From 58df56759fd638435803e38a0c0ae886a568d1a0 Mon Sep 17 00:00:00 2001 From: Sandhya Dasu Date: Thu, 13 Nov 2025 16:18:18 -0500 Subject: [PATCH 1/4] Update image registry configuration on bootstrap host A new policy was added to the ImageDigestSource configuration that allows the user to specify policy when there is a failure pulling an image from the source. Update the image registry configuration on the bootstrap host with this SourcePolicy. --- .../etc/containers/registries.conf.template | 1 + pkg/asset/ignition/bootstrap/common.go | 1 + pkg/asset/ignition/bootstrap/registries.go | 29 ++++++++++++------- .../ignition/bootstrap/registries_test.go | 28 ++++++++++++++++++ 4 files changed, 48 insertions(+), 11 deletions(-) diff --git a/data/data/bootstrap/files/etc/containers/registries.conf.template b/data/data/bootstrap/files/etc/containers/registries.conf.template index 56b7d19bc17..37f2ecf3596 100644 --- a/data/data/bootstrap/files/etc/containers/registries.conf.template +++ b/data/data/bootstrap/files/etc/containers/registries.conf.template @@ -3,6 +3,7 @@ location = "{{ $r.Endpoint.Location }}" insecure = {{ $r.Endpoint.Insecure }} mirror-by-digest-only = {{ $r.MirrorByDigestOnly }} +blocked = {{ $r.Blocked }} {{ range $m := $r.Mirrors -}} [[registry.mirror]] diff --git a/pkg/asset/ignition/bootstrap/common.go b/pkg/asset/ignition/bootstrap/common.go index f5b7b667d32..429968952bf 100644 --- a/pkg/asset/ignition/bootstrap/common.go +++ b/pkg/asset/ignition/bootstrap/common.go @@ -308,6 +308,7 @@ func (a *Common) getTemplateData(dependencies asset.Parents, bootstrapInPlace bo registry := sysregistriesv2.Registry{} registry.Endpoint.Location = group.Source registry.MirrorByDigestOnly = true + registry.Blocked = group.SourcePolicy == configv1.NeverContactSource for _, mirror := range group.Mirrors { registry.Mirrors = append(registry.Mirrors, sysregistriesv2.Endpoint{Location: mirror}) } diff --git a/pkg/asset/ignition/bootstrap/registries.go b/pkg/asset/ignition/bootstrap/registries.go index abace92856f..ed29b7c2228 100644 --- a/pkg/asset/ignition/bootstrap/registries.go +++ b/pkg/asset/ignition/bootstrap/registries.go @@ -3,33 +3,40 @@ package bootstrap import ( "k8s.io/apimachinery/pkg/util/sets" + configv1 "github.com/openshift/api/config/v1" "github.com/openshift/installer/pkg/types" ) +type SourceSetKey struct { + Source string + SourcePolicy configv1.MirrorSourcePolicy +} + // MergedMirrorSets consolidates a list of ImageDigestSources so that each // source appears only once. func MergedMirrorSets(sources []types.ImageDigestSource) []types.ImageDigestSource { - sourceSet := make(map[string][]string) - mirrorSet := make(map[string]sets.String) - orderedSources := []string{} + sourceSet := make(map[SourceSetKey][]string) + mirrorSet := make(map[SourceSetKey]sets.String) + orderedSources := []SourceSetKey{} for _, group := range sources { - if _, ok := sourceSet[group.Source]; !ok { - orderedSources = append(orderedSources, group.Source) - sourceSet[group.Source] = nil - mirrorSet[group.Source] = sets.NewString() + key := SourceSetKey{Source: group.Source, SourcePolicy: group.SourcePolicy} + if _, ok := sourceSet[key]; !ok { + orderedSources = append(orderedSources, key) + sourceSet[key] = nil + mirrorSet[key] = sets.NewString() } for _, mirror := range group.Mirrors { - if !mirrorSet[group.Source].Has(mirror) { - sourceSet[group.Source] = append(sourceSet[group.Source], mirror) - mirrorSet[group.Source].Insert(mirror) + if !mirrorSet[key].Has(mirror) { + sourceSet[key] = append(sourceSet[key], mirror) + mirrorSet[key].Insert(mirror) } } } out := []types.ImageDigestSource{} for _, source := range orderedSources { - out = append(out, types.ImageDigestSource{Source: source, Mirrors: sourceSet[source]}) + out = append(out, types.ImageDigestSource{Source: source.Source, Mirrors: sourceSet[source], SourcePolicy: source.SourcePolicy}) } return out } diff --git a/pkg/asset/ignition/bootstrap/registries_test.go b/pkg/asset/ignition/bootstrap/registries_test.go index aaf44c376d6..f9a0a1ffd0d 100644 --- a/pkg/asset/ignition/bootstrap/registries_test.go +++ b/pkg/asset/ignition/bootstrap/registries_test.go @@ -5,6 +5,7 @@ import ( "github.com/stretchr/testify/assert" + configv1 "github.com/openshift/api/config/v1" "github.com/openshift/installer/pkg/types" ) @@ -117,6 +118,33 @@ func TestMergedMirrorSets(t *testing.T) { Source: "b", Mirrors: []string{"md", "mc"}, }}, + }, { + input: []types.ImageDigestSource{{ + Source: "a", + Mirrors: []string{"ma"}, + SourcePolicy: configv1.NeverContactSource, + }, { + Source: "b", + Mirrors: []string{"md", "mc"}, + SourcePolicy: configv1.NeverContactSource, + }, { + Source: "a", + Mirrors: []string{"mb", "ma"}, + SourcePolicy: configv1.AllowContactingSource, + }}, + expected: []types.ImageDigestSource{{ + Source: "a", + Mirrors: []string{"ma"}, + SourcePolicy: configv1.NeverContactSource, + }, { + Source: "b", + Mirrors: []string{"md", "mc"}, + SourcePolicy: configv1.NeverContactSource, + }, { + Source: "a", + Mirrors: []string{"mb", "ma"}, + SourcePolicy: configv1.AllowContactingSource, + }}, }} for _, test := range tests { t.Run(test.name, func(t *testing.T) { From fb38639c1ca2cc0d4ad6bb5bf3dffbdee9eb1653 Mon Sep 17 00:00:00 2001 From: Sandhya Dasu Date: Thu, 13 Nov 2025 16:20:22 -0500 Subject: [PATCH 2/4] Update Image registry configuration for image based install Update the image registry configuration with the newly added Image source policy field that specifies the fallback policy when image pull fails. --- pkg/asset/imagebased/image/registriesconf.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/asset/imagebased/image/registriesconf.go b/pkg/asset/imagebased/image/registriesconf.go index 133bd869a6c..529df4a5e54 100644 --- a/pkg/asset/imagebased/image/registriesconf.go +++ b/pkg/asset/imagebased/image/registriesconf.go @@ -6,6 +6,7 @@ import ( "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/pelletier/go-toml" + configv1 "github.com/openshift/api/config/v1" "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/ignition/bootstrap" "github.com/openshift/installer/pkg/types" @@ -73,6 +74,7 @@ func (i *RegistriesConf) generateRegistriesConf(imageDigestSources []types.Image registry := sysregistriesv2.Registry{} registry.Endpoint.Location = group.Source registry.MirrorByDigestOnly = true + registry.Blocked = group.SourcePolicy == configv1.NeverContactSource for _, mirror := range group.Mirrors { registry.Mirrors = append(registry.Mirrors, sysregistriesv2.Endpoint{Location: mirror}) } From a27c0c73a8ac97653088853244faede7f75b33f1 Mon Sep 17 00:00:00 2001 From: Sandhya Dasu Date: Thu, 13 Nov 2025 16:26:00 -0500 Subject: [PATCH 3/4] Update Image registry configuration during ABI With the introduction of the fallback source policy when Image source and mirrors are specified, image registry configuration for ABI should be update to include that. --- pkg/asset/agent/mirror/registriesconf.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/asset/agent/mirror/registriesconf.go b/pkg/asset/agent/mirror/registriesconf.go index d7a1c6c1882..c035a4cbbdd 100644 --- a/pkg/asset/agent/mirror/registriesconf.go +++ b/pkg/asset/agent/mirror/registriesconf.go @@ -12,6 +12,7 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" + configv1 "github.com/openshift/api/config/v1" "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/agent" "github.com/openshift/installer/pkg/asset/agent/joiner" @@ -220,6 +221,7 @@ func (i *RegistriesConf) generateRegistriesConf(imageDigestSources []types.Image registry := sysregistriesv2.Registry{} registry.Endpoint.Location = group.Source registry.MirrorByDigestOnly = true + registry.Blocked = group.SourcePolicy == configv1.NeverContactSource for _, mirror := range group.Mirrors { registry.Mirrors = append(registry.Mirrors, sysregistriesv2.Endpoint{Location: mirror}) } From 475237148517d888969ad15bb9730397ac2ed9ce Mon Sep 17 00:00:00 2001 From: Sandhya Dasu Date: Thu, 13 Nov 2025 17:00:56 -0500 Subject: [PATCH 4/4] Fix linter errors --- pkg/asset/ignition/bootstrap/registries.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pkg/asset/ignition/bootstrap/registries.go b/pkg/asset/ignition/bootstrap/registries.go index ed29b7c2228..f15b8295fbd 100644 --- a/pkg/asset/ignition/bootstrap/registries.go +++ b/pkg/asset/ignition/bootstrap/registries.go @@ -7,7 +7,9 @@ import ( "github.com/openshift/installer/pkg/types" ) -type SourceSetKey struct { +// sourceSetKey represents the set of fields that have to be unique to form +// a merged list without duplicate entries for Image sources. +type sourceSetKey struct { Source string SourcePolicy configv1.MirrorSourcePolicy } @@ -15,16 +17,16 @@ type SourceSetKey struct { // MergedMirrorSets consolidates a list of ImageDigestSources so that each // source appears only once. func MergedMirrorSets(sources []types.ImageDigestSource) []types.ImageDigestSource { - sourceSet := make(map[SourceSetKey][]string) - mirrorSet := make(map[SourceSetKey]sets.String) - orderedSources := []SourceSetKey{} + sourceSet := make(map[sourceSetKey][]string) + mirrorSet := make(map[sourceSetKey]sets.Set[string]) + orderedSources := []sourceSetKey{} for _, group := range sources { - key := SourceSetKey{Source: group.Source, SourcePolicy: group.SourcePolicy} + key := sourceSetKey{Source: group.Source, SourcePolicy: group.SourcePolicy} if _, ok := sourceSet[key]; !ok { orderedSources = append(orderedSources, key) sourceSet[key] = nil - mirrorSet[key] = sets.NewString() + mirrorSet[key] = sets.New[string]() } for _, mirror := range group.Mirrors { if !mirrorSet[key].Has(mirror) {