Describe changes that need to be done for quay.io
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
This commit is contained in:
Michal Konecny
parent
652070919e
commit
2a24779d84
1 changed files with 58 additions and 0 deletions
|
|
@ -23,3 +23,61 @@ gets enough karma it is moved by bodhi to
|
||||||
|
|
||||||
Changes for quay.io
|
Changes for quay.io
|
||||||
-------------------
|
-------------------
|
||||||
|
|
||||||
|
This section will describe changes that are needed to make quay.io work with current setup.
|
||||||
|
It will go through pipeline step by step and describe what needs to be changed in case of
|
||||||
|
flatpaks workflow.
|
||||||
|
|
||||||
|
OSBS
|
||||||
|
^^^^
|
||||||
|
OSBS is using Openshift local container registry, which is configured by
|
||||||
|
`dockercfg <https://pagure.io/fedora-infra/ansible/blob/main/f/files/osbs/dockercfg-production-secret.j2>`_
|
||||||
|
file and pointing to candidate-registry. There is dockercfg for
|
||||||
|
`production <https://pagure.io/fedora-infra/ansible/blob/main/f/files/osbs/dockercfg-production-secret.j2>`_ and `staging <https://pagure.io/fedora-infra/ansible/blob/main/f/files/osbs/dockercfg-staging-secret.j2>`_.
|
||||||
|
This dockercfg is used as a secret in OSBS and it's deployed in
|
||||||
|
`setup-worker-namespace <https://pagure.io/fedora-infra/ansible/blob/main/f/playbooks/groups/osbs/setup-worker-namespace.yml>`_ playbook.
|
||||||
|
To make this work with quay.io we need to replace the dockercfg with new one pointing to quay.io.
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
OSBS could have trouble reaching to quay.io, this needs to be solved for this to work.
|
||||||
|
|
||||||
|
Koji
|
||||||
|
^^^^
|
||||||
|
There is currently a initiative that is trying to remove OSBS from flatpak build pipeline. At
|
||||||
|
the time of writing this document this is only enabled for F39. But as the F38 flaptak runtime
|
||||||
|
will be considered EOL the koji-flatpak module will be the only way.
|
||||||
|
|
||||||
|
The koji-flatpak module is much direct, there is just one
|
||||||
|
`configuration file <https://pagure.io/fedora-infra/ansible/blob/main/f/roles/koji_builder/templates/flatpak.conf>`_
|
||||||
|
used to specify where the koji builders should push the build container. The `candidate-registry`
|
||||||
|
variable is set in `tasks/main`.
|
||||||
|
|
||||||
|
Currently the builders don't have access to quay.io. The firewall settings needs to be adjusted
|
||||||
|
so they could push containers.
|
||||||
|
|
||||||
|
Bodhi
|
||||||
|
^^^^^
|
||||||
|
|
||||||
|
Bodhi is pushing the container builds from candidate-registry.fedoraproject.org to
|
||||||
|
registry.fedoraproject.org and this is configured in
|
||||||
|
`production.ini template <https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/base/templates/production.ini.j2>`_
|
||||||
|
in ansible.
|
||||||
|
|
||||||
|
To make it work with quay.io we just need to change `container.destination_registry` and
|
||||||
|
`container.source_registry` variables.
|
||||||
|
|
||||||
|
Proxies
|
||||||
|
^^^^^^^
|
||||||
|
|
||||||
|
We need to redirect all the pull requests for registry.fedoraproject.org to quay.io. This could be
|
||||||
|
done by `mod_proxy / mod_rewrite` and redirect all requests to
|
||||||
|
https://registry.fedoraproject.org/v2/REPO/ to https://quay/v2/fedora/REPO/
|
||||||
|
|
||||||
|
flatpak-indexer
|
||||||
|
^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
`flatpak-indexer <https://github.com/owtaylor/flatpak-indexer>`_ is used to read metadata from containers
|
||||||
|
and generate index in format flatpak client understands. It also creates deltas for updates. It's deployed in OpenShift
|
||||||
|
and the changes have to be done in
|
||||||
|
`configuration <https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/flatpak-indexer/templates/configmap.yml>`_.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue