fix: registry fallback skips dead primary, WireGuard first-boot, Gitea port 3001
Registry fallback now only tries DIFFERENT registries (skips original that already failed). 120s timeout per fallback attempt. WireGuard keys generated on unbundled first-boot. Gitea ROOT_URL uses port 3001. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -80,14 +80,11 @@ impl RegistryConfig {
|
||||
format!("{}/{}", registry.url, image_name)
|
||||
}
|
||||
|
||||
/// Generate all image URLs to try for a given image, in priority order.
|
||||
/// Generate fallback image URLs to try (excludes the original since it already failed).
|
||||
pub fn image_candidates(&self, image: &str) -> Vec<(String, bool)> {
|
||||
let mut candidates = Vec::new();
|
||||
|
||||
// First: the original image as-is
|
||||
candidates.push((image.to_string(), true));
|
||||
|
||||
// Then: rewritten for each active registry
|
||||
// Rewrite for each active registry (skip if identical to original)
|
||||
for reg in self.active_registries() {
|
||||
let rewritten = self.rewrite_image(image, reg);
|
||||
if rewritten != image {
|
||||
@@ -154,15 +151,29 @@ pub async fn pull_from_registries(
|
||||
args.push("--tls-verify=false".to_string());
|
||||
}
|
||||
|
||||
let status = tokio::process::Command::new("podman")
|
||||
let mut child = tokio::process::Command::new("podman")
|
||||
.args(&args)
|
||||
.env("TMPDIR", tmpdir)
|
||||
.stdout(std::process::Stdio::null())
|
||||
.stderr(std::process::Stdio::null())
|
||||
.status()
|
||||
.await;
|
||||
.spawn()
|
||||
.ok();
|
||||
|
||||
if status.map(|s| s.success()).unwrap_or(false) {
|
||||
let status = if let Some(ref mut c) = child {
|
||||
match tokio::time::timeout(std::time::Duration::from_secs(120), c.wait()).await {
|
||||
Ok(Ok(s)) => Some(s.success()),
|
||||
_ => {
|
||||
let _ = c.kill().await;
|
||||
let _ = c.wait().await;
|
||||
debug!("Fallback pull timed out: {}", candidate);
|
||||
None
|
||||
}
|
||||
}
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
if status == Some(true) {
|
||||
// If we pulled from a non-original registry, tag it with the original name
|
||||
if candidate != image {
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
|
||||
Reference in New Issue
Block a user