]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-build.git/commit
bwc: pin podman auth to a persistent authfile 2642/head
authorDavid Galloway <david.galloway@ibm.com>
Thu, 2 Jul 2026 22:21:21 +0000 (18:21 -0400)
committerDavid Galloway <david.galloway@ibm.com>
Thu, 2 Jul 2026 22:23:38 +0000 (18:23 -0400)
commitaae7f2fd4e6efd45f36e0e9fa342b9d2db252bfd
tree7f1d36c41239912c0e9e501600644aacb3b0e93a
parentc8bfb256c24e3ec5e0a4a9a9a039f7c51c48c215
bwc: pin podman auth to a persistent authfile

podman login was writing credentials to the default location under
XDG_RUNTIME_DIR (/run/user/<uid>), which is logind-managed tmpfs. The
Jenkins agent runs without XDG_RUNTIME_DIR set, so the runtime dir can
be torn down or re-resolved between bwc_login and the podman build it
is meant to authenticate. When that happens, the base image pull inside
build-with-container.py silently falls back to anonymous and hits
Docker Hub's per-IP unauthenticated rate limit (toomanyrequests), e.g.:

  https://jenkins.ceph.com/job/ceph-pull-requests-arm64/99076/

Set REGISTRY_AUTH_FILE to a persistent path in $HOME and pass
--authfile to podman login so login and all subsequent podman/buildah
invocations in the job resolve the same credential file regardless of
session state.

Fixes: https://tracker.ceph.com/issues/77920
Signed-off-by: David Galloway <david.galloway@ibm.com>
scripts/bwc.sh