Merge pull request containers#20368 from ygalblum/quadlet-image-name

Quadlet - support ImageName for .image files
giuseppe · Oct 18, 2023 · 553cfb6 · 553cfb6
2 parents aabe5c8 + 9b8e01e
commit 553cfb6
Show file tree

Hide file tree

Showing 3 changed files with 122 additions and 15 deletions.
diff --git a/docs/source/markdown/podman-systemd.unit.5.md b/docs/source/markdown/podman-systemd.unit.5.md
@@ -1070,21 +1070,22 @@ particularly interesting when using special options to control image pulls.
 
 Valid options for `[Image]` are listed below:
 
-| **[Image] options**                 | **podman image pull equivalent**                |
-|-------------------------------------|-------------------------------------------------|
-| AllTags=true                        | --all-tags                                      |
-| Arch=aarch64                        | --arch=aarch64                                  |
-| AuthFile=/etc/registry/auth\.json   | --authfile=/etc/registry/auth\.json             |
-| CertDir=/etc/registry/certs        | --cert-dir=/etc/registry/certs                   |
-| ContainersConfModule=/etc/nvd\.conf | --module=/etc/nvd\.conf                         |
-| Creds=myname\:mypassword            | --creds=myname\:mypassword                      |
-| DecryptionKey=/etc/registry\.key   | --decryption-key=/etc/registry\.key              |
-| GlobalArgs=--log-level=debug        | --log-level=debug                               |
-| Image=quay.io/centos/centos\:latest | podman image pull quay.io/centos/centos\:latest |
-| OS=windows                          | --os=windows                                    |
-| PodmanArgs=--os=linux               | --os=linux                                      |
-| TLSVerify=false                     | --tls-verify=false                              |
-| Variant=arm/v7                      | --variant=arm/v7                                |
+| **[Image] options**                    | **podman image pull equivalent**                 |
+|----------------------------------------|--------------------------------------------------|
+| AllTags=true                           | --all-tags                                       |
+| Arch=aarch64                           | --arch=aarch64                                   |
+| AuthFile=/etc/registry/auth\.json      | --authfile=/etc/registry/auth\.json              |
+| CertDir=/etc/registry/certs            | --cert-dir=/etc/registry/certs                   |
+| ContainersConfModule=/etc/nvd\.conf    | --module=/etc/nvd\.conf                          |
+| Creds=myname\:mypassword               | --creds=myname\:mypassword                       |
+| DecryptionKey=/etc/registry\.key       | --decryption-key=/etc/registry\.key              |
+| GlobalArgs=--log-level=debug           | --log-level=debug                                |
+| Image=quay\.io/centos/centos:latest    | podman image pull quay.io/centos/centos\:latest  |
+| ImageTag=quay\.io/centos/centos:latest | Use this name when resolving `.image` references |
+| OS=windows                             | --os=windows                                     |
+| PodmanArgs=--os=linux                  | --os=linux                                       |
+| TLSVerify=false                        | --tls-verify=false                               |
+| Variant=arm/v7                         | --variant=arm/v7                                 |
 
 ### `AllTags=`
 
@@ -1150,6 +1151,19 @@ performance and robustness reasons.
 The format of the name is the same as when passed to `podman pull`. So, it supports using
 `:tag` or digests to guarantee the specific image version.
 
+### `ImageTag=`
+
+Actual FQIN of the referenced `Image`.
+Only meaningful when source is a file or directory archive.
+
+For example, an image saved into a `docker-archive` with the following Podman command:
+
+`podman image save --format docker-archive --output /tmp/archive-file.tar quay.io/podman/stable:latest`
+
+requires setting
+- `Image=docker-archive:/tmp/archive-file.tar`
+- `ImageTag=quay.io/podman/stable:latest`
+
 ### `OS=`
 
 Override the OS, defaults to hosts, of the image to be pulled.

diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go
@@ -90,6 +90,7 @@ const (
 	KeyIP                    = "IP"
 	KeyIP6                   = "IP6"
 	KeyImage                 = "Image"
+	KeyImageTag              = "ImageTag"
 	KeyKubeDownForce         = "KubeDownForce"
 	KeyLabel                 = "Label"
 	KeyLogDriver             = "LogDriver"
@@ -290,6 +291,7 @@ var (
 		KeyDecryptionKey:        true,
 		KeyGlobalArgs:           true,
 		KeyImage:                true,
+		KeyImageTag:             true,
 		KeyOS:                   true,
 		KeyPodmanArgs:           true,
 		KeyTLSVerify:            true,
@@ -1222,6 +1224,10 @@ func ConvertImage(image *parser.UnitFile) (*parser.UnitFile, string, error) {
 		// The default syslog identifier is the exec basename (podman) which isn't very useful here
 		"SyslogIdentifier", "%N")
 
+	if name, ok := image.Lookup(ImageGroup, KeyImageTag); ok && len(name) > 0 {
+		imageName = name
+	}
+
 	return service, imageName, nil
 }
 

diff --git a/test/system/252-quadlet.bats b/test/system/252-quadlet.bats
@@ -1325,4 +1325,91 @@ EOF
     run_podman rmi --ignore $(pause_image)
 }
 
+@test "quadlet - image tag" {
+    local quadlet_tmpdir=$PODMAN_TMPDIR/quadlets
+    local archive_file=$PODMAN_TMPDIR/archive-file.tar
+    local image_for_test=localhost/quadlet_image_test:$(random_string)
+
+    local quadlet_image_unit=image_test_$(random_string).image
+    local quadlet_image_file=$PODMAN_TMPDIR/$quadlet_image_unit
+    cat > $quadlet_image_file <<EOF
+[Image]
+Image=docker-archive:$archive_file
+ImageTag=$image_for_test
+EOF
+
+    local quadlet_volume_unit=image_test_$(random_string).volume
+    local quadlet_volume_file=$PODMAN_TMPDIR/$quadlet_volume_unit
+    local volume_name=systemd-$(basename $quadlet_volume_file .volume)
+    cat > $quadlet_volume_file <<EOF
+[Volume]
+Driver=image
+Image=$quadlet_image_unit
+EOF
+
+    local quadlet_container_unit=image_test_$(random_string).container
+    local quadlet_container_file=$PODMAN_TMPDIR/$quadlet_container_unit
+    cat > $quadlet_container_file <<EOF
+[Container]
+Image=$IMAGE
+Exec=sh -c "echo STARTED CONTAINER; echo "READY=1" | socat -u STDIN unix-sendto:\$NOTIFY_SOCKET; sleep inf"
+Volume=$quadlet_volume_unit:/vol
+EOF
+
+    # Tag the image, save it into a file and remove it
+    run_podman image tag $IMAGE $image_for_test
+    run_podman image save --format docker-archive --output $archive_file $image_for_test
+    run_podman image rm $image_for_test
+
+    # Use the same directory for all quadlet files to make sure later steps access previous ones
+    mkdir $quadlet_tmpdir
+
+    # Have quadlet create the systemd unit file for the image unit
+    run_quadlet "$quadlet_image_file" "$quadlet_tmpdir"
+    # Save the image service name since the variable will be overwritten
+    local image_service=$QUADLET_SERVICE_NAME
+
+    # Have quadlet create the systemd unit file for the volume unit
+    run_quadlet "$quadlet_volume_file" "$quadlet_tmpdir"
+    # Save the image service name since the variable will be overwritten
+    local volume_service=$QUADLET_SERVICE_NAME
+
+    # Image should not exist
+    run_podman 1 image exists ${image_for_test}
+    # Volume should not exist
+    run_podman 1 volume exists ${volume_name}
+
+    # Have quadlet create the systemd unit file for the image unit
+    run_quadlet "$quadlet_container_file" "$quadlet_tmpdir"
+    local container_service=$QUADLET_SERVICE_NAME
+    local container_name=$QUADLET_CONTAINER_NAME
+
+    service_setup $container_service
+
+    # Image system unit should be active
+    run systemctl show --property=ActiveState "$image_service"
+    assert "$output" = "ActiveState=active" \
+           "quadlet - image tag: image service ActiveState"
+
+    # Volume system unit should be active
+    run systemctl show --property=ActiveState "$volume_service"
+    assert "$output" = "ActiveState=active" \
+           "quadlet - image tag: volume service ActiveState"
+
+    # Image should exist
+    run_podman image exists ${image_for_test}
+
+    # Volume should exist
+    run_podman volume exists ${volume_name}
+
+    run_podman exec $QUADLET_CONTAINER_NAME cat /vol/home/podman/testimage-id
+    assert "$output" = $PODMAN_TEST_IMAGE_TAG \
+            "quadlet - image files: incorrect testimage-id in bound volume"
+
+    # Shutdown the service and remove the image
+    service_cleanup $container_service failed
+    run_podman image rm --ignore $image_for_test
+    run_podman rmi --ignore $(pause_image)
+}
+
 # vim: filetype=sh