Service for pushing operators manifests to quay.io from various sources.
Setting location of config file:
export OMPS_CONF_FILE=/path/to/config.py
export OMPS_CONF_SECTION=ProdConfig
Configuration file example:
class ProdConfig:
SECRET_KEY = "123456789secretkeyvalue"
LOG_LEVEL = "INFO"
LOG_FORMAT = "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
DEFAULT_RELEASE_VERSION = "1.0.0" # default operator manifest version
# configuration of Koji URLs
KOJIHUB_URL = 'https://koji.fedoraproject.org/kojihub'
KOJIROOT_URL = 'https://kojipkgs.fedoraproject.org/'
# Timeout in seconds for Koji and Quay requests
REQUEST_TIMEOUT = 28
# Organization access
ORGANIZATIONS = {
"public-org": {
"public": True,
"oauth_token" "application_access_token_goes_here"
"replace_registry": [
{
"old": "quay.io",
"new": "example.com",
},
]
}
}
# Greenwave integration
GREENWAVE = {
"url": "https://greenwave.example.com",
"context": "omps_push",
"product_version": "cvp"
}
By default OMPS uses auth tokens for quay's CNR endpoint passed by user in HTTP
Authorization header (see Authorization section).
However CNR endpoint doesn't provide full access to quay applications. OMPS needs oauth access token to be able make repositories public in chosen organizations.
Required permissions:
- Administer Repositories
Organizations configuration options:
public: ifTrueOMPS publish all new repositories in that organization (requiresoauth_token). Default isFalserepositories are private.oauth_token: application oauth access token from quay.io
If organization have configured replace_registry section in the particular
organization:
"replace_registry": [
{
"old": "quay.io",
"new": "example.com",
},
]
All specified old registries will be replaced by new in all manifests yaml
files for that organization.
You can pattern match and replace registry strings with the regexp field instead
of matching whole strings. Both old and new will be evalutated as regexes
when regexp is set to True. If regexp is missing it defaults to False.
Here's an example:
"replace_registry": [
{
"old": "quay.io$",
"new": "example.com",
"regexp": True,
},
]
Replacements occur when pushing manifests into the application registry.
This is optional. When GREENWAVE settings are missing in config file checks
are skipped.
Greenwave integration allows OMPS to check if koji builds meets policies defined in Greenwave before operators from koji builds are pushed to quay. (Note: this check is skipped for pushing from zipfiles directly)
The best way is to run service from a container:
docker build -t omps:latest .
docker run --rm -p 8080:8080 omps:latestRunning container with custom CA certificate
docker run --rm -p 8080:8080 -e CA_URL='http://example.com/ca-cert.crt' omps:latestRunning container with customized number of workers (default: 8):
docker run --rm -p 8080:8080 -e WORKERS_NUM=6 omps:latestRunning container with custom worker timeout (default: 30 seconds):
docker run --rm -p 8080:8080 -e WORKER_TIMEOUT=60 omps:latestUsers are expected to use quay.io token that can be acquired by the following command:
TOKEN=$(curl -sH "Content-Type: application/json" -XPOST https://quay.io/cnr/api/v1/users/login -d '
{
"user": {
"username": "'"${QUAY_USERNAME}"'",
"password": "'"${QUAY_PASSWORD}"'"
}
}' | jq -r '.token')Quay token must be passed to OMPS app via HTTP Authorization header
curl -H "Authorization: ${TOKEN}" ...Is recommended to use robot accounts.
- REST API Version 2
- Deprecated REST API Version 1
To run app locally for testing, use:
OMPS_DEVELOPER_ENV=true FLASK_APP=omps/app.py flask runTo install test dependencies from local directory use following:
pip install '.[test]'Project is integrated with tox:
- please install
rpm-develandkrb5-devel(Fedora) orrpmandlibkrb5-dev(Ubuntu) package to be able buildkojidependencyrpm-py-installerintox:
sudo dnf install -y rpm-devel krb5-devel- run:
toxAdditionally, you can run the following to execute tests against the latest unreleased version of Operator Courier:
tox -e 'py{36,37}-courier_master'To run tests manually, you can use pytest directly:
py.test tests/