Page MenuHomePhabricator
Create Task
Maniphest T367427

Cleanup old Docker images running Debian Stretch/Jessie/Buster
Closed, ResolvedPublic
Actions

Description

This task is to keep a reference of old Docker images deleted because running Debian Stretch/Jessie/Buster.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
profile::docker::reporter::report: add min_debian_version argoperations/puppetproduction+6 -5
profile::docker::reporter: remove unnecessary filtersoperations/puppetproduction+0 -21
reporter.py: fix warning logoperations/docker-images/docker-reportmaster+1 -1
docker::reporter: update exclude rulesoperations/puppetproduction+2 -22
blubber: upgrade to Bookwormblubber-doc/example/calculator-servicemaster+1 -1
Upgrade to Nodejs-18blubber-doc/example/helloworldoidmaster+3 -3
config.yaml: remove wikimedia-stretchoperations/docker-images/production-imagesmaster+0 -1
docker::reporter: remove Stretch/Jessie restrictionsoperations/puppetproduction+0 -37
cli: modify get_distro_name to return the version idoperations/software/debmonitor-clientmaster+25 -17
profile::docker::reporter: update k8s_rules.ini exclude listoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

elukey created this task.Jun 13 2024, 3:25 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 13 2024, 3:25 PM
Stashbot added a comment.Jun 13 2024, 3:26 PM

Mentioned in SAL (#wikimedia-operations) [2024-06-13T15:26:25Z] <elukey> drop mediawiki-services-parsoid docker images from the Docker Registry - T367427

elukey added a comment.Jun 13 2024, 3:27 PM

Dropped eventgate-ci as well (Andrew Otto confirmed that it is not used anymore since ages).

Stashbot added a comment.Jun 13 2024, 3:52 PM

Mentioned in SAL (#wikimedia-operations) [2024-06-13T15:52:23Z] <elukey> drop mediawiki-services-restbase docker images from the Docker Registry - T367427

gerritbot added a comment.Jun 13 2024, 3:54 PM

Change #1043131 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] profile::docker::reporter: update k8s_rules.ini exclude list

https://gerrit.wikimedia.org/r/1043131

gerritbot added a project: Patch-For-Review.Jun 13 2024, 3:54 PM
gerritbot added a comment.Jun 13 2024, 4:08 PM

Change #1043131 merged by Elukey:

[operations/puppet@production] profile::docker::reporter: update k8s_rules.ini exclude list

https://gerrit.wikimedia.org/r/1043131

Maintenance_bot removed a project: Patch-For-Review.Jun 13 2024, 4:30 PM
gerritbot added a comment.Jun 14 2024, 1:31 PM

Change #1043780 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/software/debmonitor-client@master] cli: modify get_distro_name to return the version id

https://gerrit.wikimedia.org/r/1043780

gerritbot added a project: Patch-For-Review.Jun 14 2024, 1:31 PM
gerritbot added a comment.Jun 19 2024, 2:28 PM

Change #1043780 merged by jenkins-bot:

[operations/software/debmonitor-client@master] cli: modify get_distro_name to return the version id

https://gerrit.wikimedia.org/r/1043780

elukey added a comment.Jun 19 2024, 2:28 PM

Next steps:

  • package a new version of debmonitor-client with https://gerrit.wikimedia.org/r/1043780
  • install the package on build2001, so that the Docker images report will be updated with Debian version numbers
  • If everything goes fine, test the package on a few other nodes
  • Fix the backend debmonitor service to accept Debian+version names
  • Rollout the package everywhere.

After the above, we should be able to better identify and cleanup old Docker images.

elukey claimed this task.Jun 19 2024, 2:29 PM
elukey triaged this task as Medium priority.
elukey added a project: Infrastructure-Foundations.
Maintenance_bot removed a project: Patch-For-Review.Jun 19 2024, 2:31 PM
elukey added a comment.Jun 24 2024, 3:37 PM
MariaDB [debmonitor]> insert into src_packages_os(id, name) values (3, 'Debian 10'), (4, 'Debian 11'), (5, 'Debian 12');
Query OK, 3 rows affected (0.001 sec)
Records: 3  Duplicates: 0  Warnings: 0

MariaDB [debmonitor]> select * from src_packages_os;
+----+-----------+
| id | name      |
+----+-----------+
|  1 | Debian    |
|  3 | Debian 10 |
|  4 | Debian 11 |
|  5 | Debian 12 |
|  2 | Ubuntu    |
+----+-----------+
5 rows in set (0.000 sec)

I've also installed debmonitor-client 0.4.0-1 (new version with https://gerrit.wikimedia.org/r/1043780) to build2001, so the next report should contain the improvement.

elukey added a project: User-Elukey.Jun 24 2024, 3:45 PM
elukey added a parent task: T368366: Upgrade K8s docker images running in Wikimedia production on Buster to either Bullseye or Bookworm.Jun 25 2024, 8:58 AM
gerritbot added a comment.Jun 25 2024, 9:06 AM

Change #1049474 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] docker::reporter: remove Stretch/Jessie restrictions

https://gerrit.wikimedia.org/r/1049474

gerritbot added a project: Patch-For-Review.Jun 25 2024, 9:06 AM
gerritbot added a comment.Jun 25 2024, 12:28 PM

Change #1049474 abandoned by Elukey:

[operations/puppet@production] docker::reporter: remove Stretch/Jessie restrictions

Reason:

Will do manual runs instead.

https://gerrit.wikimedia.org/r/1049474

Maintenance_bot removed a project: Patch-For-Review.Jun 25 2024, 12:30 PM
elukey added a comment.Jun 25 2024, 2:01 PM

Found some images in the registry with "stretch" or "jessie" stated explicitly:

dev/stretch
dev/stretch-apache2
dev/stretch-elasticsearch
dev/stretch-php-sury
dev/stretch-php72
dev/stretch-php72-apache2
dev/stretch-php72-fpm
dev/stretch-php72-fpm-apache2
dev/stretch-php72-fpm-apache2-blubber
dev/stretch-php72-fpm-apache2-xdebug
dev/stretch-php72-jobrunner
dev/stretch-php72-webserver
dev/stretch-php72-webserver-xdebug
dev/stretch-php73
dev/stretch-php73-fpm
dev/stretch-php73-jobrunner
dev/stretch-php74
dev/stretch-php74-fpm
dev/stretch-php74-jobrunner
dev/stretch-scap-deps
golang-stretch
python3-build-stretch
releng/ci-stretch
releng/npm-stretch
releng/npm-test-stretch
releng/scap-deps-stretch
stretch
wikimedia-stretch
python3-build-jessie
releng/hhvm-jessie
releng/hhvm-jessie-compile
releng/quibble-jessie-php55

These are probably very old images that can be dropped, will ask confirmation before proceeding.

elukey renamed this task from Cleanup old Docker images running Debian Stretch to Cleanup old Docker images running Debian Stretch/Jessie.Jun 25 2024, 2:13 PM
hashar subscribed.Jun 25 2024, 2:15 PM
The images based on Stretch under dev/ have been removed via T290532



For releng/ namespaces, that is the image for Zuul/CI and we have phased out Stretch via T278203 or Jessie T224908.



You can thus remove the Stretch and Jessie images under dev/ and releng/.  Do not they might have child images that do not carry the Debian name in their name, which might be the reason the images did not end up being deleted.



For the other images, they are maintained by SRE service ops in https://gerrit.wikimedia.org/g/operations/docker-images/production-images
brennen subscribed.Jun 25 2024, 2:18 PM
+1 for dev/stretch*.  The only one I don't know anything about is dev/stretch-scap-deps.  Doesn't turn up in codesearch or GitLab search, at any rate, so probably safe.
elukey added a comment.Jun 25 2024, 2:49 PM
Thanks a lot for the feedback, all images in T367427#9921815 removed from the registry.
gerritbot added a comment.Jun 25 2024, 3:04 PM
Change #1049576 had a related patch set uploaded (by Elukey; author: Elukey):



[operations/docker-images/production-images@master] config.yaml: remove wikimedia-stretch



https://gerrit.wikimedia.org/r/1049576
gerritbot added a project: Patch-For-Review.Jun 25 2024, 3:04 PM
elukey added a comment.Jun 26 2024, 8:05 AM
Next steps:



    

  • Get a list of Docker images running Jessie/Stretch from the registry (somehow, not sure how to do it right now)
    • 

  • Get the sign-off to drop old images if possible and drop them.
    • 

gerritbot added a comment.Jun 26 2024, 2:21 PM
Change #1049576 merged by Elukey:



[operations/docker-images/production-images@master] config.yaml: remove wikimedia-stretch



https://gerrit.wikimedia.org/r/1049576
Maintenance_bot removed a project: Patch-For-Review.Jun 26 2024, 2:31 PM
gerritbot added a comment.Jun 26 2024, 3:07 PM
Change #1049966 had a related patch set uploaded (by Elukey; author: Elukey):



[operations/software/debmonitor@master] Allow to save new OS names without them being present on the DB



https://gerrit.wikimedia.org/r/1049966
gerritbot added a project: Patch-For-Review.Jun 26 2024, 3:07 PM
hashar unsubscribed.Jun 26 2024, 9:47 PM
elukey moved this task from Backlog to Security backlog on the User-Elukey board.Jun 28 2024, 2:43 PM
gerritbot added a comment.Jul 2 2024, 1:25 PM
Change #1051359 had a related patch set uploaded (by Elukey; author: Elukey):



[blubber-doc/example/calculator-service@master] blubber: upgrade to Bookworm



https://gerrit.wikimedia.org/r/1051359
gerritbot added a comment.Jul 2 2024, 1:27 PM
Change #1051360 had a related patch set uploaded (by Elukey; author: Elukey):



[blubber-doc/example/helloworldoid@master] Upgrade to Nodejs-18



https://gerrit.wikimedia.org/r/1051360
gerritbot added a comment.Jul 2 2024, 2:12 PM
Change #1051379 had a related patch set uploaded (by Elukey; author: Elukey):



[operations/puppet@production] docker::reporter: update exclude rules



https://gerrit.wikimedia.org/r/1051379
gerritbot added a comment.Jul 2 2024, 3:13 PM
Change #1051360 abandoned by Elukey:



[blubber-doc/example/helloworldoid@master] Upgrade to Nodejs-18



Reason:



dropping the image instead




https://gerrit.wikimedia.org/r/1051360
gerritbot added a comment.Jul 2 2024, 3:13 PM
Change #1051359 abandoned by Elukey:



[blubber-doc/example/calculator-service@master] blubber: upgrade to Bookworm



Reason:



dropping the image instead



https://gerrit.wikimedia.org/r/1051359
gerritbot added a comment.Jul 4 2024, 3:41 PM
Change #1051379 merged by Elukey:



[operations/puppet@production] docker::reporter: update exclude rules



https://gerrit.wikimedia.org/r/1051379
elukey moved this task from Security backlog to In Progress on the User-Elukey board.Jul 9 2024, 10:49 AM
elukey added a comment.Jul 12 2024, 4:25 PM
Next steps:



gerritbot added a comment.Jul 17 2024, 7:46 AM
Change #1054845 had a related patch set uploaded (by Elukey; author: Elukey):



[operations/docker-images/docker-report@master] reporter.py: fix warning log



https://gerrit.wikimedia.org/r/1054845
gerritbot added a comment.Jul 17 2024, 12:36 PM
Change #1054845 merged by jenkins-bot:



[operations/docker-images/docker-report@master] reporter.py: fix warning log



https://gerrit.wikimedia.org/r/1054845
gerritbot added a comment.Jul 18 2024, 8:30 AM
Change #1055150 had a related patch set uploaded (by Elukey; author: Elukey):



[operations/puppet@production] profile::docker::reporter: remove unnecessary filters



https://gerrit.wikimedia.org/r/1055150
gerritbot added a comment.Jul 18 2024, 2:28 PM
Change #1055150 merged by Elukey:



[operations/puppet@production] profile::docker::reporter: remove unnecessary filters



https://gerrit.wikimedia.org/r/1055150
elukey added a comment.Jul 23 2024, 10:00 AM
$ docker run -it --rm --entrypoint /bin/bash docker-registry.wikimedia.org/python3:0.0.2-20230423
Unable to find image 'docker-registry.wikimedia.org/python3:0.0.2-20230423' locally
0.0.2-20230423: Pulling from python3
4d0a7a49faa0: Already exists 
ac6ae5c76e41: Pull complete 
Digest: sha256:72f715d32fabdd90e7c43224fe2dfb2c4d38377b40d8826b104cedd1fb415225
Status: Downloaded newer image for docker-registry.wikimedia.org/python3:0.0.2-20230423
root@3450d8279668:/# cat /etc/debian_version 
9.13





docker run -it --rm --entrypoint /bin/bash docker-registry.wikimedia.org/ruby:0.0.2-s1-20230423
Unable to find image 'docker-registry.wikimedia.org/ruby:0.0.2-s1-20230423' locally
0.0.2-s1-20230423: Pulling from ruby
4d0a7a49faa0: Already exists 
9da14cd1e084: Pull complete 
Digest: sha256:29255228530234c0166c81b54b9a0dcbe5edfa1480b9eab9ff3ef4704187d731
Status: Downloaded newer image for docker-registry.wikimedia.org/ruby:0.0.2-s1-20230423
root@735b7253b4c4:/# cat /etc/debian_version 
9.13
gerritbot added a comment.Jul 25 2024, 9:39 AM
Change #1056888 had a related patch set uploaded (by Elukey; author: Elukey):



[operations/puppet@production] profile::docker::reporter::report: add min_debian_version arg



https://gerrit.wikimedia.org/r/1056888
gerritbot added a comment.Jul 25 2024, 9:49 AM
Change #1056888 merged by Elukey:



[operations/puppet@production] profile::docker::reporter::report: add min_debian_version arg



https://gerrit.wikimedia.org/r/1056888
elukey renamed this task from Cleanup old Docker images running Debian Stretch/Jessie to Cleanup old Docker images running Debian Stretch/Jessie/Buster.Jul 31 2024, 11:50 AM
elukey updated the task description. (Show Details)
elukey closed subtask T368744: Allow debmonitor to store the Debian version-id in the OS field as Resolved.Aug 13 2024, 12:58 PM
elukey reopened subtask T368744: Allow debmonitor to store the Debian version-id in the OS field as Open.Aug 14 2024, 2:37 PM
elukey closed this task as Resolved.Aug 30 2024, 1:36 PM
A lot of cleanup has been done, so far it seems that the task can be closed. We have a better way to figure out what images are not supported by the docker reporter now, so it is also good.
elukey closed subtask T368744: Allow debmonitor to store the Debian version-id in the OS field as Resolved.Sep 4 2024, 9:48 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits