mirror
/
repo2docker
kopia lustrzana https://github.com/jupyterhub/repo2docker
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Use custom dind for talking to insecure registry

pull/1421/head
YuviPanda 2025-02-28 09:44:35 -08:00
rodzic 69e67a23bf
commit a8369beed4
1 zmienionych plików z 54 dodań i 6 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

60
tests/registry/test_registry.py
Wyświetl plik

@ -1,3 +1,5 @@
import os
import socket
from pathlib import Path from pathlib import Path
import subprocess import subprocess
import pytest import pytest
@ -9,17 +11,62 @@ import secrets
HERE = Path(__file__).parent HERE = Path(__file__).parent
@pytest.fixture @pytest.fixture(scope="session")
def registry(): def dind(registry, host_ip):
port = get_free_port()
dind_image = "docker:dind"
subprocess.check_call(["docker", "pull", dind_image])
# This is insecure, because I'm disabling all kinds of authentication on the docker daemon.
# FIXME: Use TLS verification.
# but also docker this is your own fucking fault for making technical choices that force dockerhub
# to be the primary registry, so your registry handling sucks and forces these kinds of difficulties.
cmd = [
"docker", "run", "-e", 'DOCKER_TLS_CERTDIR=',
"--privileged", "-p", f"{port}:2376", dind_image,
"--host", "0.0.0.0:2376",
"--insecure-registry", registry,
"--tls=false"
]
proc = subprocess.Popen(cmd)
time.sleep(5)
try:
yield f"tcp://{host_ip}:{port}"
finally:
proc.terminate()
proc.wait()
@pytest.fixture(scope="session")
def host_ip():
# Get the IP of the current machine, as we need to use the same IP
# for all our docker commands, *and* the dind we run needs to reach it
# in the same way.
# Thanks to https://stackoverflow.com/a/28950776
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.settimeout(0)
try:
# doesn't even have to be reachable
s.connect(('10.254.254.254', 1))
host_ip = s.getsockname()[0]
finally:
s.close()
return host_ip
@pytest.fixture(scope="session")
def registry(host_ip):
port = get_free_port() port = get_free_port()
# Explicitly pull the image first so it runs on time # Explicitly pull the image first so it runs on time
registry_image = "registry:3.0.0-rc.3" registry_image = "registry:3.0.0-rc.3"
subprocess.check_call(["docker", "pull", registry_image]) subprocess.check_call(["docker", "pull", registry_image])
cmd = [ cmd = [
"docker", "run", "-p", f"{port}:5000", registry_image "docker", "run", "--rm",
"-p", f"{port}:5000", registry_image
] ]
proc = subprocess.Popen(cmd) proc = subprocess.Popen(cmd)
health_url = f'http://localhost:{port}/v2' health_url = f'http://{host_ip}:{port}/v2'
# Wait for the registry to actually come up # Wait for the registry to actually come up
for i in range(10): for i in range(10):
try: try:
@ -34,19 +81,20 @@ def registry():
raise TimeoutError("Test registry did not come up in time") raise TimeoutError("Test registry did not come up in time")
try: try:
yield f"localhost:{port}" yield f"{host_ip}:{port}"
finally: finally:
proc.terminate() proc.terminate()
proc.wait() proc.wait()
def test_registry(registry): def test_registry(registry, dind):
image_name = f"{registry}/{secrets.token_hex(8)}:latest" image_name = f"{registry}/{secrets.token_hex(8)}:latest"
r2d = make_r2d([ r2d = make_r2d([
"--image", image_name, "--image", image_name,
"--push", "--no-run", str(HERE) "--push", "--no-run", str(HERE)
]) ])
os.environ["DOCKER_HOST"] = dind
r2d.start() r2d.start()
proc = subprocess.run(["docker", "manifest", "inspect", "--insecure", image_name]) proc = subprocess.run(["docker", "manifest", "inspect", "--insecure", image_name])