From 1cd5f68e1aefb741b0b3b9ca4ef7f9f13727f42b Mon Sep 17 00:00:00 2001 From: Benjamin Schanzel Date: Tue, 18 Mar 2025 16:12:00 +0100 Subject: [PATCH] mirror-container-images: use skopeo to mirror multiarch images Use skopeo to copy images between registries instead of docker/podman as this allows to copy layers and manifests of different architectures. The same would require far more steps with docker/podman. Change-Id: I1e6cda57d1eb827cc95eee54b19e9fd952cbf99e --- playbooks/container-image/mirror-pre.yaml | 3 +++ roles/mirror-container-images/tasks/inner.yaml | 16 +++++----------- roles/mirror-container-images/tasks/main.yaml | 2 +- test-playbooks/registry/test-registry-pre.yaml | 5 +++++ zuul.d/container-jobs.yaml | 2 +- 5 files changed, 15 insertions(+), 13 deletions(-) create mode 100644 playbooks/container-image/mirror-pre.yaml diff --git a/playbooks/container-image/mirror-pre.yaml b/playbooks/container-image/mirror-pre.yaml new file mode 100644 index 000000000..fc3a9e78e --- /dev/null +++ b/playbooks/container-image/mirror-pre.yaml @@ -0,0 +1,3 @@ +- hosts: all + roles: + - ensure-skopeo diff --git a/roles/mirror-container-images/tasks/inner.yaml b/roles/mirror-container-images/tasks/inner.yaml index 779ee9dd3..f860011d8 100644 --- a/roles/mirror-container-images/tasks/inner.yaml +++ b/roles/mirror-container-images/tasks/inner.yaml @@ -13,19 +13,13 @@ msg: "{{ zj_image.repository }} not permitted by {{ container_registry_credentials[zj_image.dest_registry].repository }}" - name: Log in to registry - command: "{{ container_command }} login -u {{ container_registry_credentials[zj_image.dest_registry].username }} -p {{ container_registry_credentials[zj_image.dest_registry].password }} {{ zj_image.dest_registry }}" + command: "skopeo login -u {{ container_registry_credentials[zj_image.dest_registry].username }} -p {{ container_registry_credentials[zj_image.dest_registry].password }} {{ zj_image.dest_registry }}" no_log: true -- name: Push and pull image +- name: Copy image block: - - name: "Pull image {{ zj_image.src_repository }}:{{ zj_image.src_tag }}" - command: "{{ container_command }} pull {{ zj_image.src_repository }}:{{ zj_image.src_tag }}" - - - name: Retag image - command: "{{ container_command }} tag {{ zj_image.src_repository }}:{{ zj_image.src_tag }} {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}" - - - name: "Push image {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}" - command: "{{ container_command }} push {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}" + - name: "Copy to {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}" + command: "skopeo copy --all docker://{{ zj_image.src_repository }}:{{ zj_image.src_tag }} docker://{{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}" always: - name: Log out of registry - command: "{{ container_command }} logout {{ zj_image.dest_registry }}" + command: "skopeo logout {{ zj_image.dest_registry }}" diff --git a/roles/mirror-container-images/tasks/main.yaml b/roles/mirror-container-images/tasks/main.yaml index 09435cb81..ac94a4487 100644 --- a/roles/mirror-container-images/tasks/main.yaml +++ b/roles/mirror-container-images/tasks/main.yaml @@ -1,4 +1,4 @@ -- name: Pull and push images +- name: Copy images with_items: "{{ mirror_container_images_images }}" include_tasks: inner.yaml loop_control: diff --git a/test-playbooks/registry/test-registry-pre.yaml b/test-playbooks/registry/test-registry-pre.yaml index 596199360..835adedd7 100644 --- a/test-playbooks/registry/test-registry-pre.yaml +++ b/test-playbooks/registry/test-registry-pre.yaml @@ -48,3 +48,8 @@ name: ensure-skopeo vars: ensure_skopeo_install_from_upstream: true + +- hosts: builder + name: Provide skopeo for the builder + roles: + - ensure-skopeo diff --git a/zuul.d/container-jobs.yaml b/zuul.d/container-jobs.yaml index df53eea29..92b7b9aca 100644 --- a/zuul.d/container-jobs.yaml +++ b/zuul.d/container-jobs.yaml @@ -37,5 +37,5 @@ .. include:: ../../playbooks/container-image/README.rst .. include:: ../../playbooks/container-image/credentials.rst - pre-run: playbooks/container-image/pre.yaml + pre-run: playbooks/container-image/mirror-pre.yaml run: playbooks/container-image/mirror.yaml