Skip to content

Ensure Gitaly & Praefect images can access private registries

John McDonnell requested to merge jmd-ensure-gitaly-praefect-images-access-private-registry into master

What does this MR do and why?

Set release version on compnents using GitalyCl... (!1107 - merged) while fixing one bug, introduced another, as it doesn't account for cases where the gitlab image is stored on a private registry so needed to be reverted in Revert "Merge branch 'jmd-bug-fix-gitalycluster... (!1114 - merged)

As noted in gitlab!108193 (comment 1229571359) this is because we didn't include a login method for the gitaly/praefect images, so when the image is on a private repo - the image pull fails.

The solution here just applies the same pattern as currently used in gitlab.rb lib/gitlab/qa/component/gitlab.rb#L109-113

We could probably consider further refactoring here to perhaps have some type of Omnibus class that could hold these commonalities Gitlab/Gitaly/Praefect extends Omnibus extends Base but I think in the interest of sticking with a boring straight forward solution just including a login here for now should work.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

  1. Verify you do are not authenticated to registry.gitlab.com 
    unset GITLAB_QA_CONTAINER_REGISTRY_ACCESS_TOKEN
docker logout registry.gitlab.com  
docker pull registry.gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/gitlab-ee:c2bbee45d73b63394918d6ffddc34a069405c6ef 
# fails with an authentication error
  2. Setup environment variable 
    export QA_SKIP_PULL=false
export GITLAB_QA_CONTAINER_REGISTRY_ACCESS_TOKEN=${PAT with access to read registry on relevant env e.g. https://gitlab.com/-/profile/personal_access_tokens}
  3. Run tests using an image from the private repo 
     bundle exec exe/gitlab-qa Test::Integration::GitalyCluster registry.gitlab.com/gitlab-org/build/omnibus-gitlab-mirror/gitlab-ee:c2bbee45d73b63394918d6ffddc34a069405c6ef --no-tests
  4. Run tests using an image from a public repo (note no call to login in this case) 
     bundle exec exe/gitlab-qa Test::Integration::GitalyCluster gitlab/gitlab-ee:nightly --no-tests

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by John McDonnell

Merge request reports