From baf30d8319ef4d0f0cc4cdf0f7c12f03f8a492b6 Mon Sep 17 00:00:00 2001 From: Christian Breunig <christian@breunig.cc> Date: Fri, 23 Feb 2024 21:49:50 +0100 Subject: container: T5909: move registry login to op-mode It does not make sense to perform the "podman login" command when setting up containers, as images are not automatically pulled in from the registry - due to issues with the default route during startup. The same issue manifests in "podman login" where we can not login to a registry unless there is a default route present. This commit changes the behavior that the container registry is part of the configuration, but it is only referenced during "add container image" and thus never during system boot. --- src/op_mode/container.py | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) (limited to 'src/op_mode') diff --git a/src/op_mode/container.py b/src/op_mode/container.py index 5a022d0c0..385843b37 100755 --- a/src/op_mode/container.py +++ b/src/op_mode/container.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,6 +20,8 @@ import sys from sys import exit from vyos.utils.process import cmd +from vyos.utils.process import call +from vyos.utils.process import rc_cmd import vyos.opmode @@ -36,12 +38,34 @@ def _get_raw_data(command: str) -> list: return data def add_image(name: str): - from vyos.utils.process import rc_cmd + """ Pull image from container registry. If registry authentication + is defined within VyOS CLI, credentials are used to login befroe pull """ + from vyos.configquery import ConfigTreeQuery + + conf = ConfigTreeQuery() + container = conf.get_config_dict(['container', 'registry']) + + do_logout = False + if 'registry' in container: + for registry, registry_config in container['registry'].items(): + if 'disable' in registry_config: + continue + if 'authentication' in registry_config: + do_logout = True + if {'username', 'password'} <= set(registry_config['authentication']): + username = registry_config['authentication']['username'] + password = registry_config['authentication']['password'] + cmd = f'podman login --username {username} --password {password} {registry}' + rc, out = rc_cmd(cmd) + if rc != 0: raise vyos.opmode.InternalError(out) rc, output = rc_cmd(f'podman image pull {name}') if rc != 0: raise vyos.opmode.InternalError(output) + if do_logout: + rc_cmd('podman logout --all') + def delete_image(name: str): from vyos.utils.process import rc_cmd -- cgit v1.2.3