Skip to content

Commit 27c8efe

Browse files
ggiguashggiguash
committed
Reset Quay storage permissions to allow mirrored data usage
1 parent 1b01ba3 commit 27c8efe

File tree

1 file changed

+23
-10
lines changed

1 file changed

+23
-10
lines changed

test/bin/mirror_registry.sh

+23-10
Original file line numberDiff line numberDiff line change
@@ -9,19 +9,36 @@ POSTGRES_IMAGE="docker.io/library/postgres:10.12"
99
REDIS_IMAGE="docker.io/library/redis:5.0.7"
1010
QUAY_IMAGE="quay.io/microshift/quay:v3.11.7-$(uname -m)"
1111
QUAY_CONFIG_DIR="${MIRROR_REGISTRY_DIR}/config"
12+
QUAY_STORAGE_DIR="${MIRROR_REGISTRY_DIR}/storage"
1213

1314
PULL_SECRET=${PULL_SECRET:-${HOME}/.pull-secret.json}
1415
QUAY_PULL_SECRET="${QUAY_CONFIG_DIR}/pull_secret.json"
1516

17+
reset_storage_permissions() {
18+
# Ensure that permissions are open for the current user on the mirror registry
19+
# directories and files
20+
if [ -d "${MIRROR_REGISTRY_DIR}" ] ; then
21+
sudo chgrp -R "$(id -gn)" "${MIRROR_REGISTRY_DIR}"
22+
sudo find "${MIRROR_REGISTRY_DIR}" -type d -exec chmod a+rx '{}' +
23+
sudo find "${MIRROR_REGISTRY_DIR}" -type f -exec chmod a+r '{}' +
24+
fi
25+
# Quay storage directory expects 1001 owner ID
26+
if [ -d "${QUAY_STORAGE_DIR}" ] ; then
27+
sudo chown -R 1001 "${QUAY_STORAGE_DIR}"
28+
fi
29+
}
30+
1631
setup_prereqs() {
1732
# Install packages if not yet available locally
1833
if ! rpm -q podman skopeo jq &>/dev/null ; then
1934
"${SCRIPTDIR}/../../scripts/dnf_retry.sh" "install" "podman skopeo jq"
2035
fi
2136

22-
# Create registry repository base directory structure
37+
# Create registry repository base directory structure and reset permissions
38+
# if downloaded from cache
2339
mkdir -p "${MIRROR_REGISTRY_DIR}"
2440
mkdir -p "${QUAY_CONFIG_DIR}"
41+
reset_storage_permissions
2542

2643
# Create a new pull secret file containing authentication information for both
2744
# remote (from PULL_SECRET environment) and local registries
@@ -227,9 +244,9 @@ EOF
227244
fi
228245

229246
# See https://docs.projectquay.io/deploy_quay.html#preparing-local-storage
230-
if [ ! -d "${MIRROR_REGISTRY_DIR}/storage" ] ; then
231-
mkdir -p "${MIRROR_REGISTRY_DIR}/storage"
232-
setfacl -m u:1001:-wx "${MIRROR_REGISTRY_DIR}/storage"
247+
if [ ! -d "${QUAY_STORAGE_DIR}" ] ; then
248+
mkdir -p "${QUAY_STORAGE_DIR}"
249+
setfacl -m u:1001:-wx "${QUAY_STORAGE_DIR}"
233250
fi
234251

235252
# Run Quay container
@@ -240,7 +257,7 @@ EOF
240257
-p "${MIRROR_REGISTRY_PORT}:8080" \
241258
-p "[::]:${MIRROR_REGISTRY_PORT}:8080" \
242259
-v "${QUAY_CONFIG_DIR}:/conf/stack:Z" \
243-
-v "${MIRROR_REGISTRY_DIR}/storage:/datastorage:Z" \
260+
-v "${QUAY_STORAGE_DIR}:/datastorage:Z" \
244261
"${QUAY_IMAGE}" >/dev/null
245262

246263
# Wait until the Quay instance is started
@@ -268,11 +285,7 @@ EOF
268285
}
269286

270287
finalize_registry() {
271-
# Ensure that permissions are open for the current user on the mirror registry
272-
# directories and files. This is necessary to avoid 'find' command errors.
273-
sudo chgrp -R "$(id -gn)" "${MIRROR_REGISTRY_DIR}"
274-
sudo find "${MIRROR_REGISTRY_DIR}" -type d -exec chmod a+rx '{}' +
275-
sudo find "${MIRROR_REGISTRY_DIR}" -type f -exec chmod a+r '{}' +
288+
reset_storage_permissions
276289
# Delete the combined pull secret file
277290
rm -f "${QUAY_PULL_SECRET}"
278291
}

0 commit comments

Comments
 (0)