Skip to content

Add support for authenticated registries#245

Merged
evgeni merged 2 commits intotheforeman:masterfrom
ehelms:add-auth-file-support
Mar 6, 2026
Merged

Add support for authenticated registries#245
evgeni merged 2 commits intotheforeman:masterfrom
ehelms:add-auth-file-support

Conversation

@ehelms
Copy link
Member

@ehelms ehelms commented Oct 2, 2025

Enables foremanctl to authenticate with private registries by checking for auth files before attempting image pulls. Users can run podman login <registry> --authfile=/etc/foreman/registry-auth.json and foremanctl will automatically use the credentials when available.

@ehelms ehelms force-pushed the add-auth-file-support branch from 2926317 to ed0815f Compare October 2, 2025 19:24
Gauravtalreja1
Gauravtalreja1 reviewed Oct 13, 2025
View reviewed changes
Gauravtalreja1
Gauravtalreja1 reviewed Oct 13, 2025
View reviewed changes
@ehelms ehelms force-pushed the add-auth-file-support branch 2 times, most recently from cf006d9 to 24bbeef Compare December 5, 2025 16:34
@pablomh pablomh mentioned this pull request Jan 9, 2026
Closed
pablomh
pablomh reviewed Jan 9, 2026
View reviewed changes
pablomh
pablomh reviewed Jan 9, 2026
View reviewed changes
@ehelms ehelms force-pushed the add-auth-file-support branch from 24bbeef to 812ded7 Compare January 14, 2026 16:03
pablomh
pablomh reviewed Jan 14, 2026
View reviewed changes
@ehelms ehelms force-pushed the add-auth-file-support branch 6 times, most recently from ed5d92d to b90a0a2 Compare January 15, 2026 18:15
pablomh
pablomh reviewed Jan 16, 2026
View reviewed changes
pablomh
pablomh reviewed Jan 16, 2026
View reviewed changes
pablomh
pablomh reviewed Jan 16, 2026
View reviewed changes
pablomh
pablomh reviewed Jan 16, 2026
View reviewed changes
@ehelms ehelms force-pushed the add-auth-file-support branch from b90a0a2 to 728ce15 Compare January 16, 2026 14:13
@pablomh
Copy link
Contributor

pablomh commented Jan 20, 2026

This has worked fine with #369, so I guess that my recommendation could be ammended if needed later.

@ehelms ehelms force-pushed the add-auth-file-support branch from 728ce15 to bbb6195 Compare January 20, 2026 17:14
pablomh
pablomh reviewed Jan 20, 2026
View reviewed changes
@ehelms ehelms force-pushed the add-auth-file-support branch from bbb6195 to edc5cb2 Compare January 30, 2026 20:56
@pablomh
Copy link
Contributor

pablomh commented Mar 4, 2026

Thinking about this, how would it fit with future rootless containers which probably won't have access to the auth file?

@ehelms
Copy link
Member Author

ehelms commented Mar 4, 2026

Thinking about this, how would it fit with future rootless containers which probably won't have access to the auth file?

In that case, the authentication file would be located in a different location I think. Relative to the user's home for example. I am hesitant to optimize for that.

evgeni
evgeni reviewed Mar 5, 2026
View reviewed changes
evgeni
evgeni reviewed Mar 5, 2026
View reviewed changes
src/playbooks/pull-images/pull-images.yaml

roles:
- role: pre_install
post_tasks:
Copy link
Member

@evgeni evgeni Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tasks already runs after roles, so why using post_tasks here?

Copy link
Member Author

@ehelms ehelms Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cause that ordering is not obvious, while I find post_tasks to be self-documenting in terms of order.

evgeni
evgeni reviewed Mar 5, 2026
View reviewed changes
evgeni
evgeni reviewed Mar 5, 2026
View reviewed changes
src/roles/redis/defaults/main.yml
---
redis_container_image: quay.io/sclorg/redis-6-c9s
redis_container_tag: "latest"
redis_registry_auth_file: /etc/foreman/registry-auth.json
Copy link
Member

@evgeni evgeni Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does it work if we set it to None here?

Suggested change
redis_registry_auth_file: /etc/foreman/registry-auth.json
redis_registry_auth_file:

As we should try to keep the role free of Foreman specifics

Copy link
Member Author

@ehelms ehelms Mar 5, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose. This is foremanctl so it's kinda in the name? 😁

evgeni
evgeni reviewed Mar 5, 2026
View reviewed changes
evgeni
evgeni reviewed Mar 5, 2026
View reviewed changes
@ehelms ehelms force-pushed the add-auth-file-support branch from edc5cb2 to d604d55 Compare March 5, 2026 19:50
@ehelms
Add support for authenticated registries
0cd5168 
Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>
@ehelms ehelms force-pushed the add-auth-file-support branch from d604d55 to 0cd5168 Compare March 5, 2026 19:53
evgeni
evgeni reviewed Mar 6, 2026
View reviewed changes
@evgeni evgeni merged commit a8c6cfe into theforeman:master Mar 6, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Gauravtalreja1 Gauravtalreja1 Gauravtalreja1 left review comments

@evgeni evgeni evgeni approved these changes

+1 more reviewer

@pablomh pablomh pablomh left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ehelms @pablomh @evgeni @Gauravtalreja1