opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-20 00:51:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

libpod/image/pull: Return image-pulling errors from doPullImage

Browse Source 
We were already writing these to our debug logs.  But collecting them
and including them in the error message will make it easier for
callers who don't have debugging enabled to figure out what's going
wrong.

Using multierror gives us both pretty formatting (when we print this
for the user) and programmatic access (for any callers that need to
inspect the constituent errors).  With this commit and a config like:

  $ cat /etc/containers/registries.conf
  [registries.search]
  registries = ['registry.access.redhat.com', 'quay.io', 'docker.io']

pulling an unqualified missing image looks like:

  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

A qualified image looks like:

  $ podman pull quay.io/does-not/exist
  Trying to pull quay.io/does-not/exist...Failed
  error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized

If one of the searched repositories was offline, you'd get a more
useful routing error for that specific registry.  For example:

  $ cat /etc/hosts
  127.0.0.1   quay.io
  $ podman pull does-not/exist
  Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
  Trying to pull quay.io/does-not/exist:latest...Failed
  Trying to pull docker.io/does-not/exist:latest...Failed
  error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:

  * Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
  * Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused
  * Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
  denied: requested access to the resource is denied
  unauthorized: authentication required

This is our first direct dependency on multierror, but we've been
vendoring it for a while now because opencontainers/runtime-tools uses
it for config validation.

Signed-off-by: W. Trevor King <wking@tremily.us>

Closes: #1456
Approved by: rhatdan
This commit is contained in:
W. Trevor King
2018-09-12 16:44:58 -07:00
committed by Atomic Bot
parent b873fe760a
commit 2188d8f7ad
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libpod/image/pull.go
View File

@ -20,6 +20,7 @@ import (
"github.com/containers/image/types"
"github.com/containers/libpod/pkg/registries"
"github.com/containers/libpod/pkg/util"
multierror "github.com/hashicorp/go-multierror"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@ -234,6 +235,7 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa
return nil, err
}
var images []string
var pullErrors *multierror.Error
for _, imageInfo := range goal.refPairs {
copyOptions := getCopyOptions(sc, writer, dockerOptions, nil, signingOptions, "", nil)
if imageInfo.srcRef.Transport().Name() == DockerTransport {
@ -254,6 +256,7 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa
io.WriteString(writer, fmt.Sprintf("Trying to pull %s...", imageInfo.image))
}
if err = cp.Image(ctx, policyContext, imageInfo.dstRef, imageInfo.srcRef, copyOptions); err != nil {
pullErrors = multierror.Append(pullErrors, err)
logrus.Debugf("Error pulling image ref %s: %v", imageInfo.srcRef.StringWithinTransport(), err)
if writer != nil {
io.WriteString(writer, "Failed\n")
@ -273,10 +276,12 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa
}
// If the image passed in was fully-qualified, we will have 1 refpair. Bc the image is fq'd, we dont need to yap about registries.
if !goal.usedSearchRegistries {
if pullErrors != nil && len(pullErrors.Errors) > 0 { // this should always be true
return nil, errors.Wrap(pullErrors.Errors[0], "unable to pull image")
}
return nil, errors.Errorf("unable to pull image, or you do not have pull access")
}
return nil, errors.Errorf("unable to find image on registries defined in %s, or you do not have pull access", registryPath)
return nil, pullErrors
}
return images, nil
}