| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Apply ownership mapping in qcow2 images using libguestfs python
bindings. To make this solution more general we introduce function
guestfs_walk() which will return the root file system tree of disk
image along with UID/GID values.
These changes are applied in additional qcow2 disk image using the
last layer as backing file. For FileSource this is layer-1.qcow2
with backing file layer-0.qcow2.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the python bindings of libguestfs to create qcow2 image with
backing chains to mimic the layers of container image.
This commit also changes the behavior of FileSource when 'qcow2'
output format is used. Now the string layer-0.qcow2 will be used
as name of the output file.
This change is applied in the test suite as an update to the function
get_image_path().
|
| | |
|
| |
|
|
|
| |
Make the code for setting password hash in the content of shadow file
reusable and hence can be used with qcow2 output format.
|
| |
|
|
|
|
|
|
| |
Resolve an issue when only uid_map or only gid_map is specified.
We set the default values to None. However, `len(None)` will raise
an exception. To avoid this we need to set the default values to
[] (empty list).
|
| |
|
|
|
|
| |
Split the function mapping_uid_gid in two parts so that the code which
makes both lists map_uid and map_gid with equal length can be
reused.
|
| |
|
|
|
| |
Move the functions implementing UID/GID mapping in the utils module
and hence they can be reused with qcow2 output format.
|
| |
|
|
|
| |
Take out the code for getting compression type of tarball
in separate function.
|
| |
|
|
|
|
|
| |
Docker registry with Manifest v1 does not require the size of layers to
be included. However, when this information is not provided we can use
os.path.getsize() to get and show the size of tarball. We can also
use this function for FileSource to provide consistent output messages.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The current implementation store in one list:
- checksum
- checksum type
- file path
- file size
However, the information about checksum and checksum type is only used
to verify the content of tarball before it is being extracted. Splitting
these into separate lists would allow us to reuse the function
untar_layers() with FileSource.
|
| |
|
|
|
| |
This aims to fix the warning of Python3:
ResourceWarning: unclosed file <_io.BufferedReader name=3>
|
| |
|
|
|
|
| |
Specify unique name when creating Libvirt domain with virt-sandbox.
Otherwise the default name "sandbox" will be used and this might result
in collision with another instance of virt-bootstrap.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add "--overwrite" to enforce the overwrite of existing files.
Add the flag "--absolute-names" to disable the strip of leading '/'s
This is used to get around the error "Cannot open:Permission denied"
which occurs when the qemu driver is used by virt-sandbox. It is used
for unprivileged users to create isolated environment in which tar is
executed to extract the content from container image layers.
In particular this error occurs when the tar archive contains symbolic
link which has target path starting with '/'.
Steps to reproduce:
$ mkdir /tmp/foo
$ cd /tmp/foo
$ touch file
$ ln -s /tmp/foo/file link
$ tar -cf archive.tar link
$ mkdir /tmp/foo/dest
$ virt-sandbox -c qemu:///session \
-m host-bind:/mnt=/tmp/foo/dest \
-- /bin/tar xf /tmp/foo/archive.tar -C /mnt
Error message:
tar: link: Cannot open: Permission denied
tar: Exiting with failure status due to previous errors
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Improve readability by spliting the 'sources' module into separate
files. Each file contains only one class.
In addition update the mock statements in the unit tests to match these
changes.
Add recursive-include in MANIFEST.in to include virtBootstrap.sources
module.
Update the unit tests to match these changes.
|
| |
|
|
|
| |
Reduce the number of import statements and improve readability.
Update the unit tests to match these changes.
|
| | |
|
| | |
|
| |
|
|
|
| |
For containers bootstrapped in qcow2 format use the tool 'virt-edit'
to insert the hashed root password in the shadow file of the last layer
|
| |
|
|
|
| |
The first argument of CalledProcessError() must be the returncode not
the command.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When downloading image with multiple layers, the download progress
value of every following layer should not start from 0.
If we have 10 layers, downloading each of them should increase the
total download progress by 10%.
Assuming that the download and extraction are 50/50 of the total work.
Then, downloading each of 10 layers will increase the progress value
with 5% of the total work.
When all layers are downloaded the progress value should be 50%.
However, with the current formula the progress value of each layer
starts from 0%.
(E.g. when downloading 2nd layer of 10 the download progress starts
from 0% instead of 5%.)
This bug can be seen when downloading images with multiple layers of
large size.
Example:
virt-bootstrap docker://rails /tmp/foo --status-only
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When Libvirt creates LXC container with enabled user namespace the
ownership of files in the container should be mapped to the specified
target UID/GID.
The implementation of the mapping is inspired by the tool uidmapshift:
http://bazaar.launchpad.net/%7Eserge-hallyn/+junk/nsexec/view/head:/uidmapshift.c
Mapping values can be specified with the flags:
--idmap Map both UIDs/GIDs
--uidmap Map UIDs
--gidmap Map GIDs
Each of these flags can be specified multiple times.
Example:
virt-bootstrap docker://fedora /tmp/foo --uidmap 0:1000:10 --gidmap 0:1000:10
Will map the ownership of files with UIDs/GIDs: 0-9 to 1000-1009
The same result can be achived with:
virt-bootstrap docker://fedora /tmp/foo --idmap 0:1000:10
Multiple mapping values can be specified as follows:
virt_bootstrap.py docker://ubuntu /tmp/foo --idmap 0:1000:10 --idmap 500:1500:10
This will map the UID/GIDs: 0-9 to 1000-1009 and 500-509 to 1500-1509
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These changes aim to avoid the requirement for root privileges when
setting the password of root user on root file system.
The "-R, --root" flag of chpasswd is using chroot to apply changes in
root file system and this requires root privileges. [1]
Instead compute hash of the root password using passlib [2] and insert
the value in the /etc/shadow file in the rootfs.
[1] https://en.wikipedia.org/wiki/Chroot#Limitations
[2] http://passlib.readthedocs.io/en/stable/lib/passlib.hosts.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle differences between version 1 and 2 of the Manifest file for
Docker registry.
Layers' blob sums in v1 are stored in a list "fsLayers" and the digest
is stored in following filed with name "blobSum". [1]
In v2 the layer list is stored in field with name "layers" and
ordered starting from the base image (opposite order of v1). The digest
is stored under a following field with name "digest". The size in bytes
is included in a field with name "size". [2]
[1] https://docs.docker.com/registry/spec/manifest-v2-1/#manifest-field-descriptions
[2] https://docs.docker.com/registry/spec/manifest-v2-2/#image-manifest-field-descriptions
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Encoded Unicode in Python 3 is represented as binary data. The
difference with Python2 is that any attempt to mix text and data in
Python 3.0 raises TypeError, whereas if you were to mix Unicode and
8-bit strings in Python 2.x, it would work if the 8-bit string happened
to contain only 7-bit (ASCII) bytes, but you would get
UnicodeDecodeError if it contained non-ASCII values.
Reference:
https://docs.python.org/release/3.0.1/whatsnew/3.0.html#text-vs-data-instead-of-unicode-vs-8-bit
Example:
Python 2:
>>> b'foo.bar'.split('.')
['foo', 'bar']
Python 3:
>>> b'foo.bar'.split('.')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: a bytes-like object is required, not 'str'
>>> b'foo.bar'.split(b'.')
[b'foo', b'bar']
|
| |
|
|
|
| |
Perform additional check of the input to avoid unexpected behaviour
when string is passed instead of list or a list with short length.
|
| |
|
|
|
|
|
|
|
| |
This change aims to convert URI:
docker:///repository/my_image/
to:
docker://repository/my_image
|
| |
|
|
| |
This change makes it easier to test the code.
|
| |
|
|
| |
This change makes it easier to test the code.
|
| | |
|
| |
|
|
|
| |
Remove traling space which occurs when the number is
smaller than kibibyte.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When converting 0 KB with string input the result will be string
with zeroes.
>>> print(size_to_bytes('0', 'KB'))
000000...
Instead convert the string input to integer and then perform the conversion.
Rename the variable from "string" to "number" to avoid confusion.
|
| |
|
|
|
| |
Avoid parsing short lines when detecting download progress
from skopeo's output.
|
| |
|
|
| |
rename the function to match its counterpart size_to_bytes().
|
| |
|
|
|
|
| |
Add new module to collect utility functions used in virt-bootstrap.
Move the function definitions from "sources" and "virt_bootstrap" to
the new module.
|
| |
|
|
|
| |
Pass the "not_secure", "username" and "password" values to
"skopeo inspect" when manifest is retrieved.
|
| |
|
|
|
|
|
|
|
|
| |
Parse skopeo's output messages to detect and log the donwload
progress for each layer and update the progress of virt-bootstrap.
Example:
virt-bootstrap docker://ubuntu /tmp/foo --status-only
Status: Downloading layer (2/5), Progress: 25.30%
|
| |
|
|
|
| |
When this flag is passed only the current state of virt-bootstrap
will be shown along with the total bootstrap progress.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This module is used to store the progress of the bootstrap process and
could be used by other applications to get status of virt-bootstrap as
well as percentage of completion.
Convert some info messages to use this new system for a clean reporting
in client applications.
Example usage:
import virtBootstrap
def show_progress(data):
print("Status: %s, Progress: %.2f"
% (data['status'], data['value']))
virtBootstrap.bootstrap(uri='docker://ubuntu', dest="/tmp/test1",
progress_cb=show_progress)
|
| | |
|
| |
|
|
|
|
|
|
| |
The checksum verification of downloaded layers is already done in the
method validate_image_layers() or "skopeo copy" [1] [2].
[1] https://github.com/containers/image/blob/master/copy/copy.go#L352
[2] https://github.com/containers/image/blob/master/copy/copy.go#L358
|
| |
|
|
|
|
|
|
| |
Do not call "skopeo copy" if layers were downloaded and have valid
hash sum.
Although, "skopeo copy" already does such check for us this change
allow us to control the output and avoids spawning a binary.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Improve maintainability by putting layers' digest, sum_type, size and
file_path in a list which is then passed to extract methods. This
change replaces the function get_layer_info().
Reduce the amount of duplicated code by taking out the logging calls
in a method.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Get manifest of Docker image before the calling "skopeo copy" command.
The aim of this change is to:
- Make available method get_image_details() which could be used to
get information about Docker image or detect whether Docker URI is
valid and accessible.
- Get information about the layers before the download process (skopeo
copy) is called.
|
| |
|
|
|
| |
Make the method for getting image directory reusable and use instance
variable to store the path where image layers will be stored.
|
| |
|
|
|
|
|
|
|
|
|
| |
Decrease the number of instance attributes of class DockerSource.
Since variables "image" and "registry" are only used to create valid
Docker URI they could be used as local variables instead of instance
attributes to improve encapsulation.
Add comments to improve readability.
Fix problem with invalid docker URLs
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Specify explicitly the arguments of bootstrap method.
This change allows to easily bootstrap a container from
another python application when the module virtBootstrap
is imported.
Example:
import virtBootstrap
virtBootstrap.bootstrap(uri="docker://fedora", dest="/tmp/foo")
|
