From: Filip Schauer <f.schauer@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH storage v5 13/17] api: add storage/{storage}/oci-registry-pull method
Date: Wed, 8 Oct 2025 19:10:19 +0200 [thread overview]
Message-ID: <20251008171028.196998-14-f.schauer@proxmox.com> (raw)
In-Reply-To: <20251008171028.196998-1-f.schauer@proxmox.com>
Add a storage API method to pull an OCI image from a registry using
skopeo.
Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
Introduced in v5.
debian/control | 1 +
src/PVE/API2/Storage/Status.pm | 70 ++++++++++++++++++++++++++++++++++
2 files changed, 71 insertions(+)
diff --git a/debian/control b/debian/control
index 5341317..6bd55a2 100644
--- a/debian/control
+++ b/debian/control
@@ -54,6 +54,7 @@ Depends: bzip2,
${misc:Depends},
${perl:Depends},
Recommends: pve-esxi-import-tools (>= 0.6.0),
+ skopeo,
zfs-zed,
Description: Proxmox VE storage management library
This package contains the storage management library used by Proxmox VE.
diff --git a/src/PVE/API2/Storage/Status.pm b/src/PVE/API2/Storage/Status.pm
index 7bde4ec..12b7341 100644
--- a/src/PVE/API2/Storage/Status.pm
+++ b/src/PVE/API2/Storage/Status.pm
@@ -265,6 +265,7 @@ __PACKAGE__->register_method({
{ subdir => 'download-url' },
{ subdir => 'file-restore' },
{ subdir => 'import-metadata' },
+ { subdir => 'oci-registry-pull' },
{ subdir => 'prunebackups' },
{ subdir => 'rrd' },
{ subdir => 'rrddata' },
@@ -864,6 +865,75 @@ __PACKAGE__->register_method({
},
});
+__PACKAGE__->register_method({
+ name => 'oci_registry_pull',
+ path => '{storage}/oci-registry-pull',
+ method => 'POST',
+ description => "Pull an OCI image from a registry.",
+ proxyto => 'node',
+ permissions => {
+ check => [
+ 'and',
+ ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']],
+ ['perm', '/nodes/{node}', ['Sys.AccessNetwork']],
+ ],
+ },
+ protected => 1,
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ node => get_standard_option('pve-node'),
+ storage => get_standard_option('pve-storage-id'),
+ reference => {
+ description => "The reference to the OCI image to download.",
+ type => 'string',
+ pattern =>
+ '^(?:(?:[a-zA-Z\d]|[a-zA-Z\d][a-zA-Z\d-]*[a-zA-Z\d])'
+ . '(?:\.(?:[a-zA-Z\d]|[a-zA-Z\d][a-zA-Z\d-]*[a-zA-Z\d]))*(?::\d+)?/)?[a-z\d]+'
+ . '(?:/[a-z\d]+(?:(?:(?:[._]|__|[-]*)[a-z\d]+)+)?)*:\w[\w.-]{0,127}$',
+ },
+ },
+ },
+ returns => {
+ type => "string",
+ },
+ code => sub {
+ my ($param) = @_;
+
+ die "Install 'skopeo' to pull OCI images from registries.\n" if (!-f '/usr/bin/skopeo');
+
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $user = $rpcenv->get_user();
+
+ my $cfg = PVE::Storage::config();
+
+ my ($node, $storage) = $param->@{qw(node storage)};
+ my $scfg = PVE::Storage::storage_check_enabled($cfg, $storage, $node);
+
+ die "can't upload to storage type '$scfg->{type}', not a file based storage!\n"
+ if !defined($scfg->{path});
+
+ my $reference = $param->{reference};
+
+ die "storage '$storage' is not configured for content-type 'vztmpl'\n"
+ if !$scfg->{content}->{vztmpl};
+
+ my $filename = PVE::Storage::normalize_content_filename($reference);
+ my $path = PVE::Storage::get_vztmpl_dir($cfg, $storage);
+ PVE::Storage::activate_storage($cfg, $storage);
+
+ my $worker = sub {
+ PVE::Tools::run_command(
+ ["skopeo", "copy", "docker://$reference", "oci-archive:$path/$filename.tar"],
+ );
+ };
+
+ my $worker_id = PVE::Tools::encode_text($filename); # must not pass : or the like as w-ID
+
+ return $rpcenv->fork_worker('ociregistrypull', $worker_id, $user, $worker);
+ },
+});
+
__PACKAGE__->register_method({
name => 'get_import_metadata',
path => '{storage}/import-metadata',
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-10-08 17:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 17:10 [pve-devel] [PATCH container/docs/manager/proxmox{, -perl-rs}/storage v5 00/17] support OCI images as container templates Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH proxmox v5 01/17] io: introduce RangeReader for bounded reads Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH proxmox v5 02/17] add proxmox-oci crate Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH proxmox v5 03/17] proxmox-oci: add tests for whiteout handling Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH proxmox-perl-rs v5 04/17] add Perl mapping for OCI container image parser/extractor Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 05/17] config: add `lxc.environment.runtime`/`hooks` Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 06/17] add support for OCI images as container templates Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 07/17] config: add entrypoint parameter Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 08/17] configure static IP in LXC config for custom entrypoint Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 09/17] setup: debian: create /etc/network path if missing Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 10/17] setup: recursively mkdir /etc/systemd/{network, system-preset} Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 11/17] implement host-managed DHCP for containers with `ipmanagehost` Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH storage v5 12/17] allow .tar container templates Filip Schauer
2025-10-08 17:10 ` Filip Schauer [this message]
2025-10-08 17:10 ` [pve-devel] [PATCH manager v5 14/17] ui: storage upload: accept *.tar files as vztmpl Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH manager v5 15/17] api: add nodes/{node}/query-oci-repo-tags method Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH manager v5 16/17] ui: template view: add OCI registry pull dialog Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH docs v5 17/17] ct: add OCI image docs Filip Schauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251008171028.196998-14-f.schauer@proxmox.com \
--to=f.schauer@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.