diff options
author | Valentin Rothberg <rothberg@redhat.com> | 2021-09-09 11:48:42 +0200 |
---|---|---|
committer | Valentin Rothberg <rothberg@redhat.com> | 2021-09-10 12:43:07 +0200 |
commit | 6f36a47ac2bc5dee2785043231a6e0734c9087cf (patch) | |
tree | d2b9fcd5ea2dc6950050d33c6312ed5b1c28752d /pkg/machine | |
parent | 63f6656f8fa79d7f6e01379d7ba0aa4ab3c03b37 (diff) | |
download | podman-6f36a47ac2bc5dee2785043231a6e0734c9087cf.tar.gz podman-6f36a47ac2bc5dee2785043231a6e0734c9087cf.tar.bz2 podman-6f36a47ac2bc5dee2785043231a6e0734c9087cf.zip |
podman machine: enforce a single search registry
Enforce "docker.io" to be the only search registry. Short-name
resolution for remote clients is not fully supported since there is no
means to prompt. Enforcing a single registry works around the problem
since prompting only fires with more than one search registry.
Fixes: #11489
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'pkg/machine')
-rw-r--r-- | pkg/machine/ignition.go | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index a9289d6b3..df6e11f92 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -139,6 +139,21 @@ func getDirs(usrName string) []Directory { } dirs[i] = newDir } + + // Issue #11489: make sure that we can inject a custom registries.conf + // file on the system level to force a single search registry. + // The remote client does not yet support prompting for short-name + // resolution, so we enforce a single search registry (i.e., docker.io) + // as a workaround. + dirs = append(dirs, Directory{ + Node: Node{ + Group: getNodeGrp("root"), + Path: "/etc/containers/registries.conf.d", + User: getNodeUsr("root"), + }, + DirectoryEmbedded1: DirectoryEmbedded1{Mode: intToPtr(493)}, + }) + return dirs } @@ -203,6 +218,27 @@ func getFiles(usrName string) []File { Mode: intToPtr(420), }, }) + + // Issue #11489: make sure that we can inject a custom registries.conf + // file on the system level to force a single search registry. + // The remote client does not yet support prompting for short-name + // resolution, so we enforce a single search registry (i.e., docker.io) + // as a workaround. + files = append(files, File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: "/etc/containers/registries.conf.d/999-podman-machine.conf", + User: getNodeUsr("root"), + }, + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: strToPtr("data:,unqualified-search-registries%3D%5B%22docker.io%22%5D"), + }, + Mode: intToPtr(420), + }, + }) + return files } |