diff options
author | W. Trevor King <wking@tremily.us> | 2018-09-12 16:44:58 -0700 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-09-14 15:01:43 +0000 |
commit | 2188d8f7ada15caddd8b721745a0a4b6f61ce111 (patch) | |
tree | 5c2c662e1bf9bdf20ff0f0ee501863d1a114ab44 /libpod | |
parent | b873fe760a3d3462c8f73e86195fedcacc543be0 (diff) | |
download | podman-2188d8f7ada15caddd8b721745a0a4b6f61ce111.tar.gz podman-2188d8f7ada15caddd8b721745a0a4b6f61ce111.tar.bz2 podman-2188d8f7ada15caddd8b721745a0a4b6f61ce111.zip |
libpod/image/pull: Return image-pulling errors from doPullImage
We were already writing these to our debug logs. But collecting them
and including them in the error message will make it easier for
callers who don't have debugging enabled to figure out what's going
wrong.
Using multierror gives us both pretty formatting (when we print this
for the user) and programmatic access (for any callers that need to
inspect the constituent errors). With this commit and a config like:
$ cat /etc/containers/registries.conf
[registries.search]
registries = ['registry.access.redhat.com', 'quay.io', 'docker.io']
pulling an unqualified missing image looks like:
$ podman pull does-not/exist
Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
Trying to pull quay.io/does-not/exist:latest...Failed
Trying to pull docker.io/does-not/exist:latest...Failed
error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:
* Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
* Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
* Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
denied: requested access to the resource is denied
unauthorized: authentication required
A qualified image looks like:
$ podman pull quay.io/does-not/exist
Trying to pull quay.io/does-not/exist...Failed
error pulling image "quay.io/does-not/exist": unable to pull quay.io/does-not/exist: unable to pull image: Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: Error reading manifest latest in quay.io/does-not/exist: unauthorized: access to the requested resource is not authorized
If one of the searched repositories was offline, you'd get a more
useful routing error for that specific registry. For example:
$ cat /etc/hosts
127.0.0.1 quay.io
$ podman pull does-not/exist
Trying to pull registry.access.redhat.com/does-not/exist:latest...Failed
Trying to pull quay.io/does-not/exist:latest...Failed
Trying to pull docker.io/does-not/exist:latest...Failed
error pulling image "does-not/exist": unable to pull does-not/exist: 3 errors occurred:
* Error determining manifest MIME type for docker://registry.access.redhat.com/does-not/exist:latest: Error reading manifest latest in registry.access.redhat.com/does-not/exist: unknown: Not Found
* Error determining manifest MIME type for docker://quay.io/does-not/exist:latest: pinging docker registry returned: Get https://quay.io/v2/: dial tcp 127.0.0.1:443: connect: connection refused
* Error determining manifest MIME type for docker://does-not/exist:latest: Error reading manifest latest in docker.io/does-not/exist: errors:
denied: requested access to the resource is denied
unauthorized: authentication required
This is our first direct dependency on multierror, but we've been
vendoring it for a while now because opencontainers/runtime-tools uses
it for config validation.
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1456
Approved by: rhatdan
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/image/pull.go | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/libpod/image/pull.go b/libpod/image/pull.go index ce3e8e73e..9eac2b988 100644 --- a/libpod/image/pull.go +++ b/libpod/image/pull.go @@ -20,6 +20,7 @@ import ( "github.com/containers/image/types" "github.com/containers/libpod/pkg/registries" "github.com/containers/libpod/pkg/util" + multierror "github.com/hashicorp/go-multierror" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -234,6 +235,7 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa return nil, err } var images []string + var pullErrors *multierror.Error for _, imageInfo := range goal.refPairs { copyOptions := getCopyOptions(sc, writer, dockerOptions, nil, signingOptions, "", nil) if imageInfo.srcRef.Transport().Name() == DockerTransport { @@ -254,6 +256,7 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa io.WriteString(writer, fmt.Sprintf("Trying to pull %s...", imageInfo.image)) } if err = cp.Image(ctx, policyContext, imageInfo.dstRef, imageInfo.srcRef, copyOptions); err != nil { + pullErrors = multierror.Append(pullErrors, err) logrus.Debugf("Error pulling image ref %s: %v", imageInfo.srcRef.StringWithinTransport(), err) if writer != nil { io.WriteString(writer, "Failed\n") @@ -273,10 +276,12 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa } // If the image passed in was fully-qualified, we will have 1 refpair. Bc the image is fq'd, we dont need to yap about registries. if !goal.usedSearchRegistries { + if pullErrors != nil && len(pullErrors.Errors) > 0 { // this should always be true + return nil, errors.Wrap(pullErrors.Errors[0], "unable to pull image") + } return nil, errors.Errorf("unable to pull image, or you do not have pull access") } - return nil, errors.Errorf("unable to find image on registries defined in %s, or you do not have pull access", registryPath) - + return nil, pullErrors } return images, nil } |