Add support for authenticated registries #245
Open
+48
−19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ehelms
force-pushed
the
add-auth-file-support
branch
from
2926317 to
ed0815f
Compare
| --- | ||
| foreman_container_image: "quay.io/foreman/foreman" | ||
| foreman_container_tag: "nightly" | ||
| foreman_registry_auth_file: /etc/foreman/registry-auth.json |
There was a problem hiding this comment.
Wouldn’t it be better to define this variable globally, either in the inventory or in ansible.cfg, instead of setting it as a role default for all containers?
Member
Author
There was a problem hiding this comment.
If we wish to customize this at some point, we would add a top-level one. Based on the layers of our design, each role should have it's own namespaced variable.
src/playbooks/deploy/deploy.yaml
Outdated
| - python3-requests | ||
| roles: | ||
| - role: checks | ||
| - pre_install |
There was a problem hiding this comment.
Suggested change
| - pre_install | |
| - role: pre_install |
ehelms
force-pushed
the
add-auth-file-support
branch
from
ed0815f to
cf006d9
Compare
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
ehelms
force-pushed
the
add-auth-file-support
branch
from
cf006d9 to
24bbeef
Compare
pablomh
reviewed
Jan 9, 2026
| sudo chmod 600 /etc/foreman/registry-auth.json | ||
| sudo chown root:root /etc/foreman/registry-auth.json | ||
| ``` | ||
|
|
Contributor
There was a problem hiding this comment.
Don't we need to patch the pull-images code as well?
pablomh
reviewed
Jan 9, 2026
| - python3-psycopg2 | ||
| - python3-requests | ||
|
|
||
| - name: Create foreman configuration directory |
Contributor
There was a problem hiding this comment.
In my testing this directory is created with those permissions when running the pre-requisite of:
podman login <registry> --authfile=/etc/foreman/registry-auth.json
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Enables foremanctl to authenticate with private registries by checking for auth files before attempting image pulls. Users can run
podman login <registry> --authfile=/etc/foreman/registry-auth.jsonand foremanctl will automatically use the credentials when available.