Pass user credentials when pull/push images from local docker registry
The functionality of local docker registry authentication is implemented in commit https://review.openstack.org/#/c/626355/. However, local docker registry is currently used to pull/push images during application apply without authentication. This commit passes user credentials when pulling/pushing images from docker registry, otherwise application apply will fail after the above docker registry authentication commit merged. Change-Id: Ifd43631e6fb685aed45fd2ad90d74ef3658bdb99 Story: 2002840 Task: 28945 Signed-off-by: Angie Wang <angie.wang@windriver.com>
This commit is contained in:
parent
ad14905521
commit
6946ea845a
|
@ -923,6 +923,11 @@ class KubeAppNotFound(NotFound):
|
|||
message = _("No application with name %(name)s.")
|
||||
|
||||
|
||||
class DockerRegistryCredentialNotFound(NotFound):
|
||||
message = _("Credentials to access local docker registry "
|
||||
"for user %(name)s could not be found.")
|
||||
|
||||
|
||||
class SDNNotEnabled(SysinvException):
|
||||
message = _("SDN configuration is not enabled.")
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
|
||||
import docker
|
||||
import grp
|
||||
import keyring
|
||||
import os
|
||||
import pwd
|
||||
import re
|
||||
|
@ -57,6 +58,8 @@ INSTALLATION_TIMEOUT = 3600
|
|||
MAX_DOWNLOAD_THREAD = 20
|
||||
TARFILE_DOWNLOAD_CONNECTION_TIMEOUT = 60
|
||||
TARFILE_TRANSFER_CHUNK_SIZE = 1024 * 512
|
||||
DOCKER_REGISTRY_USER = 'admin'
|
||||
DOCKER_REGISTRY_SERVICE = 'CGCS'
|
||||
|
||||
|
||||
# Helper functions
|
||||
|
@ -97,6 +100,16 @@ def get_app_install_root_path_ownership():
|
|||
return (uid, gid)
|
||||
|
||||
|
||||
def get_docker_registry_authentication():
|
||||
docker_registry_user_password = keyring.get_password(
|
||||
DOCKER_REGISTRY_SERVICE, DOCKER_REGISTRY_USER)
|
||||
if not docker_registry_user_password:
|
||||
raise exception.DockerRegistryCredentialNotFound(
|
||||
name=DOCKER_REGISTRY_USER)
|
||||
|
||||
return dict(username=DOCKER_REGISTRY_USER,
|
||||
password=docker_registry_user_password)
|
||||
|
||||
Chart = namedtuple('Chart', 'name namespace')
|
||||
|
||||
|
||||
|
@ -1205,8 +1218,9 @@ class DockerHelper(object):
|
|||
try:
|
||||
# Pull image from local docker registry
|
||||
LOG.info("Image %s download started from local registry" % loc_img_tag)
|
||||
docker_registry_auth = get_docker_registry_authentication()
|
||||
client = docker.APIClient(timeout=INSTALLATION_TIMEOUT)
|
||||
client.pull(loc_img_tag)
|
||||
client.pull(loc_img_tag, auth_config=docker_registry_auth)
|
||||
except docker.errors.NotFound:
|
||||
try:
|
||||
# Image is not available in local docker registry, get the image
|
||||
|
@ -1216,7 +1230,7 @@ class DockerHelper(object):
|
|||
pub_img_tag = loc_img_tag[1 + loc_img_tag.find('/'):]
|
||||
client.pull(pub_img_tag)
|
||||
client.tag(pub_img_tag, loc_img_tag)
|
||||
client.push(loc_img_tag)
|
||||
client.push(loc_img_tag, auth_config=docker_registry_auth)
|
||||
except Exception as e:
|
||||
rc = False
|
||||
LOG.error("Image %s download failed from public registry: %s" % (pub_img_tag, e))
|
||||
|
|
Loading…
Reference in New Issue