Tink worker image pull retry (#122)

mergify[bot] · web-flow · commit 7b0ffaf9a1ff · 2022-09-21T18:27:20.000Z
## Description

Image pull retry for tink-worker image

## Why is this needed

There could be races where linuxkit network or dns may not have been
fully set up and functional yet and image pull fails because of that.

Fixes: #

Implement image pull retry loop for tink-worker image. This loop attempts an image pull every 5 seconds, upto 10 times

## How Has This Been Tested?
Tested by re-running a full provisioning workflows on bare metal server and simulate image pull failures artificially to test out the retry logic.

## How are existing users impacted? What migration steps/scripts do we need?





## Checklist:

I have:

- [ ] updated the documentation and/or roadmap (if required)
- [ ] added unit or e2e tests
- [ ] provided instructions on how to upgrade
diff --git a/hook-bootkit/go.mod b/hook-bootkit/go.mod
@@ -6,6 +6,7 @@ require github.com/docker/docker v20.10.2+incompatible
 
 require (
 	github.com/Microsoft/go-winio v0.4.16 // indirect
+	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
 	github.com/containerd/containerd v1.4.3 // indirect
 	github.com/docker/distribution v2.7.1+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
diff --git a/hook-bootkit/go.sum b/hook-bootkit/go.sum
@@ -4,11 +4,14 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg6
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
+github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
+github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/containerd/containerd v1.4.3 h1:ijQT13JedHSHrQGWFcGEwzcNKrAGIiZ+jSD5QQG07SY=
 github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -153,6 +156,7 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/hook-bootkit/main.go b/hook-bootkit/main.go
@@ -13,6 +13,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/cenkalti/backoff/v4"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/mount"
@@ -46,6 +47,8 @@ type tinkConfig struct {
 	tinkServerTLS string
 }
 
+const maxRetryAttempts = 20
+
 func main() {
 	fmt.Println("Starting BootKit")
 
@@ -144,16 +147,32 @@ func main() {
 
 	fmt.Printf("Pulling image [%s]", imageName)
 
-	out, err := cli.ImagePull(ctx, imageName, pullOpts)
-	if err != nil {
+	// TODO: Ideally if this function becomes a loop that runs forever and keeps retrying
+	// anything that failed, this retry would not be needed. For now, this addresses the specific
+	// race condition case of when the linuxkit network or dns is in the process of, but not quite
+	// fully set up yet.
+
+	var out io.ReadCloser
+	imagePullOperation := func() error {
+		out, err = cli.ImagePull(ctx, imageName, pullOpts)
+		if err != nil {
+			fmt.Printf("Image pull failure %s, %v\n", imageName, err)
+			return err
+		}
+		return nil
+	}
+	if err = backoff.Retry(imagePullOperation, backoff.WithMaxRetries(backoff.NewExponentialBackOff(), maxRetryAttempts)); err != nil {
 		panic(err)
 	}
 
-	_, err = io.Copy(os.Stdout, out)
-	if err != nil {
+	if _, err = io.Copy(os.Stdout, out); err != nil {
 		panic(err)
 	}
 
+	if err = out.Close(); err != nil {
+		fmt.Printf("error closing io.ReadCloser out: %s", err)
+	}
+
 	resp, err := cli.ContainerCreate(ctx, tinkContainer, tinkHostConfig, nil, nil, "")
 	if err != nil {
 		panic(err)
