Add container config for fedora-image-uploader

jcline commented

2024-08-09 16:16:12 +00:00

Contributor

Add a configuration section for uploading containers to registries and the associated authentication.

Not sure if there's a staging registry we want to push to. Also, still need to figure out what format we'll get the authentication (ultimately we probably want to do https://docs.podman.io/en/latest/markdown/podman-login.1.html#authfile-path)

Also, before we merge and deploy this, we need to make sure the other thing doing this gets stopped. See https://pagure.io/releng/issue/12142

Add a configuration section for uploading containers to registries and the associated authentication. Not sure if there's a staging registry we want to push to. Also, still need to figure out what format we'll get the authentication (ultimately we probably want to do https://docs.podman.io/en/latest/markdown/podman-login.1.html#authfile-path) Also, before we merge and deploy this, we need to make sure the other thing doing this gets stopped. See https://pagure.io/releng/issue/12142

zuul commented

2024-08-09 16:20:18 +00:00

First-time contributor

Build succeeded.
https://fedora.softwarefactory-project.io/zuul/buildset/419f4a50aa27438a8ced4de9a90cc96d

fi-ansible-lint-diff : SUCCESS in 3m 51s
fi-yamllint-diff : SUCCESS in 2m 20s

Build succeeded. https://fedora.softwarefactory-project.io/zuul/buildset/419f4a50aa27438a8ced4de9a90cc96d - [fi-ansible-lint-diff ](https://fedora.softwarefactory-project.io/zuul/build/61d00f729f1b43f39765445b614314cb) : SUCCESS in 3m 51s - [fi-yamllint-diff ](https://fedora.softwarefactory-project.io/zuul/build/a830eab7523c48bc97712b7820d946c4) : SUCCESS in 2m 20s

kevin commented

2024-08-13 22:57:53 +00:00

Contributor

We do have a candidate-registry for testing stuff. We don't currently use it for these uploads tho, only flatpaks...

jcline commented

2024-08-14 21:29:03 +00:00

Author

Contributor

Cool. If it's alright to use for testing in stage, I'll add a configuration section for those because I can jump into the staging container and replay a production compose to test things out. Is it just candidate-registry.fedoraproject.org?

I also need to sit down and get the registry credentials set up - thanks for pointing me to where those are set up at Flock. Hoooopefully this week, but y'know...

Cool. If it's alright to use for testing in stage, I'll add a configuration section for those because I can jump into the staging container and replay a production compose to test things out. Is it just `candidate-registry.fedoraproject.org`? I also need to sit down and get the registry credentials set up - thanks for pointing me to where those are set up at Flock. Hoooopefully this week, but y'know...

kevin commented

2024-08-14 22:40:12 +00:00

Contributor

There is actually a oci-candidate-registry01.stg.iad2.fedoraproject.org and a oci-registry01.stg.iad2.fedoraproject.org
Those should be just fine to test with in stg.

There is actually a oci-candidate-registry01.stg.iad2.fedoraproject.org and a oci-registry01.stg.iad2.fedoraproject.org Those should be just fine to test with in stg.

jcline commented

2024-08-28 21:19:40 +00:00

Author

Contributor

rebased onto bd4b5f976d

rebased onto bd4b5f976d197aa9af6011d726ff1e261d0ded9d

jcline commented

2024-08-28 21:19:41 +00:00

Author

Contributor

rebased onto bd4b5f976d

rebased onto bd4b5f976d197aa9af6011d726ff1e261d0ded9d

jcline commented

2024-08-28 21:23:59 +00:00

Author

Contributor

Okay, I finally got back to this. My ansible skills aren't very good and I decided I didn't want to craft the JSON file produced by podman-login, so I changed the uploader to run buildah login on startup. This way we can just pass credentials in as environment variables.

I know we talked about the credentials for the various registries at flock but I can't remember their names. I've only configured staging for container uploads and I'm not sure if I'm using the right credentials for that registry. If those all look right this can be merged and deployed any time as it only impacts staging.

Okay, I finally got back to this. My ansible skills aren't very good and I decided I didn't want to craft the JSON file produced by podman-login, so I changed the uploader to run `buildah login` on startup. This way we can just pass credentials in as environment variables. I know we talked about the credentials for the various registries at flock but I can't remember their names. I've only configured staging for container uploads and I'm not sure if I'm using the right credentials for that registry. If those all look right this can be merged and deployed any time as it only impacts staging.

zuul commented

2024-08-28 21:24:05 +00:00

First-time contributor

Build succeeded.
https://fedora.softwarefactory-project.io/zuul/buildset/ea1b562682a84df78b93df53b293d495

fi-ansible-lint-diff : SUCCESS in 4m 07s
fi-yamllint-diff : SUCCESS in 2m 31s

Build succeeded. https://fedora.softwarefactory-project.io/zuul/buildset/ea1b562682a84df78b93df53b293d495 - [fi-ansible-lint-diff ](https://fedora.softwarefactory-project.io/zuul/build/ff2c01e5fe0244d1ac4404750d8f3023) : SUCCESS in 4m 07s - [fi-yamllint-diff ](https://fedora.softwarefactory-project.io/zuul/build/6a712d37dec348f194a92a5cb0eb218a) : SUCCESS in 2m 31s

kevin commented

2024-08-29 23:39:20 +00:00

Contributor

Looks fine to me. We should likely setup a quay.io/fedora/candidate/ or something like that for tests using quay.io (is there any convention?)

jcline commented

2024-08-30 17:09:31 +00:00

Author

Contributor

Looks fine to me. We should likely setup a quay.io/fedora/candidate/ or something like that for tests using quay.io (is there any convention?)

I'm not familiar enough to say, unfortunately. Since https://quay.io/organization/fedora seems browse-able and all production things, if quay.io/fedora/candidate maps to something in there I'd say not, but I don't know if it means setting up another org or what.

My assumption is if it pushes to one repo in stage it should probably do the others okay so I don't know if we need a quay.io stage area (it doesn't hurt, but if it's a hassle to set up I'm not too worried about it).

> Looks fine to me. We should likely setup a quay.io/fedora/candidate/ or something like that for tests using quay.io (is there any convention?) I'm not familiar enough to say, unfortunately. Since https://quay.io/organization/fedora seems browse-able and all production things, if quay.io/fedora/candidate maps to something in there I'd say not, but I don't know if it means setting up another org or what. My assumption is if it pushes to one repo in stage it should probably do the others okay so I don't know if we need a quay.io stage area (it doesn't hurt, but if it's a hassle to set up I'm not too worried about it).

jcline commented

2024-09-17 13:48:49 +00:00

Author

Contributor

Based on our matrix talk, we can come back to this and move stage to Quay when it's time to get rid of the candidate-registry. Given that this is ready to merge and deploy whenever is convenient for you!

kevin commented

2024-09-17 17:10:54 +00:00

Contributor

Lets wait until later this week when we are out of freeze and can disable the other thing without a freeze break.

kevin commented

2024-09-18 19:43:53 +00:00

Contributor

rebased onto 0db90a7f3a

rebased onto 0db90a7f3a830928cc13edab0934a07c26e0336d

kevin commented

2024-09-18 19:47:03 +00:00

Contributor

ok, lets merge. ;)

Let me know if you want me to run playbooks.

For staging we aren't doing any container builds/uploads really, so you should be able to test at your leasure.
When we go to prod we will need to comment/stop the cron jobs on compose-x86-01 and comment/remove the calls to the script in pungi-fedora/main and pungi-fedora/41

ok, lets merge. ;) Let me know if you want me to run playbooks. For staging we aren't doing any container builds/uploads really, so you should be able to test at your leasure. When we go to prod we will need to comment/stop the cron jobs on compose-x86-01 and comment/remove the calls to the script in pungi-fedora/main and pungi-fedora/41

kevin commented

2024-09-18 19:47:20 +00:00

Contributor

Pull-Request has been merged by kevin

zuul commented

2024-09-18 19:48:23 +00:00

First-time contributor

Build succeeded.
https://fedora.softwarefactory-project.io/zuul/buildset/43f53fd9e38748d8b15139ec9eb8eb6a

fi-ansible-lint-diff : SUCCESS in 4m 15s
fi-yamllint-diff : SUCCESS in 2m 36s

Build succeeded. https://fedora.softwarefactory-project.io/zuul/buildset/43f53fd9e38748d8b15139ec9eb8eb6a - [fi-ansible-lint-diff ](https://fedora.softwarefactory-project.io/zuul/build/1fdb2ccade534d05b8c7a045a564785c) : SUCCESS in 4m 15s - [fi-yamllint-diff ](https://fedora.softwarefactory-project.io/zuul/build/208afc24eecd46c4870232d9c81e2b63) : SUCCESS in 2m 36s

jcline commented

2024-09-19 15:10:09 +00:00

Author

Contributor

ok, lets merge. ;)

Let me know if you want me to run playbooks.

For staging we aren't doing any container builds/uploads really, so you should be able to test at your leasure.

If you could run the playbook that'd be great, I'd like to test this out in stage today.

> ok, lets merge. ;) > > Let me know if you want me to run playbooks. > > For staging we aren't doing any container builds/uploads really, so you should be able to test at your leasure. If you could run the playbook that'd be great, I'd like to test this out in stage today.

kevin commented

2024-09-19 15:32:20 +00:00

Contributor

Playbook run on stg.

Rows
Columns

Add container config for fedora-image-uploader #2200