Commit graph

1461 commits

Author SHA1 Message Date
Stephen J Day
a68e081de4 Do not expose health check data in health handler
Because health check errors may expose sensitive data, we shouldn't expose the
details of the failure to clients. Instead, an error is returned to the client
with a hint about where they could find further information on why the service
is down.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-11 11:50:58 -07:00
Stephen J Day
f141480d98 Move common error codes to errcode package
Several error codes are generally useful but tied to the v2 specification
definitions. This change moves these error code definitions into the common
package for use by the health package, which is not tied to the v2 API.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-11 11:50:58 -07:00
Stephen J Day
6ba799b69e Provide simple storage driver health check
To ensure the ensure the web application is properly operating, we've added a
periodic health check for the storage driver. If the health check fails three
times in a row, the registry will serve 503 response status for any request
until the condition is resolved. The condition is reported in the response body
and via the /debug/health endpoint.

To ensure that all drivers will properly operate with this health check, a
function has been added to the driver testsuite.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-11 11:50:52 -07:00
Olivier Gambier
1d5b311fc4 Merge pull request #845 from gierschv/add-rados-root-omap
driver/rados: Create OMAP for root directory
2015-08-10 16:20:01 -07:00
Vincent Giersch
6c39af6708 fix(rados): Create OMAP for root directory
When using the RADOS driver, the hierarchy of the files is stored
in OMAPs, but the root OMAP was not created and a call to List("/")
was returning an error instead of returned the first level files
stored. This patches creates an OMAP for "/" and excludes the listed
directory from the list of files returned.

Signed-off-by: Vincent Giersch <vincent@giersch.fr>
2015-08-10 23:46:33 +02:00
Aaron Lehmann
1fcf90b9c4 In the build container, change the config file location to /etc/docker/registry/config.yml
This makes it consistent with the new official image.

Paths in the docs were updated in
34067d7d43.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-10 14:32:57 -07:00
Aaron Lehmann
143aae8bc5 Merge pull request #837 from dmp42/4.docs-2.1
[WIP] Updating documentation for 2.1
2015-08-10 14:01:52 -07:00
Olivier Gambier
34067d7d43 Documentation work
- move away insecure & self-signed
- introduce native basic auth
- move "down" nginx based authentication
- overall shortening / smoothing of "deploying" documentation

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-10 13:57:35 -07:00
Richard Scothern
3cecbf36d8 Merge pull request #839 from n1tr0g/master
Added missing auth type in the documentation
2015-08-10 10:39:19 -07:00
Dejan Golja
8221fd39bd Added missing auth type in the documentation
Signed-off-by: Dejan Golja <dejan@golja.org>
2015-08-11 00:11:17 +10:00
Olivier Gambier
4f7cb60190 Merge pull request #836 from stevvooe/fix-mailmap-scothern
Fix double entry in AUTHORS file
2015-08-07 14:01:16 -07:00
Stephen J Day
a77bbe7edf Fix double entry in AUTHORS file
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-07 14:00:07 -07:00
Olivier Gambier
81052c060c Merge pull request #835 from stevvooe/update-authors
Update authors file for 2.1 release
2015-08-07 13:44:39 -07:00
Stephen J Day
9a6d63eb39 Update authors file for 2.1 release
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-07 13:42:54 -07:00
Stephen Day
3f2517c9a6 Merge pull request #833 from stevvooe/remove-dist-tool
Remove dist tool from distribution
2015-08-07 12:45:44 -07:00
Richard Scothern
723c2d9944 Merge pull request #834 from stevvooe/rev-default-version
Rev base version to 2.1.0
2015-08-07 10:15:00 -07:00
Aaron Lehmann
1e15b6e001 Redesign integration testing to copy images to nested containers
Previously, the strategy for avoiding lots of rebuilding and repulling
for each Docker version being tested was to use a mountpoint to persist
/var/lib/docker. This was pretty broken, and may not be a reliable
strategy. This commit changes the scripts to instead build/pull images
outside the innermost container, and copy them to the final test
environment with docker save/docker load.

This requires a fair amount of changes, since run.sh must now
communicate with the Docker engine that was formerly started by
test_runner.sh. The code that starts this engine has been broken out to
run_engine.sh so that starting the engine and running the tests under it
can be done separately (with the images loaded in between these steps).

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-06 18:06:18 -07:00
Stephen J Day
bc5835ba2d Remove dist tool from distribution
We are headed in a different direction. The dist tool analog will not be a part
of this repository.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-06 17:35:36 -07:00
Stephen J Day
6cb14b79f1 Rev base version to 2.1.0
Now that we've tagged a release candidate, we can now say all builds are
"2.1.0+unknown" if the makefile is not used.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-06 17:21:03 -07:00
Stephen Day
ec77b836dd Merge pull request #830 from aaronlehmann/no-closenotifier-panic
Don't panic when a http.ResponseWriter does not implement CloseNotifier
2015-08-06 16:32:10 -07:00
Olivier Gambier
642fb631f4 Merge pull request #818 from dmp42/3.fix-build-docs
Fix relinker
2015-08-06 16:05:24 -07:00
Olivier Gambier
8a0e5a2a5e Merge pull request #829 from aaronlehmann/aliyun-oss-doc-styling
Fix lack of styling on Aliyun OSS documentation page
2015-08-06 16:04:47 -07:00
Aaron Lehmann
10f602b158 Don't panic when a http.ResponseWriter does not implement CloseNotifier
Instead, provide a variant of instrumentedResponseWriter that does not
implement CloseNotifier, and use that when necessary. In
copyFullPayload, log instead of panicing when we encounter something
that doesn't implement CloseNotifier.

This is more complicated than I'd like, but it's necessary because
instrumentedResponseWriter must not embed CloseNotifier unless there's
really a CloseNotifier to embed.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-06 15:50:54 -07:00
Aaron Lehmann
1670502413 Fix lack of styling on Aliyun OSS documentation page
This page was missing styling once exported to HTML. Adding a
<!--[metadata]> block similar to the ones the other *.md files have
appears to solve the problem.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-06 14:59:07 -07:00
Olivier Gambier
3ad11ff363 Fix relinker
This fixes several flaws in the link rewriter:
- broken links on the docs side
- multiple links on one line being mangled
- byzantine logic

Also generalize the logic of the Dockerfile so it is no longer specific to "registry" (env variable), which is a first step in making it possible to upstream all this into the base image and docs project.

Added a number of tests (test.md) to validate the link replacer behavior (against test.compare.md), and embedded the test so that the doc build will fail if the link replacer does not behave.

This is still sed, unfortunately.

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-08-04 23:02:34 -07:00
Stephen Day
a0c63372fa Merge pull request #779 from RichardScothern/pull-through-cache
Add pull through cache ability to the Registry.
2015-08-04 17:04:56 -07:00
Richard Scothern
94935f39bc Add pull through cache functionality to the Registry which can be configured
with a new `proxy` section in the configuration file.

Create a new registry type which delegates storage to a proxyBlobStore
and proxyManifestStore.  These stores will pull through data if not present
locally.  proxyBlobStore takes care not to write duplicate data to disk.

Add a scheduler to cleanup expired content. The scheduler runs as a background
goroutine.  When a blob or manifest is pulled through from the remote registry,
an entry is added to the scheduler with a TTL.  When the TTL expires the
scheduler calls a pre-specified function to remove the fetched resource.

Add token authentication to the registry middleware.  Get a token at startup
and preload the credential store with the username and password supplied in the
config file.

Allow resumable digest functionality to be disabled at runtime and disable
it when the registry is a pull through cache.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-04 16:09:55 -07:00
Stephen Day
e920231b17 Merge pull request #816 from mbentley/add-migrator
Added information about docker/migrator
2015-08-04 15:19:46 -07:00
Stephen Day
ef1c72b978 Merge pull request #805 from RichardScothern/811
Spelling corrections
2015-08-04 14:50:32 -07:00
Richard Scothern
78caa1fc93 Merge pull request #817 from aaronlehmann/docker-integration-fixes-2
Two more Docker integration test fixes
2015-08-04 13:57:27 -07:00
Aaron Lehmann
a6346d64a1 Two more Docker integration test fixes
- Upgrade docker-compose to 1.3.3 to work around
  https://github.com/docker/compose/issues/1314

- Change run.sh to run the Docker container in the foreground so that
  the exit code is propagated.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-04 13:28:03 -07:00
Matt Bentley
1150cfe449 Added information about docker/migrator
Signed-off-by: Matt Bentley <matt@docker.com>
2015-08-04 15:22:39 -04:00
Aaron Lehmann
3a414deddb Merge pull request #514 from denverdino/master
Storage Driver for Aliyun OSS
2015-08-04 12:01:02 -07:00
Richard Scothern
2e7ac2ec62 Merge pull request #815 from aaronlehmann/docker-integration-fixes
Two fixes for Docker integration tests
2015-08-04 11:56:15 -07:00
Aaron Lehmann
f7a11aa258 Two fixes for Docker integration tests
- Add a command line argument to run_multiversion.sh which has it start
  a docker daemon. This allows it to run directly inside an outermost
  docker-integration container instead of running outside all containers.

- Install Docker 1.7.1 intead of 1.7.0-rc1 in the docker-integration
  container. 1.7.0 has a bug that prevents "docker cp" from working
  properly.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-04 11:49:55 -07:00
Li Yi
d7d34a6c5b Add the OSS link
Change-Id: I940fb50f467ce6fc5fbdd9ceb0f9d848e422ced7
Signed-off-by: Li Yi <denverdino@gmail.com>
2015-08-04 09:18:18 +08:00
Stephen Day
c4e553a655 Merge pull request #814 from aaronlehmann/test-response-writer
Make testResponseWriter's CloseNotify return an actual channel instead of nil
2015-08-03 15:59:42 -07:00
Aaron Lehmann
cca86be6bf Make testResponseWriter's CloseNotify return an actual channel instead of nil
This channel never gets written to, but this only means that the mock
ResponseWriter will never signal a premature disconnect.

Based on feedback from #763.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-03 15:10:14 -07:00
Richard Scothern
12db5fc16b Merge pull request #783 from aaronlehmann/multiple-version-integration-testing
Run integration tests with multiple Docker engine versions
2015-08-03 13:57:52 -07:00
Richard Scothern
db12c889e1 Merge pull request #763 from aaronlehmann/close-notifier
Use CloseNotifier to supress spurious HTTP 400 errors on early disconnect
2015-08-03 13:57:32 -07:00
Stephen Day
de7196071b Merge pull request #803 from duglin/FixBuild
Fix vet issue
2015-08-03 12:56:50 -07:00
Doug Davis
633eec0f91 Fix vet issue
registry/storage/blob_test.go:149: arg d for printf verb %s of wrong type: github.com/docker/distribution.Descriptor

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-08-03 12:24:34 -07:00
Stephen Day
7a46b772ad Merge pull request #811 from aaronlehmann/fix-vet
Fix go vet in CI
2015-08-03 12:19:55 -07:00
Stephen Day
f9181687f3 Merge pull request #812 from stevvooe/update-s3-dependency
Update s3 bindings
2015-08-03 12:05:34 -07:00
Richard Scothern
fb9662ad5a Add blob delete entry to api description and regenerate api.md
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-08-03 11:59:19 -07:00
Stephen J Day
7fc9e2112a Update s3 bindings
The S3 library has made a few fixes to the retry logic. Updating the bindings
accordingly.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-03 11:50:48 -07:00
Aaron Lehmann
5a37b46421 Fix go vet in CI
It's necessary to compile the code first; otherwise go vet silently
fails to load imports.

Fixes #807.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-03 11:29:10 -07:00
Aaron Lehmann
609efa79e4 Set the response code to 499 when a client disconnects during an upload
The response code isn't actually sent to the client, because the
connection has already closed by this point. But it causes the status
code to appear as 499 in the logs instead of 0.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 17:39:30 -07:00
Aaron Lehmann
9c58954a6e Factor CloseNotifier use into a new function
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 17:30:26 -07:00
Aaron Lehmann
6cb5670ba5 Use CloseNotifier to supress spurious HTTP 400 errors on early disconnect
When a client disconnects without completing a HTTP request, we were
attempting to process the partial request, which usually leads to a 400
error. These errors can pollute the logs and make it more difficult to
track down real bugs.

This change uses CloseNotifier to detect disconnects. In combination
with checking Content-Length, we can detect a disconnect before sending
the full payload, and avoid logging a 400 error.

This logic is only applied to PUT, POST, and PATCH endpoints, as these
are the places where disconnects during a request are most likely to
happen.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-31 17:30:26 -07:00