starlingx/integ
Code Issues Proposed changes

Fix containerd cannot pull image with old registry-token-server

Browse Source 
registry-token-server has been updated to support POST method.
But for upgrade case(stx3.0 upgrade to stx4.0), containerd need
talk with old registry-token-server which doesn't support POST
method, and 400 error code will be returned. For this case,
containerd still need fallback to GET method.

Story: 2006145
Task: 38763
Change-Id: I9834d1afae406c7e1f80bea6034931d854d4e868
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
This commit is contained in:
Shuicheng Lin
2020-02-12 09:10:52 +08:00
parent 8442e616cc
commit 0e1ad4bbcd
1 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
kubernetes/containerd/centos/files/0001-customize-containerd-for-StarlingX.patch
View File

@@ -4,12 +4,16 @@ Date: Wed, 25 Sep 2019 20:02:34 +0800
Subject: [PATCH] customize containerd for StarlingX
1. disable btrfs to pass build.
2. docker registry in StarlingX 3.0 branch doesn't support POST method
for token and will return 400. Switch to GET method to get token if
StatusCode is 400.
3. hardcode version info due to miss git info in tarball.
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
---
containerd/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
containerd/Makefile | 3 ++-
containerd/remotes/docker/authorizer.go | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/containerd/Makefile b/containerd/Makefile
index 6758161..49dd612 100644
@@ -32,6 +36,20 @@ index 6758161..49dd612 100644
GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(GO_BUILDTAGS)",)
GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)'
SHIM_GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static" $(EXTRA_LDFLAGS)'
diff --git a/containerd/remotes/docker/authorizer.go b/containerd/remotes/docker/authorizer.go
index 9652d3a..38ab5fb 100644
--- a/containerd/remotes/docker/authorizer.go
+++ b/containerd/remotes/docker/authorizer.go
@@ -366,7 +366,8 @@ func (ah *authHandler) fetchTokenWithOAuth(ctx context.Context, to tokenOptions)
// Registries without support for POST may return 404 for POST /v2/token.
// As of September 2017, GCR is known to return 404.
// As of February 2018, JFrog Artifactory is known to return 401.
- if (resp.StatusCode == 405 && to.username != "") || resp.StatusCode == 404 || resp.StatusCode == 401 {
+ // Current Registry in StarlingX returns 400 for POST /v2/token.
+ if (resp.StatusCode == 405 && to.username != "") || resp.StatusCode == 404 || resp.StatusCode == 401 || resp.StatusCode == 400 {
return ah.fetchToken(ctx, to)
} else if resp.StatusCode < 200 || resp.StatusCode >= 400 {
b, _ := ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB
--
2.7.4