Pulp-container: how are push repositories supposed to work?

Support
#1

Hi all,

I’m trying to use pulp-container as a podman registry but I’m stuck here.
That’s what I started with:

pulp user create --username podman_ro --password hello
pulp user create --username podman_rw --password world

pulp container repository create --name foo
href=$(pulp container repository show --name foo)
pulp container distribution create --name foo --base-path containers/foo --repository ${href}
pulp container distribution role add --name foo --user podman_ro --role container.containerdistribution_consumer
pulp container distribution role add --name foo --user podman_rw --role container.containerdistribution_collaborator

Then I logged in successfully with podman login --username podman_rw --password world mypulpserver:24817 and tried to push an image:

podman push foo mypulpserver:24817/containers/foo:latest
Getting image source signatures
Copying blob 3fcb5d4fd907 [--------------------------------------] 8.0b / 663.9MiB | 444.9 KiB/s
Copying blob 174f56854903 [--------------------------------------] 8.0b / 201.9MiB | 400.4 KiB/s
WARN[0019] Failed, retrying in 1s ... (1/3).
Error: writing blob: initiating layer upload to /v2/containers/foo/blobs/uploads/ in mypulpserver:24817: name invalid: Repository is read-only.

Grepping through the pulp-container sources I see that the error message comes if the container repository is not a container push repository. Alas, I have no idea how to create such a repository as the endpoint /pulp/api/v3/repositories/container/container-push/ does not allow PUSH.

Also I have not seen any way to update a regular container repository to a container push repository.

What am I doing wrong?

Thanks & kind regards

#2

Ah, got it, never mind :slight_smile:
The trick is not to create a repository at all, just the distribution.

1 Like
#3

I am glad you figured it out! :cowboy_hat_face: Would better documentation help in this matter?

Usually, you care only about namespaces. Or, you do not need to have them at all. As an administrator, you can create a namespace (e.g., “library”) and permit users to push images to that namespace (e.g., “library/image”). This means that you do not need to worry about creating any distributions or repositories in advance.

At the moment, we have 2 types of repositories. Regular repositories are built for mirroring content from remote registries. Repositories of the push type are created automatically and cannot be used for mirroring content from the remote registries. In the (near) future, we plan to merge these types.

1 Like
#4

Hi lubosmj,

yes, I missed a hint that push repositories are created on demand. Maybe that information can be found somewhere, I finally found it by browsing the source code :slight_smile:

The namespace-only approach sounds very nice and probably covers what I was trying to do.
I created a new namespace, assigned the corresponding role and it works like a charm

pulp container namespace create --name containers
pulp container namespace role add --namespace containers \
  --user podman_rw --role container.containernamespace_owner

– just like the documentation said :+1:

1 Like