Commit graph

5330 commits

Author SHA1 Message Date
Stephen J Day
9f5916b2c4 Add native TLS support to registry
This changeset provides simple tls support for a registry instance. Simply
providing a cert and key file are enough to get a tls registry running. If the
certs are trusted by the client, tls can be used throughout the push and pull
process.

If more complex TLS options are required, it is recommend that a proxy be used.
Contributions will be accepted to add more features, if necessary.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-02 14:38:47 -08:00
Stephen Day
6cd2945b5c Merge pull request #125 from jlhawn/better_url_builder
Improve URL Builders
2015-02-02 13:41:01 -08:00
Anton Tiurin
9c0519c4ed [Client] Fix error in parsing of 'Range' header.
* Result of regexp.FindStringSubmatch must be checked to be not nil.
Otherwise it leads to `index out of range`.
* Range header regexp is compiled only once to speedup (5x) the header parsing.

Signed-off-by: Anton Tiurin <noxiouz@yandex.ru>
2015-02-03 00:34:38 +03:00
Stephen Day
e492579718 Merge pull request #129 from noxiouz/fix_missing_mutex
[InMemory] Add missing mutex.RLock/RUnlock in List
2015-02-02 13:15:25 -08:00
Stephen J Day
b6270d9c14 Handle empty blob files more appropriately
Several API tests were added to ensure correct acceptance of zero-size and
empty tar files. This led to several changes in the storage backend around the
guarantees of remote file reading, which backs the layer and layer upload type.

In support of these changes, zero-length and empty checks have been added to
the digest package. These provide a sanity check against upstream tarsum
changes. The fileReader has been modified to be more robust when reading and
seeking on zero-length or non-existent files. The file no longer needs to exist
for the reader to be created. Seeks can now move beyond the end of the file,
causing reads to issue an io.EOF. This eliminates errors during certain race
conditions for reading files which should be detected by stat calls. As a part
of this, a few error types were factored out and the read buffer size was
increased to something more reasonable.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-02 13:01:49 -08:00
Stephen J Day
0270bec916 Handle empty blob files more appropriately
Several API tests were added to ensure correct acceptance of zero-size and
empty tar files. This led to several changes in the storage backend around the
guarantees of remote file reading, which backs the layer and layer upload type.

In support of these changes, zero-length and empty checks have been added to
the digest package. These provide a sanity check against upstream tarsum
changes. The fileReader has been modified to be more robust when reading and
seeking on zero-length or non-existent files. The file no longer needs to exist
for the reader to be created. Seeks can now move beyond the end of the file,
causing reads to issue an io.EOF. This eliminates errors during certain race
conditions for reading files which should be detected by stat calls. As a part
of this, a few error types were factored out and the read buffer size was
increased to something more reasonable.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-02 13:01:49 -08:00
Anton Tiurin
cea15b22e3 [InMemory] Add missing mutex.RLock/RUnlock in List to protect internal map
of dir struct.

Signed-off-by: Anton Tiurin <noxiouz@yandex.ru>
2015-02-02 23:37:25 +03:00
Stephen Day
2bacac0606 Merge pull request #127 from BrianBland/goamz-godep
Updates goamz dependency from crowdmob->AdRoll
2015-02-02 12:06:29 -08:00
Brian Bland
fb71af75c8 Updates goamz dependency from crowdmob->AdRoll
Also includes goamz PR #331 for s3 v4 auth + IAM role support
2015-02-02 11:03:20 -08:00
Josh Hawn
f801b9a7bd Improve URL Builders
Handles an issue where mux.Route does not set the desired scheme
when building a url and always uses `http`.

Now uses X-Forwarded-Proto when creating a URLBuilder from a request.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-02-02 10:38:14 -08:00
Arnaud Porterie
bdbb90e01f Merge pull request #10472 from jlhawn/handle_mux_route_url_bug
Handle gorilla/mux route url bug
2015-01-31 19:52:51 -08:00
Tibor Vass
cbda817ec3 Merge pull request #10471 from jlhawn/token_auth_header
Fix token basic auth header issue
2015-01-31 19:51:50 -05:00
Josh Hawn
63af81b883 Fix token basic auth header issue
When requesting a token, the basic auth header is always being set even
if there is no username value. This patch corrects this and does not set
the basic auth header if the username is empty.

Also fixes an issue where pulling all tags from a v2 registry succeeds
when the image does not actually exist on the registry.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-01-31 15:12:34 -08:00
Josh Hawn
050337b257 Handle gorilla/mux route url bug
When getting the URL from a v2 registry url builder, it does not
honor the scheme from the endpoint object and will cause an https
endpoint to return urls starting with http.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-01-31 12:54:57 -08:00
Liu Hua
5589ce8b8a delete duplicated word in registry/session.go
Signed-off-by: Liu Hua <sdu.liu@huawei.com>
2015-01-31 20:15:59 +08:00
Olivier Gambier
c41141fbd3 Merge pull request #114 from docker/stevvooe-patch-1
Add Stephen Day to maintainers file
2015-01-30 16:08:03 -08:00
Stephen Day
fce5115336 Merge pull request #120 from stevvooe/add-version-reporting
Add version reporting to registry binary
2015-01-30 11:46:32 -08:00
Stephen J Day
9abefef2a3 Quote argument in Makefile clean target
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-30 11:13:45 -08:00
Stephen Day
9e21347d75 Merge pull request #115 from dmcgowan/single-name-repo
Allow single name component repository names
2015-01-29 22:04:09 -08:00
Stephen J Day
33a1f4ef7d Address server errors received during layer upload
This changeset addresses intermittent internal server errors encountered during
pushes.  The root cause has been isolated to layers that result in identical,
empty filesystems but may have some path declarations (imaginge "./"),
resulting in different tarsums. The main error message reported during these
upload problems was a 500 error, which was not correct.  Further investigation
showed the errors to be rooted in digest verification when finishing uploads.

Inspection of the surrounding code also identified a few issues. PutLayerChunk
was slightly refactered into PutLayerUploadComplete. Helper methods were
avoided to make handler less confusing. This simplification leveraged an
earlier change in the spec that moved non-complete chunk uploads to the PATCH
method. Simple logging was also added in the unknown error case that should
help to avoid mysterious 500 errors in the future.

At the same time, the glaring omission of a proper layer upload cancel method
was rectified. This has been added in this change so it is not missed in the
future.

In the future, we may want to refactor the handler code to be more
straightforward, hopefully letting us avoid these problems in the future.

Added test cases that reproduce these errors and drove these changes include
the following:

1. Push a layer with an empty body results in invalid blob upload.
2. Push a layer with a different tarsum (in this case, empty tar)
3. Deleting a layer upload works.
4. Getting status on a deleted layer upload returns 404.

Common functionality was grouped into shared functions to remove repitition.
The API tests will still require future love.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-29 21:26:35 -08:00
Stephen J Day
097fce3bb2 Address server errors received during layer upload
This changeset addresses intermittent internal server errors encountered during
pushes.  The root cause has been isolated to layers that result in identical,
empty filesystems but may have some path declarations (imaginge "./"),
resulting in different tarsums. The main error message reported during these
upload problems was a 500 error, which was not correct.  Further investigation
showed the errors to be rooted in digest verification when finishing uploads.

Inspection of the surrounding code also identified a few issues. PutLayerChunk
was slightly refactered into PutLayerUploadComplete. Helper methods were
avoided to make handler less confusing. This simplification leveraged an
earlier change in the spec that moved non-complete chunk uploads to the PATCH
method. Simple logging was also added in the unknown error case that should
help to avoid mysterious 500 errors in the future.

At the same time, the glaring omission of a proper layer upload cancel method
was rectified. This has been added in this change so it is not missed in the
future.

In the future, we may want to refactor the handler code to be more
straightforward, hopefully letting us avoid these problems in the future.

Added test cases that reproduce these errors and drove these changes include
the following:

1. Push a layer with an empty body results in invalid blob upload.
2. Push a layer with a different tarsum (in this case, empty tar)
3. Deleting a layer upload works.
4. Getting status on a deleted layer upload returns 404.

Common functionality was grouped into shared functions to remove repitition.
The API tests will still require future love.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-29 21:26:35 -08:00
Stephen J Day
f926a93778 Report layer upload as unavialable when data missing
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-29 20:45:19 -08:00
Stephen J Day
c080c40030 Remove erroneous error code on layer upload delete
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-29 20:44:22 -08:00
Stephen J Day
b75455d2bd Move version printing to version package
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-29 18:32:16 -08:00
Stephen J Day
8f70e298bf Update Dockerfile to use Makefile to build binary
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-29 18:32:16 -08:00
Stephen J Day
d0abfe0b92 Report version in registry binary
We've added support to the registry command to report the current version of
the distribution package. The version package is generated with a shell script
that gets the latest tag and add "+unknown". This allows builds from "go get"
and "go install" to have a rough version number. Generated periodically, it
will provide a decent indication of what code built the binary. For more
accurate versioning, one can build with the "binaries" make target. Linker
flags are used to replace the version string with the actual current tag at
build time.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-29 18:32:01 -08:00
Stephen J Day
c4406baf8a Update AUTHORS file
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-29 15:30:53 -08:00
Derek McGowan
9dc3529dfe Add distribution maintainers to maintainers files
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-01-28 16:30:00 -08:00
Derek McGowan
94309badec Allow single name component repository names
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-01-28 14:51:02 -08:00
Stephen Day
26b01842e3 Add Stephen Day to maintainers file 2015-01-28 10:31:54 -08:00
Stephen J Day
0818476cb1 Open up v2 http status code checks for put and head checks
Under certain cases, such as when putting a manifest or check for the existence
of a layer, the status code checks in session_v2.go were too narrow for their
purpose. In the case of putting a manifest, the handler only cares that an
error is not returned. Whether it is a 304 or 202 does not matter, as long as
the server reports success. Having the client only accept specific http codes
inhibits future protocol evolution.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-27 18:09:53 -08:00
Stephen Day
1650088629 Merge pull request #77 from ahmetalpbalkan/TestStatCall-fix
Allow modtime to be a few seconds off on TestStatCall
2015-01-27 17:07:28 -08:00
Ahmet Alp Balkan
51042da7fb Modify TestStatCall to check if ModTime is increasing
Also removed ModTime checks on directories as it is not
required and some drivers might fail to provide it.

Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-01-27 14:28:43 -08:00
Olivier Gambier
769df8dabe Merge pull request #109 from AndreyKostov/storagedriver-s3-rotating-buffer
Add a rotating buffer functionality to the s3 driver
2015-01-27 14:27:24 -08:00
Stephen Day
fd37df55ff Merge pull request #111 from ahmetalpbalkan/inmemory-fix
update modtime on WriteAt for inmemory driver
2015-01-27 14:26:14 -08:00
Ahmet Alp Balkan
bf49cad662 Update modtime on WriteAt for inmemory driver
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-01-27 14:05:36 -08:00
Andrey Kostov
c05e4682f8 Add a rotating buffer functionality to the s3 driver 2015-01-27 13:24:17 -08:00
Jessie Frazelle
b7db855fc6 Merge pull request #10249 from jlhawn/distribution_version_header_10247
Split API Version header when checking for v2
2015-01-27 11:48:42 -08:00
Olivier Gambier
f0e0a080e9 Merge pull request #108 from AndreyKostov/storagedriver-check-writestream-overwrite
Make TestContinueStreamAppend check if WriteStream can overwrite
2015-01-26 14:01:23 -08:00
Derek McGowan
d96d4aa9f0 Better error messaging and logging for v2 registry requests
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-01-26 14:00:51 -08:00
Andrey Kostov
a5b5ef99a0 Make TestContinueStreamAppend check if WriteStream can overwrite
Also split the test into a small and large version.
2015-01-26 13:50:45 -08:00
Stephen Day
a1547ab751 Merge pull request #75 from ahmetalpbalkan/large-stream
Modify TestWriteReadLargeStreams to write in one shot
2015-01-26 11:37:51 -08:00
Olivier Gambier
e0c6f03c11 Merge pull request #105 from AndreyKostov/storagedriver-s3-add-chunksize-param
Add the chunksize parameter
2015-01-23 17:41:52 -08:00
Andrey Kostov
8341f0ce5d Add the chunksize parameter
Also change default chunkSize to 10MB (up from 5).
2015-01-23 17:28:09 -08:00
Stephen Day
3dc95e213c Merge pull request #104 from AndreyKostov/storagedriver-s3-fix-iam-role-bug
Fixes an IAM role authentication bug
2015-01-23 16:03:21 -08:00
Andrey Kostov
34f86b9ad6 Fixes an IAM role authentication bug
More specifically, the driver panics if initialized with
FromParameters with empty accesskey or secretkey.
2015-01-23 15:50:55 -08:00
Stephen Day
75c1b2bae7 Merge pull request #91 from tianon/dockerfile-godeps
Update the Dockerfile to use the Godeps versions of libraries and to explicitly use golang:1.4
2015-01-22 16:11:46 -08:00
Stephen Day
bd0d90396b Merge pull request #98 from docker/circle-godep
Move to circle.yml to godep
2015-01-22 16:11:02 -08:00
Olivier Gambier
49357a5d59 Move to godep 2015-01-22 15:52:46 -08:00
Stephen Day
6b3bfa724d Merge pull request #90 from stevvooe/registry-decorator
Implement registry decorator toolkit
2015-01-22 15:08:13 -08:00