Merge "Pass user credentials when pull/push images from local docker registry"
This commit is contained in:
commit
02a4f12dc4
|
@ -923,6 +923,11 @@ class KubeAppNotFound(NotFound):
|
||||||
message = _("No application with name %(name)s.")
|
message = _("No application with name %(name)s.")
|
||||||
|
|
||||||
|
|
||||||
|
class DockerRegistryCredentialNotFound(NotFound):
|
||||||
|
message = _("Credentials to access local docker registry "
|
||||||
|
"for user %(name)s could not be found.")
|
||||||
|
|
||||||
|
|
||||||
class SDNNotEnabled(SysinvException):
|
class SDNNotEnabled(SysinvException):
|
||||||
message = _("SDN configuration is not enabled.")
|
message = _("SDN configuration is not enabled.")
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
|
|
||||||
import docker
|
import docker
|
||||||
import grp
|
import grp
|
||||||
|
import keyring
|
||||||
import os
|
import os
|
||||||
import pwd
|
import pwd
|
||||||
import re
|
import re
|
||||||
|
@ -57,6 +58,8 @@ INSTALLATION_TIMEOUT = 3600
|
||||||
MAX_DOWNLOAD_THREAD = 20
|
MAX_DOWNLOAD_THREAD = 20
|
||||||
TARFILE_DOWNLOAD_CONNECTION_TIMEOUT = 60
|
TARFILE_DOWNLOAD_CONNECTION_TIMEOUT = 60
|
||||||
TARFILE_TRANSFER_CHUNK_SIZE = 1024 * 512
|
TARFILE_TRANSFER_CHUNK_SIZE = 1024 * 512
|
||||||
|
DOCKER_REGISTRY_USER = 'admin'
|
||||||
|
DOCKER_REGISTRY_SERVICE = 'CGCS'
|
||||||
|
|
||||||
|
|
||||||
# Helper functions
|
# Helper functions
|
||||||
|
@ -97,6 +100,16 @@ def get_app_install_root_path_ownership():
|
||||||
return (uid, gid)
|
return (uid, gid)
|
||||||
|
|
||||||
|
|
||||||
|
def get_docker_registry_authentication():
|
||||||
|
docker_registry_user_password = keyring.get_password(
|
||||||
|
DOCKER_REGISTRY_SERVICE, DOCKER_REGISTRY_USER)
|
||||||
|
if not docker_registry_user_password:
|
||||||
|
raise exception.DockerRegistryCredentialNotFound(
|
||||||
|
name=DOCKER_REGISTRY_USER)
|
||||||
|
|
||||||
|
return dict(username=DOCKER_REGISTRY_USER,
|
||||||
|
password=docker_registry_user_password)
|
||||||
|
|
||||||
Chart = namedtuple('Chart', 'name namespace')
|
Chart = namedtuple('Chart', 'name namespace')
|
||||||
|
|
||||||
|
|
||||||
|
@ -1205,8 +1218,9 @@ class DockerHelper(object):
|
||||||
try:
|
try:
|
||||||
# Pull image from local docker registry
|
# Pull image from local docker registry
|
||||||
LOG.info("Image %s download started from local registry" % loc_img_tag)
|
LOG.info("Image %s download started from local registry" % loc_img_tag)
|
||||||
|
docker_registry_auth = get_docker_registry_authentication()
|
||||||
client = docker.APIClient(timeout=INSTALLATION_TIMEOUT)
|
client = docker.APIClient(timeout=INSTALLATION_TIMEOUT)
|
||||||
client.pull(loc_img_tag)
|
client.pull(loc_img_tag, auth_config=docker_registry_auth)
|
||||||
except docker.errors.NotFound:
|
except docker.errors.NotFound:
|
||||||
try:
|
try:
|
||||||
# Image is not available in local docker registry, get the image
|
# Image is not available in local docker registry, get the image
|
||||||
|
@ -1216,7 +1230,7 @@ class DockerHelper(object):
|
||||||
pub_img_tag = loc_img_tag[1 + loc_img_tag.find('/'):]
|
pub_img_tag = loc_img_tag[1 + loc_img_tag.find('/'):]
|
||||||
client.pull(pub_img_tag)
|
client.pull(pub_img_tag)
|
||||||
client.tag(pub_img_tag, loc_img_tag)
|
client.tag(pub_img_tag, loc_img_tag)
|
||||||
client.push(loc_img_tag)
|
client.push(loc_img_tag, auth_config=docker_registry_auth)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
rc = False
|
rc = False
|
||||||
LOG.error("Image %s download failed from public registry: %s" % (pub_img_tag, e))
|
LOG.error("Image %s download failed from public registry: %s" % (pub_img_tag, e))
|
||||||
|
|
Loading…
Reference in New Issue