Merge pull request #6375 from edsantiago/registry_show_errors

podman-registry helper script: handle errors

hack/podman-registry

@@ -104,6 +104,24 @@ function podman() {
               "$@"
 }
 
+###############
+#  must_pass  #  Run a command quietly; abort with error on failure
+###############
+function must_pass() {
+    local log=${PODMAN_REGISTRY_WORKDIR}/log
+
+    "$@" &> $log
+    if [ $? -ne 0 ]; then
+        echo "$ME: Command failed: $*" >&2
+        cat $log                       >&2
+
+        # If we ever get here, it's a given that the registry is not running.
+        # Clean up after ourselves.
+        rm -rf ${PODMAN_REGISTRY_WORKDIR}
+        exit 1
+    fi
+}
+
 # END   helper functions
 ###############################################################################
 # BEGIN action processing
@@ -132,7 +150,7 @@ function do_start() {
         PODMAN_REGISTRY_PASS=$(random_string 15)
     fi
 
-    # Die on any error
+    # For the next few commands, die on any error
     set -e
 
     mkdir -p ${PODMAN_REGISTRY_WORKDIR}
@@ -140,31 +158,26 @@ function do_start() {
     local AUTHDIR=${PODMAN_REGISTRY_WORKDIR}/auth
     mkdir -p $AUTHDIR
 
-    # We have to be silent; our only output must be env. vars. Log output here.
-    local log=${PODMAN_REGISTRY_WORKDIR}/log
-    touch $log
-
     # Pull registry image, but into a separate container storage
     mkdir -p ${PODMAN_REGISTRY_WORKDIR}/root
     mkdir -p ${PODMAN_REGISTRY_WORKDIR}/runroot
 
+    set +e
+
     # Give it three tries, to compensate for flakes
-    podman pull ${PODMAN_REGISTRY_IMAGE}      &>> $log  ||
+    podman pull ${PODMAN_REGISTRY_IMAGE}      &>/dev/null ||
-        podman pull ${PODMAN_REGISTRY_IMAGE}  &>> $log  ||
+        podman pull ${PODMAN_REGISTRY_IMAGE}  &>/dev/null ||
-        podman pull ${PODMAN_REGISTRY_IMAGE}  &>> $log
+        must_pass podman pull ${PODMAN_REGISTRY_IMAGE}
 
     # Registry image needs a cert. Self-signed is good enough.
     local CERT=$AUTHDIR/domain.crt
-    # FIXME: if this fails, we fail silently! It'd be more helpful
+    must_pass openssl req -newkey rsa:4096 -nodes -sha256              \
-    # to say 'openssl failed' and cat the logfile
-    openssl req -newkey rsa:4096 -nodes -sha256                      \
               -keyout ${AUTHDIR}/domain.key -x509 -days 2              \
               -out ${AUTHDIR}/domain.crt                               \
-            -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"  \
+              -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"
-        &>> $log
 
     # Store credentials where container will see them
-    podman run --rm                                               \
+    must_pass podman run --rm                                        \
               --entrypoint htpasswd ${PODMAN_REGISTRY_IMAGE}         \
               -Bbn ${PODMAN_REGISTRY_USER} ${PODMAN_REGISTRY_PASS}   \
               > $AUTHDIR/htpasswd
@@ -174,7 +187,7 @@ function do_start() {
          > $AUTHDIR/htpasswd-plaintext
 
     # Run the registry container.
-    podman run --quiet -d                                            \
+    must_pass podman run --quiet -d                                     \
               -p ${PODMAN_REGISTRY_PORT}:5000                           \
               --name registry                                           \
               -v $AUTHDIR:/auth:Z                                       \
@@ -183,7 +196,7 @@ function do_start() {
               -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd"           \
               -e "REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt"       \
               -e "REGISTRY_HTTP_TLS_KEY=/auth/domain.key"               \
-           registry:2 &>> $log
+              registry:2
 
     # Dump settings. Our caller will use these to access the registry.
     for v in IMAGE PORT USER PASS; do