Commit graph

2977 commits

Author SHA1 Message Date
Stephen J Day
2f2445a335 Refactor handling of hmac state packing
This refactors the hmac state token to take control of the layerUploadState
json message, which has been removed from the storage backend. It also moves
away from the concept of a LayerUploadStateStore callback object, which was
short-lived. This allows for upload offset to be managed by the web application
logic in the face of an inconsistent backend. By controlling the upload offset
externally, we reduce the possibility of misreporting upload state to a client.

We may still want to modify the way this works after getting production
experience.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-09 14:50:39 -08:00
Stephen J Day
ba6b774aea Spool layer uploads to remote storage
To smooth initial implementation, uploads were spooled to local file storage,
validated, then pushed to remote storage. That approach was flawed in that it
present easy clustering of registry services that share a remote storage
backend. The original plan was to implement resumable hashes then implement
remote upload storage. After some thought, it was found to be better to get
remote spooling working, then optimize with resumable hashes.

Moving to this approach has tradeoffs: after storing the complete upload
remotely, the node must fetch the content and validate it before moving it to
the final location. This can double bandwidth usage to the remote backend.
Modifying the verification and upload code to store intermediate hashes should
be trivial once the layer digest format has settled.

The largest changes for users of the storage package (mostly the registry app)
are the LayerService interface and the LayerUpload interface. The LayerService
now takes qualified repository names to start and resume uploads. In corallry,
the concept of LayerUploadState has been complete removed, exposing all aspects
of that state as part of the LayerUpload object. The LayerUpload object has
been modified to work as an io.WriteSeeker and includes a StartedAt time, to
allow for upload timeout policies. Finish now only requires a digest, eliding
the requirement for a size parameter.

Resource cleanup has taken a turn for the better. Resources are cleaned up
after successful uploads and during a cancel call. Admittedly, this is probably
not completely where we want to be. It's recommend that we bolster this with a
periodic driver utility script that scans for partial uploads and deletes the
underlying data. As a small benefit, we can leave these around to better
understand how and why these uploads are failing, at the cost of some extra
disk space.

Many other changes follow from the changes above. The webapp needs to be
updated to meet the new interface requirements.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-09 14:50:39 -08:00
Stephen J Day
219bd48c24 Add path mapper definitions for upload locations
This change updates the path mapper to be able to specify upload management
locations. This includes a startedat file, which contains the RFC3339 formatted
start time of the upload and the actual data file.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-09 14:49:07 -08:00
Stephen J Day
75c5916dde Release lock during WriteStream for inmemory driver
While reading from the input in WriteStream, the inmemory driver can deadlock
if the reader is from the same instance. To fix this, the write lock is
released before reading into a local buffer. The lock is re-acquired to
finish the actual write.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-09 14:49:06 -08:00
Stephen J Day
09522d8535 Implement a remote file writer for use with StorageDriver
This changeset implements a fileWriter type that can be used to managed writes
to remote files in a StorageDriver. Basically, it manages a local seek position
for a remote path. An efficient use of this implementation will write data in
large blocks.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-09 14:49:06 -08:00
Stephen Day
e8714b9977 Merge pull request #55 from BrianBland/layerhandler
Adds support for content redirects for layer downloads
2015-01-09 14:44:54 -08:00
Brian Bland
f22ad79d36 Factors out resolveBlobPath, renames expires -> expiry 2015-01-08 17:56:45 -08:00
Brian Bland
cc3c648f44 Fixes tests, moves layerhandler in config file 2015-01-08 17:29:22 -08:00
Brian Bland
abb901e4ab Adds options map for storagedriver URLFor() method 2015-01-08 17:10:32 -08:00
Brian Bland
17915e1b01 Adds support for content redirects for layer downloads
Includes a delegate implementation which redirects to the URL generated
by the storagedriver, and a cloudfront implementation.
Satisfies proposal #49
2015-01-08 17:01:28 -08:00
Stephen Day
65863802d7 Merge pull request #51 from AndreyKostov/ng-add-storagedriver-urlfor
Add the URLFor optional method to the storagedriver api
2015-01-08 15:33:15 -08:00
Andrey Kostov
bc9509d85f Consolidate the s3 driver parameters with a struct 2015-01-08 00:46:48 +02:00
Stephen Day
69da73f69d Merge pull request #48 from stevvooe/fix-client-hmac-state-support
Correctly assemble URL during blob upload
2015-01-07 14:24:08 -08:00
Andrey Kostov
a2b294f444 Add the URLFor optional method to the storagedriver api
We now also have a storagedriver error variable for identifying
api calls that are not implemented by drivers (the URLFor method
is not implemented by either the filesystem or inmemory drivers)
2015-01-07 18:44:01 +02:00
Andrey Kostov
7c9112fc3c Make the encrpyt parameter default to false 2015-01-07 11:51:29 +02:00
Andrey Kostov
a0ef0d6aad Add the v4auth parameter
v4auth will default to true and if the frankfurt (eu-central-1) region
is selected with v4auth set to false explicitly, the driver will error
out upon initialization.
2015-01-07 11:50:32 +02:00
Andrey Kostov
031c388543 Add the secure flag for the s3 driver
The secure flag will be true by default and will change the
s3 endpoint of the region to http instead of https when selected as false.
The main benefits of running with secure being false is that it apparently
has a roughly 33% performance boost (even on pure data transfer, not only
connection setup which is what I would have expected).
2015-01-07 11:24:09 +02:00
Stephen Day
fadd5dfcfb Merge pull request #50 from BrianBland/storagedriver-path-fix
Relaxes storagedriver path constraints
2015-01-06 19:52:52 -08:00
Brian Bland
f6aadc2028 Relaxes storagedriver path constraints (#47)
No longer requires that file paths match the repository naming scheme,
but instead allows path components as short as a single character, as to
accommodate for single-character tag names.
2015-01-06 17:18:42 -08:00
Stephen J Day
83977857f8 Correctly assemble URL during blob upload
When adding parameters to a location header, the client must not destroy
parameters already present. This change ensures that parameters are added,
rather than replaced when assembling the url.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-06 16:43:17 -08:00
Olivier Gambier
5f863238c0 Merge pull request #26 from stevvooe/move-registry-package
Move registry package out of repo root
2015-01-06 14:19:39 -08:00
Olivier Gambier
891f6a5ba5 Merge pull request #27 from BrianBland/config-readme
Updates configuration README with explanations of more fields
2015-01-06 14:19:28 -08:00
Stephen Day
70b352d1c6 Merge pull request #17 from AndreyKostov/ng-add-s3driver-readme
Add a README file and make encrypt and rootdirectory optional parameters
2015-01-06 11:43:50 -08:00
Brian Bland
dbc3ecdff5 Updates configuration README with explanations of more fields
Documents auth, reporting, and http
2015-01-06 10:59:52 -08:00
Stephen J Day
ab4a9f0480 Move registry package out of repo root
Since the repo is no longer just the registry, we are moving the registry web
application package out of the repo root into a sub-package. We may break down
the registry package further to separate webapp components and bring the client
package under it. This change accomplishes the task of freeing up the repo root
for a distribution-oriented package. A stub doc.go file is left in place to
declare intent.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-06 10:40:22 -08:00
Stephen Day
fdea60af05 Merge pull request #24 from stevvooe/breakup-common
Breakup common package
2015-01-06 10:08:10 -08:00
Stephen Day
42577c6bde Merge pull request #20 from stevvooe/api-specification-detail
Fill in detail for V2 registry api specification
2015-01-06 10:04:06 -08:00
Stephen J Day
aea52c7fb5 Remove exported StringSet type and collections package
The exported StringSet type is not necessary for the current use case of
validating issues and audiences. The exported fields on VerifyOptions have been
changed to require string slices. The collections package has been removed and
the StringSet has been moved to the token package, where it is used.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-05 18:21:03 -08:00
Stephen Day
a20b493372 Merge pull request #23 from stevvooe/master
Outline constraints for interface from distribution to core
2015-01-05 17:02:22 -08:00
Stephen J Day
adaa2246e7 Move testutil package to top-level
Since the common package no longer exists, the testutil package is being moved
up to the root. Ideally, we don't have large omnibus packages, like testutil,
but we can fix that in another refactoring round.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-05 16:53:13 -08:00
Stephen Day
396e81000e Merge pull request #22 from BrianBland/upload-tokens
Serializes upload state to an HMAC token for subsequent requests
2015-01-05 16:51:17 -08:00
Stephen J Day
d88884c51c Move names regular expressions to api/v2 packages
Because the repository name definitions are part of the v2 specification, they
have been moved out of the common package. This is part of the effort to break
up the common package into more sensible components.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-05 16:44:03 -08:00
Stephen J Day
8be20212f1 Move tarsum utilities out of common package
In preparation for removing the common package, the tarsum utilities are being
moved to the more relevant digest package. This functionality will probably go
away in the future, but it's maintained here for the time being.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-05 16:04:30 -08:00
Stephen J Day
1266f13afa Move StringSet to new collections package
As part of the efforts to break up the common package before disaster strikes,
a new collections package has been created. More may belong there but for now,
it only includes an implementation of StringSet.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-05 15:18:03 -08:00
Stephen J Day
753ccfe016 Outline constraints for interface from distribution to core
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-05 14:52:48 -08:00
Andrey Kostov
3178d8cfad Add a README file and make encrypt and rootdirectory optional parameters.
Note that the README currently contains details about the secure parameter which is part of a
separate pull request. I feel confident adding it here since I am certain we will eventually add
the secure parameter. Also note that encrypt now defaults to true and rootdirectory defaults to
the empty string.
2015-01-06 00:52:38 +02:00
Brian Bland
ea6c082e85 Minor cleanup/testing for HMAC upload tokens
Changes configuration variable, lowercases private interface methods,
adds token sanity tests.
2015-01-05 14:37:56 -08:00
Brian Bland
07ba5db168 Serializes upload state to an HMAC token for subsequent requests
To support clustered registry, upload UUIDs must be recognizable by
registries that did not issue the UUID. By creating an HMAC verifiable
upload state token, registries can validate upload requests that other
instances authorized. The tokenProvider interface could also use a redis
store or other system for token handling in the future.
2015-01-05 14:27:05 -08:00
Stephen Day
c08c6c506e Merge pull request #16 from docker/circle
Circle
2015-01-05 14:23:06 -08:00
Olivier Gambier
89cd694e51 Merge pull request #21 from stevvooe/manifest-package
Move manifest to discrete package
2015-01-05 11:30:56 -08:00
Arnaud Porterie
e637d77c73 Fix documentation link 2015-01-04 11:38:37 -08:00
Stephen J Day
2653f73779 Rename History object to comply with golint
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 18:08:53 -08:00
Stephen J Day
f1f610c6cd Decouple manifest signing and verification
It was probably ill-advised to couple manifest signing and verification to
their respective types. This changeset simply changes them from methods to
functions. These might not even be in this package in the future.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 15:46:47 -08:00
Stephen J Day
579aa3b617 Add unit tests for manifest package
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 15:24:10 -08:00
Stephen J Day
a4024b2f90 Move manifest to discrete package
Because manifests and their signatures are a discrete component of the
registry, we are moving the definitions into a separate package. This causes us
to lose some test coverage, but we can fill this in shortly. No changes have
been made to the external interfaces, but they are likely to come.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 13:23:11 -08:00
Stephen J Day
9c14404630 Address minor typos in response descriptions
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 11:39:43 -08:00
Stephen J Day
a882355dcd Regenerate V2 API Specification from template
Many details have been updated in route descriptors. This commit regenerates
the specification from the latest changes and template.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 10:49:10 -08:00
Stephen J Day
977373912c Tweak template output whitespace around descriptions
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 10:49:10 -08:00
Stephen J Day
80816100e2 Fill in API detail in RouteDescriptors
This changeset fills in details for many RouteDescriptors, ensuring that
responses and their variation are fully covered. At this point, all endpoints
are described in full. Tweaks for consistency and to avoid repetition may still
need to be done.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 10:49:10 -08:00
Stephen J Day
71819ac9c3 Use full json content type with charset parameter 2015-01-02 10:49:10 -08:00