From: Filip Schauer <f.schauer@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH storage v5 13/17] api: add storage/{storage}/oci-registry-pull method
Date: Wed, 8 Oct 2025 19:10:19 +0200 [thread overview]
Message-ID: <20251008171028.196998-14-f.schauer@proxmox.com> (raw)
In-Reply-To: <20251008171028.196998-1-f.schauer@proxmox.com>
Add a storage API method to pull an OCI image from a registry using
skopeo.
Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
Introduced in v5.
debian/control | 1 +
src/PVE/API2/Storage/Status.pm | 70 ++++++++++++++++++++++++++++++++++
2 files changed, 71 insertions(+)
diff --git a/debian/control b/debian/control
index 5341317..6bd55a2 100644
--- a/debian/control
+++ b/debian/control
@@ -54,6 +54,7 @@ Depends: bzip2,
${misc:Depends},
${perl:Depends},
Recommends: pve-esxi-import-tools (>= 0.6.0),
+ skopeo,
zfs-zed,
Description: Proxmox VE storage management library
This package contains the storage management library used by Proxmox VE.
diff --git a/src/PVE/API2/Storage/Status.pm b/src/PVE/API2/Storage/Status.pm
index 7bde4ec..12b7341 100644
--- a/src/PVE/API2/Storage/Status.pm
+++ b/src/PVE/API2/Storage/Status.pm
@@ -265,6 +265,7 @@ __PACKAGE__->register_method({
{ subdir => 'download-url' },
{ subdir => 'file-restore' },
{ subdir => 'import-metadata' },
+ { subdir => 'oci-registry-pull' },
{ subdir => 'prunebackups' },
{ subdir => 'rrd' },
{ subdir => 'rrddata' },
@@ -864,6 +865,75 @@ __PACKAGE__->register_method({
},
});
+__PACKAGE__->register_method({
+ name => 'oci_registry_pull',
+ path => '{storage}/oci-registry-pull',
+ method => 'POST',
+ description => "Pull an OCI image from a registry.",
+ proxyto => 'node',
+ permissions => {
+ check => [
+ 'and',
+ ['perm', '/storage/{storage}', ['Datastore.AllocateTemplate']],
+ ['perm', '/nodes/{node}', ['Sys.AccessNetwork']],
+ ],
+ },
+ protected => 1,
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ node => get_standard_option('pve-node'),
+ storage => get_standard_option('pve-storage-id'),
+ reference => {
+ description => "The reference to the OCI image to download.",
+ type => 'string',
+ pattern =>
+ '^(?:(?:[a-zA-Z\d]|[a-zA-Z\d][a-zA-Z\d-]*[a-zA-Z\d])'
+ . '(?:\.(?:[a-zA-Z\d]|[a-zA-Z\d][a-zA-Z\d-]*[a-zA-Z\d]))*(?::\d+)?/)?[a-z\d]+'
+ . '(?:/[a-z\d]+(?:(?:(?:[._]|__|[-]*)[a-z\d]+)+)?)*:\w[\w.-]{0,127}$',
+ },
+ },
+ },
+ returns => {
+ type => "string",
+ },
+ code => sub {
+ my ($param) = @_;
+
+ die "Install 'skopeo' to pull OCI images from registries.\n" if (!-f '/usr/bin/skopeo');
+
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $user = $rpcenv->get_user();
+
+ my $cfg = PVE::Storage::config();
+
+ my ($node, $storage) = $param->@{qw(node storage)};
+ my $scfg = PVE::Storage::storage_check_enabled($cfg, $storage, $node);
+
+ die "can't upload to storage type '$scfg->{type}', not a file based storage!\n"
+ if !defined($scfg->{path});
+
+ my $reference = $param->{reference};
+
+ die "storage '$storage' is not configured for content-type 'vztmpl'\n"
+ if !$scfg->{content}->{vztmpl};
+
+ my $filename = PVE::Storage::normalize_content_filename($reference);
+ my $path = PVE::Storage::get_vztmpl_dir($cfg, $storage);
+ PVE::Storage::activate_storage($cfg, $storage);
+
+ my $worker = sub {
+ PVE::Tools::run_command(
+ ["skopeo", "copy", "docker://$reference", "oci-archive:$path/$filename.tar"],
+ );
+ };
+
+ my $worker_id = PVE::Tools::encode_text($filename); # must not pass : or the like as w-ID
+
+ return $rpcenv->fork_worker('ociregistrypull', $worker_id, $user, $worker);
+ },
+});
+
__PACKAGE__->register_method({
name => 'get_import_metadata',
path => '{storage}/import-metadata',
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-10-08 17:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-08 17:10 [pve-devel] [PATCH container/docs/manager/proxmox{, -perl-rs}/storage v5 00/17] support OCI images as container templates Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH proxmox v5 01/17] io: introduce RangeReader for bounded reads Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH proxmox v5 02/17] add proxmox-oci crate Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH proxmox v5 03/17] proxmox-oci: add tests for whiteout handling Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH proxmox-perl-rs v5 04/17] add Perl mapping for OCI container image parser/extractor Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 05/17] config: add `lxc.environment.runtime`/`hooks` Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 06/17] add support for OCI images as container templates Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 07/17] config: add entrypoint parameter Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 08/17] configure static IP in LXC config for custom entrypoint Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 09/17] setup: debian: create /etc/network path if missing Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 10/17] setup: recursively mkdir /etc/systemd/{network, system-preset} Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH container v5 11/17] implement host-managed DHCP for containers with `ipmanagehost` Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH storage v5 12/17] allow .tar container templates Filip Schauer
2025-10-08 17:10 ` Filip Schauer [this message]
2025-10-08 17:10 ` [pve-devel] [PATCH manager v5 14/17] ui: storage upload: accept *.tar files as vztmpl Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH manager v5 15/17] api: add nodes/{node}/query-oci-repo-tags method Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH manager v5 16/17] ui: template view: add OCI registry pull dialog Filip Schauer
2025-10-08 17:10 ` [pve-devel] [PATCH docs v5 17/17] ct: add OCI image docs Filip Schauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251008171028.196998-14-f.schauer@proxmox.com \
--to=f.schauer@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox