders.headers.SSLHost=portus.ashlab.dev"
- "traefik.http.routers.portus.rule=Host(`portus.ashlab.dev`)"
- "traefik.http.routers.portus.middlewares=https_redirect, sslHeaders"
- "traefik.http.routers.portus.service=portus"
- "traefik.http.routers.portus.tls=true"
- "traefik.http.routers.portus.tls.certresolver=le"
- "traefik.http.services.portus.loadbalancer.server.port=3000"
- "traefik.http.services.portus.loadbalancer.server.scheme=http"
# - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" # Standard move to default when traefik fixes behavior
# - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
# - "traefik.http.middlewares.sslHeaders.headers.framedeny=true"
# - "traefik.http.middlewares.sslHeaders.headers.sslredirect=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSSeconds=315360000"
# - "traefik.http.middlewares.sslHeaders.headers.browserXSSFilter=true"
# - "traefik.http.middlewares.sslHeaders.headers.contentTypeNosniff=true"
# - "traefik.http.middlewares.sslHeaders.headers.forceSTSHeader=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSIncludeSubdomains=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSPreload=true"
background:
image: opensuse/portus:2.4.3
depends_on:
- portus
- db
environment:
# Theoretically not needed, but cconfig's been buggy on this...
- CCONFIG_PREFIX=PORTUS
- PORTUS_MACHINE_FQDN_VALUE=portus.ashlab.dev
- PORTUS_DB_HOST=db
- PORTUS_DB_DATABASE=portus_production
- PORTUS_DB_PASSWORD=${DATABASE_PASSWORD}
- PORTUS_DB_POOL=5
- PORTUS_SECRET_KEY_BASE=${SECRET_KEY_BASE}
- PORTUS_KEY_PATH=/certificates/portus.ashlab.dev/privatekey.key
- PORTUS_PASSWORD=${PORTUS_PASSWORD}
# - PORTUS_SECURITY_CLAIR_SERVER=http://clair:6060
# - PORTUS_CHECK_SSL_USAGE_ENABLED=false
- PORTUS_GRAVATAR_ENABLED=true
- PORTUS_DELETE_ENABLED=true
- PORTUS_DELETE_CONTRIBUTORS=false
- PORTUS_DELETE_GARBAGE_COLLECTOR_ENABLED=true
- PORTUS_DELETE_GARBAGE_COLLECTOR_OLDER_THAN=30
- PORTUS_DELETE_GARBAGE_COLLECTOR_KEEP_LATEST=5
- PORTUS_OAUTH_GITHUB_ENABLED=true
- PORTUS_OAUTH_GITHUB_CLIENT_ID=${PORTUS_OAUTH_GITHUB_CLIENT_ID}
- PORTUS_OAUTH_GITHUB_CLIENT_SECRET=${PORTUS_OAUTH_GITHUB_CLIENT_SECRET}
- PORTUS_OAUTH_GITHUB_ORGANIZATION=karsto
# - PORTUS_OAUTH_GITHUB_TEAM=''
# - PORTUS_OAUTH_GITHUB_DOMAIN=''
- PORTUS_ANONYMOUS_BROWSING_ENABLED=false
- PORTUS_BACKGROUND=true
- PORTUS_BACKGROUND_REGISTRY_ENABLED=true
- PORTUS_BACKGROUND_SYNC_ENABLED=true
- PORTUS_BACKGROUND_SYNC_STRATEGY=update-delete
links:
- db
# env_file:
# - ./portus.env
volumes:
- traefik_certs_raw:/certificates:ro
networks:
- portus
db:
image: library/mariadb:10.0.33
command: mysqld --character-set-server=utf8 --collation-server=utf8_unicode_ci --init-connect='SET NAMES UTF8;' --innodb-flush-log-at-trx-commit=0
# env_file:
# - ./portus.env
environment:
- MYSQL_DATABASE=portus_production
- MYSQL_ROOT_PASSWORD=${DATABASE_PASSWORD}
volumes:
- mariadb:/var/lib/mysql
networks:
- portus
# clair: TODO:
# image: quay.io/coreos/clair
# restart: unless-stopped
# depends_on:
# - postgres
# links:
# - postgres
# - portus
# ports:
# - "6060-6061:6060-6061"
# volumes:
# - /tmp:/tmp
# - ./clair/clair.yml:/clair.yml
# command: [-config, /clair.yml]
registry:
image: library/registry:2.7.1
# env_file:
# - ./portus.env
environment:
# REGISTRY_HTTP_ADDR: registry.ashlab.dev
# Authentication
REGISTRY_AUTH_TOKEN_REALM: https://portus.ashlab.dev/v2/token
REGISTRY_AUTH_TOKEN_SERVICE: registry.ashlab.dev
REGISTRY_AUTH_TOKEN_ISSUER: portus.ashlab.dev
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certificates/portus.ashlab.dev/certificate.crt
# Portus endpoint
REGISTRY_NOTIFICATIONS_ENDPOINTS: >
- name: portus
url: https://portus.ashlab.dev/v2/webhooks/events
timeout: 2000ms
threshold: 5
backoff: 1s
volumes:
- traefik_certs_raw:/certificates:ro
- registry:/var/lib/registry
- secrets:/secrets:ro
- ./config.yml:/etc/docker/registry/config.yml:ro
ports:
# - 5000:5000
- 5001:5001 # required to access debug service
links:
- portus:portus
networks:
- portus
- public
labels:
- "traefik.enable=true"
# - "traefik.http.middlewares.sslHeaders.headers.SSLHost=registry.ashlab.dev"
- "traefik.http.routers.registry.rule=Host(`registry.ashlab.dev`)"
- "traefik.http.routers.registry.middlewares=https_redirect, sslHeaders"
- "traefik.http.routers.registry.service=registry"
- "traefik.http.routers.registry.tls=true"
- "traefik.http.routers.registry.tls.certresolver=le"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
- "traefik.http.services.registry.loadbalancer.server.scheme=http"
# - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" # Standard move to default when traefik fixes behavior
# - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
# - "traefik.http.middlewares.sslHeaders.headers.framedeny=true"
# - "traefik.http.middlewares.sslHeaders.headers.sslredirect=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSSeconds=315360000"
# - "traefik.http.middlewares.sslHeaders.headers.browserXSSFilter=true"
# - "traefik.http.middlewares.sslHeaders.headers.contentTypeNosniff=true"
# - "traefik.http.middlewares.sslHeaders.headers.forceSTSHeader=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSIncludeSubdomains=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSPreload=true"
deploy:
labels:
- "traefik.enable=true"
# - "traefik.http.middlewares.sslHeaders.headers.SSLHost=registry.ashlab.dev"
- "traefik.http.routers.registry.rule=Host(`registry.ashlab.dev`)"
- "traefik.http.routers.registry.middlewares=https_redirect, sslHeaders"
- "traefik.http.routers.registry.service=registry"
- "traefik.http.routers.registry.tls=true"
- "traefik.http.routers.registry.tls.certresolver=le"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
- "traefik.http.services.registry.loadbalancer.server.scheme=http"
# - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" # Standard move to default when traefik fixes behavior
# - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
# - "traefik.http.middlewares.sslHeaders.headers.framedeny=true"
# - "traefik.http.middlewares.sslHeaders.headers.sslredirect=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSSeconds=315360000"
# - "traefik.http.middlewares.sslHeaders.headers.browserXSSFilter=true"
# - "traefik.http.middlewares.sslHeaders.headers.contentTypeNosniff=true"
# - "traefik.http.middlewares.sslHeaders.headers.forceSTSHeader=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSIncludeSubdomains=true"
# - "traefik.http.middlewares.sslHeaders.headers.STSPreload=true"
volumes:
secrets:
driver: local
driver_opts:
type: "none"
o: "bind,rw"
device: "/mnt/workspace/portus/secrets"
traefik_certs_raw:
driver: local
driver_opts:
type: "none"
o: "bind,ro"
device: "/mnt/workspace/traefik_certs_raw/"
mariadb:
registry:
networks:
public:
external: true
portus:
Related Issues:
3
Portus Garbage Collector removes all tags
@robgiovanardi I think I found your solution!!!! and oh my god the idea I just wrote 5minutes ago in...
720
distribution Private registry push fail: server gave HTTP response to HTTPS client
I get helped from [http://stackoverflow.com/questions/38695515/can-not-pull-push-images-after-update...
523
kubernetes deleting namespace stuck at "Terminating" state
@ManifoldFR I had the same issue as yours and I managed to make it work by making an API call with j...
447
moby The name "/data-container-name" is already used by container <hash>. You have to remove (or rename) that container to be able to reuse that name.
I have a helper function to nuke everything so that our Continuous blah cycle can be tested erm.. co...
279
kubernetes PV is stuck at terminating after PVC is deleted
I got rid of this issue by performing the following actions: Then I manually edited the pv individua...
271
kubernetes x509 cert issues after kubeadm init
do you have $KUBECONFIG pointing to /etc/kubernetes/kubelet.conf? BUG REPORT: (I think?) What happen...
264
kubernetes Ingress: Allow for multiple hosts
I also would like to see this feature but as a workaround I use YAML ids Here is how it would look f...
225
kubernetes The connection to the server localhost:8080 was refused - did you specify the right host or port?
Run these commands solved this issue: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HO...
210
minikube minikube start - Error starting host, machine does not exist
On macOS Sierra rm -rf ~/.minikube fixed it for me After that minikube start worked as expected mini...
208
kubernetes Force pods to re-pull an image without changing the image tag
@yujuhong Sometimes it's very useful to be able to do this For instance Problem A frequent question ...
205
moby docker-engine 1.10.2-0~trusty can't install on clean Ubuntu 64-bit 14.04.3
I seem to have resolved this by putting deb http://cz.archive.ubuntu.com/ubuntu trusty main in /etc/...
183
moby Docker service update --image "could not accessed on a registry to record its digest"
When updating services that need credentials to pull the image you need to pass --with-registry-auth...
182
kubernetes 'unknown revision v0.0.0' errors, seemingly due to 'require k8s.io/foo v0.0.0'
For anyone else who hits this issue after much weeping and gnashing of teeth this is the little scri...
148
minikube kube-proxy configmap update: timed out (unknown root cause)
I had this error when upgrading from 0.25 to 0.26.1 Simply performing minikube delete and then re-cr...
127
kubernetes JSONpath fails to return keys containing dots in a map
Escaping dots works now To revisit the example in my original message: Closing π ...
127
moby docker daemon unable to access registry - Client.Timeout exceeded while awaiting headers
I found out that the problem might be in /etc/resolv.conf I had: but moving the non-working (yet) 10...
123
kubernetes "Failed to setup network for pod \ using network plugins \"cni\": no IP addresses available in network: podnet; Skipping pod"
I had a simliar issue while testing kubernetes with kubeadm This started to happen after I did a kub...
119
kubernetes Kubectl cp gives "tar: removing leading '/' from member names" warning
Something I found is that if I do not put a / at the beginning of my path following : in <pod>:<path...
114
moby docker.service Failed with result 'start-limit-hit'.
I had the same error message once because of an empty /etc/docker/daemon.json file Delete it if you ...
112
kubernetes no kind "Deployment" is registered for version "apps/v1beta2"
Small tip: To find out what exact apps/xxx api version your cluster supports use kubectl api-version...
111
minikube Can't pull images from an insecure registry in Minikube VM
I just tried this with minikube v0.10.0 and --insecure-registry='docker-registry.example.com:443' wa...
110
rancher Namespace created by rancher can't delete
This is a known issue with removing an imported cluster (and in the process of being fixed) but you ...
108
che event-stream-3.3.6.tgz not found in Yarnpkg.
this is due to : https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident to...
103
moby containerd: start container" error="oci runtime error: fork/exec /usr/bin/docker (deleted): no such file or directory: "
Not sure if this is the same cause but this might help someone Steps to reproduce the issue: Install...
102
moby Error response from daemon: Get https://registry-1.docker.io/v2/
may be you are behind a firewall/proxy server i was also behind my office firewall so i tried below ...
101
kubernetes Scale down a deployment by removing specific pods
In my company we have the exact same case of that of @antoinne85: workers that pick tasks from a que...
99
kubernetes Ubuntu 16.04 LTS - Unable to locate package kubelet, kubeadm, kubectl
Hi @monique77 On Ubuntu 16.04: Add key for new repository: Add repository: Install Kubernetes: Regar...
96
vscode remote release VS Code Server for WSL closed unexpectedly: Input/output error
I just got this issue too I installed the Windows May 2020 Update yesterday and then installed Ubunt...
95
kubernetes Kubernetes-cni issue with 1.9.0 - no ip address available in range
I had the same issue on Ubuntu 16.04.1 LTS (using flannel for the networking) Is this a BUG REPORT o...
86
kubernetes Failed to get system container stats for "/system.slice/kubelet.service": failed to get cgroup stats for "/system.slice/kubelet.service": failed to get container info for "/system.slice/kubelet.service": unknown container "/system.slice/kubelet.service"
Also on AWS default image for kops (k8s-1.8-debian-jessie-amd64-hvm-ebs-2017-12-02 (ami-bd229ec4)) a...
85
minikube Error getting state for host: exit status 126
As a referential point for anyone who run into this issue on El Capitan and found this via Google (l...
84
minikube Can't use Minikube on VPN
I know this is closed but I'm adding this comment to describe how we made this work: Set port forwar...
81
moby linux spec user: Unable to find user xxx
Why not use the numeric ID of the user instead of a user-name; doing so you don't have to bind-mount...
79
minikube Failed to restart crio.service: Unit crio.service not found.
Ran into the same issue However I am working on Linux The following steps did the trick for me: Unin...
78
moby 20.10.0-beta1@Fedora 33: Failed to program NAT chain: ZONE_CONFLICT: 'docker0' already bound to a zone
I've got a similar error after upgrading docker to version 20.10 on Fedora 32 To fix this ...
77
kubernetes Flannel (NetworkPlugin cni) error: /run/flannel/subnet.env: no such file or directory
Just got the same problem - fixed it by manually adding the file: /run/flannel/subnet.env ...
75
kubernetes Pods stuck on terminating
I have the same issue on Kubernetes 1.8.2 on IBM Cloud After new pods are started the old pods are s...
74
moby Named Volumes in Dockerfile
This is by design With docker-compose I can use named volumes like this: What about Dockerfile? I tr...
73
minikube No example to use minikube with private registry
For Google Container Registry (using oauth2) this works for me: kubectl create secret docker-registr...
72
moby Add daemon options for Docker network subnets
This is a feature request and I support it! docker daemon should have two additional options: --net-...
68
kubernetes Deployment with recreate strategy does not remove old replica set
Thought this might help anyone looking at how to remove inactive replicasets (spec.replicas set to z...
67
moby Trying to connect to Docker API for shell commands throws error
This is likely due to either the Virtual Machine not being started (try docker-machine start default...
66
kubernetes network plugin is not ready: cni config uninitialized
removing $KUBELET_NETWORK_ARGS not work with me. Hello I want to do a fresh install of kubernetes vi...
66
rancher Runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
same issue and this is my solution. I deployed Rancher cluster v2.0.0 ...
64
kops etcd-manager certificate rotation
The certs and keys in S3 are only for the CA certificates which have a 10 year expiration ...
64
kubernetes gcloud container get-credentials not authenticating service account
Previously gcloud would have configured kubectl to use the cluster's static client certificate to au...
62
kubernetes kube-proxy iptables load-balancing probability is not equal
This is intended because these iptables rules will be examined from top to bottom Take your case as ...
60
kops kubelet-api is Forbidden to logs pods
I'm not sure this is the right solution 1 What kops version are you running? The command kops versio...
60
kubernetes (1.17) Kubelet won't reconnect to Apiserver after NIC failure (use of closed network connection)
I've fixed it by running this bash script every 5 minutes: We've just upgrade our production cluster...
57
containers roadmap [EKS] [request]: Remove requirement of public IPs on EKS managed worker nodes
Yea thats the part in your documentation I was surprised by Community Note Please vote on this issue...
Description
I Activated Garbage Collector on Portus Background process with
keep_latest: 5andolder_than: 100But it deletes all images older_than 100 ignoring the keep_latest flag. In result I have old repositories wiped all completely
Steps to reproduce
garbage_collector: enabled: true older_than: 100 keep_latest: 5 tag: ""Here initial logs:
Deployment information
Deployment method: Portus is deployed as a standalone Container (not Compose) which connects to local MariaDB and Registry.
Configuration:
Portus version: 2.4.3@5a616c0ef860567df5700708256f42505cdb9952
env_portus: environment file used for customizing Portus Foreground:
We are running portus with:
docker run -d --restart=always -v /opt/ssl:/certificates:ro -v /srv/portus/config/config.yml:/srv/Portus/config/config.yml \ -p 3000:3000 --name portus --env-file=/srv/portus/config/env_portus opensuse/portus:2.4env_background: environment file used for customizing Portus Background:
Then we are running portus background:
docker run -d --restart=always -v /opt/ssl:/certificates:ro -v /srv/portus/config/config.yml:/srv/Portus/config/config.yml \ --name portus_background --env-file=/srv/portus/config/env_background opensuse/portus:2.4Thanks in advance
Roberto