summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-09-10 11:02:51 -0400
committerGitHub <noreply@github.com>2021-09-10 11:02:51 -0400
commite6046224ea88cad9286303456562b4a24ad9cf9b (patch)
tree6b1ece8d61ce82b679e22bafdec3f58425ac4951
parent923648b487cc78aaa54058ee30b5c80389958599 (diff)
parent5bf22014472240b7782e05280b7bd746e8a6ecd2 (diff)
downloadpodman-e6046224ea88cad9286303456562b4a24ad9cf9b.tar.gz
podman-e6046224ea88cad9286303456562b4a24ad9cf9b.tar.bz2
podman-e6046224ea88cad9286303456562b4a24ad9cf9b.zip
Merge pull request #11498 from vrothberg/fix-11489
[CI:DOCS] podman machine: enforce a single search registry
-rw-r--r--pkg/machine/ignition.go46
1 files changed, 41 insertions, 5 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index a9289d6b3..89b556b14 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -135,10 +135,25 @@ func getDirs(usrName string) []Directory {
Path: d,
User: getNodeUsr(usrName),
},
- DirectoryEmbedded1: DirectoryEmbedded1{Mode: intToPtr(493)},
+ DirectoryEmbedded1: DirectoryEmbedded1{Mode: intToPtr(0755)},
}
dirs[i] = newDir
}
+
+ // Issue #11489: make sure that we can inject a custom registries.conf
+ // file on the system level to force a single search registry.
+ // The remote client does not yet support prompting for short-name
+ // resolution, so we enforce a single search registry (i.e., docker.io)
+ // as a workaround.
+ dirs = append(dirs, Directory{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/containers/registries.conf.d",
+ User: getNodeUsr("root"),
+ },
+ DirectoryEmbedded1: DirectoryEmbedded1{Mode: intToPtr(0755)},
+ })
+
return dirs
}
@@ -158,7 +173,7 @@ func getFiles(usrName string) []File {
Contents: Resource{
Source: strToPtr("data:,%5BUnit%5D%0ADescription%3DA%20systemd%20user%20unit%20demo%0AAfter%3Dnetwork-online.target%0AWants%3Dnetwork-online.target%20podman.socket%0A%5BService%5D%0AExecStart%3D%2Fusr%2Fbin%2Fsleep%20infinity%0A"),
},
- Mode: intToPtr(484),
+ Mode: intToPtr(0744),
},
})
@@ -175,7 +190,7 @@ func getFiles(usrName string) []File {
Contents: Resource{
Source: strToPtr("data:,%5Bcontainers%5D%0D%0Anetns%3D%22bridge%22%0D%0Arootless_networking%3D%22cni%22"),
},
- Mode: intToPtr(484),
+ Mode: intToPtr(0744),
},
})
// Add a file into linger
@@ -185,7 +200,7 @@ func getFiles(usrName string) []File {
Path: "/var/lib/systemd/linger/core",
User: getNodeUsr(usrName),
},
- FileEmbedded1: FileEmbedded1{Mode: intToPtr(420)},
+ FileEmbedded1: FileEmbedded1{Mode: intToPtr(0644)},
})
// Set machine_enabled to true to indicate we're in a VM
@@ -200,9 +215,30 @@ func getFiles(usrName string) []File {
Contents: Resource{
Source: strToPtr("data:,%5Bengine%5D%0Amachine_enabled%3Dtrue%0A"),
},
- Mode: intToPtr(420),
+ Mode: intToPtr(0644),
+ },
+ })
+
+ // Issue #11489: make sure that we can inject a custom registries.conf
+ // file on the system level to force a single search registry.
+ // The remote client does not yet support prompting for short-name
+ // resolution, so we enforce a single search registry (i.e., docker.io)
+ // as a workaround.
+ files = append(files, File{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/containers/registries.conf.d/999-podman-machine.conf",
+ User: getNodeUsr("root"),
+ },
+ FileEmbedded1: FileEmbedded1{
+ Append: nil,
+ Contents: Resource{
+ Source: strToPtr("data:,unqualified-search-registries%3D%5B%22docker.io%22%5D"),
+ },
+ Mode: intToPtr(0644),
},
})
+
return files
}