From 20d7d9ab2d4e6163427f618ea98440e59de7f53e Mon Sep 17 00:00:00 2001 From: Javi Polo Date: Mon, 5 Aug 2024 14:23:41 +0200 Subject: [PATCH] RHELAI-787: Mount auth.json into ilab container Signed-off-by: Javi Polo --- training/ilab-wrapper/ilab | 9 +++++++++ training/nvidia-bootc/duplicated/ilab-wrapper/ilab | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/training/ilab-wrapper/ilab b/training/ilab-wrapper/ilab index e20423f2..c4302cd9 100755 --- a/training/ilab-wrapper/ilab +++ b/training/ilab-wrapper/ilab @@ -42,6 +42,15 @@ for PODMAN_MOUNT in "${ADDITIONAL_MOUNTS[@]}"; do ADDITIONAL_MOUNT_OPTIONS+=("-v" "$PODMAN_MOUNT") done +# Add pull-secret to additional mounts +# In case of normal user, $XDG_RUNTIME_DIR is used +if [[ -f ${XDG_RUNTIME_DIR}/containers/auth.json ]]; then + ADDITIONAL_MOUNT_OPTIONS+=("-v" "${XDG_RUNTIME_DIR}/containers/auth.json:/run/containers/0/auth.json") +# For root the main /run/containers is used +elif [[ -f /run/containers/${UID}/auth.json ]]; then + ADDITIONAL_MOUNT_OPTIONS+=("-v" "/run/containers/${UID}/auth.json:/run/containers/0/auth.json") +fi + # We run the container as sudo in order to be able to access the root container # storage, which has the ilab image pre-pulled. But for security reasons we map # root UID 0 inside the container to the current user's UID (and all the other diff --git a/training/nvidia-bootc/duplicated/ilab-wrapper/ilab b/training/nvidia-bootc/duplicated/ilab-wrapper/ilab index e20423f2..c4302cd9 100755 --- a/training/nvidia-bootc/duplicated/ilab-wrapper/ilab +++ b/training/nvidia-bootc/duplicated/ilab-wrapper/ilab @@ -42,6 +42,15 @@ for PODMAN_MOUNT in "${ADDITIONAL_MOUNTS[@]}"; do ADDITIONAL_MOUNT_OPTIONS+=("-v" "$PODMAN_MOUNT") done +# Add pull-secret to additional mounts +# In case of normal user, $XDG_RUNTIME_DIR is used +if [[ -f ${XDG_RUNTIME_DIR}/containers/auth.json ]]; then + ADDITIONAL_MOUNT_OPTIONS+=("-v" "${XDG_RUNTIME_DIR}/containers/auth.json:/run/containers/0/auth.json") +# For root the main /run/containers is used +elif [[ -f /run/containers/${UID}/auth.json ]]; then + ADDITIONAL_MOUNT_OPTIONS+=("-v" "/run/containers/${UID}/auth.json:/run/containers/0/auth.json") +fi + # We run the container as sudo in order to be able to access the root container # storage, which has the ilab image pre-pulled. But for security reasons we map # root UID 0 inside the container to the current user's UID (and all the other