Add support for authenticated registries by ehelms · Pull Request #245 · theforeman/foremanctl

ehelms · 2025-10-02T16:45:26Z

Enables foremanctl to authenticate with private registries by checking for auth files before attempting image pulls. Users can run podman login <registry> --authfile=/etc/foreman/registry-auth.json and foremanctl will automatically use the credentials when available.

pablomh · 2026-01-20T16:26:47Z

This has worked fine with #369, so I guess that my recommendation could be ammended if needed later.

pablomh · 2026-03-04T15:18:07Z

Thinking about this, how would it fit with future rootless containers which probably won't have access to the auth file?

ehelms · 2026-03-04T15:43:42Z

Thinking about this, how would it fit with future rootless containers which probably won't have access to the auth file?

In that case, the authentication file would be located in a different location I think. Relative to the user's home for example. I am hesitant to optimize for that.

evgeni · 2026-03-05T10:52:24Z

-
+  roles:
+    - role: pre_install
+  post_tasks:


tasks already runs after roles, so why using post_tasks here?

Cause that ordering is not obvious, while I find post_tasks to be self-documenting in terms of order.

evgeni · 2026-03-05T10:55:24Z

 ---
 redis_container_image: quay.io/sclorg/redis-6-c9s
 redis_container_tag: "latest"
+redis_registry_auth_file: /etc/foreman/registry-auth.json


does it work if we set it to None here?

Suggested change

redis_registry_auth_file: /etc/foreman/registry-auth.json

redis_registry_auth_file:

As we should try to keep the role free of Foreman specifics

I suppose. This is foremanctl so it's kinda in the name? 😁

Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>

ehelms force-pushed the add-auth-file-support branch from 2926317 to ed0815f Compare October 2, 2025 19:24

Gauravtalreja1 reviewed Oct 13, 2025

View reviewed changes

Comment thread src/roles/foreman/defaults/main.yaml

Gauravtalreja1 reviewed Oct 13, 2025

View reviewed changes

Comment thread src/playbooks/deploy/deploy.yaml Outdated

ehelms force-pushed the add-auth-file-support branch 2 times, most recently from cf006d9 to 24bbeef Compare December 5, 2025 16:34

pablomh mentioned this pull request Jan 9, 2026

Provide a way to consume containers from authenticated registries #369

Closed

pablomh reviewed Jan 9, 2026

View reviewed changes

Comment thread docs/deployment.md Outdated

pablomh reviewed Jan 9, 2026

View reviewed changes

Comment thread src/roles/pre_install/tasks/main.yaml Outdated

ehelms force-pushed the add-auth-file-support branch from 24bbeef to 812ded7 Compare January 14, 2026 16:03

pablomh reviewed Jan 14, 2026

View reviewed changes

Comment thread src/playbooks/pull-images/pull-images.yaml

ehelms force-pushed the add-auth-file-support branch 6 times, most recently from ed5d92d to b90a0a2 Compare January 15, 2026 18:15

pablomh reviewed Jan 16, 2026

View reviewed changes

Comment thread src/roles/foreman/tasks/main.yaml Outdated

pablomh reviewed Jan 16, 2026

View reviewed changes

Comment thread src/roles/foreman_proxy/tasks/main.yaml Outdated

pablomh reviewed Jan 16, 2026

View reviewed changes

Comment thread src/roles/pulp/tasks/main.yaml Outdated

pablomh reviewed Jan 16, 2026

View reviewed changes

Comment thread src/roles/pulp/tasks/main.yaml Outdated

ehelms force-pushed the add-auth-file-support branch from b90a0a2 to 728ce15 Compare January 16, 2026 14:13

ehelms force-pushed the add-auth-file-support branch from 728ce15 to bbb6195 Compare January 20, 2026 17:14

pablomh reviewed Jan 20, 2026

View reviewed changes

Comment thread src/vars/defaults.yml Outdated

ehelms force-pushed the add-auth-file-support branch from bbb6195 to edc5cb2 Compare January 30, 2026 20:56

evgeni reviewed Mar 5, 2026

View reviewed changes

Comment thread docs/deployment.md Outdated

evgeni reviewed Mar 5, 2026

View reviewed changes

Comment thread src/vars/defaults.yml Outdated

evgeni reviewed Mar 5, 2026

View reviewed changes

Comment thread src/roles/foreman/tasks/main.yaml Outdated

evgeni reviewed Mar 5, 2026

View reviewed changes

Comment thread docs/deployment.md

ehelms force-pushed the add-auth-file-support branch from edc5cb2 to d604d55 Compare March 5, 2026 19:50

Add support for authenticated registries

0cd5168

Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>

ehelms force-pushed the add-auth-file-support branch from d604d55 to 0cd5168 Compare March 5, 2026 19:53

evgeni reviewed Mar 6, 2026

View reviewed changes

Comment thread src/vars/images.yml Outdated

Apply suggestion from @evgeni

4f089b8

evgeni approved these changes Mar 6, 2026

View reviewed changes

evgeni merged commit a8c6cfe into theforeman:master Mar 6, 2026
11 checks passed

	redis_registry_auth_file: /etc/foreman/registry-auth.json
	redis_registry_auth_file:

Conversation

ehelms commented Oct 2, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

pablomh commented Jan 20, 2026

Uh oh!

Uh oh!

pablomh commented Mar 4, 2026

Uh oh!

ehelms commented Mar 4, 2026

Uh oh!

Uh oh!

evgeni Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

ehelms Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

evgeni Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

ehelms Mar 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

ehelms Mar 5, 2026 •

edited

Loading