Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update the registry server we test against from 2.6 to 2.8 #15122

Closed
wants to merge 3 commits into from

Conversation

mtrmac
Copy link
Collaborator

@mtrmac mtrmac commented Jul 29, 2022

... primarily so that it can support OCI artifacts.

2.8 already seems to exist in the repo.

Does this PR introduce a user-facing change?

None

@openshift-ci openshift-ci bot added release-note-none do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Jul 29, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 29, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mtrmac

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 29, 2022
@TomSweeneyRedHat
Copy link
Member

Change LGTM, but two tests are failing that might be related to this change.

[+0538s] Summarizing 2 Failures:
[+0538s] 
[+0538s] [Fail] Podman images [BeforeEach] tag + push + pull (with credentials) 
[+0538s] /var/tmp/go/src/github.com/containers/podman/pkg/bindings/test/auth_test.go:30
[+0538s] 
[+0538s] [Fail] Podman images [BeforeEach] tag + push + pull + search (with authfile) 

htpasswd is no longer included in docker.io/library/distribution
after 2.7.0, per distribution/distribution-library-image#107 ,
and we want to upgrade to a recent version.

At least system tests currently execute htpasswd from the OS,
so it seems that it is likely to be available.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@mtrmac
Copy link
Collaborator Author

mtrmac commented Jul 29, 2022

Those are related — htpasswd is no longer included in the registry image. So we have to find it elsewhere; it seems that it might be available in the host OS, so let’s try that.

@mtrmac
Copy link
Collaborator Author

mtrmac commented Jul 30, 2022

Full disclosure: I hit “re-run test” a few times on things that looked like timing issues or not related. I’m not sure if that is common in this project or frowned upon.

Notably at least one of the runs reported a flake on “podman push to local registry with authorization” — the registry logged a successful startup but subsequent accesses were refused, but the in-test re-run succeeded. I don’t think that’s a newly introduced bug but it’s possible that the change now makes some pre-existing race more likely (because we now just run a single external command instead of starting a container)

@mtrmac mtrmac marked this pull request as ready for review July 30, 2022 03:23
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 30, 2022
@mtrmac mtrmac mentioned this pull request Jul 30, 2022
@rhatdan
Copy link
Member

rhatdan commented Jul 30, 2022

LGTM

@rhatdan
Copy link
Member

rhatdan commented Jul 30, 2022

@vrothberg @giuseppe @flouthoc PTAL

"-e", strings.Join([]string{"REGISTRY_HTTP_ADDR=0.0.0.0", strconv.Itoa(port)}, ":"), "--name", "registry", "-v",
strings.Join([]string{authPath, "/auth:Z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
"-v", strings.Join([]string{certPath, "/certs:Z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"})
"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.8"})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should use the REGISTRY_IMAGE variable

@@ -249,7 +249,7 @@ var _ = Describe("Podman login and logout", func() {
strings.Join([]string{authPath, "/auth:z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
"-v", strings.Join([]string{certPath, "/certs:z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"})
"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.8"})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, fixed both (and also hack/podman-registry).

mtrmac added 2 commits July 30, 2022 17:23
... instead of hard-coding a copy of the value.

Notably this makes hack/podman_registry actually
support the documented -i option.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... primarily so that it can support OCI artifacts.

2.8 already seems to exist in the repo.

This requires changing WaitContainerReady to also check
stderr (ultimately because docker/distribution was
updated to a more recent sirupsen/logrus, which logs
by default to stderr instead of stdout).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@vrothberg
Copy link
Member

Note that this PR is already part of #15108, so I am closing this one here to delay our planet's dooms day by a nano second or two.

@vrothberg vrothberg closed this Aug 1, 2022
@mtrmac mtrmac deleted the registry-2.8 branch August 1, 2022 11:04
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 20, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 20, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note-none
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants