Add --image-for and --output to oc adm release info
#21766
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Docker returns 403 if the image isn't found in order to preserve anonymity. Convey that in a more succinct form to the user. Also report a more accurate error if the user provides us an image of the form `x.y`.
`--image-for=TAG` lets a user get the exact pull spec out of the payload or return an error. Allows scripting around a particular payload, for instance to get the installer or CLI binary out of the image referenced in the payload. The `--output` command acts like `oc image info` and prints a semi-formal API output of the info gathered for scripting.
openshift-ci-robot
added
the
size/L
openshift-ci-robot
added
the
approved
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: smarterclayton The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Contributor
Author
|
@wking parallels the CVO behavior and intended for admin scripting by (for now) ART and QE to let them get the installer binary out of the payload without having to execute the payload. @vikaslaad @tbielawa you can use this to get the installer binary with: or the oc cli with: |
smarterclayton
force-pushed
the
image_info
branch
from
92b71bf to
f80c893
Compare
Contributor
Author
|
/retest |
smarterclayton
force-pushed
the
image_info
branch
from
f80c893 to
91ef8b3
Compare
As a user, if i want a single file out of an image it's annoying. Make
extraction explicit (does not require confirm) if you want to extract
a single file into the current directory.
oc image extract IMAGE --file /usr/bin/ls
copies ls into the current directory.
smarterclayton
force-pushed
the
image_info
branch
from
91ef8b3 to
01bad53
Compare
Contributor
Author
|
/retest |
1 similar comment
Contributor
Author
|
/retest |
Contributor
Author
|
/retest |
4 similar comments
Contributor
Author
|
/retest |
Contributor
Author
|
/retest |
Contributor
Author
|
/retest |
Contributor
Author
|
/retest |
wking
added a commit
to wking/openshift-installer
that referenced
this pull request
Mar 15, 2019
…ayload A number of users have had issues mixing and matching installers and update payloads. This script removes a degree of freedom by extracting the installer from the update payload itself. You'll need a fairly new oc for this, since --image-for was only added in openshift/origin@f1d50464 (Add `--image-for` and `--output` to `oc adm release info`, 2019-01-10, openshift/origin#21766). I've taken a fairly conservative approach to pushing host information into the container. If you leave off the AWS_* variables, the installer will prompty you, so that's a bit tedious, but not the end of the world. With all the trappings for an AWS cluster, this could look like: $ SSH_PUBKEY=~/.ssh/id_rsa.pub \ > AWS_PROFILE=openshift-dev \ > AWS_CONFIG_FILE=~/.aws/config \ > AWS_SHARED_CREDENTIALS_FILE=~/.aws/credentials \ > RELEASE=registry.svc.ci.openshift.org/openshift/origin-release:4.0.0-0.alpha-2019-02-06-200409 \ > install-release-image create cluster which is a bit of a mouthful :p. We could set defaults for AWS_SHARED_CREDENTIALS_FILE and mount them into the cluster by default, but I don't want callers to be concerned about leaking information they may consider highly sensitive. I'm less concerned about SSH public keys or AWS_CONFIG_FILE being considered sensitive, so the default behavior there is to mount them in from the usual locations. I'm setting HOME so I can mount in ~/.ssh, ~/.aws, etc. without mounting those into the asset directory at /output. We want the mounted (semi-)secret data to be reaped with the container, with no chance of persisting in the asset directory. The mkdir call avoids: $ ASSETS=does-not-exist install-release-image.sh realpath: ‘does-not-exist’: No such file or directory failed to resolve asset path since folks are likely to expect the installer's semantics (where it creates the requested asset directory if it didn't already exist). We can't wait on the installer though, because we are using realpath to convert to an absolute path so we can set up the volume options for Podman. The SC2154 disable avoids [2]: ./scripts/install-release-image.sh:50:9: note: Don't use variables in the printf format string. Use printf "..%s.." "$foo". [SC2059] Folks calling 'die' should follow that advice. This 'die' code that calls 'printf' is just passing along the value given by the 'die' caller. [1]: https://github.com/openshift/machine-config-operator/blob/master/docs/Update-SSHKeys.md [2]: https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_installer/1221/pull-ci-openshift-installer-shellcheck/3407/build-log.txt
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
--image-for=TAGlets a user get the exact pull spec out of the payload orreturn an error. Allows scripting around a particular payload, for instance
to get the installer or CLI binary out of the image referenced in the
payload.
The
--outputcommand acts likeoc image infoand prints a semi-formalAPI output of the info gathered for scripting.