summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-02-23 21:49:50 +0100
committerChristian Breunig <christian@breunig.cc>2024-02-24 09:07:17 +0100
commitbaf30d8319ef4d0f0cc4cdf0f7c12f03f8a492b6 (patch)
treea6081e037c0c3c6b4d70ab60bb92ca1cfd95a86e
parentf54cf0873353da006bb6470e9b5dee7c8c19442d (diff)
downloadvyos-1x-baf30d8319ef4d0f0cc4cdf0f7c12f03f8a492b6.tar.gz
vyos-1x-baf30d8319ef4d0f0cc4cdf0f7c12f03f8a492b6.zip
container: T5909: move registry login to op-mode
It does not make sense to perform the "podman login" command when setting up containers, as images are not automatically pulled in from the registry - due to issues with the default route during startup. The same issue manifests in "podman login" where we can not login to a registry unless there is a default route present. This commit changes the behavior that the container registry is part of the configuration, but it is only referenced during "add container image" and thus never during system boot.
-rwxr-xr-xsrc/conf_mode/container.py23
-rwxr-xr-xsrc/op_mode/container.py28
2 files changed, 28 insertions, 23 deletions
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 321d00abf..e967bee71 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021-2023 VyOS maintainers and contributors
+# Copyright (C) 2021-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -32,7 +32,6 @@ from vyos.utils.file import write_file
from vyos.utils.process import call
from vyos.utils.process import cmd
from vyos.utils.process import run
-from vyos.utils.process import rc_cmd
from vyos.template import bracketize_ipv6
from vyos.template import inc_ip
from vyos.template import is_ipv4
@@ -251,7 +250,7 @@ def verify(container):
if 'authentication' not in registry_config:
continue
if not {'username', 'password'} <= set(registry_config['authentication']):
- raise ConfigError('If registry username or or password is defined, so must be the other!')
+ raise ConfigError('Container registry requires both username and password to be set!')
return None
@@ -401,24 +400,6 @@ def generate(container):
write_file(f'/etc/containers/networks/{network}.json', json_write(tmp, indent=2))
- if 'registry' in container:
- cmd = f'podman logout --all'
- rc, out = rc_cmd(cmd)
- if rc != 0:
- raise ConfigError(out)
-
- for registry, registry_config in container['registry'].items():
- if 'disable' in registry_config:
- continue
- if 'authentication' in registry_config:
- if {'username', 'password'} <= set(registry_config['authentication']):
- username = registry_config['authentication']['username']
- password = registry_config['authentication']['password']
- cmd = f'podman login --username {username} --password {password} {registry}'
- rc, out = rc_cmd(cmd)
- if rc != 0:
- raise ConfigError(out)
-
render(config_containers, 'container/containers.conf.j2', container)
render(config_registry, 'container/registries.conf.j2', container)
render(config_storage, 'container/storage.conf.j2', container)
diff --git a/src/op_mode/container.py b/src/op_mode/container.py
index 5a022d0c0..385843b37 100755
--- a/src/op_mode/container.py
+++ b/src/op_mode/container.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2022 VyOS maintainers and contributors
+# Copyright (C) 2022-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -20,6 +20,8 @@ import sys
from sys import exit
from vyos.utils.process import cmd
+from vyos.utils.process import call
+from vyos.utils.process import rc_cmd
import vyos.opmode
@@ -36,12 +38,34 @@ def _get_raw_data(command: str) -> list:
return data
def add_image(name: str):
- from vyos.utils.process import rc_cmd
+ """ Pull image from container registry. If registry authentication
+ is defined within VyOS CLI, credentials are used to login befroe pull """
+ from vyos.configquery import ConfigTreeQuery
+
+ conf = ConfigTreeQuery()
+ container = conf.get_config_dict(['container', 'registry'])
+
+ do_logout = False
+ if 'registry' in container:
+ for registry, registry_config in container['registry'].items():
+ if 'disable' in registry_config:
+ continue
+ if 'authentication' in registry_config:
+ do_logout = True
+ if {'username', 'password'} <= set(registry_config['authentication']):
+ username = registry_config['authentication']['username']
+ password = registry_config['authentication']['password']
+ cmd = f'podman login --username {username} --password {password} {registry}'
+ rc, out = rc_cmd(cmd)
+ if rc != 0: raise vyos.opmode.InternalError(out)
rc, output = rc_cmd(f'podman image pull {name}')
if rc != 0:
raise vyos.opmode.InternalError(output)
+ if do_logout:
+ rc_cmd('podman logout --all')
+
def delete_image(name: str):
from vyos.utils.process import rc_cmd