Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Farm build should read server registries.conf #21414

Merged
merged 1 commit into from
Feb 1, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions cmd/podman/farm/build.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,11 +109,17 @@ func build(cmd *cobra.Command, args []string) error {
return err
}
opts.IIDFile = iidFile
tlsVerify, err := cmd.Flags().GetBool("tls-verify")
if err != nil {
return err
// only set tls-verify if it has been changed by the user
// if it hasn't we will read the registries.conf on the farm
// nodes for further configuration
if changed := cmd.Flags().Changed("tls-verify"); changed {
tlsVerify, err := cmd.Flags().GetBool("tls-verify")
if err != nil {
return err
}
skipTLSVerify := !tlsVerify
opts.SkipTLSVerify = &skipTLSVerify
}
opts.SkipTLSVerify = !tlsVerify

localEngine := registry.ImageEngine()
ctx := registry.Context()
Expand Down
2 changes: 1 addition & 1 deletion pkg/domain/entities/types/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ type FarmBuildOptions struct {
// Authfile is the path to the file holding registry credentials
Authfile string
// SkipTLSVerify skips tls verification when set to true
SkipTLSVerify bool
SkipTLSVerify *bool
}

// BuildOptions describe the options for building container images.
Expand Down
16 changes: 11 additions & 5 deletions pkg/farm/list_builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ type listBuilderOptions struct {
cleanup bool
iidFile string
authfile string
skipTLSVerify bool
skipTLSVerify *bool
}

type listLocal struct {
Expand All @@ -39,13 +39,19 @@ func newManifestListBuilder(listName string, localEngine entities.ImageEngine, o
// Build retrieves images from the build reports and assembles them into a
// manifest list in local container storage.
func (l *listLocal) build(ctx context.Context, images map[entities.BuildReport]entities.ImageEngine) (string, error) {
// Set skipTLSVerify based on whether it was changed by the caller
skipTLSVerify := types.OptionalBoolUndefined
if l.options.skipTLSVerify != nil {
skipTLSVerify = types.NewOptionalBool(*l.options.skipTLSVerify)
}

exists, err := l.localEngine.ManifestExists(ctx, l.listName)
if err != nil {
return "", err
}
// Create list if it doesn't exist
if !exists.Value {
_, err = l.localEngine.ManifestCreate(ctx, l.listName, []string{}, entities.ManifestCreateOptions{SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)})
_, err = l.localEngine.ManifestCreate(ctx, l.listName, []string{}, entities.ManifestCreateOptions{SkipTLSVerify: skipTLSVerify})
if err != nil {
return "", fmt.Errorf("creating manifest list %q: %w", l.listName, err)
}
Expand All @@ -63,7 +69,7 @@ func (l *listLocal) build(ctx context.Context, images map[entities.BuildReport]e
logrus.Infof("pushing image %s", image.ID)
defer logrus.Infof("pushed image %s", image.ID)
// Push the image to the registry
report, err := engine.Push(ctx, image.ID, l.listName+docker.UnknownDigestSuffix, entities.ImagePushOptions{Authfile: l.options.authfile, Quiet: false, SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)})
report, err := engine.Push(ctx, image.ID, l.listName+docker.UnknownDigestSuffix, entities.ImagePushOptions{Authfile: l.options.authfile, Quiet: false, SkipTLSVerify: skipTLSVerify})
if err != nil {
return fmt.Errorf("pushing image %q to registry: %w", image, err)
}
Expand Down Expand Up @@ -111,11 +117,11 @@ func (l *listLocal) build(ctx context.Context, images map[entities.BuildReport]e
}

// Add the images to the list
listID, err := l.localEngine.ManifestAdd(ctx, l.listName, refs, entities.ManifestAddOptions{Authfile: l.options.authfile, SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)})
listID, err := l.localEngine.ManifestAdd(ctx, l.listName, refs, entities.ManifestAddOptions{Authfile: l.options.authfile, SkipTLSVerify: skipTLSVerify})
if err != nil {
return "", fmt.Errorf("adding images %q to list: %w", refs, err)
}
_, err = l.localEngine.ManifestPush(ctx, l.listName, l.listName, entities.ImagePushOptions{Authfile: l.options.authfile, SkipTLSVerify: types.NewOptionalBool(l.options.skipTLSVerify)})
_, err = l.localEngine.ManifestPush(ctx, l.listName, l.listName, entities.ImagePushOptions{Authfile: l.options.authfile, SkipTLSVerify: skipTLSVerify})
if err != nil {
return "", err
}
Expand Down
29 changes: 28 additions & 1 deletion test/farm/001-farm.bats
Original file line number Diff line number Diff line change
Expand Up @@ -85,10 +85,37 @@ load helpers.bash
run_podman image prune -f
}

@test "farm - build on farm node only with registries.conf" {
cat >$PODMAN_TMPDIR/registries.conf <<EOF
[[registry]]
location="$REGISTRY"
insecure=true
EOF

iname="test-image-4"
CONTAINERS_REGISTRIES_CONF="$PODMAN_TMPDIR/registries.conf" run_podman farm build --authfile $AUTHFILE -t $REGISTRY/$iname $FARM_TMPDIR
assert "$output" =~ "Farm \"$FARMNAME\" ready"

# get the system architecture
CONTAINERS_REGISTRIES_CONF="$PODMAN_TMPDIR/registries.conf" run_podman info --format '{{.Host.Arch}}'
ARCH=$output
# inspect manifest list built and saved
CONTAINERS_REGISTRIES_CONF="$PODMAN_TMPDIR/registries.conf" run_podman manifest inspect $iname
assert "$output" =~ $ARCH

echo "# skopeo inspect ..."
run skopeo inspect "$@" --tls-verify=false --authfile $AUTHFILE docker://$REGISTRY/$iname
echo "$output"
is "$status" "0" "skopeo inspect - exit status"

run_podman manifest rm $iname
run_podman image prune -f
}

# Test out podman-remote

@test "farm - build on farm node only (podman-remote)" {
iname="test-image-4"
iname="test-image-5"
run_podman --remote farm build --authfile $AUTHFILE --tls-verify=false -t $REGISTRY/$iname $FARM_TMPDIR
assert "$output" =~ "Farm \"$FARMNAME\" ready"

Expand Down
2 changes: 1 addition & 1 deletion test/farm/setup_suite.bash
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ function setup_suite(){
run_podman system connection add --identity $sshkey test-node $ROOTLESS_USER@localhost
run_podman farm create $FARMNAME test-node

export PODMAN_LOGIN_WORKDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} podman-bats-registry.XXXXXX)
export PODMAN_LOGIN_WORKDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} podman-bats-registry.XXXXXX)

export PODMAN_LOGIN_USER="user$(random_string 4)"
export PODMAN_LOGIN_PASS="pw$(random_string 15)"
Expand Down
Loading