1berry/spegel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix append to backup always happening (#603)

Browse Source
This commit is contained in:
Philip Laine 2024-10-13 13:12:46 +02:00 committed by GitHub
commit f9d2a10044
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 75 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -17,6 +17,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed ### Fixed
- [#603](https://github.com/spegel-org/spegel/pull/603) Fix append to backup always happening.
### Security ### Security
## v0.0.26 ## v0.0.26

28
pkg/oci/containerd.go
View File

@ -361,13 +361,19 @@ func AddMirrorConfiguration(ctx context.Context, fs afero.Fs, configPath string,
capabilities = append(capabilities, "resolve") capabilities = append(capabilities, "resolve")
} }
for _, registryURL := range registryURLs { for _, registryURL := range registryURLs {
existingHosts, err := existingHosts(fs, configPath, registryURL) templatedHosts, err := templateHosts(registryURL, mirrorURLs, capabilities)
if err != nil { if err != nil {
return err return err
} }
templatedHosts, err := templateHosts(registryURL, mirrorURLs, capabilities, existingHosts) if appendToBackup {
if err != nil { existingHosts, err := existingHosts(fs, configPath, registryURL)
return err if err != nil {
return err
}
if existingHosts != "" {
templatedHosts = templatedHosts + "\n\n" + existingHosts
}
log.Info("appending to existing Containerd mirror configuration", "registry", registryURL.String())
} }
fp := path.Join(configPath, registryURL.Host, "hosts.toml") fp := path.Join(configPath, registryURL.Host, "hosts.toml")
err = fs.MkdirAll(path.Dir(fp), 0o755) err = fs.MkdirAll(path.Dir(fp), 0o755)
@ -378,11 +384,7 @@ func AddMirrorConfiguration(ctx context.Context, fs afero.Fs, configPath string,
if err != nil { if err != nil {
return err return err
} }
if existingHosts != "" { log.Info("added Containerd mirror configuration", "registry", registryURL.String(), "path", fp)
log.Info("appending to existing Containerd mirror configuration", "registry", registryURL.String(), "path", fp)
} else {
log.Info("added Containerd mirror configuration", "registry", registryURL.String(), "path", fp)
}
} }
return nil return nil
} }
@ -456,7 +458,7 @@ func clearConfig(fs afero.Fs, configPath string) error {
return nil return nil
} }
func templateHosts(registryURL url.URL, mirrorURLs []url.URL, capabilities []string, existingHosts string) (string, error) { func templateHosts(registryURL url.URL, mirrorURLs []url.URL, capabilities []string) (string, error) {
server := registryURL.String() server := registryURL.String()
if registryURL.String() == "https://docker.io" { if registryURL.String() == "https://docker.io" {
server = "https://registry-1.docker.io" server = "https://registry-1.docker.io"
@ -485,11 +487,7 @@ capabilities = {{ $.Capabilities }}
if err != nil { if err != nil {
return "", err return "", err
} }
output := strings.TrimSpace(buf.String()) return strings.TrimSpace(buf.String()), nil
if existingHosts != "" {
output = output + "\n\n" + existingHosts
}
return output, nil
} }
type hostFile struct { type hostFile struct {

68
pkg/oci/containerd_test.go
View File

@ -209,10 +209,11 @@ func TestMirrorConfiguration(t *testing.T) {
appendToBackup bool appendToBackup bool
}{ }{
{ {
name: "multiple mirros", name: "multiple mirros",
resolveTags: true, resolveTags: true,
registries: stringListToUrlList(t, []string{"http://foo.bar:5000"}), registries: stringListToUrlList(t, []string{"http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000", "http://127.0.0.2:5000", "http://127.0.0.1:5001"}), mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000", "http://127.0.0.2:5000", "http://127.0.0.1:5001"}),
appendToBackup: false,
expectedFiles: map[string]string{ expectedFiles: map[string]string{
"/etc/containerd/certs.d/foo.bar:5000/hosts.toml": `server = 'http://foo.bar:5000' "/etc/containerd/certs.d/foo.bar:5000/hosts.toml": `server = 'http://foo.bar:5000'
@ -227,10 +228,11 @@ capabilities = ['pull', 'resolve']`,
}, },
}, },
{ {
name: "resolve tags disabled", name: "resolve tags disabled",
resolveTags: false, resolveTags: false,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}), registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}), mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
appendToBackup: false,
expectedFiles: map[string]string{ expectedFiles: map[string]string{
"/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io' "/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
@ -248,6 +250,7 @@ capabilities = ['pull']`,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}), registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}), mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
createConfigPathDir: false, createConfigPathDir: false,
appendToBackup: false,
expectedFiles: map[string]string{ expectedFiles: map[string]string{
"/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io' "/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
@ -265,6 +268,7 @@ capabilities = ['pull', 'resolve']`,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}), registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}), mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
createConfigPathDir: true, createConfigPathDir: true,
appendToBackup: false,
expectedFiles: map[string]string{ expectedFiles: map[string]string{
"/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io' "/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
@ -282,6 +286,7 @@ capabilities = ['pull', 'resolve']`,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}), registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}), mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
createConfigPathDir: true, createConfigPathDir: true,
appendToBackup: false,
existingFiles: map[string]string{ existingFiles: map[string]string{
"/etc/containerd/certs.d/docker.io/hosts.toml": "hello = 'world'", "/etc/containerd/certs.d/docker.io/hosts.toml": "hello = 'world'",
"/etc/containerd/certs.d/ghcr.io/hosts.toml": "foo = 'bar'", "/etc/containerd/certs.d/ghcr.io/hosts.toml": "foo = 'bar'",
@ -305,6 +310,7 @@ capabilities = ['pull', 'resolve']`,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}), registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}), mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
createConfigPathDir: true, createConfigPathDir: true,
appendToBackup: false,
existingFiles: map[string]string{ existingFiles: map[string]string{
"/etc/containerd/certs.d/_backup/docker.io/hosts.toml": "hello = 'world'", "/etc/containerd/certs.d/_backup/docker.io/hosts.toml": "hello = 'world'",
"/etc/containerd/certs.d/_backup/ghcr.io/hosts.toml": "foo = 'bar'", "/etc/containerd/certs.d/_backup/ghcr.io/hosts.toml": "foo = 'bar'",
@ -378,6 +384,52 @@ capabilities = ['pull', 'resolve']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']`, client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']`,
"/etc/containerd/certs.d/foo.bar:5000/hosts.toml": `server = 'http://foo.bar:5000' "/etc/containerd/certs.d/foo.bar:5000/hosts.toml": `server = 'http://foo.bar:5000'
[host.'http://127.0.0.1:5000']
capabilities = ['pull', 'resolve']`,
},
},
{
name: "append to backup disabled",
resolveTags: true,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
createConfigPathDir: true,
appendToBackup: false,
existingFiles: map[string]string{
"/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
[host.'http://example.com:30020']
capabilities = ['pull', 'resolve']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']
[host.'http://example.com:30021']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']
capabilities = ['pull', 'resolve']
[host.'http://bar.com:30020']
capabilities = ['pull', 'resolve']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']`,
},
expectedFiles: map[string]string{
"/etc/containerd/certs.d/_backup/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
[host.'http://example.com:30020']
capabilities = ['pull', 'resolve']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']
[host.'http://example.com:30021']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']
capabilities = ['pull', 'resolve']
[host.'http://bar.com:30020']
capabilities = ['pull', 'resolve']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']`,
"/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
[host.'http://127.0.0.1:5000']
capabilities = ['pull', 'resolve']`,
"/etc/containerd/certs.d/foo.bar:5000/hosts.toml": `server = 'http://foo.bar:5000'
[host.'http://127.0.0.1:5000'] [host.'http://127.0.0.1:5000']
capabilities = ['pull', 'resolve']`, capabilities = ['pull', 'resolve']`,
}, },