Commit graph

111 commits

Author SHA1 Message Date
Omer Cohen
5438838be4 fix yml indent
Signed-off-by: Omer Cohen <git@omer.io>
2016-02-03 17:59:49 +02:00
Aaron Lehmann
4c850e7165 Remove tarsum support for digest package
tarsum is not actually used by the registry. Remove support for it.

Convert numerous uses in unit tests to SHA256.

Update docs to remove mentions of tarsums (which were often inaccurate).

Remove tarsum dependency.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-15 17:22:18 -08:00
Arthur Baars
59784ecdd0 Storage driver for: Google Cloud Storage (gcs)
Signed-off-by: Arthur Baars <arthur@semmle.com>
2015-10-28 20:21:56 +00:00
Josh Hawn
0f670bdc91 [api spec] Update authN and authZ errors
Associate HTTP 401s with Authentication errors rather than Authorization
errors. Changes the meaning of the UNAUTHORIZED error to be authentication
specific.

Defines DENIED error code to be associated with authorization
errors which result in HTTP 403 responses.

Add 'No Such Repository' errors to more endpoints.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-09-30 09:12:31 -07:00
Aaron Lehmann
cbc9957e29 Add a cobra command that implements the entire main function for registry
Use this command in cmd/registry/main.go.

Move debug server to the main command, and change Serve to be a
ListenAndServe function.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-09 14:39:31 -07:00
Aaron Lehmann
9b69e40c93 Move initialization code from main.go to the registry package
This makes it easier to embed a registry instance inside another
application.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-09 14:39:31 -07:00
Stephen Day
8c3fc2619c Merge pull request #907 from stevvooe/digest-tool
Add generic content digest tool
2015-08-21 11:11:40 -07:00
Stephen J Day
7835d261d8 Add generic content digest tool
Previously a useful gist, this changeset polishes the original tarsum tool into
a utility that can be used to calculate content digests. Any algorithm from the
digest package is supported with additional support from tarsum.

This tool is very useful for quickly checking backend digests and verifying
correctness.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-20 14:55:34 -07:00
Aaron Lehmann
216df32510 Add storagedriver section to health check configuration
Add default storagedriver health check to example configuration files
with parameters matching the previous hardcoded configuration.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-20 14:50:12 -07:00
Richard Scothern
cb6fde2f71 Merge pull request #874 from stevvooe/load-balancer-endpoint
Provide yes man endpoint for inflexible load balancers
2015-08-18 12:54:58 -07:00
Richard Scothern
f169359798 Merge pull request #846 from aaronlehmann/http-header-configuration
Add a section to the config file for HTTP headers to add to responses
2015-08-18 12:53:05 -07:00
xg.song
2f9f6c08ed Update example config to avoid deprecated option
The storage cache option layerinfo is deprecated,
so use blobdescriptor instead in example config files.

Signed-off-by: xg.song <xg.song@venusource.com>
2015-08-17 08:25:22 +08:00
Stephen J Day
74080b7225 Provide yes man endpoint for inflexible load balancers
Certain load balancers, such as Amazon's Elastic Load Balancer, have a very
limited notion of health. While a properly configured and operational registry
should always return a 401 when hitting "/v2/", such load balancers cannot be
configured to treat this response code as healthy. This changeset makes "/"
always return a 200 response, unless the health checks have failed.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-13 15:17:19 -07:00
Aaron Lehmann
9c3bed6b88 Add a section to the config file for HTTP headers to add to responses
The example configuration files add X-Content-Type-Options: nosniff.

Add coverage in existing registry/handlers unit tests.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-11 16:41:38 -07:00
Stephen J Day
f141480d98 Move common error codes to errcode package
Several error codes are generally useful but tied to the v2 specification
definitions. This change moves these error code definitions into the common
package for use by the health package, which is not tied to the v2 API.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-11 11:50:58 -07:00
Stephen J Day
6ba799b69e Provide simple storage driver health check
To ensure the ensure the web application is properly operating, we've added a
periodic health check for the storage driver. If the health check fails three
times in a row, the registry will serve 503 response status for any request
until the condition is resolved. The condition is reported in the response body
and via the /debug/health endpoint.

To ensure that all drivers will properly operate with this health check, a
function has been added to the driver testsuite.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-11 11:50:52 -07:00
Stephen J Day
bc5835ba2d Remove dist tool from distribution
We are headed in a different direction. The dist tool analog will not be a part
of this repository.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-06 17:35:36 -07:00
Stephen Day
a0c63372fa Merge pull request #779 from RichardScothern/pull-through-cache
Add pull through cache ability to the Registry.
2015-08-04 17:04:56 -07:00
Richard Scothern
94935f39bc Add pull through cache functionality to the Registry which can be configured
with a new `proxy` section in the configuration file.

Create a new registry type which delegates storage to a proxyBlobStore
and proxyManifestStore.  These stores will pull through data if not present
locally.  proxyBlobStore takes care not to write duplicate data to disk.

Add a scheduler to cleanup expired content. The scheduler runs as a background
goroutine.  When a blob or manifest is pulled through from the remote registry,
an entry is added to the scheduler with a TTL.  When the TTL expires the
scheduler calls a pre-specified function to remove the fetched resource.

Add token authentication to the registry middleware.  Get a token at startup
and preload the credential store with the username and password supplied in the
config file.

Allow resumable digest functionality to be disabled at runtime and disable
it when the registry is a pull through cache.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-04 16:09:55 -07:00
Li Yi
9e4975d8ff Support OSS driver
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-07-31 13:22:54 +08:00
Stephen Day
7dc8d4a26b Merge pull request #789 from aaronlehmann/tls-settings
Change server TLS config to tighten security
2015-07-30 18:11:53 -07:00
Stephen Day
ba5ab723ad Merge pull request #792 from stevvooe/uuid-package-improvements
UUID package improvements
2015-07-30 18:10:25 -07:00
Aaron Lehmann
a3acd3a0ba Fix earlier commit to enable upload purging in example config file
Rather than setting this to "true", the whole section should be removed.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-30 17:32:35 -07:00
Aaron Lehmann
4f69ca2c07 Enable upload purging in example configuration file
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-30 17:08:01 -07:00
Aaron Lehmann
6c2ef78aa7 Rename dev-config.yml and example-config.yml to config-dev.yml and config-example.yml
Better for sort order.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-30 15:51:50 -07:00
Stephen J Day
2c9ab4f441 Only enable uuid generation warning when using registry handlers
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-30 14:27:07 -07:00
Aaron Lehmann
f0c5284d2d Sample config file changes
Rename config.yml to dev-config.yml

Add example-config.yml, a simple configuration file for the official
This was originally made for the the distribution-library-image repo,
but is being moved here to make sure it stays in sync.

Update Dockerfile and docs for the rename.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-30 12:14:39 -07:00
Aaron Lehmann
dc5869de0b Change server TLS config to tighen security
Change the minimum TLS version to TLS 1.0, and add a custom list of
ciphersuites which are thought to be the most secure options.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-30 11:37:39 -07:00
Aaron Lehmann
70d9a9d543 Automatically generate a HTTP secret if none is provided
Log a warning if the registry generates its own secret.

Update configuration doc, and remove the default secret from the
development config file.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-29 14:28:56 -07:00
Richard
9c1dd69439 Manifest and layer soft deletion.
Implement the delete API by implementing soft delete for layers
and blobs by removing link files and updating the blob descriptor
cache.  Deletion is configurable - if it is disabled API calls
will return an unsupported error.

We invalidate the blob descriptor cache by changing the linkedBlobStore's
blobStatter to a blobDescriptorService and naming it blobAccessController.

Delete() is added throughout the relevant API to support this functionality.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-07-24 09:57:20 -07:00
Sylvain Baubeau
62594d3a1b Remove IPC support for Swift driver
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:09 +02:00
Sylvain Baubeau
2846913552 Change folder mime type to application/vnc.swift.directory
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:09 +02:00
Sylvain Baubeau
ea7c53df08 Add Openstack Swift storage driver
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:08 +02:00
Florentin Raud
3f33d20b2a Change confusing enpoint name
Since the actual port is 5003, it would make sense to name it local-5003 instead of local-8082

Signed-off-by: Florentin Raud <florentin.raud@gmail.com>
2015-07-21 09:05:27 +01:00
Stephen J Day
d3d4423ff7 Remove half-baked Storage Driver IPC support
This removes documentation and code related to IPC based storage driver
plugins. The existence of this functionality was an original feature goal but
is now not maintained and actively confusing incoming contributions. We will
likely explore some driver plugin mechanism in the future but we don't need
this laying around in the meantime.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-29 16:52:12 -07:00
Stephen Day
3ea67df373 Merge pull request #623 from ahmetalpbalkan/azure-vendor
storage/driver/azure: Update vendored Azure SDK
2015-06-16 17:41:38 -07:00
Ahmet Alp Balkan
daa22cacba storage/driver/azure: Update vendored Azure SDK
This change refreshes the updated version of Azure SDK
for Go that has the latest changes.

I manually vendored the new SDK (github.com/Azure/azure-sdk-for-go)
and I removed `management/` `core/` packages manually simply because
they're not used here and they have a fork of `net/http` and `crypto/tls`
for a particular reason. It was introducing a 44k SLOC change otherwise...

This also undoes the `include_azure` flag (actually Steven removed the
driver from imports but forgot to add the build flag apparently, so the
flag wasn't really including azure. 😄 ). This also must be obsolete
now.

Fixes #620, #175.

Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-06-16 17:13:44 -07:00
Olivier Gambier
d678e3dc57 Merge pull request #608 from dmcgowan/http-basic-auth
Implementation of a basic authentication scheme using standard .htpasswd
2015-06-15 17:40:58 -07:00
Stephen Day
e57e731821 Merge pull request #548 from duglin/MoveErrors
Move ErrorCode logic to new errcode package
2015-06-15 14:33:28 -07:00
Doug Davis
441f7cac87 Round 4
Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-06-11 21:33:35 -07:00
yuzou
8a89040247 add configuration file close after it is parsed.
Signed-off-by: yuzou <zouyu7@huawei.com>
2015-06-12 10:41:00 +08:00
Stephen Day
a5b21fa8f0 Merge pull request #617 from dmp42/pathchange
Saner default data location
2015-06-11 11:42:24 -07:00
Stephen Day
fc796f1722 Merge pull request #584 from xiekeyang/panic
Panic: Add Handler
2015-06-11 11:01:43 -07:00
Olivier Gambier
6e0cfc17dc Saner default data location
Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-10 20:54:24 -07:00
Stephen J Day
0f654c25ac Rename the basic access controller to htpasswd
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-10 19:41:35 -07:00
Stephen J Day
ffe56ebe41 Refactor Basic Authentication package
This change refactors the basic authentication implementation to better follow
Go coding standards. Many types are no longer exported. The parser is now a
separate function from the authentication code. The standard functions
(*http.Request).BasicAuth/SetBasicAuth are now used where appropriate.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-10 19:06:38 -07:00
Dave Trombley
0ecaa7f40a Fixed WWW-Authenticate: header, added example config and import into main, fixed golint warnings
Signed-off-by: Dave Trombley <dave.trombley@gmail.com>
2015-06-10 19:06:38 -07:00
xiekeyang
aa73c53690 Panic: Add Handler
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-06-06 02:38:52 +00:00
Stephen J Day
93aff60741 Disable building of azure storage driver by default
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-03 18:14:53 -07:00
Stephen Day
0d40913b9a Merge pull request #394 from xiekeyang/feature-panic-hook
Feature: Add Hook for Web Application Panic
2015-06-01 13:23:32 -07:00