Revert "Pass user credentials when pull/push images from local docker

registry" The local docker registry authentication commit https://review.openstack.org/#/c/626355/ is blocked to merge as kubernetes is not passing credentials when pulling images from local docker registry. The solution hasn't been decided yet, one optional solution could be to make images pull wide open (no authentication for pulling). Revert this commit as it fails to pull images for custom apps. Will add the authentication back after a proper solution decided for the local docker registry authentication feature. This reverts commit 6946ea845a. Change-Id: I7e402421b3e8a88644c949a9ec57cbb091750e1e
2019-01-22 18:50:39 +00:00 · 2019-01-22 18:50:39 +00:00 · 5103da2a05
parent 6946ea845a
commit 5103da2a05
2 changed files with 2 additions and 21 deletions
--- a/sysinv/sysinv/sysinv/sysinv/common/exception.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/exception.py
@ -923,11 +923,6 @@ class KubeAppNotFound(NotFound):
    message = _("No application with name %(name)s.")


-class DockerRegistryCredentialNotFound(NotFound):
-    message = _("Credentials to access local docker registry "
-                "for user %(name)s could not be found.")
-
-
 class SDNNotEnabled(SysinvException):
    message = _("SDN configuration is not enabled.")

--- a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
+++ b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
@ -11,7 +11,6 @@

 import docker
 import grp
-import keyring
 import os
 import pwd
 import re
@ -58,8 +57,6 @@ INSTALLATION_TIMEOUT = 3600
 MAX_DOWNLOAD_THREAD = 20
 TARFILE_DOWNLOAD_CONNECTION_TIMEOUT = 60
 TARFILE_TRANSFER_CHUNK_SIZE = 1024 * 512
-DOCKER_REGISTRY_USER = 'admin'
-DOCKER_REGISTRY_SERVICE = 'CGCS'


 # Helper functions
@ -100,16 +97,6 @@ def get_app_install_root_path_ownership():
    return (uid, gid)


-def get_docker_registry_authentication():
-    docker_registry_user_password = keyring.get_password(
-        DOCKER_REGISTRY_SERVICE, DOCKER_REGISTRY_USER)
-    if not docker_registry_user_password:
-        raise exception.DockerRegistryCredentialNotFound(
-            name=DOCKER_REGISTRY_USER)
-
-    return dict(username=DOCKER_REGISTRY_USER,
-        password=docker_registry_user_password)
-
 Chart = namedtuple('Chart', 'name namespace')


@ -1218,9 +1205,8 @@ class DockerHelper(object):
        try:
            # Pull image from local docker registry
            LOG.info("Image %s download started from local registry" % loc_img_tag)
-            docker_registry_auth = get_docker_registry_authentication()
            client = docker.APIClient(timeout=INSTALLATION_TIMEOUT)
-            client.pull(loc_img_tag, auth_config=docker_registry_auth)
+            client.pull(loc_img_tag)
        except docker.errors.NotFound:
            try:
                # Image is not available in local docker registry, get the image
@ -1230,7 +1216,7 @@ class DockerHelper(object):
                pub_img_tag = loc_img_tag[1 + loc_img_tag.find('/'):]
                client.pull(pub_img_tag)
                client.tag(pub_img_tag, loc_img_tag)
-                client.push(loc_img_tag, auth_config=docker_registry_auth)
+                client.push(loc_img_tag)
            except Exception as e:
                rc = False
                LOG.error("Image %s download failed from public registry: %s" % (pub_img_tag, e))