Machines created by podman machine must alter registries.conf
#11489
Assignees
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
|
I got "lucky" while testing, since the image was covered by the hard-coded list
Running other images does show the problem, and don't work at all (as short)
|
Was there another issue already, on how to handle the prompting over remote ? |
|
Nope we need one for that as well. We are talking about multiple different steps to fix this long term. |
|
I suggest dropping a config into unqualified-search-registries = ["docker.io"]Cc: @mtrmac |
|
I gave it a shot in #11498 |
|
For the record: the same issue applies when using Podman/Buildah without having access to a TTY (e.g., in a build pipeline) when the short-name mode is set to enforcing. That was the trade-off for increasing security. It is hence not entirely limited to remote. Getting prompting to work over the libpod endpoints will increase the interactive experience when using podman-remote but the core issue still persists when using the remote API in a non-interactive fashion (without podman-remote) or using the compat API. |
|
That is understood, we are trying to help out Humans though and not robots. Robots can more easily be fixed the humans. |
vrothberg
added a commit
to vrothberg/libpod
that referenced
this issue
Sep 10, 2021
Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Fixes: containers#11489 Signed-off-by: Valentin Rothberg <[email protected]>
mheon
pushed a commit
to mheon/libpod
that referenced
this issue
Sep 20, 2021
Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Fixes: containers#11489 Signed-off-by: Valentin Rothberg <[email protected]>
praveenkumar
added a commit
to praveenkumar/snc
that referenced
this issue
Feb 15, 2022
Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Without this patch docker client not able to pull short-name images for remote client ``` $ ssh -nNT -L $(pwd)/docker.sock:/run/podman/podman.sock -i /Users/prkumar/.ssh/podman-machine-default -p 64940 root@localhost <-- different terminal --> $ export DOCKER_HOST=unix://$(pwd)/docker.sock $ docker pull httpd:latest Error response from daemon: failed to resolve image name: short-name resolution enforced but cannot prompt without a TTY ``` This is taken from https://github.com/containers/podman/blob/e06631d6c22f4d5b7a62f70ccdf623379a9d5fe7/pkg/machine/ignition.go#L305-L323 - containers/podman#11489
praveenkumar
added a commit
to praveenkumar/snc
that referenced
this issue
Feb 15, 2022
Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Without this patch docker/podman client not able to pull short-name images when using remote socket. ``` $ ssh -nNT -L $(pwd)/docker.sock:/run/podman/podman.sock -i /Users/prkumar/.ssh/podman-machine-default -p 64940 root@localhost <-- different terminal --> $ export DOCKER_HOST=unix://$(pwd)/docker.sock $ docker pull httpd:latest Error response from daemon: failed to resolve image name: short-name resolution enforced but cannot prompt without a TTY ``` - containers/podman@6f36a47 - containers/podman#11489
praveenkumar
added a commit
to praveenkumar/snc
that referenced
this issue
Feb 15, 2022
Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Without this patch docker/podman client not able to pull short-name images when using remote socket. ``` $ ssh -nNT -L $(pwd)/docker.sock:/run/podman/podman.sock -i /Users/prkumar/.ssh/podman-machine-default -p 64940 root@localhost ==== docker client ==== $ docker -H unix://$(pwd)/docker.sock pull httpd:latest Error response from daemon: failed to resolve image name: short-name resolution enforced but cannot prompt without a TTY === podman client === $ podman -c unix://$(pwd)/docker.sock pull httpd:latest Error: short-name resolution enforced but cannot prompt without a TTY ``` - containers/podman@6f36a47 - containers/podman#11489
praveenkumar
added a commit
to praveenkumar/snc
that referenced
this issue
Feb 15, 2022
Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Without this patch docker/podman client not able to pull short-name images when using remote socket. ``` $ eval $(crc podman-env) $ podman-remote pull httpd:latest Error: short-name resolution enforced but cannot prompt without a TTY ``` - containers/podman@6f36a47 - containers/podman#11489
praveenkumar
added a commit
to crc-org/snc
that referenced
this issue
Feb 16, 2022
Enforce "docker.io" to be the only search registry. Short-name resolution for remote clients is not fully supported since there is no means to prompt. Enforcing a single registry works around the problem since prompting only fires with more than one search registry. Without this patch docker/podman client not able to pull short-name images when using remote socket. ``` $ eval $(crc podman-env) $ podman-remote pull httpd:latest Error: short-name resolution enforced but cannot prompt without a TTY ``` - containers/podman@6f36a47 - containers/podman#11489
github-actions
bot
added
the
locked - please file new issue/PR
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
At present,
podman-remotedoes not properly support short name prompting. The VMs created bypodman machinepresently use FCOS based on F34, which includes aregistries.confthat enforces shortname prompting. The combination of these two renders shortnames unusable with machines created bypodman machineat present.After some discussion, the team decided on a temporary workaround of changing
registries.confto only have a single search registry for VMs created bypodman machine:docker.io. This will remove the need for prompting as there will be no ambiguity. In the future we will investigate a more permanent solution that allowspodman-remoteto prompt (while not requiring the Docker-compatible API to do so).The text was updated successfully, but these errors were encountered: