From 5103da2a051ef0aeb5236c35fcf238d933cf5706 Mon Sep 17 00:00:00 2001 From: Angie Wang Date: Tue, 22 Jan 2019 18:50:39 +0000 Subject: [PATCH] Revert "Pass user credentials when pull/push images from local docker registry" The local docker registry authentication commit https://review.openstack.org/#/c/626355/ is blocked to merge as kubernetes is not passing credentials when pulling images from local docker registry. The solution hasn't been decided yet, one optional solution could be to make images pull wide open (no authentication for pulling). Revert this commit as it fails to pull images for custom apps. Will add the authentication back after a proper solution decided for the local docker registry authentication feature. This reverts commit 6946ea845a7933a150c4c69ff7731eca48d3a0bb. Change-Id: I7e402421b3e8a88644c949a9ec57cbb091750e1e --- .../sysinv/sysinv/sysinv/common/exception.py | 5 ----- .../sysinv/sysinv/sysinv/conductor/kube_app.py | 18 ++---------------- 2 files changed, 2 insertions(+), 21 deletions(-) diff --git a/sysinv/sysinv/sysinv/sysinv/common/exception.py b/sysinv/sysinv/sysinv/sysinv/common/exception.py index e4c89e97f0..8bb17e0c27 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/exception.py +++ b/sysinv/sysinv/sysinv/sysinv/common/exception.py @@ -923,11 +923,6 @@ class KubeAppNotFound(NotFound): message = _("No application with name %(name)s.") -class DockerRegistryCredentialNotFound(NotFound): - message = _("Credentials to access local docker registry " - "for user %(name)s could not be found.") - - class SDNNotEnabled(SysinvException): message = _("SDN configuration is not enabled.") diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py index c6a8d29b3c..a1177e756d 100644 --- a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py +++ b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py @@ -11,7 +11,6 @@ import docker import grp -import keyring import os import pwd import re @@ -58,8 +57,6 @@ INSTALLATION_TIMEOUT = 3600 MAX_DOWNLOAD_THREAD = 20 TARFILE_DOWNLOAD_CONNECTION_TIMEOUT = 60 TARFILE_TRANSFER_CHUNK_SIZE = 1024 * 512 -DOCKER_REGISTRY_USER = 'admin' -DOCKER_REGISTRY_SERVICE = 'CGCS' # Helper functions @@ -100,16 +97,6 @@ def get_app_install_root_path_ownership(): return (uid, gid) -def get_docker_registry_authentication(): - docker_registry_user_password = keyring.get_password( - DOCKER_REGISTRY_SERVICE, DOCKER_REGISTRY_USER) - if not docker_registry_user_password: - raise exception.DockerRegistryCredentialNotFound( - name=DOCKER_REGISTRY_USER) - - return dict(username=DOCKER_REGISTRY_USER, - password=docker_registry_user_password) - Chart = namedtuple('Chart', 'name namespace') @@ -1218,9 +1205,8 @@ class DockerHelper(object): try: # Pull image from local docker registry LOG.info("Image %s download started from local registry" % loc_img_tag) - docker_registry_auth = get_docker_registry_authentication() client = docker.APIClient(timeout=INSTALLATION_TIMEOUT) - client.pull(loc_img_tag, auth_config=docker_registry_auth) + client.pull(loc_img_tag) except docker.errors.NotFound: try: # Image is not available in local docker registry, get the image @@ -1230,7 +1216,7 @@ class DockerHelper(object): pub_img_tag = loc_img_tag[1 + loc_img_tag.find('/'):] client.pull(pub_img_tag) client.tag(pub_img_tag, loc_img_tag) - client.push(loc_img_tag, auth_config=docker_registry_auth) + client.push(loc_img_tag) except Exception as e: rc = False LOG.error("Image %s download failed from public registry: %s" % (pub_img_tag, e))