Skip to content

Commit

Permalink
Fix append to backup always happening (#603)
Browse files Browse the repository at this point in the history
  • Loading branch information
phillebaba authored Oct 13, 2024
2 parents 5140f2f + 607179d commit f9d2a10
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 23 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Fixed

- [#603](https://github.com/spegel-org/spegel/pull/603) Fix append to backup always happening.

### Security

## v0.0.26
Expand Down
28 changes: 13 additions & 15 deletions pkg/oci/containerd.go
Original file line number Diff line number Diff line change
Expand Up @@ -361,13 +361,19 @@ func AddMirrorConfiguration(ctx context.Context, fs afero.Fs, configPath string,
capabilities = append(capabilities, "resolve")
}
for _, registryURL := range registryURLs {
existingHosts, err := existingHosts(fs, configPath, registryURL)
templatedHosts, err := templateHosts(registryURL, mirrorURLs, capabilities)
if err != nil {
return err
}
templatedHosts, err := templateHosts(registryURL, mirrorURLs, capabilities, existingHosts)
if err != nil {
return err
if appendToBackup {
existingHosts, err := existingHosts(fs, configPath, registryURL)
if err != nil {
return err
}
if existingHosts != "" {
templatedHosts = templatedHosts + "\n\n" + existingHosts
}
log.Info("appending to existing Containerd mirror configuration", "registry", registryURL.String())
}
fp := path.Join(configPath, registryURL.Host, "hosts.toml")
err = fs.MkdirAll(path.Dir(fp), 0o755)
Expand All @@ -378,11 +384,7 @@ func AddMirrorConfiguration(ctx context.Context, fs afero.Fs, configPath string,
if err != nil {
return err
}
if existingHosts != "" {
log.Info("appending to existing Containerd mirror configuration", "registry", registryURL.String(), "path", fp)
} else {
log.Info("added Containerd mirror configuration", "registry", registryURL.String(), "path", fp)
}
log.Info("added Containerd mirror configuration", "registry", registryURL.String(), "path", fp)
}
return nil
}
Expand Down Expand Up @@ -456,7 +458,7 @@ func clearConfig(fs afero.Fs, configPath string) error {
return nil
}

func templateHosts(registryURL url.URL, mirrorURLs []url.URL, capabilities []string, existingHosts string) (string, error) {
func templateHosts(registryURL url.URL, mirrorURLs []url.URL, capabilities []string) (string, error) {
server := registryURL.String()
if registryURL.String() == "https://docker.io" {
server = "https://registry-1.docker.io"
Expand Down Expand Up @@ -485,11 +487,7 @@ capabilities = {{ $.Capabilities }}
if err != nil {
return "", err
}
output := strings.TrimSpace(buf.String())
if existingHosts != "" {
output = output + "\n\n" + existingHosts
}
return output, nil
return strings.TrimSpace(buf.String()), nil
}

type hostFile struct {
Expand Down
68 changes: 60 additions & 8 deletions pkg/oci/containerd_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -209,10 +209,11 @@ func TestMirrorConfiguration(t *testing.T) {
appendToBackup bool
}{
{
name: "multiple mirros",
resolveTags: true,
registries: stringListToUrlList(t, []string{"http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000", "http://127.0.0.2:5000", "http://127.0.0.1:5001"}),
name: "multiple mirros",
resolveTags: true,
registries: stringListToUrlList(t, []string{"http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000", "http://127.0.0.2:5000", "http://127.0.0.1:5001"}),
appendToBackup: false,
expectedFiles: map[string]string{
"/etc/containerd/certs.d/foo.bar:5000/hosts.toml": `server = 'http://foo.bar:5000'
Expand All @@ -227,10 +228,11 @@ capabilities = ['pull', 'resolve']`,
},
},
{
name: "resolve tags disabled",
resolveTags: false,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
name: "resolve tags disabled",
resolveTags: false,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
appendToBackup: false,
expectedFiles: map[string]string{
"/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
Expand All @@ -248,6 +250,7 @@ capabilities = ['pull']`,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
createConfigPathDir: false,
appendToBackup: false,
expectedFiles: map[string]string{
"/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
Expand All @@ -265,6 +268,7 @@ capabilities = ['pull', 'resolve']`,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
createConfigPathDir: true,
appendToBackup: false,
expectedFiles: map[string]string{
"/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
Expand All @@ -282,6 +286,7 @@ capabilities = ['pull', 'resolve']`,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
createConfigPathDir: true,
appendToBackup: false,
existingFiles: map[string]string{
"/etc/containerd/certs.d/docker.io/hosts.toml": "hello = 'world'",
"/etc/containerd/certs.d/ghcr.io/hosts.toml": "foo = 'bar'",
Expand All @@ -305,6 +310,7 @@ capabilities = ['pull', 'resolve']`,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
createConfigPathDir: true,
appendToBackup: false,
existingFiles: map[string]string{
"/etc/containerd/certs.d/_backup/docker.io/hosts.toml": "hello = 'world'",
"/etc/containerd/certs.d/_backup/ghcr.io/hosts.toml": "foo = 'bar'",
Expand Down Expand Up @@ -378,6 +384,52 @@ capabilities = ['pull', 'resolve']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']`,
"/etc/containerd/certs.d/foo.bar:5000/hosts.toml": `server = 'http://foo.bar:5000'
[host.'http://127.0.0.1:5000']
capabilities = ['pull', 'resolve']`,
},
},
{
name: "append to backup disabled",
resolveTags: true,
registries: stringListToUrlList(t, []string{"https://docker.io", "http://foo.bar:5000"}),
mirrors: stringListToUrlList(t, []string{"http://127.0.0.1:5000"}),
createConfigPathDir: true,
appendToBackup: false,
existingFiles: map[string]string{
"/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
[host.'http://example.com:30020']
capabilities = ['pull', 'resolve']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']
[host.'http://example.com:30021']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']
capabilities = ['pull', 'resolve']
[host.'http://bar.com:30020']
capabilities = ['pull', 'resolve']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']`,
},
expectedFiles: map[string]string{
"/etc/containerd/certs.d/_backup/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
[host.'http://example.com:30020']
capabilities = ['pull', 'resolve']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']
[host.'http://example.com:30021']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']
capabilities = ['pull', 'resolve']
[host.'http://bar.com:30020']
capabilities = ['pull', 'resolve']
client = ['/etc/certs/xxx/client.cert', '/etc/certs/xxx/client.key']`,
"/etc/containerd/certs.d/docker.io/hosts.toml": `server = 'https://registry-1.docker.io'
[host.'http://127.0.0.1:5000']
capabilities = ['pull', 'resolve']`,
"/etc/containerd/certs.d/foo.bar:5000/hosts.toml": `server = 'http://foo.bar:5000'
[host.'http://127.0.0.1:5000']
capabilities = ['pull', 'resolve']`,
},
Expand Down

0 comments on commit f9d2a10

Please sign in to comment.