Commit 5a5a06d2 authored by BAIRE Anthony's avatar BAIRE Anthony
Browse files

support registry authentication in the controller

because it is now based on tokens (instead of using TLS client certificates)
parent a0ecda20
---
# ############ registry configuration ################
#
# # authentication
# registry_auth:
# username: "USER"
# password: "PASS""
#
# ############ jobs configuration ################
#
# # number of cpus allocated to each job (default: no limit)
......
......@@ -1339,22 +1339,25 @@ class JobManager(Manager):
#
class PullManager(Manager):
def __init__(self, nb_threads, client, name):
def __init__(self, nb_threads, client, name, *, auth_config=None):
super().__init__(nb_threads, interruptible=True)
self.client = client
self.name = name
self.auth_config = auth_config
@asyncio.coroutine
def _process(self, img, reset, rescheduled):
image, version = img
log.info("pull to the %-10s %s:%s", self.name, image, version)
return self.run_in_executor(self.client.pull, image, version)
return self.run_in_executor(lambda:
self.client.pull(image, version, auth_config=self.auth_config))
class PushManager(Manager):
def __init__(self, nb_threads, ctrl):
def __init__(self, nb_threads, ctrl, *, auth_config=None):
super().__init__(nb_threads, interruptible=True)
self.ctrl = ctrl
self.auth_config = auth_config
@asyncio.coroutine
def _process(self, version_id, reset, rescheduled):
......@@ -1387,7 +1390,8 @@ class PushManager(Manager):
tag = version.number
log.info("push from the %-8s %s:%s", "sandbox", image, tag)
yield from self.run_in_executor(docker_check_error, self.ctrl.sandbox.push, image, tag)
yield from self.run_in_executor(docker_check_error, lambda:
self.ctrl.sandbox.push(image, tag, auth_config=self.auth_config))
reset()
......@@ -1416,13 +1420,17 @@ class ImageManager:
def __init__(self, ctrl,
nb_push_sandbox = NB_PUSH_SANDBOX,
nb_pull_sandbox = NB_PULL_SANDBOX,
nb_pull_swarm = NB_PULL_SWARM):
nb_pull_swarm = NB_PULL_SWARM,
*, auth_config=None):
self.ctrl = ctrl
self.sandbox_push_manager = PushManager(nb_push_sandbox, ctrl)
self.sandbox_pull_manager = PullManager(nb_pull_sandbox, ctrl.sandbox, "sandbox")
self.swarm_pull_manager = PullManager(nb_pull_swarm, ctrl.swarm, "swarm")
self.sandbox_push_manager = PushManager(nb_push_sandbox, ctrl,
auth_config=auth_config)
self.sandbox_pull_manager = PullManager(nb_pull_sandbox, ctrl.sandbox, "sandbox",
auth_config=auth_config)
self.swarm_pull_manager = PullManager(nb_pull_swarm, ctrl.swarm, "swarm",
auth_config=auth_config)
# return a future
@auto_create_task
......@@ -1504,6 +1512,12 @@ class DockerController:
self.cpu_shares = cfg.get("cpus", None, int)
dct = cfg.get("registry_auth", None, dict)
auth_config = {
"username": dct.get("username", str, required=True),
"password": dct.get("password", str, required=True),
} if dct else None
self.sandbox = SharedSwarmClient(sandbox_host, config=cfg.get("sandbox", {}, dict), alias="sandbox")
if sandbox_host == swarm_host:
self.swarm = self.sandbox
......@@ -1521,7 +1535,7 @@ class DockerController:
self.sock.listen(32)
self.sock.setblocking(False)
self.image_manager = ImageManager(self)
self.image_manager = ImageManager(self, auth_config=auth_config)
self.sandbox_manager = SandboxManager(self)
self.job_manager = JobManager(self)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment