Because health check errors may expose sensitive data, we shouldn't expose the
details of the failure to clients. Instead, an error is returned to the client
with a hint about where they could find further information on why the service
is down.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Several error codes are generally useful but tied to the v2 specification
definitions. This change moves these error code definitions into the common
package for use by the health package, which is not tied to the v2 API.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
To ensure the ensure the web application is properly operating, we've added a
periodic health check for the storage driver. If the health check fails three
times in a row, the registry will serve 503 response status for any request
until the condition is resolved. The condition is reported in the response body
and via the /debug/health endpoint.
To ensure that all drivers will properly operate with this health check, a
function has been added to the driver testsuite.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
When using the RADOS driver, the hierarchy of the files is stored
in OMAPs, but the root OMAP was not created and a call to List("/")
was returning an error instead of returned the first level files
stored. This patches creates an OMAP for "/" and excludes the listed
directory from the list of files returned.
Signed-off-by: Vincent Giersch <vincent@giersch.fr>
This makes it consistent with the new official image.
Paths in the docs were updated in
34067d7d43.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Previously, the strategy for avoiding lots of rebuilding and repulling
for each Docker version being tested was to use a mountpoint to persist
/var/lib/docker. This was pretty broken, and may not be a reliable
strategy. This commit changes the scripts to instead build/pull images
outside the innermost container, and copy them to the final test
environment with docker save/docker load.
This requires a fair amount of changes, since run.sh must now
communicate with the Docker engine that was formerly started by
test_runner.sh. The code that starts this engine has been broken out to
run_engine.sh so that starting the engine and running the tests under it
can be done separately (with the images loaded in between these steps).
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
We are headed in a different direction. The dist tool analog will not be a part
of this repository.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Now that we've tagged a release candidate, we can now say all builds are
"2.1.0+unknown" if the makefile is not used.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Instead, provide a variant of instrumentedResponseWriter that does not
implement CloseNotifier, and use that when necessary. In
copyFullPayload, log instead of panicing when we encounter something
that doesn't implement CloseNotifier.
This is more complicated than I'd like, but it's necessary because
instrumentedResponseWriter must not embed CloseNotifier unless there's
really a CloseNotifier to embed.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This page was missing styling once exported to HTML. Adding a
<!--[metadata]> block similar to the ones the other *.md files have
appears to solve the problem.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This fixes several flaws in the link rewriter:
- broken links on the docs side
- multiple links on one line being mangled
- byzantine logic
Also generalize the logic of the Dockerfile so it is no longer specific to "registry" (env variable), which is a first step in making it possible to upstream all this into the base image and docs project.
Added a number of tests (test.md) to validate the link replacer behavior (against test.compare.md), and embedded the test so that the doc build will fail if the link replacer does not behave.
This is still sed, unfortunately.
Signed-off-by: Olivier Gambier <olivier@docker.com>
with a new `proxy` section in the configuration file.
Create a new registry type which delegates storage to a proxyBlobStore
and proxyManifestStore. These stores will pull through data if not present
locally. proxyBlobStore takes care not to write duplicate data to disk.
Add a scheduler to cleanup expired content. The scheduler runs as a background
goroutine. When a blob or manifest is pulled through from the remote registry,
an entry is added to the scheduler with a TTL. When the TTL expires the
scheduler calls a pre-specified function to remove the fetched resource.
Add token authentication to the registry middleware. Get a token at startup
and preload the credential store with the username and password supplied in the
config file.
Allow resumable digest functionality to be disabled at runtime and disable
it when the registry is a pull through cache.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
- Upgrade docker-compose to 1.3.3 to work around
https://github.com/docker/compose/issues/1314
- Change run.sh to run the Docker container in the foreground so that
the exit code is propagated.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
- Add a command line argument to run_multiversion.sh which has it start
a docker daemon. This allows it to run directly inside an outermost
docker-integration container instead of running outside all containers.
- Install Docker 1.7.1 intead of 1.7.0-rc1 in the docker-integration
container. 1.7.0 has a bug that prevents "docker cp" from working
properly.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This channel never gets written to, but this only means that the mock
ResponseWriter will never signal a premature disconnect.
Based on feedback from #763.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
registry/storage/blob_test.go:149: arg d for printf verb %s of wrong type: github.com/docker/distribution.Descriptor
Signed-off-by: Doug Davis <dug@us.ibm.com>
It's necessary to compile the code first; otherwise go vet silently
fails to load imports.
Fixes#807.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
The response code isn't actually sent to the client, because the
connection has already closed by this point. But it causes the status
code to appear as 499 in the logs instead of 0.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
When a client disconnects without completing a HTTP request, we were
attempting to process the partial request, which usually leads to a 400
error. These errors can pollute the logs and make it more difficult to
track down real bugs.
This change uses CloseNotifier to detect disconnects. In combination
with checking Content-Length, we can detect a disconnect before sending
the full payload, and avoid logging a 400 error.
This logic is only applied to PUT, POST, and PATCH endpoints, as these
are the places where disconnects during a request are most likely to
happen.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>