Commit graph

1350 commits

Author SHA1 Message Date
Aaron Lehmann
e83af616d6 Automatically generate a HTTP secret if none is provided
Log a warning if the registry generates its own secret.

Update configuration doc, and remove the default secret from the
development config file.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-29 14:28:56 -07:00
Aaron Lehmann
9d73bfe578 Fix for api_test.go
This passed in the #744 before merge, but apparently the test changed
since the PR was created in ways that led to a new failures.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-28 10:59:11 -07:00
Derek McGowan
09dd357016 Merge pull request #744 from aaronlehmann/manifest-put-response-code
Manifest PUT should return 201 Created
2015-07-28 10:42:54 -07:00
Derek McGowan
ba358690c1 Fix login and search TLS configuration
Currently login and search do not load per registry certificates.
This is a regression caused by the last refactor since this was recently fixed.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-28 10:36:57 -07:00
Stephen J Day
29a810b68b Allow disabling of starage driver redirects
Storage drivers can implement a method called URLFor which can return a direct
url for a given path. The functionality allows the registry to direct clients
to download content directly from the backend storage. This is commonly used
with s3 and cloudfront. Under certain conditions, such as when the registry is
not local to the backend, these redirects can hurt performance and waste
incoming bandwidth on pulls. This feature addition allows one to disable this
feature, if required.

Signed-off-by: Stephen J Day <stephen.day@docker.com>

Conflicts:
	configuration/configuration.go
	registry/handlers/app.go
	registry/storage/catalog_test.go
	registry/storage/manifeststore_test.go
	registry/storage/registry.go
2015-07-24 16:59:35 -07:00
Aaron Lehmann
6b4573225c Make the registry client more tolerant about HTTP status codes
Generally, all 2xx and 3xx codes should be treated as success.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-24 16:14:04 -07:00
Stephen Day
a6ef6c0dc3 Merge pull request #736 from stevvooe/authorization-interface-cleanup
Authorization interface cleanup
2015-07-24 15:39:49 -07:00
Stephen Day
3ed723a187 Merge pull request #739 from stevvooe/etags-must-be-quoted
Etags must be quoted according to http spec
2015-07-24 15:08:27 -07:00
Derek McGowan
c219afdb4b Use notary library for trusted image fetch and signing
Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest.
On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server.
If a tag is given, the cli will resolve the tag into a digest and pull by digest.
After pulling, if a tag is given the cli makes a request to tag the image.

Use certificate directory for notary requests

Read certificates using same logic used by daemon for registry requests.

Catch JSON syntax errors from Notary client

When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user.
Provide a generic error when a JSON syntax error occurs.

Catch expiration errors and wrap in additional context.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-24 14:08:20 -07:00
Stephen J Day
345174a34b Etags must be quoted according to http spec
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-24 13:07:38 -07:00
Stephen Day
afc45e8f57 Merge pull request #677 from RichardScothern/soft-delete-remove-links
Manifest and layer soft deletion
2015-07-24 13:02:36 -07:00
Aaron Lehmann
24408263d9 Manifest PUT should return 201 Created
Change handler, update descriptors table, regenerate API spec, and
update test.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-24 12:58:16 -07:00
Aaron Lehmann
52136ab008 Improve documentation and golint compliance of registry package
* Add godoc documentation where it was missing

* Change identifier names that don't match Go style, such as INDEX_NAME

* Rename RegistryInfo to PingResult, which more accurately describes
  what this structure is for. It also has the benefit of making the name
  not stutter if used outside the package.

Updates #14756

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-24 11:55:07 -07:00
Richard
390bb97a88 Manifest and layer soft deletion.
Implement the delete API by implementing soft delete for layers
and blobs by removing link files and updating the blob descriptor
cache.  Deletion is configurable - if it is disabled API calls
will return an unsupported error.

We invalidate the blob descriptor cache by changing the linkedBlobStore's
blobStatter to a blobDescriptorService and naming it blobAccessController.

Delete() is added throughout the relevant API to support this functionality.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-07-24 09:57:20 -07:00
Stephen J Day
911c0d9f85 Do not replace logger when adding hooks
Because the logger was incorrectly replaced while adding hooks, log output did
not include the version and instance ids. The main issue was the the
logrus.Entry was replaced with the logger, which included no context. Replacing
the logger on the context is not necessary when configuring hooks since we are
configuring the contexts logger directly.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-23 20:51:11 -07:00
Stephen J Day
e42a8ca580 auth.AccessController interface now uses distribution/context
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-23 19:48:47 -07:00
Stephen J Day
4a2300aaa9 Simplify auth.Challenge interface to SetHeaders
This removes the erroneous http.Handler interface in favor a simple SetHeaders
method that only operattes on the response. Several unnecessary uses of pointer
types were also fixed up.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-23 19:47:57 -07:00
Tibor Vass
a246ab0a5e cli: new daemon command and new cli package
This patch creates a new cli package that allows to combine both client
and daemon commands (there is only one daemon command: docker daemon).

The `-d` and `--daemon` top-level flags are deprecated and a special
message is added to prompt the user to use `docker daemon`.

Providing top-level daemon-specific flags for client commands result
in an error message prompting the user to use `docker daemon`.

This patch does not break any old but correct usages.

This also makes `-d` and `--daemon` flags, as well as the `daemon`
command illegal in client-only binaries.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-07-23 19:44:46 -04:00
Stephen Day
ad0440c7ce Merge pull request #729 from stevvooe/pagination-spec-cleanup
Clean up pagination specification
2015-07-23 15:46:32 -07:00
Richard Scothern
7dbe35176d Merge pull request #732 from duglin/DeadCode
Remove dead code
2015-07-23 10:11:22 -07:00
Doug Davis
0ec762c0f0 Remove dead code
thanks to @tiborvass for noticing

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-07-23 07:09:48 -07:00
Stephen Day
96efb19952 Merge pull request #493 from nevermosby/storage-support-openstack-swift
Storage support openstack swift
2015-07-22 23:53:36 -07:00
Stephen J Day
153ef32124 Clean up pagination specification
Some missing descriptions and error code for tags pagination was cleaned up to
ensure clarity. Specifically, we ensure the request variations are named and
the proper error codes are included.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-22 20:00:28 -07:00
Stephen Day
a1ce8d81f7 Merge pull request #653 from pdevine/catalog-api
Catalog for V2 API Implementation
2015-07-22 18:54:48 -07:00
Aaron Lehmann
355c620139 Merge pull request #724 from aaronlehmann/repository-name-regexp-tests
Add additional test coverage for the regexp contained in RepositoryNameRegexp
2015-07-22 18:41:44 -07:00
Aaron Lehmann
683dc19778 Unify the testcases for the two tests in names_test.go
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-22 18:33:15 -07:00
Patrick Devine
a49594a0e1 Add Registry to client bindings for Repositories
The way Repositories() was initially called was somewhat different than
other parts of the client bindings because there was no way to instantiate a
Namespace.  This change implements a NewRegistry() function which changes
it so that Repositories() can be called the way one would expect.

It doesn't implement any of the other functions of Namespaces.

Signed-off-by: Patrick Devine <patrick.devine@docker.com>
2015-07-22 17:48:15 -07:00
Stephen Day
f93d70ee9e Merge pull request #726 from duglin/FixError
Make Error.Error() return the post-arg-substitution Message
2015-07-22 17:12:16 -07:00
Doug Davis
aae59d54ef Make Error.Error() return the post-arg-substitution Message
Missed this during the removal of the args property

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-07-22 12:44:59 -07:00
Stephen Day
4e72e13d36 Merge pull request #709 from hopkings2008/master
Close reader after the test is finished.
2015-07-22 12:22:22 -07:00
Patrick Devine
bf62b7ebb7 Create Repositories method
This change removes the Catalog Service and replaces it with a more
simplistic Repositories() method for obtaining a catalog of all
repositories.  The Repositories method takes a pre-allocated slice
and fills it up to the size of the slice and returns the amount
filled.  The catalog is returned lexicographically and will start
being filled from the last entry passed to Repositories().  If there
are no more entries to fill, io.EOF will be returned.

Signed-off-by: Patrick Devine <patrick.devine@docker.com>

Conflicts:
	registry/client/repository.go
	registry/handlers/api_test.go
2015-07-21 21:45:14 -07:00
Patrick Devine
f3207e76c8 Catalog for V2 API Implementation
This change adds a basic catalog endpoint to the API, which returns a list,
or partial list, of all of the repositories contained in the registry.  Calls
to this endpoint are somewhat expensive, as every call requires walking a
large part of the registry.

Instead, to maintain a list of repositories, you would first call the catalog
endpoint to get an initial list, and then use the events API to maintain
any future repositories.

Signed-off-by: Patrick Devine <patrick.devine@docker.com>
2015-07-21 21:45:14 -07:00
Stephen J Day
0790a298ed Paginate catalog and tag results with Link header
Move the specification to use a Link header, rather than a "next" entry in the
json results. This prevents requiring clients from parsing the request body to
issue the next request. It also ensures that the returned response body does
not change in between requests.

The ordering of the specification has been slightly tweaked, as well. Listing
image tags has been moved after the catalog specification. Tag pagination now
heavily references catalog pagination.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-21 21:45:14 -07:00
Stephen J Day
1d68d81b42 Catalog V2 API specification proposal
This contains a proposal for a catalog API, provided access to the internal
contents of a registry instance. The API endpoint is prefixed with an
underscore, which is illegal in images names, to prevent collisions with
repositories names. To avoid issues with large result sets, a paginated version
of the API is proposed. We make an addition to the tags API to support
pagination to ensure the specification is conistent.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-07-21 21:45:14 -07:00
Jessica Frazelle
726f3e07e3 better i/o timeout error on pull
Signed-off-by: Jessica Frazelle <princess@docker.com>
2015-07-21 19:08:15 -07:00
Aaron Lehmann
ceb2c7de44 Add additional test coverage for the regexp contained in RepositoryNameRegexp
This was inspired by problems found with new regexps proposed in PR #690

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-21 17:10:36 -07:00
Tibor Vass
549e64205f Merge pull request #14829 from RichardScothern/registry-tls
Configure TLS for private v2 registry mirrors.
2015-07-21 19:23:39 -04:00
Richard Scothern
2b7788f2e8 Remove v1 registry mirror configuration from LookupEndpoints.
V1 mirrors do not mirror the index and those endpoints should
only be indexes.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-07-21 15:21:41 -07:00
Richard Scothern
00edb3bbce Configure TLS for private registry mirrors.
If a registry mirror is using TLS, ensure that certs for it
are picked up from /etc/docker/certs.d

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-07-21 15:21:25 -07:00
davidli
b2935158b2 Remove IPC support from test file
Signed-off-by: Li Wenquan <wenquan.li@hp.com>
2015-07-21 23:55:10 +02:00
Sylvain Baubeau
81765f8cbb Catch either missing containers or objects
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:10 +02:00
Sylvain Baubeau
52d28ec81a Do not use Swift server side copy for manifests to handle >5G files
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:10 +02:00
Sylvain Baubeau
000dec3c6f Inline Swift errors handling
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:10 +02:00
Sylvain Baubeau
661f197f68 Retrieve all the objects using pagination
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:09 +02:00
Sylvain Baubeau
704e082254 Do not create objects for directories
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:09 +02:00
Sylvain Baubeau
f190aa4a7c Refactor segment path concatenation code
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:09 +02:00
Sylvain Baubeau
0807282859 Use http.StatusRequestedRangeNotSatisfiable instead of error code
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:09 +02:00
Sylvain Baubeau
7a5aa32a64 Use file instead of filepath as it may cause troubles on Windows
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:09 +02:00
Sylvain Baubeau
91d74a3ee2 Protect against deletion of objects with the same prefix
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:09 +02:00
Sylvain Baubeau
01686e2c07 Show distribution version in User-Agent
Signed-off-by: Sylvain Baubeau <sbaubeau@redhat.com>
2015-07-21 23:55:09 +02:00