ansible-podman-collections icon indicating copy to clipboard operation
ansible-podman-collections copied to clipboard

Published 20 hours ago verified publisher icon containers

Pushing to a specified dest is not respected if name "is a URL"

Open maybe-sybr opened this issue 3 years ago • 2 comments

/kind bug

Description

push_args['dest'] is ignored if the name of an image to be pushed is a URL (well...contains a forward slash). This is kind of annoying and is blocking me from using the podman module to push images to my registry mirror.

Steps to reproduce the issue:

  1. podman run --rm -ti -p 5000:5000 registry:2
  2. Make this task
- containers.podman.podman_image:
    name: docker.io/library/busybox
    push: yes
    push_args:
      dest: localhost:5000/
  1. Attempt to run the task

Describe the results you received: The podman module attempted to push the image back to docker.io rather than to my local mirror

Describe the results you expected: It should have pushed to my mirror

Additional information you deem important (e.g. issue happens only occasionally):

Version of the containers.podman collection: Either git commit if installed from git: git show --summary Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman

1.4.4

Output of ansible --version:

2.10.6

Output of podman version:

3.0.1

Output of podman info --debug:

(paste your output here)

Package info (e.g. output of rpm -q podman or apt list podman):

(paste your output here)

Playbok you run with ansible (e.g. content of playbook.yaml):

(paste your output here)

Command line and output of ansible run with high verbosity

Please NOTE: if you submit a bug about idempotency, run the playbook with --diff option, like:

ansible-playbook -i inventory --diff -vv playbook.yml

(paste your output here)

Additional environment details (AWS, VirtualBox, physical, etc.):

maybe-sybr avatar Mar 04 '21 05:03 maybe-sybr

The check which causes this is: https://github.com/containers/ansible-podman-collections/blob/7bacd62fadb2bbc7f2bde842d15aa7f89c390a97/plugins/modules/podman_image.py#L669-L671

maybe-sybr avatar Mar 04 '21 05:03 maybe-sybr

@maybe-sybr I was running into a similar problem, and I cannot guarantee this will fix your problem, but here is what I did to address my problem yesterday:

goal of playbook:

  • build a local image and push to an enterprise image repo using a specified tag rather than the default of latest

ansible environment:

  • RHEL 7.x
  • ansible-2.10.x
  • v1.4.0 of this collection

my playbook:

  • set up tmpdir
  • write templates as Dockerfile, entrypoint script to tmpdir
  • copy over some release with binaries to tmpdir
  • run buildah bud --tag repo-name:my-tag . which builds an image called localhost/repo-name with tag my-tag (I run this as a command as my enterprise's environment does not have the build support built in yet.)
  • run podman_image as follows: 
    containers.podman.podman_image:
  username: "user"
  password: "token"
  name: "repo-name:my-tag" # "localhost/" need not be here because it's assumed
  tag: "my-tag"
  pull: false  # not necessary but not taking chances
  push: true
  push_args:
    dest: "repo-fqdn/repo-org"
register: "push_results"
delegate_to: "localhost"
run_once: true

This results in a call to our enterprise repo, as printed to /var/log/messages, which I achieved by manually changing this module to write to self.module.log() which is in v1.4.1 and up:

/usr/bin/podman image ls repo-name:my-tag --format json
/usr/bin/podman push --tls-verify --creds user:**** repo-name:my-tag repo-fqdn/repo-org/repo-name:my-tag

The above was only achievable once I realized that (a) the value in name can be repo-name:tag, per the documentation on ansible.org, and (b) the dest can only be in the form of repo-fqdn-or-cname/repo-org, again as highlighted in the documentation, though the examples.

Regardless, I believe the module lacks a few things:

  • clear documentation for push workflow, like above, though the examples help, they imply only
  • any test cases related to pushing images elsewhere, as of the latest release
  • flexibility with regards to what is expected in dest or name, or at least exit with error that / is present in name
  • the push is not idempotent ... if I push an image successfully then push again, the second playbook returns changed: when. This might be something fixed since v1.4.0, so I will update this comment if I find it has been addressed since

giromide avatar Mar 19 '21 19:03 giromide