Commit graph

643 commits

Author SHA1 Message Date
Stephen J Day
84046e03e0 Prevent false sharing in signature fetch
The original implementation wrote to different locations in a shared slice.
While this is theoretically okay, we end up thrashing the cpu cache since
multiple slice members may be on the same cache line. So, even though each
thread has its own memory location, there may be contention over the cache
line. This changes the code to aggregate to a slice in a single goroutine.

In reality, this change likely won't have any performance impact. The theory
proposed above hasn't really even been tested. Either way, we can consider it
and possibly go forward.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-09 14:35:10 -07:00
Stephen Day
5a4f66b2f8 Merge pull request #334 from BrianBland/configOmitEmpty
Adds omitempty to several configuration fields
2015-04-07 20:02:29 -07:00
Brian Bland
5955c73db7 Adds omitempty to several configuration fields
Includes deprecated Loglevel, Log.Formatter, and Log.Fields
2015-04-07 17:54:18 -07:00
Olivier Gambier
5fe1039947 Merge pull request #332 from stevvooe/case-sensitive-backend
registry/storage/driver: defer case-sensitive support to storage backend
2015-04-07 16:24:38 -07:00
Stephen J Day
e23ca5ac5f Defer case-sensitive support to storage backend
Rather than enforce lowercase paths for all drivers, support for
case-sensitivity has been deferred to the driver. There are a few caveats to
this approach:

1. There are possible security implications for tags that only differ in their
case. For instance, a tag "A" may be equivalent to tag "a" on certain file
system backends.
2. All system paths should not use case-sensitive identifiers where possible.
This might be problematic in a blob store that uses case-sensitive ids. For
now, since digest hex ids are all case-insensitive, this will not be an issue.

The recommend workaround is to not run the registry on a case-insensitive
filesystem driver in security sensitive applications.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-07 14:14:45 -07:00
Olivier Gambier
4e2d176d27 Merge pull request #330 from stevvooe/parallelize-signature-fetch
registry/storage: parallelize signature fetch in signature store
2015-04-06 22:30:35 -07:00
Stephen Day
434be18e35 Merge pull request #331 from stevvooe/update-rough-version
version: update rough version to be closer to reality
2015-04-06 20:05:59 -07:00
Stephen Day
4d27f4f920 Merge pull request #328 from jlhawn/cloudfront_issue
Handle cloudFront bucket prefix issue
2015-04-06 20:05:37 -07:00
Josh Hawn
0eb599329a Handle cloudFront bucket prefix issue
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-04-06 19:46:05 -07:00
Stephen J Day
a307ff4471 Update rough version to be closer to reality
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-06 19:32:33 -07:00
Stephen J Day
1eab4b79bc Parallelize signature fetch in signature store
To avoid compounded round trips leading to slow retrieval of manifests with a
large number of signatures, the fetch of signatures has been parallelized. This
simply spawns a goroutine for each path, coordinated with a sync.WaitGroup.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-06 19:13:15 -07:00
Stephen Day
688d1b805c Merge pull request #326 from bfirsh/use-entrypoint-in-dockerfile
Use entrypoint in Dockerfile
2015-04-06 15:23:40 -07:00
Ben Firshman
1211d499f2 Use entrypoint in Dockerfile
Signed-off-by: Ben Firshman <ben@firshman.co.uk>
2015-04-06 23:06:18 +01:00
Stephen Day
0a2affa79f Merge pull request #311 from moxiegirl/doc-tooling-changes
doc: retooling to allow for docs build
2015-04-03 15:39:20 -07:00
Mary Anthony
636a19b212 Retooling to allow for docs build
Adding docs build to the Makefile
Adding in Sven's changes to the Makefile
Removing DS_store file
Updating per Stephen's comments
Update with Stephen's final comment

Signed-off-by: Mary Anthony <mary@docker.com>
2015-04-03 14:55:24 -07:00
Stephen Day
0eb50c18ea Merge pull request #321 from stevvooe/context-reference
context: correctly reference context object
2015-04-03 14:37:33 -07:00
Stephen J Day
03ed290cc9 Correctly reference context object
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-03 14:09:33 -07:00
Olivier Gambier
1963b7902e Merge pull request #312 from stevvooe/add-layer-info-cache
registry: integrate layer info cache with registry and storage
2015-04-03 13:53:27 -07:00
Stephen Day
f5a34a009a Merge pull request #317 from stevvooe/notification-docs
doc: document event notification system
2015-04-03 13:49:24 -07:00
Stephen Day
d43adcd910 Merge pull request #320 from RichardScothern/docs
doc: document storage middleware.
2015-04-03 13:48:43 -07:00
Stephen Day
aea2965636 Merge pull request #316 from stevvooe/eventual-consistency-approach
doc: document approach to eventual consistency
2015-04-03 13:46:19 -07:00
Richard
3573c6c466 Document storage middleware. 2015-04-03 13:45:40 -07:00
Olivier Gambier
38b8ddbe59 Merge pull request #318 from CpuID/cpuid_fix_api_issue_link
Fix GitHub issue link, simple typo
2015-04-03 10:02:36 -07:00
Nathan Sullivan
06ff65c579 fix github issue link, simple typo 2015-04-04 01:03:43 +10:00
Stephen J Day
91413606a3 Document event notification system
An overview the notification system is provided, covering topics on
architecture, configuration, implementation and formats. This may need to
filled out with further details covering format specifications.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-02 22:09:25 -07:00
Stephen J Day
09d48c7192 Move expvar under the registry section
For consistency with other systems, the redis and caching monitoring data has
been moved under the "registry" section in expvar. This ensures the entire
registry state is kept to a single section.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-02 21:30:27 -07:00
Stephen J Day
2df6b670c6 Document approach to eventual consistency
There is probably a better place for this documentation but we'd like to move
this elsewhere than a github issue. We can move this to a more appropriate
location with the documentation effort.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-02 20:24:18 -07:00
Stephen J Day
919d972e65 Allow control over which storage cache to use
This allows one to better control the usage of the cache and turn it off
completely. The storage configuration module was modified to allow parameters
to be passed to just the storage implementation, rather than to the driver.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-02 20:15:16 -07:00
Stephen J Day
44b14ceadc Integrate layer info cache with registry and storage
This changeset integrates the layer info cache with the registry webapp and
storage backend. The main benefit is to cache immutable layer meta data,
reducing backend roundtrips. The cache can be configured to use either redis or
an inmemory cache.

This provides massive performance benefits for HEAD http checks on layer blobs
and manifest verification.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-02 20:15:16 -07:00
Stephen J Day
b1f616cbff Define and implement layer info cache
This changeset defines the interface for layer info caches. Layer info caches
speed up access to layer meta data accessed in storage driver backends. The
two main operations are tests for repository membership and resolving path and
size information for backend blobs.

Two implementations are available. The main implementation leverages redis to
store layer info. An alternative implementation simply caches layer info in
maps, which should speed up resolution for less sophisticated implementations.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-02 20:15:09 -07:00
Stephen Day
cf5839b019 Merge pull request #295 from jlhawn/use_resumable_digest
digest, registry/storage: use resumable digest
2015-04-02 20:12:57 -07:00
Stephen Day
7c3b73482f Merge pull request #314 from stevvooe/lockdown-uuid-route
registry/api/v2: stronger validation for uuid field in urls
2015-04-02 13:57:17 -07:00
Stephen Day
277c68d51e Merge pull request #313 from stevvooe/move-panic-fix
registry/storage/driver/inmemory: avoid crash on invalid Move arguments
2015-04-02 13:56:40 -07:00
Josh Hawn
18c9a1cdd8 Use resumable digest for efficient upload finish
By using a resumable digester and storing the state of upload digests between
subsequent upload chunks, finalizing an upload no longer requires reading back
all of the uploaded data to verify the client's expected digest.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-04-02 11:20:31 -07:00
Stephen J Day
f26a283a48 Avoid crash on invalid Move arguments
This chnage prevents a crash when moving from a non-existent directory that has
a file as a parent. To prevent this, we simply check that the node is a
directory and throws an error if it is not.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-01 19:03:02 -07:00
Stephen J Day
1944be9db3 Stronger validation for uuid field in urls
This change adds strong validation for the uuid variable for v2 routes. This is
a minor specification change but is okay since the uuid field is controlled by
the server. The character set is restricted to avoid path traversal, allowing
for alphanumeric values and urlsafe base64 encoding.

This change has no effect on client implementations.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-01 18:57:59 -07:00
Josh Hawn
60b6748c95 Use resumable hash in digest package
Vendored resumable sha256/sha512 library. Digest package new exports a
resumable variant of the Digester.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-04-01 17:11:47 -07:00
Stephen Day
da9d49d186 Merge pull request #310 from jlhawn/improve_context_pkg
context: improve context package
2015-04-01 16:39:59 -07:00
Stephen J Day
3cad3c7b6a Add redis pool to registry webapp
Redis has been integrated with the web application for use with various
services. The configuraiton exposes connection details, timeouts and pool
parameters. Documentation has been updated accordingly.

A few convenience methods have been added to the context package to get loggers
with certain fields, exposing some missing functionality from logrus.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-01 16:27:24 -07:00
Stephen J Day
fcdfdd2ae0 Add redigo dependency to Godeps
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-01 15:55:30 -07:00
Josh Hawn
731e0b0066 Improve context package
You shouldn't have to import both:

  github.com/docker/distribution/context
  golang.org/x/net/context

just to use the distribution tools and implement the distribution interfaces.

By pulling the Context interface from golang.org/x/net/context into the
context package within the distribution project, you no longer have to import
both packages.

Note: You do not have to change anything anywhere else yet! All current uses
of both packages together will still work correctly because the Context
interface from either package is identical.

I've also made some other minor changes:

- Added a RemoteIP function. It's like RemoteAddr but discards the port suffix
- Added `.String()` to the response duration context value so that JSON log
  formatting shows human-parseable duration and not just number of nano-seconds
- Added WithMapContext(...) to the context package. This is a useful function
  so I pulled it out of the main.go in cmd/registry so that it can be used
  elsewhere.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-04-01 15:40:21 -07:00
Stephen Day
5052dc692f Merge pull request #283 from sthulb/client-certs
registry, configuration, doc: client certificates for authentication purposes.
2015-03-31 16:45:03 -07:00
Stephen Day
fd3373b91c Merge pull request #302 from RichardScothern/richardscothern-298
Attempt to identify remote IP addresses for requests which come through proxies.
2015-03-25 15:43:34 -07:00
Richard
78562258b2 Log invalid remote IPs 2015-03-25 13:44:16 -07:00
Stephen Day
e9c69ffe14 Merge pull request #293 from stevvooe/log-formatter-configuration
main, configuration, doc: allow logging formatter to be configured
2015-03-25 13:34:42 -07:00
Richard
e21a425f88 Verify IP addresses
Fix lint errors
Add more test
2015-03-25 11:11:46 -07:00
Simon Thulbourn
c8f3800f1c Add client certificate CA option to authenticate with client certs
Add the ability to authenticate against multiple client CA certificates.

Signed-off-by: Simon Thulbourn <simon+github@thulbourn.com>
2015-03-25 10:53:03 +00:00
Stephen J Day
ac73963d7e Add support for configuration static logging fields
To allow flexibility in log message context information, this changeset
provides the ability to configure static fields that are included in the
context. Such fields can be set via configuration or environment variables.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-03-24 18:47:22 -07:00
Richard
c6fdfc9cd5 Attempt to identify remote IP addresses for requests which come
through proxies.

Add a function to examine X-Forward-For and X-Real-Ip headers for
originating IP addresses.  Use RemoteAddr for notification request
record and HTTP request context.
2015-03-24 18:45:14 -07:00
Stephen J Day
a75f0f26f7 Allow logging formatter to be configured
This changeset simply adds hooks into the configuration system to support
multiple different kinds of output formats. These formatters are provided by
logrus and include options such as "text" and "json". The configuraiton
documentation has been updated accordingly.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-03-24 16:56:43 -07:00