Commit graph

41 commits

Author SHA1 Message Date
Jon Johnson
cdc46abde5 Always HEAD blobs at least once during pushes
Signed-off-by: Jon Johnson <jonjohnson@google.com>
2017-03-08 15:36:12 -08:00
Aaron.L.Xu
e0577d5fe8 fix some typos from module contrib to man
Signed-off-by: Aaron.L.Xu <likexu@harmonycloud.cn>
2017-02-18 10:08:55 +08:00
Derek McGowan
3a1279393f
Use distribution reference
Remove forked reference package. Use normalized named values
everywhere and familiar functions to convert back to familiar
strings for UX and storage compatibility.

Enforce that the source repository in the distribution metadata
is always a normalized string, ignore invalid values which are not.
Update distribution tests to use normalized values.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-02-07 11:08:37 -08:00
Stephen J Day
7a85579917
*: use opencontainers/go-digest package
The `digest` data type, used throughout docker for image verification
and identity, has been broken out into `opencontainers/go-digest`. This
PR updates the dependencies and moves uses over to the new type.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-01-06 18:48:41 -08:00
Tonis Tiigi
13222160e8 Define PushResult in api types
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-12-26 18:53:22 -08:00
Derek McGowan
3c7676a057
Abstract distribution interfaces from image specific types
Move configurations into a single file.
Abstract download manager in pull config.
Add supports for schema2 only and schema2 type checking.
Add interface for providing push layers.
Abstract image store to generically handle configurations.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2016-12-19 10:55:00 -08:00
Aaron Lehmann
e0702e9f37 distribution: Fix panic on push
When building a manifest during a push operation, all layers must have
an associated descriptor. If a layer is missing a descriptor, that leads
to a panic.

A break inside a switch in layerAlreadyExists meant to break from the
loop surrounding the switch, but instead breaks from the switch. This
causes the loop to continue, and can overwrite the descriptor with an
empty one, leading to the panic.

Also, fix layerAlreadyExists not to abort the push when a speculative
stat on a candidate layer digest fails with an error. This could happen
in situations like a potential cross-repository mount where the user
does not have permission to access the source repository.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-11-29 18:13:39 -08:00
Derek McGowan
c85eb00841
Update for distribution vendor
Handle updates to reference package.
Updates for refactoring of challenge manager.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-10 17:34:12 -08:00
Sebastiaan van Stijn
762556c705 Merge pull request #26564 from miminar/prevent-blob-uploads
Avoid unnecessary blob uploads
2016-10-01 12:53:10 +02:00
Michal Minář
81f7b1f1e5
Different number of retries for layers of different sizes
Classify blobs into three categories based on size.
Use a very limited number of mount attempts and no existence check for
small blobs. Use more attempts for bigger blobs.

Also remember blob associations during layer existence check.

Blob digests are now checked in the target repository from newest to
latest. If the blob exists and the metadata entry does not, it will be
created. If the blob is not found, the metadata entry will be removed.

Signed-off-by: Michal Minář <miminar@redhat.com>
2016-09-29 14:16:01 +02:00
Michal Minář
d3bd14a4fb
Allow to mock V2MetadataService in unit tests
Signed-off-by: Michal Minář <miminar@redhat.com>
2016-09-29 14:16:00 +02:00
Michal Minář
c6dd51c32c
Try to cross-repo mount until success
Don't fallback back immediately to blob upload if the cross-repo mount
fails and layer upload is initiated by registry.

Instead cancel the upload and re-try cross-repo mount from different
source repository before doing full re-upload.

Signed-off-by: Michal Minář <miminar@redhat.com>
2016-09-29 14:16:00 +02:00
Michal Minář
0928f3f2e3
Compare V2Metadata with associated auth config
to avoid unnecessary blob re-uploads.

Cross repository mount from particular repo will most probably fail if
the user pushing to the registry is not the same as the one who pulled
or pushed to the source repo.

This PR attempts first to cross-repo mount from the source repositories
associated with the pusher's auth config. Then it falls back to other
repositories sorted from the most similar to the target repo to the
least.

It also prevents metadata deletion in cases where cross-repo mount fails
and the auth config hashes differ.

Signed-off-by: Michal Minář <miminar@redhat.com>
2016-09-29 14:16:00 +02:00
Tonis Tiigi
805223982c Generalize content addressable and reference storage
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-09-15 18:08:19 -07:00
Stefan J. Wernli
adee28458c Fixing v2 registry restriction for non-linux platforms.
This fixes the hard coded restriction for non-linux platforms to v2 registries.  Previously, the check was above the flag parsing, which would overwrite the hard coded value and prevent correct operation.  This change also removes the related daemon flag from Windows to avoid confusion, as it has no meaning when the value is going to always be hard coded to true.

Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2016-07-20 16:14:40 -07:00
Derek McGowan
33984f256b Always store the image digest when pulling and pushing an image.
Always attempt to add digest even when tag already exists.
Ensure digest does not currently exist.
When image id is mismatched, output an error log.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-06-27 10:09:57 -07:00
Aaron Lehmann
1333ef3ca3 Fix parallel push of the same image to different registries
Layer uploads are deduplicated by a "key" made up of the layer DiffID
and the repository name. The repository name being used to form this key
was a remote version of the name that didn't include the name of the
registry. Consequently, pushes of the same layer in a repository with
the same remote name to different registries would wrongly be
deduplicated.

Correct the key by using the full name of the repository, which includes
the registry hostname as well as the image's name.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-06-17 22:27:03 -07:00
Derek McGowan
2c60430a3d Use describable interfaces
Replace use of foreign sources with descriptors and describable

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-06-06 17:49:34 -07:00
John Starks
05bd04350b Support layers from external URLs
This is used to support downloading Windows base images from Microsoft
servers.

Signed-off-by: John Starks <jostarks@microsoft.com>
2016-05-25 19:23:02 -07:00
Aaron Lehmann
c18d03a778 Vendor distribution to correct config blob media type in schema2 manifest
@nwt noticed that the media type specified in the config section of a
schema2 manifest is application/octet-stream, instead of the correct
value application/vnd.docker.container.image.v1+json.

This brings in https://github.com/docker/distribution/pull/1622 to fix
this.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-04-11 17:29:17 -07:00
Aaron Lehmann
5c99eebe81 Fix concurrent uploads that share layers
Concurrent uploads which share layers worked correctly as of #18353,
but unfortunately #18785 caused a regression. This PR removed the logic
that shares digests between different push sessions. This overlooked the
case where one session was waiting for another session to upload a
layer.

This commit adds back the ability to propagate this digest information,
using the distribution.Descriptor type because this is what is received
from stats and uploads, and also what is ultimately needed for building
the manifest.

Surprisingly, there was no test covering this case. This commit adds
one. It fails without the fix.

See recent comments on #9132.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-01 11:14:44 -08:00
Brian Bland
1d3480f9ba Improve fallback behavior for cross-repository push
Attempt layer mounts from up to 3 source repositories, possibly
falling back to a standard blob upload for cross repository pushes.
Addresses compatiblity issues with token servers which do not grant
multiple repository scopes, resulting in an authentication failure for
layer mounts, which would otherwise cause the push to terminate with an
error.

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-02-24 19:13:35 -08:00
Aaron Lehmann
5e8af46fda Smarter push/pull TLS fallback
With the --insecure-registry daemon option (or talking to a registry on
a local IP), the daemon will first try TLS, and then try plaintext if
something goes wrong with the push or pull. It doesn't make sense to try
plaintext if a HTTP request went through while using TLS. This commit
changes the logic to keep track of host/port combinations where a TLS
attempt managed to do at least one HTTP request (whether the response
code indicated success or not). If the host/port responded to a HTTP
using TLS, we won't try to make plaintext HTTP requests to it.

This will result in better error messages, which sometimes ended up
showing the result of the plaintext attempt, like this:

    Error response from daemon: Get
    http://myregistrydomain.com:5000/v2/: malformed HTTP response
    "\x15\x03\x01\x00\x02\x02"

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-12 13:47:48 -08:00
Vincent Demeester
e17afedfe0 Merge pull request #20247 from aaronlehmann/distribution-errors
Push/pull errors improvement and cleanup
2016-02-12 11:57:25 +01:00
Aaron Lehmann
8f26fe4f59 Push/pull errors improvement and cleanup
Several improvements to error handling:

- Introduce ImageConfigPullError type, wrapping errors related to
  downloading the image configuration blob in schema2. This allows for a
  more descriptive error message to be seen by the end user.

- Change some logrus.Debugf calls that display errors to logrus.Errorf.
  Add log lines in the push/pull fallback cases to make sure the errors
  leading to the fallback are shown.

- Move error-related types and functions which are only used by the
  distribution package out of the registry package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-11 16:28:56 -08:00
Victor Vieux
99a396902f fix common misspell
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-02-11 15:49:36 -08:00
Aaron Lehmann
4d437a29d2 Vendor updated distribution for resumable downloads
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-04 17:33:37 -08:00
Aaron Lehmann
e273445dd4 Fix panic on network timeout during push
`Upload` already closes the reader returned by `compress` and the
progressreader passed into it, before returning. But even so, the
io.Copy inside compress' goroutine needs to attempt a read from the
progressreader to notice that it's closed, and this read has a side
effect of outputting a progress message. If this happens after `Upload`
returns, it can result in a write to a closed channel. Change `compress`
to return a channel that allows the caller to wait for its goroutine to
finish before freeing any resources connected to the reader that was
passed to it.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-29 14:34:50 -08:00
Brian Bland
06e9a056ca Fixes layer MediaTypes in manifests created from a cross-repository push
Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-20 12:23:16 -08:00
Brian Bland
6309947718 Changes cross-repository blob mounting to a blob Create option
Also renames BlobSumService to V2MetadataService, BlobSum to
V2Metadata

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-14 14:26:03 -08:00
Brian Bland
7289c7218e Adds cross-repository blob pushing behavior
Tracks source repository information for each blob in the blobsum
service, which is then used to attempt to mount blobs from another
repository when pushing instead of having to re-push blobs to the same
registry.

Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-01-13 14:26:30 -08:00
Aaron Lehmann
c8d277d228 Add schema2 push support
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 17:27:31 -08:00
Aaron Lehmann
f33fa1b8d3 Change push to use manifest builder
Currently this always uses the schema1 manifest builder. Later, it will
be changed to attempt schema2 first, and fall back when necessary.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 17:24:21 -08:00
Aaron Lehmann
c168a0059f Update code to compile against new manifest interface
Also, digest.FromBytes no longer returns an error.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 17:24:20 -08:00
Aaron Lehmann
65370be888 Send push information to trust code out-of-band
The trust code used to parse the console output of `docker push` to
extract the digest, tag, and size information and determine what to
sign. This is fragile and might give an attacker control over what gets
signed if the attacker can find a way to influence what gets printed as
part of the push output.

This commit sends the push metadata out-of-band. It introduces an `Aux`
field in JSONMessage that can carry application-specific data alongside
progress updates. Instead of parsing formatted output, the client looks
in this field to get the digest, size, and tag from the push.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 10:57:50 -08:00
Aaron Lehmann
a57478d65f Do not fall back to the V1 protocol when we know we are talking to a V2 registry
If we detect a Docker-Distribution-Api-Version header indicating that
the registry speaks the V2 protocol, no fallback to V1 should take
place.

The same applies if a V2 registry operation succeeds while attempting a
push or pull.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-16 15:02:03 -08:00
Tonis Tiigi
ffded61dad Update Named reference with validation of conversions
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Tonis Tiigi
2655954c2d Add own reference package wrapper
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Aaron Lehmann
572ce80230 Improved push and pull with upload manager and download manager
This commit adds a transfer manager which deduplicates and schedules
transfers, and also an upload manager and download manager that build on
top of the transfer manager to provide high-level interfaces for uploads
and downloads. The push and pull code is modified to use these building
blocks.

Some benefits of the changes:

- Simplification of push/pull code
- Pushes can upload layers concurrently
- Failed downloads and uploads are retried after backoff delays
- Cancellation is supported, but individual transfers will only be
  cancelled if all pushes or pulls using them are cancelled.
- The distribution code is decoupled from Docker Engine packages and API
  conventions (i.e. streamformatter), which will make it easier to split
  out.

This commit also includes unit tests for the new distribution/xfer
package. The tests cover 87.8% of the statements in the package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-09 19:13:35 -08:00
Aaron Lehmann
21278efaee Make TarStream return an io.ReadCloser
Currently, the resources associated with the io.Reader returned by
TarStream are only freed when it is read until EOF. This means that
partial uploads or exports (for example, in the case of a full disk or
severed connection) can leak a goroutine and open file. This commit
changes TarStream to return an io.ReadCloser. Resources are freed when
Close is called.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-25 16:39:54 -08:00
Aaron Lehmann
694df3ff9f Add distribution package
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-24 09:40:24 -08:00