New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
prefer podman authentication file locations #37726
prefer podman authentication file locations #37726
Conversation
@atiratree: the
A total of 2459 jobs have been affected by this change. The above listing is non-exhaustive and limited to 35 jobs. A full list of affected jobs can be found here Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
b3ef2a4
to
d4c6263
Compare
echo "ERROR Registry config file not found: $REGISTRY_TOKEN_FILE" | ||
echo " Is the docker/config.json in a different location?" | ||
echo "ERROR Registry authentication file not found: $REGISTRY_TOKEN_FILE" | ||
echo " Is the auth.json in a different location?" | ||
exit 1 | ||
fi | ||
oc registry login |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this PR changes only places that depend on ~/.docker/config.json
, eg. plain oc registry login
. Other invocations of oc registry login
that write to a different file were not changed in this PR as they are not required to be updated to comply with openshift/oc#1376.
There are still many mention of docker/config.json
and we can update these in a followup as these will be mostly cosmetic changes.
@@ -18,6 +18,10 @@ fi | |||
MIRROR_REGISTRY_HOST=`head -n 1 "${SHARED_DIR}/mirror_registry_url"` | |||
echo "MIRROR_REGISTRY_HOST: $MIRROR_REGISTRY_HOST" | |||
|
|||
export HOME="${HOME:-/tmp/home}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure if HOME variable is always exposed in all of these so I am adding it to make sure we always have it.
@@ -167,6 +167,11 @@ objects: | |||
value: /tmp/artifacts | |||
- name: HOME | |||
value: /tmp/home | |||
- name: XDG_RUNTIME_DIR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these changes should be identical to changes here openshift/ci-tools#3345
@@ -64,16 +66,16 @@ echo "INFO Image tag is $IMAGE_TAG" | |||
# Setup registry credentials | |||
REGISTRY_TOKEN_FILE="$SECRETS_PATH/$REGISTRY_SECRET/$REGISTRY_SECRET_FILE" | |||
|
|||
config_file="$HOME/.docker/config.json" | |||
config_file="${XDG_RUNTIME_DIR}/containers/auth.json" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assisted-baremetal-images-publish
, assisted-baremetal-operator-publish
, opendatahub-io-ci-image-mirror
and red-hat-data-services-ci-image-mirror
seem to be used only up to 4.10 so these should be okay to change
|
||
if [[ -n "${INSTALL_INITIAL_RELEASE}" && -n "${RELEASE_IMAGE_INITIAL}" ]]; then | ||
echo "Installing from initial release ${RELEASE_IMAGE_INITIAL}" | ||
OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE="${RELEASE_IMAGE_INITIAL}" | ||
elif [[ "${CLUSTER_VARIANT}" =~ "mirror" ]]; then | ||
# mirror the release image and override the release image to point to the mirrored one | ||
mkdir /tmp/.docker && cp /etc/openshift-installer/pull-secret /tmp/.docker/config.json | ||
mkdir "${XDG_RUNTIME_DIR}/containers" && cp /etc/openshift-installer/pull-secret "${XDG_RUNTIME_DIR}/containers/auth.json" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hm, this seems it might brake eg. release-openshift-ocp-installer-e2e-aws-csi-4.9
. Need to test and we probably have to support the ~docker/config.json
for the old releases
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have reverted these and using .docker/config.js to ensure it works for older versions
/pj-rehearse release-openshift-ocp-installer-e2e-aws-csi-4.9 pull-ci-openshift-assisted-service-master-push-pr-image periodic-ci-red-hat-data-services-notebooks-release-2023a-notebook-jupyter-pytorch-ubi9-python-3-9-image-mirror-weekly |
/pj-rehearse release-openshift-ocp-installer-e2e-aws-csi-4.9 |
@atiratree: job(s): release-openshift-ocp-installer-e2e-aws-csi-4.9 either don't exist or were not found to be affected, and cannot be rehearsed |
/pj-rehearse pull-ci-openshift-assisted-service-master-push-pr-image |
/pj-rehearse periodic-ci-red-hat-data-services-notebooks-release-2023a-notebook-jupyter-pytorch-ubi9-python-3-9-image-mirror-weekly |
@atiratree: job(s): either don't exist or were not found to be affected, and cannot be rehearsed |
/pj-rehearse release-openshift-origin-installer-e2e-aws-shared-vpc-4.9 |
@atiratree: job(s): release-openshift-origin-installer-e2e-aws-shared-vpc-4.9 either don't exist or were not found to be affected, and cannot be rehearsed |
/pj-rehearse release-openshift-origin-installer-e2e-azure-shared-vpc-4.9 |
/pj-rehearse release-openshift-origin-installer-e2e-aws-disruptive-4.9 |
@atiratree: job(s): release-openshift-origin-installer-e2e-azure-shared-vpc-4.9 either don't exist or were not found to be affected, and cannot be rehearsed |
/pj-rehearse release-openshift-ocp-installer-e2e-aws-mirrors-4.9 |
@atiratree: job(s): release-openshift-origin-installer-e2e-aws-disruptive-4.9 either don't exist or were not found to be affected, and cannot be rehearsed |
/pj-rehearse periodic-ci-openshift-cluster-autoscaler-operator-e2e-aws-master |
@atiratree: job(s): periodic-ci-openshift-cluster-autoscaler-operator-e2e-aws-master either don't exist or were not found to be affected, and cannot be rehearsed |
6690f43
to
bcc8c5d
Compare
- podman ~/.docker/config.json is deprecated in favor of podman authentication file locations (default is ${XDG_RUNTIME_DIR}/containers/auth.json) - oc registry login will try to write to this location so XDG_RUNTIME_DIR environment variable must be present and the XDG_RUNTIME_DIR directory created/accessible. Places that need to manipulate with ~/.docker/config.json for backwards compatibility reasons should specify --to or --registry-config - other oc commands that lookup credentials from registry authentication files will first try the podman locations and if the credentials are not found, oc will fallback and check ~/.docker/config.json
bcc8c5d
to
5cb6c26
Compare
/pj-rehearse refresh |
@atiratree: the
A total of 2462 jobs have been affected by this change. The above listing is non-exhaustive and limited to 35 jobs. A full list of affected jobs can be found here Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
/pj-rehearse |
the rehearse failures do not seem to be connected to these changes |
/pj-rehearse |
the additional rehearse failures do not seem to be relevant as well |
Issues in openshift/release go stale after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
Stale issue in openshift/release rot after 15d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
/remove-lifecycle rotten |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/pj-rehearse max |
@atiratree: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/approve |
/pj-rehearse ack |
1122e12
into
openshift:master
@atiratree: Updated the following 24 configmaps:
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
- podman ~/.docker/config.json is deprecated in favor of podman authentication file locations (default is ${XDG_RUNTIME_DIR}/containers/auth.json) - oc registry login will try to write to this location so XDG_RUNTIME_DIR environment variable must be present and the XDG_RUNTIME_DIR directory created/accessible. Places that need to manipulate with ~/.docker/config.json for backwards compatibility reasons should specify --to or --registry-config - other oc commands that lookup credentials from registry authentication files will first try the podman locations and if the credentials are not found, oc will fallback and check ~/.docker/config.json
we want to remove preference for docker auth files in favor of podman ones in openshift/oc#1376. Since openshift/release depends on the cli (oc) to obtain and manipulate images and releases, we need to first merge the changes in openshift/ci-tools#3345 and then here before the changes in oc can be merged. This change was announced in 4.10 and a proper warning was shown when using oc commands that work with registries since then.