From 29bcc3a01889255761cea7f0fe37b00d5edde988 Mon Sep 17 00:00:00 2001 From: Ryan Campbell <89273172+bigtallcampbell@users.noreply.github.com> Date: Fri, 21 Jun 2024 11:37:42 -0500 Subject: [PATCH] Enabling container registry login and better logging when access is denied. (#41) * updating to enabling multiple runs and adding protections against syncing certificates to devcontainer feature * adding login capability --- .../devcontainer-feature-build-publish.yml | 6 + .gitignore | 6 +- .vscode/copy_to_spacedev.sh | 88 ++++++++------ config/0_spacesdk-base.yaml | 2 + modules/m_50_spacefx-config.sh | 5 +- modules/m_60_container_registries.sh | 111 +++++++++++++++++- modules/m_70_certificates.sh | 4 +- scripts/coresvc_registry.sh | 102 +++++++++++----- scripts/stage/stage_container_image.sh | 1 + 9 files changed, 251 insertions(+), 74 deletions(-) diff --git a/.github/workflows/devcontainer-feature-build-publish.yml b/.github/workflows/devcontainer-feature-build-publish.yml index d55f3b0..d6a5031 100644 --- a/.github/workflows/devcontainer-feature-build-publish.yml +++ b/.github/workflows/devcontainer-feature-build-publish.yml @@ -90,6 +90,12 @@ jobs: echo "Copying all files to /var/spacedev..." ./.vscode/copy_to_spacedev.sh --output-dir ./.devcontainer/features/spacefx-dev/azure-orbital-space-sdk-setup + echo "...Cleaning './.devcontainer/features/spacefx-dev/azure-orbital-space-sdk-setup/chart/certs'..." + # Remove the certs that might've been generated + while read -r certFile; do + rm -f "${certFile}" + done < <(find "./.devcontainer/features/spacefx-dev/azure-orbital-space-sdk-setup/certs" -type f ! -name "*.json") + # Build the devcontainer feature echo "Building the devcontainer feature..." devcontainer features package --force-clean-output-folder ./.devcontainer/features --output-folder ./output/spacefx-dev diff --git a/.gitignore b/.gitignore index 3f4e0b8..44652c4 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,8 @@ output .devcontainer/features/spacefx-dev/azure-orbital-space-sdk-setup not a -tty \ No newline at end of file +tty +certs/*/*.pem +certs/*/*.crt +certs/*/*.csr +certs/*/*.key \ No newline at end of file diff --git a/.vscode/copy_to_spacedev.sh b/.vscode/copy_to_spacedev.sh index 5668da3..f71bbb7 100755 --- a/.vscode/copy_to_spacedev.sh +++ b/.vscode/copy_to_spacedev.sh @@ -9,7 +9,7 @@ ############################################################ # Script variables ############################################################ -REPO_ROOT_DIR=$(dirname "$0") +REPO_ROOT_DIR=$(git rev-parse --show-toplevel) OUTPUT_DIR="" ############################################################ # Process the input options. @@ -27,20 +27,41 @@ done ############################################################ # Clean up the destination directory by removing the sensitive parts so they can be restaged ############################################################ -function clean_up_dest_directory(){ - [[ -d "${OUTPUT_DIR}/logs" ]] && sudo rm -rf "${OUTPUT_DIR}/logs" - [[ -d "${OUTPUT_DIR}/tmp" ]] && sudo rm -rf "${OUTPUT_DIR}/tmp" - [[ -d "${OUTPUT_DIR}/output" ]] && sudo rm -rf "${OUTPUT_DIR}/output" - [[ -d "${OUTPUT_DIR}/xfer" ]] && sudo rm -rf "${OUTPUT_DIR}/xfer" - [[ -d "${OUTPUT_DIR}/plugins" ]] && sudo rm -rf "${OUTPUT_DIR}/plugins" - [[ -f "${OUTPUT_DIR}/chart/Charts.lock" ]] && sudo rm -f "${OUTPUT_DIR}/chart/Charts.lock" - [[ -f "${OUTPUT_DIR}/certs/*/*.crt" ]] && sudo rm -f "${OUTPUT_DIR}/certs/*/*.crt" +function copy_directory_to_dest(){ + local directory="" + + while [[ "$#" -gt 0 ]]; do + case $1 in + --directory) + shift + directory=$1 + ;; + *) + echo "Unknown parameter '$1'" + exit 1 + ;; + esac + shift + done + + echo "...copying '${REPO_ROOT_DIR}/${directory}' to '${OUTPUT_DIR}/${directory}'..." + + sudo mkdir -p "${OUTPUT_DIR}/${directory}" + sudo rsync -a --update --no-links \ + --exclude='/*.log' \ + --exclude='/*.pem' \ + --exclude='/*.csr' \ + --exclude='/*.key' \ + --exclude='/*.crt' \ + "${REPO_ROOT_DIR}/${directory}/" "${OUTPUT_DIR}/${directory}/" + if [[ $? -gt 0 ]]; then + echo "...error copying '${REPO_ROOT_DIR}/${directory}' to '${OUTPUT_DIR}/${directory}'" + exit 1 + fi + + echo "...successfully copied '${REPO_ROOT_DIR}/${directory}' to '${OUTPUT_DIR}/${directory}'..." - while read -r shellFile; do - chmod +x ${shellFile} - chmod 777 ${shellFile} - done < <(find "${OUTPUT_DIR}" -iname "*.sh") } function main() { @@ -56,32 +77,23 @@ function main() { [[ ! -d "${OUTPUT_DIR}" ]] && sudo mkdir -p "${OUTPUT_DIR}" - echo "...outputting to '${OUTPUT_DIR}'..." - - eval "sudo rsync -a --update --no-links \ - --exclude='/.devcontainer' \ - --exclude='/.pipelines' \ - --exclude='/.vscode' \ - --exclude='/.git' \ - --exclude='/.git*' \ - --exclude='/docs' \ - --exclude='/tmp' \ - --exclude='/logs' \ - --exclude='/output' \ - --exclude='/owners.txt' \ - --exclude='/*.md' \ - --exclude='/LICENSE' \ - --exclude='/*.log' \ - --exclude='/*.gitignore' \ - --exclude='/*.gitattributes' \ - --exclude='/spacedev_cache' \ - --exclude='/.shellcheckrc' \ - --exclude='/tests' \ - '${REPO_ROOT_DIR}/' '${OUTPUT_DIR}/'" + echo "Copying Azure Orbital Space SDK to '${OUTPUT_DIR}'..." - clean_up_dest_directory + copy_directory_to_dest --directory "build" + copy_directory_to_dest --directory "certs" + copy_directory_to_dest --directory "chart" + copy_directory_to_dest --directory "config" + copy_directory_to_dest --directory "env" + copy_directory_to_dest --directory "modules" + copy_directory_to_dest --directory "protos" + copy_directory_to_dest --directory "scripts" - echo "...successfully outputted to '${OUTPUT_DIR}'." + while read -r shellFile; do + chmod +x ${shellFile} + chmod 777 ${shellFile} + done < <(find "${OUTPUT_DIR}" -iname "*.sh") + + echo "...successfully copied Azure Orbital Space SDK to '${OUTPUT_DIR}'." sudo chown -R "${USER:-$(id -un)}" "${OUTPUT_DIR}" @@ -90,3 +102,5 @@ function main() { main + + diff --git a/config/0_spacesdk-base.yaml b/config/0_spacesdk-base.yaml index 54c578a..617f3a6 100644 --- a/config/0_spacesdk-base.yaml +++ b/config/0_spacesdk-base.yaml @@ -50,4 +50,6 @@ config: push_enabled: true pull_enabled: true login_enabled: true + login_username_file: ${HOME}/.ssh/ghcr_username + login_password_file: ${HOME}/.ssh/ghcr_password hostDirectoryMounts: \ No newline at end of file diff --git a/modules/m_50_spacefx-config.sh b/modules/m_50_spacefx-config.sh index 1ebc933..f4e6de7 100755 --- a/modules/m_50_spacefx-config.sh +++ b/modules/m_50_spacefx-config.sh @@ -31,8 +31,9 @@ function _generate_spacefx_config_json() { create_directory "${SPACEFX_DIR}/tmp/config" if [[ "${SPACEFX_CHANNEL}" != "stable" ]]; then - [[ ! -f "${SPACEFX_DIR}/config/channels/${SPACEFX_CHANNEL}.yaml" ]] && exit_with_error "Channel '${SPACEFX_CHANNEL}' does not exist. Please update the channel in spacefx.env and try again." - run_a_script "cp ${SPACEFX_DIR}/config/channels/${SPACEFX_CHANNEL}.yaml ${SPACEFX_DIR}/config/${SPACEFX_CHANNEL}.yaml" + debug_log "Channel '${SPACEFX_CHANNEL}' detected. Copying channel config '${SPACEFX_DIR}/config/channels/${SPACEFX_CHANNEL}.yaml' to '${SPACEFX_DIR}/config/${SPACEFX_CHANNEL}.yaml'." + [[ ! -f "${SPACEFX_DIR}/config/channels/${SPACEFX_CHANNEL}.yaml" ]] && exit_with_error "Channel config '${SPACEFX_DIR}/config/channels/${SPACEFX_CHANNEL}.yaml' does not exist. Please update the channel in spacefx.env and try again." + run_a_script "cp ${SPACEFX_DIR}/config/channels/${SPACEFX_CHANNEL}.yaml ${SPACEFX_DIR}/config/${SPACEFX_CHANNEL}.yaml" --disable_log fi # Build the JSON output from the configuration in yq diff --git a/modules/m_60_container_registries.sh b/modules/m_60_container_registries.sh index 6352ad1..63ae8db 100755 --- a/modules/m_60_container_registries.sh +++ b/modules/m_60_container_registries.sh @@ -217,19 +217,29 @@ function find_registry_for_image(){ fi info_log "Locating registry for '${container_image}'..." - run_a_script "jq -r '.config.containerRegistries[] | select(.pull_enabled == true) | @base64' ${SPACEFX_DIR}/tmp/config/spacefx-config.json" container_registries --disable_log REGISTRY_IMAGE_NAME="" for row in $container_registries; do parse_json_line --json "${row}" --property ".url" --result container_registry + parse_json_line --json "${row}" --property ".login_enabled" --result login_enabled + parse_json_line --json "${row}" --property ".login_username_file" --result login_username_file + parse_json_line --json "${row}" --property ".login_password_file" --result login_password_file check_for_repo_prefix --registry "${container_registry}" --repo "${container_image}" --result _find_registry_for_image_repo info_log "Checking container registry '${container_registry}' for image '${_find_registry_for_image_repo}'..." - run_a_script "regctl image manifest ${container_registry}/${_find_registry_for_image_repo}" --ignore_error --disable_log + if [[ "${login_enabled}" == "true" ]]; then + login_to_container_registry --container_registry "${container_registry}" --container_registry_username_file "${login_username_file}" --container_registry_password_file "${login_password_file}" + fi + + run_a_script "regctl image manifest ${container_registry}/${_find_registry_for_image_repo}" _find_registry_for_image_result --ignore_error --disable_log + + if [[ "${_find_registry_for_image_result}" == *"unauthorized"* ]]; then + exit_with_error "Unauthorized to access image to container registry '${container_registry}'. Please login with docker login '${container_registry}', regctl registry login '${container_registry}' --user --pass , or use the config login_username_file and login_password_file configuration options" + fi if [[ "${RETURN_CODE}" -eq 0 ]]; then info_log "...image '${container_image}' FOUND in container registry '${container_registry}' (as '${_find_registry_for_image_repo}')" @@ -243,6 +253,103 @@ function find_registry_for_image(){ eval "$return_result_var='$REGISTRY_IMAGE_NAME'" } +############################################################ +# Login to container registry +############################################################ +function login_to_container_registry(){ + info_log "START: ${FUNCNAME[0]}" + + local container_registry="" + local container_registry_username_file="" + local container_registry_password_file="" + + local is_logged_in=false + + while [[ "$#" -gt 0 ]]; do + case $1 in + --container_registry) + shift + container_registry=$1 + ;; + --container_registry_username_file) + shift + container_registry_username_file=$1 + ;; + --container_registry_password_file) + shift + container_registry_password_file=$1 + ;; + esac + shift + done + + [[ -z "${container_registry}" ]] && exit_with_error "--container_registry empty. Please supply a container registry to login to" + + info_log "container_registry_username_file '${container_registry_username_file}'..." + + is_cmd_available "docker" HAS_DOCKER + + if [[ "${HAS_DOCKER}" == true ]]; then + trace_log "Docker detected. Checking if we're already logged in to '${container_registry}'..." + + if [[ -f "${HOME}/.docker/config.json" ]]; then + run_a_script "jq -r '.auths | has(\"${container_registry}\")' ${HOME}/.docker/config.json" is_logged_in + fi + + if [[ "${is_logged_in}" == false ]]; then + run_a_script "docker logout ${container_registry}" --ignore_error --disable_log + run_a_script "docker logout ${container_registry}" --ignore_error --disable_log --no_sudo + + [[ -z "${container_registry_username_file}" ]] && exit_with_error "--container_registry_username_file empty. Please supply a container registry username file to login to" + [[ -z "${container_registry_password_file}" ]] && exit_with_error "--container_registry_password_file empty. Please supply a container registry password file to login to" + [[ ! -f "${container_registry_username_file}" ]] && exit_with_error "Unable to login to '${container_registry}'. Username file '${container_registry_username_file}' not found" + [[ ! -f "${container_registry_password_file}" ]] && exit_with_error "Unable to login to '${container_registry}'. Password file '${container_registry_password_file}' not found" + + run_a_script "cat ${container_registry_username_file}" container_registry_username --disable_log + run_a_script "cat ${container_registry_password_file}" container_registry_password --disable_log + run_a_script "docker login ${container_registry} --username '${container_registry_username}' --password '${container_registry_password}'" --disable_log + run_a_script "docker login ${container_registry} --username '${container_registry_username}' --password '${container_registry_password}'" --disable_log --no_sudo + + is_logged_in=true + else + info_log "Already logged in to '${container_registry}' with Docker." + info_log "END: ${FUNCNAME[0]}" + return + fi + fi + + # This will allow us to login with regctl if docker is not available + is_cmd_available "regctl" HAS_REGCTL + if [[ "${HAS_REGCTL}" == true ]]; then + trace_log "Regctl detected. Checking if we're already logged in to '${container_registry}'..." + + if [[ -f "${HOME}/.regctl/config.json" ]]; then + run_a_script "jq -r '.hosts | has(\"${container_registry}\")' ${HOME}/.regctl/config.json" is_logged_in --disable_log + fi + + if [[ "${is_logged_in}" == false ]]; then + run_a_script "regctl registry logout ${container_registry}" --ignore_error --disable_log + run_a_script "regctl registry logout ${container_registry}" --ignore_error --disable_log --no_sudo + + [[ -z "${container_registry_username_file}" ]] && exit_with_error "--container_registry_username_file empty. Please supply a container registry username file to login to" + [[ -z "${container_registry_password_file}" ]] && exit_with_error "--container_registry_password_file empty. Please supply a container registry password file to login to" + [[ ! -f "${container_registry_username_file}" ]] && exit_with_error "Unable to login to '${container_registry}'. Username file '${container_registry_username_file}' not found" + [[ ! -f "${container_registry_password_file}" ]] && exit_with_error "Unable to login to '${container_registry}'. Password file '${container_registry_password_file}' not found" + + run_a_script "cat ${container_registry_username_file}" container_registry_username --disable_log + run_a_script "cat ${container_registry_password_file}" container_registry_password --disable_log + run_a_script "regctl registry login ${container_registry} --user '${container_registry_username}' --pass '${container_registry_password}'" --disable_log + run_a_script "regctl registry login ${container_registry} --user '${container_registry_username}' --pass '${container_registry_password}'" --disable_log --no_sudo + + is_logged_in=true + else + trace_log "Already logged in to '${container_registry}' with Regctl." + fi + fi + + + info_log "END: ${FUNCNAME[0]}" +} ############################################################ # Push a local image to a repository diff --git a/modules/m_70_certificates.sh b/modules/m_70_certificates.sh index 1131782..fa4f08b 100755 --- a/modules/m_70_certificates.sh +++ b/modules/m_70_certificates.sh @@ -170,7 +170,7 @@ function generate_certificate() { return fi - create_directory ${output_dir} + create_directory "${output_dir}" if [[ -f "${output_dir}/${cert_name}.crt" ]]; then debug_log "Removing out-of-date '${output_dir}/${cert_name}.crt'" @@ -182,7 +182,7 @@ function generate_certificate() { cd "${output_dir}" || exit_with_error "Failed to cd to '${output_dir}'" - run_a_script "cfssl gencert -ca=${SPACEFX_DIR}/certs/ca/ca.spacefx.local.pem -ca-key=${SPACEFX_DIR}/certs/ca/ca.spacefx.local.key -config=${cert_config} -profile=server ${cert_profile} | cfssljson -bare ${cert_name}" --no_log_results + run_a_script "cfssl gencert -ca=${SPACEFX_DIR}/certs/ca/ca.spacefx.local.pem -ca-key=${SPACEFX_DIR}/certs/ca/ca.spacefx.local.key -config=${cert_config} -profile=server ${cert_profile} | cfssljson -bare ${cert_name}" --disable_log cd - || exit_with_error "Failed to cd back" diff --git a/scripts/coresvc_registry.sh b/scripts/coresvc_registry.sh index de3554d..0ca229c 100755 --- a/scripts/coresvc_registry.sh +++ b/scripts/coresvc_registry.sh @@ -16,6 +16,7 @@ source "$(dirname "$(realpath "$0")")/../modules/load_modules.sh" $@ ############################################################ START_REGISTRY=false STOP_REGISTRY=false +IS_RUNNING=false HAS_DOCKER=false HAS_K3S=false DESTINATION_HOST="" @@ -108,17 +109,66 @@ function check_prerequisites(){ info_log "END: ${FUNCNAME[0]}" } + + +############################################################ +# Check if the registry is already up and running +############################################################ +function check_if_registry_is_already_running(){ + info_log "START: ${FUNCNAME[0]}" + + if [[ "${HAS_K3S}" == true ]]; then + info_log "Checking if '${REGISTRY_REPO}' is deployed to K3s..." + + run_a_script "kubectl --kubeconfig ${KUBECONFIG} get deployments -A -o jsonpath=\"{.items[?(@.metadata.name=='${REGISTRY_REPO}')].metadata.name}\"" _previous_deployment --ignore_error + + if [[ -n "${_previous_deployment}" ]]; then + info_log "...found '${REGISTRY_REPO}' running in K3s." + IS_RUNNING=true + fi + fi + + # shellcheck disable=SC2154 + if [[ "${HAS_DOCKER}" == true ]]; then + info_log "Checking if '${REGISTRY_REPO}' is already running in Docker..." + + run_a_script "docker container ls -a --format '{{json .}}' | jq -r 'if any(.Names; .== \"${REGISTRY_REPO}\") then .State else empty end'" container_status --disable_log + + if [[ "${container_status}" == "running" ]]; then + info_log "...found previous instance of '${REGISTRY_REPO}' in running in Docker" + IS_RUNNING=true + else + # Container status is not empty, but not "running" either. There's a stopped container that we need to remove + if [[ -n "${container_status}" ]]; then + info_log "...found non-running instance of '${REGISTRY_REPO}' in Docker. Removing..." + run_a_script "docker container rm ${REGISTRY_REPO} -f" + info_log "...successfully removed ${REGISTRY_REPO} in Docker" + fi + fi + fi + + + info_log "END: ${FUNCNAME[0]}" +} + + + ############################################################ # Stop the registry ############################################################ function stop_registry(){ info_log "START: ${FUNCNAME[0]}" + if [[ "${IS_RUNNING}" == false ]]; then + info_log "No previous instance of '${REGISTRY_REPO}' found. Nothing to do" + return + fi + if [[ "${HAS_DOCKER}" == true ]]; then info_log "Checking for ${REGISTRY_REPO} in Docker..." - run_a_script "docker container inspect ${REGISTRY_REPO} | jq '.[0].State.Status' -r" docker_status --ignore_error + run_a_script "docker container ls -a --format json | jq '. | select(.Names == \"${REGISTRY_REPO}\")'" docker_container --disable_log - if [[ -n "${docker_status}" ]]; then + if [[ -n "${docker_container}" ]]; then info_log "...found ${REGISTRY_REPO} in Docker. Stopping..." run_a_script "docker remove --force ${REGISTRY_REPO}" info_log "...successfully stopped ${REGISTRY_REPO} in Docker" @@ -130,13 +180,17 @@ function stop_registry(){ if [[ "${HAS_K3S}" == true ]]; then info_log "Checking for ${REGISTRY_REPO} in K3s..." - # run_a_script "helm --kubeconfig ${KUBECONFIG} show values ${SPACEFX_DIR}/chart | yq '.services.core.registry.repository'" REPOSITORY - + run_a_script "kubectl --kubeconfig ${KUBECONFIG} get deployments -A -o jsonpath=\"{.items[?(@.metadata.name=='${REGISTRY_REPO}')].metadata.name}\"" _previous_deployment --ignore_error - #TODO: Add - # kubectl get pods -l app.kubernetes.io/instance=${REGISTRY_REPO} + if [[ -n "${_previous_deployment}" ]]; then + info_log "...found '${REGISTRY_REPO}' running in K3s. Stopping..." + run_a_script "kubectl --kubeconfig ${KUBECONFIG} delete deployment/${REGISTRY_REPO} -n ${NAMESPACE}" + info_log "...successfully stopped ${REGISTRY_REPO} in K3s" + fi fi + IS_RUNNING=false + info_log "END: ${FUNCNAME[0]}" } @@ -147,7 +201,6 @@ function stop_registry(){ function start_registry_k3s(){ info_log "START: ${FUNCNAME[0]}" - info_log "Checking for namespace '${NAMESPACE}'..." run_a_script "kubectl --kubeconfig ${KUBECONFIG} get namespaces/${NAMESPACE}" has_namespace --ignore_error @@ -195,6 +248,7 @@ function start_registry_k3s(){ fi + # Run a helm dependency update so we can if [[ ! -f "${SPACEFX_DIR}/chart/Chart.lock" ]]; then run_a_script "helm --kubeconfig ${KUBECONFIG} dependency update ${SPACEFX_DIR}/chart" fi @@ -206,7 +260,7 @@ function start_registry_k3s(){ ${registry_yaml} SPACEFX_UPDATE_END" - wait_for_deployment --namespace "coresvc" --deployment "coresvc-registry" + wait_for_deployment --namespace "${NAMESPACE}" --deployment "${REGISTRY_REPO}" info_log "END: ${FUNCNAME[0]}" @@ -219,23 +273,6 @@ SPACEFX_UPDATE_END" function start_registry_docker(){ info_log "START: ${FUNCNAME[0]}" - info_log "Checking if '${REGISTRY_REPO}' is already running in Docker..." - - run_a_script "docker container ls -a --format '{{json .}}' | jq -r 'if any(.Names; .== \"${REGISTRY_REPO}\") then .State else empty end'" container_status - - if [[ "${container_status}" == "running" ]]; then - info_log "...found previous instance of '${REGISTRY_REPO}' in running in Docker. Nothing to do" - info_log "END: ${FUNCNAME[0]}" - return - fi - - # Container status is not empty, but not "running" either. There's a stopped container that we need to remove - if [[ -n "${container_status}" ]]; then - info_log "...found non-running instance of '${REGISTRY_REPO}' in Docker. Removing..." - run_a_script "docker container rm ${REGISTRY_REPO} -f" - info_log "...successfully removed ${REGISTRY_REPO} in Docker" - fi - # Calculate the image tag based on the channel and then check the registries to find it info_log "Locating parent registry and calculating tags for '${REGISTRY_REPO}'..." calculate_tag_from_channel --tag "${SPACEFX_VERSION}" --result spacefx_version_tag @@ -259,9 +296,6 @@ function start_registry_docker(){ info_log "...successfully pulled ${coresvc_registry_parent}/${_repo_name}:${spacefx_version_tag} to Docker." fi - - - info_log "Starting '${REGISTRY_REPO}'..." run_a_script "docker run -d \ -p 5000:5000 \ @@ -282,6 +316,7 @@ function main() { write_parameter_to_log STOP_REGISTRY check_prerequisites + check_if_registry_is_already_running if [[ "${STOP_REGISTRY}" == true ]]; then stop_registry @@ -296,12 +331,19 @@ function main() { if [[ ! -f "${SPACEFX_DIR}/certs/registry/registry.spacefx.local.crt" ]]; then info_log "Missing certificates detected. Generating certificates and restarting ${REGISTRY_REPO} (if applicable)" + # We have to stop the registry if we have to regen the certificates + stop_registry + # Generate the new certificates for SSL/TLS generate_certificate --profile "${SPACEFX_DIR}/certs/registry/registry.spacefx.local.ssl.json" --config "${SPACEFX_DIR}/certs/registry/registry.spacefx.local.ssl-config.json" --output "${SPACEFX_DIR}/certs/registry" fi - [[ "${DESTINATION_HOST}" == "docker" ]] && start_registry_docker - [[ "${DESTINATION_HOST}" == "k3s" ]] && start_registry_k3s + if [[ "${IS_RUNNING}" == true ]]; then + info_log "Registry is already running. Nothing to do" + else + [[ "${DESTINATION_HOST}" == "docker" ]] && start_registry_docker + [[ "${DESTINATION_HOST}" == "k3s" ]] && start_registry_k3s + fi info_log "------------------------------------------" info_log "END: ${SCRIPT_NAME}" diff --git a/scripts/stage/stage_container_image.sh b/scripts/stage/stage_container_image.sh index 1ec8487..4bf8de8 100755 --- a/scripts/stage/stage_container_image.sh +++ b/scripts/stage/stage_container_image.sh @@ -140,6 +140,7 @@ stage_images() { # Loop through the background pids and get their return codes had_error=false for pid in "${worker_pids[@]}"; do + debug_log "Waiting for worker pid: $pid..." local return_code wait "$pid" return_code=$?