Page MenuHomePhabricator
Create Task
Maniphest T288198

Pushes to docker-registry fail for images with compressed layers of size >1GB
Closed, ResolvedPublic
Actions

Description

During stress testing of the docker-registry infrastructure @akosiaris discovered that pushing of images that consist of layers with a compressed size of > 1GB fails (https://phabricator.wikimedia.org/T264209#6546056).

Just extracting the relevant discussion from T264209 into this task:

In T264209#6549716, @akosiaris wrote:
In T264209#6547169, @dancy wrote:
In T264209#6547152, @JMeybohm wrote:

We need to permanently bump the tmpfs /var/lib/nginx size if we want to be able to consistently push images with blobs that are larger than 1 GB compressed

Couldn't we get around this by using a (bigger) non tmpfs filesystem as client_body_temp_path?
Not sure how much the upload performance would suffer in this case, but we could test that...

+1 on this suggestion. For small requests, there will be minimal writing to a real filesystem for files that exist briefly. These writes would be background I/O in most cases.

The main issue will be that large pushes to the registry will become slower. Hence CI will be taking longer overall. That being said, we probably should try to optimize for a combination of client_body_buffer_size and a larger but slower fs that addresses the most common patterns in our CI.

That being said, with compression on the client before the push taking also a significant time as well (per people's reports in https://github.com/moby/moby/issues/1266), the delay from lower IOPS might not be the most contributing factor here (and there doesn't seem to be anything we can do about it)

I 'll try and devise a couple of tests to run to get numbers on this.

@dancy ran into this exact issue yesterday so @Joe went ahead and increased the tmpfs on registry2* from 1GB to 2GB which, given the registry VMs do have 4GB of memory (and barely use it), is a good quick way out of the misery.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
docker_registry_ha: Increase nginx tmpfs size from 1gb to 2gboperations/puppetproduction+1 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Aug 5 2021, 8:26 AM
JMeybohm triaged this task as High priority.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 5 2021, 8:26 AM
gerritbot added a comment.Aug 5 2021, 8:33 AM

Change 710218 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] docker_registry_ha: Increase nginx tmpfs size from 1gb to 2gb

https://gerrit.wikimedia.org/r/710218

gerritbot added a project: Patch-For-Review.Aug 5 2021, 8:33 AM
gerritbot added a comment.Aug 5 2021, 9:10 AM

Change 710218 merged by JMeybohm:

[operations/puppet@production] docker_registry_ha: Increase nginx tmpfs size from 1gb to 2gb

https://gerrit.wikimedia.org/r/710218

Maintenance_bot removed a project: Patch-For-Review.Aug 5 2021, 10:10 AM
JMeybohm closed this task as Resolved.Aug 5 2021, 12:22 PM

tmpfs resized to 2GB on all registry nodes

JMeybohm reopened this task as Open.Dec 15 2021, 1:19 PM
JMeybohm added a subscriber: Legoktm.

AIUI from IRC backlog we had issues again @dancy / @Legoktm

10.64.48.17 - ci-restricted [14/Dec/2021:23:41:44 +0000] "PATCH /v2/restricted/mediawiki-multiversion/blobs/uploads/7b3d3607-f28f-406d-add1-a00b78be2458?_state=zW-HvRiQsOowai-0FBYoYd3B1nk2Uxb0BQrtueun4b57Ik5hbWUiOiJyZXN0cmljdGVkL21lZGlhd2lraS1tdWx0aXZlcnNpb24iLCJVVUlEIjoiN2IzZDM2MDctZjI4Zi00MDZkLWFkZDEtYTAwYjc4YmUyNDU4IiwiT2Zmc2V0IjowLCJTdGFydGVkQXQiOiIyMDIxLTEyLTE0VDIzOjI1OjIyLjgyODUyNzI5WiJ9 HTTP/1.1" 500 193 "-" "docker/18.09.1 go/go1.11.6 git-commit/4c52b90 kernel/4.19.0-17-amd64 os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.1 \x5C(linux\x5C))"

It looks like the situation has been mitigated again for now by fixing/shrinking the image.

JMeybohm lowered the priority of this task from High to Medium.Dec 15 2021, 1:19 PM
dancy added a comment.Jan 18 2022, 11:41 PM

We're running into this again today. I tried the same workaround as before (removing a recent but inactive mediawiki checkout) but it didn't help this time.

dancy added a comment.Jan 19 2022, 3:55 PM

Noting for the record that pushes magically started working again around 12:28 UTC (2021/01/19).

jijiki moved this task from Incoming 🐫 to 🙈🙉🙊Backlog on the serviceops board.Sep 28 2022, 2:23 PM
JMeybohm removed JMeybohm as the assignee of this task.Dec 13 2022, 8:41 AM

Removing myself from assignee as I'm not currently working on this

dancy mentioned this in T342084: Post-merge build failed due to Internal Server Error.Jul 21 2023, 7:30 PM
dancy added a comment.Jul 21 2023, 7:33 PM

Another case of failing to push a large image: T342084. Is it possible to configure NGINX to use a different (large, on-disk) storage area for certain URLs?

dancy added a subtask: T342084: Post-merge build failed due to Internal Server Error.Jul 21 2023, 7:43 PM
elukey subscribed.Jul 24 2023, 7:28 AM
In T288198#9035228, @dancy wrote:

Another case of failing to push a large image: T342084. Is it possible to configure NGINX to use a different (large, on-disk) storage area for certain URLs?

Use case from ML - we are porting the recommendation-api Python service from wmf-cloud to k8s. It uses a dict file containing embeddings (basically a serialized blob) that weights around 3GB (so one big layer when we add it) and that it is loaded when the application boostraps. We are working with Research to figure out how to handle cases like this one, since "embeddings" could get multiple shapes and sizes, and they'd need to have flexibility when they experiment (like, using a serialized blob as starter and then think about some specialized datastore). This is not an "experimentation" use case of course, but the recommendation-api's setting may vary in the future. We could think about other options if raising the tmpfs mount is not an option (like fetching from swift or similar).

akosiaris added a comment.Jul 24 2023, 9:26 AM
In T288198#9035228, @dancy wrote:

Another case of failing to push a large image: T342084. Is it possible to configure NGINX to use a different (large, on-disk) storage area for certain URLs?

It certainly is possible to definite different caching areas directives for various nginx configuration stanzas but what exactly do you have in mind?

akosiaris added a comment.Jul 24 2023, 9:43 AM
In T288198#9036874, @elukey wrote:
In T288198#9035228, @dancy wrote:

Another case of failing to push a large image: T342084. Is it possible to configure NGINX to use a different (large, on-disk) storage area for certain URLs?

Use case from ML - we are porting the recommendation-api Python service from wmf-cloud to k8s. It uses a dict file containing embeddings (basically a serialized blob) that weights around 3GB (so one big layer when we add it) and that it is loaded when the application boostraps. We are working with Research to figure out how to handle cases like this one, since "embeddings" could get multiple shapes and sizes, and they'd need to have flexibility when they experiment (like, using a serialized blob as starter and then think about some specialized datastore). This is not an "experimentation" use case of course, but the recommendation-api's setting may vary in the future. We could think about other options if raising the tmpfs mount is not an option (like fetching from swift or similar).

So, we 've met this embeddings question in the past, in the form of the word2vec package for ORES. See T188446 and T187217. I was against packaging that artifact in a Debian package or put in the git repo as is and I still think that was a good decision. git-lfs however, despite promising, didn't pan out to be that great, for a variety of reasons.

Despite talking about container images here, same principles apply. Putting, what is clearly data (and a lot of it) in containers is going to cause operational headaches (probably for multiple teams) down the line. If it can be done in any better way like fetching it from Swift or splicing it, storing it in some datastore and querying it over an API is definitely a way more sustainable path forward.

kevinbazira mentioned this in T343576: Store and fetch the recommendation-api embedding from Swift.Aug 4 2023, 5:27 PM
kevinbazira closed subtask T342084: Post-merge build failed due to Internal Server Error as Resolved.Aug 11 2023, 8:49 AM
JMeybohm mentioned this in T335177: docker-pkg fails to upload big Docker images to the registry.Feb 23 2024, 4:15 PM
elukey mentioned this in T359067: Find an efficient strategy to add Pytorch and ROCm packages to our Docker images.Mar 4 2024, 3:59 PM
elukey added a comment.Mar 4 2024, 4:04 PM

@akosiaris Hi! Getting back to the issue, this time in a different form T359067. We have followed your suggestion for the embeddings (now they live in swift), but Pytorch is now giving us some headaches so your opinion would be really appreciated :)

dancy closed this task as Resolved.Sep 22 2025, 3:00 PM
dancy claimed this task.

This should be covered by T404742.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits