opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-24 19:42:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #21414 from umohnani8/farm-reg

Browse Source 
Farm build should read server registries.conf
This commit is contained in:
openshift-merge-bot[bot]
2024-02-01 19:37:17 +00:00
committed by GitHub
parent c3a32b170d a06685a548
commit d8c58936a4
5 changed files with 51 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/podman/farm/build.go
View File

@ -109,11 +109,17 @@ func build(cmd *cobra.Command, args []string) error {
return err return err
} }
opts.IIDFile = iidFile opts.IIDFile = iidFile
tlsVerify, err := cmd.Flags().GetBool("tls-verify") // only set tls-verify if it has been changed by the user
if err != nil { // if it hasn't we will read the registries.conf on the farm
return err // nodes for further configuration
if changed := cmd.Flags().Changed("tls-verify"); changed {
tlsVerify, err := cmd.Flags().GetBool("tls-verify")
if err != nil {
return err
}
skipTLSVerify := !tlsVerify
opts.SkipTLSVerify = &skipTLSVerify
} }
opts.SkipTLSVerify = !tlsVerify
localEngine := registry.ImageEngine() localEngine := registry.ImageEngine()
ctx := registry.Context() ctx := registry.Context()

2
pkg/domain/entities/types/types.go
View File

@ -56,7 +56,7 @@ type FarmBuildOptions struct {
// Authfile is the path to the file holding registry credentials // Authfile is the path to the file holding registry credentials
Authfile string Authfile string
// SkipTLSVerify skips tls verification when set to true // SkipTLSVerify skips tls verification when set to true
SkipTLSVerify bool SkipTLSVerify *bool
} }
// BuildOptions describe the options for building container images. // BuildOptions describe the options for building container images.

16
pkg/farm/list_builder.go
View File

@ -17,7 +17,7 @@ type listBuilderOptions struct {
cleanup bool cleanup bool
iidFile string iidFile string
authfile string authfile string
skipTLSVerify bool skipTLSVerify *bool
} }
type listLocal struct { type listLocal struct {
@ -39,13 +39,19 @@ func newManifestListBuilder(listName string, localEngine entities.ImageEngine, o
// Build retrieves images from the build reports and assembles them into a // Build retrieves images from the build reports and assembles them into a
// manifest list in local container storage. // manifest list in local container storage.
func (l *listLocal) build(ctx context.Context, images map[entities.BuildReport]entities.ImageEngine) (string, error) { func (l *listLocal) build(ctx context.Context, images map[entities.BuildReport]entities.ImageEngine) (string, error) {
// Set skipTLSVerify based on whether it was changed by the caller
skipTLSVerify := types.OptionalBoolUndefined
if l.options.skipTLSVerify != nil {
skipTLSVerify = types.NewOptionalBool(*l.options.skipTLSVerify)
}
exists, err := l.localEngine.ManifestExists(ctx, l.listName) exists, err := l.localEngine.ManifestExists(ctx, l.listName)
if err != nil { if err != nil {
return "", err return "", err
} }
// Create list if it doesn't exist // Create list if it doesn't exist
if !exists.Value { if !exists.Value {
_, err = l.localEngine.ManifestCreate(ctx, l.listName, []string{}, entities.ManifestCreateOptions{SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)}) _, err = l.localEngine.ManifestCreate(ctx, l.listName, []string{}, entities.ManifestCreateOptions{SkipTLSVerify: skipTLSVerify})
if err != nil { if err != nil {
return "", fmt.Errorf("creating manifest list %q: %w", l.listName, err) return "", fmt.Errorf("creating manifest list %q: %w", l.listName, err)
} }
@ -63,7 +69,7 @@ func (l *listLocal) build(ctx context.Context, images map[entities.BuildReport]e
logrus.Infof("pushing image %s", image.ID) logrus.Infof("pushing image %s", image.ID)
defer logrus.Infof("pushed image %s", image.ID) defer logrus.Infof("pushed image %s", image.ID)
// Push the image to the registry // Push the image to the registry
report, err := engine.Push(ctx, image.ID, l.listName+docker.UnknownDigestSuffix, entities.ImagePushOptions{Authfile: l.options.authfile, Quiet: false, SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)}) report, err := engine.Push(ctx, image.ID, l.listName+docker.UnknownDigestSuffix, entities.ImagePushOptions{Authfile: l.options.authfile, Quiet: false, SkipTLSVerify: skipTLSVerify})
if err != nil { if err != nil {
return fmt.Errorf("pushing image %q to registry: %w", image, err) return fmt.Errorf("pushing image %q to registry: %w", image, err)
} }
@ -111,11 +117,11 @@ func (l *listLocal) build(ctx context.Context, images map[entities.BuildReport]e
} }
// Add the images to the list // Add the images to the list
listID, err := l.localEngine.ManifestAdd(ctx, l.listName, refs, entities.ManifestAddOptions{Authfile: l.options.authfile, SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)}) listID, err := l.localEngine.ManifestAdd(ctx, l.listName, refs, entities.ManifestAddOptions{Authfile: l.options.authfile, SkipTLSVerify: skipTLSVerify})
if err != nil { if err != nil {
return "", fmt.Errorf("adding images %q to list: %w", refs, err) return "", fmt.Errorf("adding images %q to list: %w", refs, err)
} }
_, err = l.localEngine.ManifestPush(ctx, l.listName, l.listName, entities.ImagePushOptions{Authfile: l.options.authfile, SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)}) _, err = l.localEngine.ManifestPush(ctx, l.listName, l.listName, entities.ImagePushOptions{Authfile: l.options.authfile, SkipTLSVerify: skipTLSVerify})
if err != nil { if err != nil {
return "", err return "", err
} }

29
test/farm/001-farm.bats
View File

@ -85,10 +85,37 @@ load helpers.bash
run_podman image prune -f run_podman image prune -f
} }
@test "farm - build on farm node only with registries.conf" {
cat >$PODMAN_TMPDIR/registries.conf <<EOF
[[registry]]
location="$REGISTRY"
insecure=true
EOF
iname="test-image-4"
CONTAINERS_REGISTRIES_CONF="$PODMAN_TMPDIR/registries.conf" run_podman farm build --authfile $AUTHFILE -t $REGISTRY/$iname $FARM_TMPDIR
assert "$output" =~ "Farm \"$FARMNAME\" ready"
# get the system architecture
CONTAINERS_REGISTRIES_CONF="$PODMAN_TMPDIR/registries.conf" run_podman info --format '{{.Host.Arch}}'
ARCH=$output
# inspect manifest list built and saved
CONTAINERS_REGISTRIES_CONF="$PODMAN_TMPDIR/registries.conf" run_podman manifest inspect $iname
assert "$output" =~ $ARCH
echo "# skopeo inspect ..."
run skopeo inspect "$@" --tls-verify=false --authfile $AUTHFILE docker://$REGISTRY/$iname
echo "$output"
is "$status" "0" "skopeo inspect - exit status"
run_podman manifest rm $iname
run_podman image prune -f
}
# Test out podman-remote # Test out podman-remote
@test "farm - build on farm node only (podman-remote)" { @test "farm - build on farm node only (podman-remote)" {
iname="test-image-4" iname="test-image-5"
run_podman --remote farm build --authfile $AUTHFILE --tls-verify=false -t $REGISTRY/$iname $FARM_TMPDIR run_podman --remote farm build --authfile $AUTHFILE --tls-verify=false -t $REGISTRY/$iname $FARM_TMPDIR
assert "$output" =~ "Farm \"$FARMNAME\" ready" assert "$output" =~ "Farm \"$FARMNAME\" ready"

2
test/farm/setup_suite.bash
View File

@ -36,7 +36,7 @@ function setup_suite(){
run_podman system connection add --identity $sshkey test-node $ROOTLESS_USER@localhost run_podman system connection add --identity $sshkey test-node $ROOTLESS_USER@localhost
run_podman farm create $FARMNAME test-node run_podman farm create $FARMNAME test-node
export PODMAN_LOGIN_WORKDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} podman-bats-registry.XXXXXX) export PODMAN_LOGIN_WORKDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} podman-bats-registry.XXXXXX)
export PODMAN_LOGIN_USER="user$(random_string 4)" export PODMAN_LOGIN_USER="user$(random_string 4)"
export PODMAN_LOGIN_PASS="pw$(random_string 15)" export PODMAN_LOGIN_PASS="pw$(random_string 15)"