summaryrefslogtreecommitdiff
path: root/hack/podman-registry
Commit message (Collapse)AuthorAge
* Update the registry server we test against from 2.6 to 2.8Miloslav Trmač2022-08-02
| | | | | | | | | | | | | ... primarily so that it can support OCI artifacts. 2.8 already seems to exist in the repo. This requires changing WaitContainerReady to also check stderr (ultimately because docker/distribution was updated to a more recent sirupsen/logrus, which logs by default to stderr instead of stdout). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Use existing REGISTRY_IMAGE variables in more placesMiloslav Trmač2022-08-02
| | | | | | | | | ... instead of hard-coding a copy of the value. Notably this makes hack/podman_registry actually support the documented -i option. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Use httpasswd from the surrouding OS instead of the registry imageMiloslav Trmač2022-08-02
| | | | | | | | | | | htpasswd is no longer included in docker.io/library/distribution after 2.7.0, per https://github.com/docker/distribution-library-image/issues/107 , and we want to upgrade to a recent version. At least system tests currently execute htpasswd from the OS, so it seems that it is likely to be available. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* manifest_test: safer registry setup and teardownEd Santiago2022-07-07
| | | | | | | | | | | | | | | | | | | | | | | | | manifest_test:authenticated_push() is the final test left to fix before merging #14397. The reason it's failing _seems_ to be that podman is running with a mix of netavark and CNI, and that _seems_ to be because this test invokes hack/podman-registry which invokes plain podman without whatever options used in e2e. Starting a registry directly from the test is insane: there is no reusable code for doing that (see login_logout_test.go and push_test.go. Yeesh.) Solution: set $PODMAN, by inspecting the podmanTest object which includes both a path and a list of options. podman-registry will invoke that. (It will also override --root and --runroot. This is the desired behavior). Also: add cleanup. If auth-push test fails, stop the registry. Also: add a sanity check to podman-registry script, have it wait for the registry port to activate. Die if it doesn't. That could've saved us a nice bit of debugging time. Signed-off-by: Ed Santiago <santiago@redhat.com>
* podman-registry: minor usability updatesEd Santiago2021-08-02
| | | | | | | 1) use cached quay.io image 2) use 'podman unshare' when rm -rf'ing, to avoid EPERM Signed-off-by: Ed Santiago <santiago@redhat.com>
* CI: force registry:2.6Valentin Rothberg2020-06-19
| | | | | | | | | | | For using the `registry:2.6` image. 2.7 and beyond dropped the `htpasswd` binary from the rootfs which parts of our CI depends on. While this is not a sustainable solution (assuming `htpasswd` is gone for ever), it unblocks the CI for now. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman-registry: many unrelated fixesEd Santiago2020-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) fix lost credentials. must_pass(), added in #6375, eats the credentials generated via 'podman run --entrypoint htpasswd'. Run that podman instance directly, and add explicit error check. (The error and stdout/stderr handling here has gotten cumbersome. There must be something I'm missing that could make it all simpler.) 2) fix default podman path. When setting $PODMAN, default to the locally built one -- there may not be one in $PATH (e.g. in Ubuntu, see #6366). This in turn requires us to: 3) run registry test in integration, not unit test It looks like unit tests run before podman is built, causing a chicken-egg dilemma. Try to solve that by running the new hack/podman-registry-go test in integration tests, not unit tests. Signed-off-by: Ed Santiago <santiago@redhat.com>
* podman-registry helper script: handle errorsEd Santiago2020-05-24
| | | | | | | | | | | | | | | | | | | | | | | My initial revision of the podman-registry helper script was written in haste, with an enormous tradeoff: no visibility into any errors. We are now paying for this in #6366: the script is failing on Ubuntu and we have no way of knowing why. This PR adds a must_pass() function used for critical steps. This runs the action silently; if the command fails, it displays the failing command name with full output logs, cleans up the temporary workdir, and exits with error status. As a reminder, the reason this is necessary is that our script convention is to output a series of environment variables to stdout -- we must therefore take pains not to emit anything else to stdout. And, unfortunately, podman and openssl tend to be rather verbose. Signed-off-by: Ed Santiago <santiago@redhat.com>
* New tool: hack/podman-registry, manages local registryEd Santiago2020-05-20
In response to #6207: this is a helper script intended for use in starting and stopping a local container registry. It takes care of port, username, password assignments; generates a self-signed certificate; and starts the container in an isolated podman root/runroot to avoid conflicting with the caller's environment. Intended usage: invoke from shell script, using 'eval' to get results into calling process environment. See help message (-h) for invocation details. This will work for shell scripts but will be difficult if called from Go or C - if that is likely to happen, I'd love to hear suggestions for alternate ways to get the settings back to the caller. Signed-off-by: Ed Santiago <santiago@redhat.com>