diff options
author | Christian Breunig <christian@breunig.cc> | 2024-02-24 10:03:50 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-24 10:03:50 +0100 |
commit | 88911dbdf78ea1d82dde08eff19f9f3eed7448dd (patch) | |
tree | 49ce298230be3dfb53449cb65037b78ded92329a | |
parent | 9086748f7a3f83482f5c39ca2d611ec22b329296 (diff) | |
parent | fcebadea51c1df88553e608a0866a6f2a1dcaa2b (diff) | |
download | vyos-1x-88911dbdf78ea1d82dde08eff19f9f3eed7448dd.tar.gz vyos-1x-88911dbdf78ea1d82dde08eff19f9f3eed7448dd.zip |
Merge pull request #3045 from vyos/mergify/bp/sagitta/pr-3044
container: T5909: move registry login to op-mode (backport #3044)
-rwxr-xr-x | src/conf_mode/container.py | 23 | ||||
-rwxr-xr-x | src/op_mode/container.py | 28 |
2 files changed, 28 insertions, 23 deletions
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index 321d00abf..e967bee71 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2023 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -32,7 +32,6 @@ from vyos.utils.file import write_file from vyos.utils.process import call from vyos.utils.process import cmd from vyos.utils.process import run -from vyos.utils.process import rc_cmd from vyos.template import bracketize_ipv6 from vyos.template import inc_ip from vyos.template import is_ipv4 @@ -251,7 +250,7 @@ def verify(container): if 'authentication' not in registry_config: continue if not {'username', 'password'} <= set(registry_config['authentication']): - raise ConfigError('If registry username or or password is defined, so must be the other!') + raise ConfigError('Container registry requires both username and password to be set!') return None @@ -401,24 +400,6 @@ def generate(container): write_file(f'/etc/containers/networks/{network}.json', json_write(tmp, indent=2)) - if 'registry' in container: - cmd = f'podman logout --all' - rc, out = rc_cmd(cmd) - if rc != 0: - raise ConfigError(out) - - for registry, registry_config in container['registry'].items(): - if 'disable' in registry_config: - continue - if 'authentication' in registry_config: - if {'username', 'password'} <= set(registry_config['authentication']): - username = registry_config['authentication']['username'] - password = registry_config['authentication']['password'] - cmd = f'podman login --username {username} --password {password} {registry}' - rc, out = rc_cmd(cmd) - if rc != 0: - raise ConfigError(out) - render(config_containers, 'container/containers.conf.j2', container) render(config_registry, 'container/registries.conf.j2', container) render(config_storage, 'container/storage.conf.j2', container) diff --git a/src/op_mode/container.py b/src/op_mode/container.py index 5a022d0c0..385843b37 100755 --- a/src/op_mode/container.py +++ b/src/op_mode/container.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,6 +20,8 @@ import sys from sys import exit from vyos.utils.process import cmd +from vyos.utils.process import call +from vyos.utils.process import rc_cmd import vyos.opmode @@ -36,12 +38,34 @@ def _get_raw_data(command: str) -> list: return data def add_image(name: str): - from vyos.utils.process import rc_cmd + """ Pull image from container registry. If registry authentication + is defined within VyOS CLI, credentials are used to login befroe pull """ + from vyos.configquery import ConfigTreeQuery + + conf = ConfigTreeQuery() + container = conf.get_config_dict(['container', 'registry']) + + do_logout = False + if 'registry' in container: + for registry, registry_config in container['registry'].items(): + if 'disable' in registry_config: + continue + if 'authentication' in registry_config: + do_logout = True + if {'username', 'password'} <= set(registry_config['authentication']): + username = registry_config['authentication']['username'] + password = registry_config['authentication']['password'] + cmd = f'podman login --username {username} --password {password} {registry}' + rc, out = rc_cmd(cmd) + if rc != 0: raise vyos.opmode.InternalError(out) rc, output = rc_cmd(f'podman image pull {name}') if rc != 0: raise vyos.opmode.InternalError(output) + if do_logout: + rc_cmd('podman logout --all') + def delete_image(name: str): from vyos.utils.process import rc_cmd |