Commit graph

82 commits

Author SHA1 Message Date
Stephen J Day
919d972e65 Allow control over which storage cache to use
This allows one to better control the usage of the cache and turn it off
completely. The storage configuration module was modified to allow parameters
to be passed to just the storage implementation, rather than to the driver.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-02 20:15:16 -07:00
Stephen J Day
3cad3c7b6a Add redis pool to registry webapp
Redis has been integrated with the web application for use with various
services. The configuraiton exposes connection details, timeouts and pool
parameters. Documentation has been updated accordingly.

A few convenience methods have been added to the context package to get loggers
with certain fields, exposing some missing functionality from logrus.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-04-01 16:27:24 -07:00
Josh Hawn
731e0b0066 Improve context package
You shouldn't have to import both:

  github.com/docker/distribution/context
  golang.org/x/net/context

just to use the distribution tools and implement the distribution interfaces.

By pulling the Context interface from golang.org/x/net/context into the
context package within the distribution project, you no longer have to import
both packages.

Note: You do not have to change anything anywhere else yet! All current uses
of both packages together will still work correctly because the Context
interface from either package is identical.

I've also made some other minor changes:

- Added a RemoteIP function. It's like RemoteAddr but discards the port suffix
- Added `.String()` to the response duration context value so that JSON log
  formatting shows human-parseable duration and not just number of nano-seconds
- Added WithMapContext(...) to the context package. This is a useful function
  so I pulled it out of the main.go in cmd/registry so that it can be used
  elsewhere.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-04-01 15:40:21 -07:00
Stephen Day
5052dc692f Merge pull request #283 from sthulb/client-certs
registry, configuration, doc: client certificates for authentication purposes.
2015-03-31 16:45:03 -07:00
Simon Thulbourn
c8f3800f1c Add client certificate CA option to authenticate with client certs
Add the ability to authenticate against multiple client CA certificates.

Signed-off-by: Simon Thulbourn <simon+github@thulbourn.com>
2015-03-25 10:53:03 +00:00
Stephen J Day
ac73963d7e Add support for configuration static logging fields
To allow flexibility in log message context information, this changeset
provides the ability to configure static fields that are included in the
context. Such fields can be set via configuration or environment variables.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-03-24 18:47:22 -07:00
Stephen J Day
a75f0f26f7 Allow logging formatter to be configured
This changeset simply adds hooks into the configuration system to support
multiple different kinds of output formats. These formatters are provided by
logrus and include options such as "text" and "json". The configuraiton
documentation has been updated accordingly.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-03-24 16:56:43 -07:00
David Lawrence
3853e66f4b don't panic during a request when configuring repository middleware. Return a 500 with an appropriate error
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-03-11 08:59:02 -07:00
Andy Goldstein
a20abfbf3c Middleware!
Convert middleware in the config to be a map of type->[]Middleware

Add support for registry & repository middleware.

Some naming updates as well.

Signed-off-by: Andy Goldstein <agoldste@redhat.com>
2015-03-11 08:56:28 -07:00
David Lawrence
4acda57e05 Refactoring cloudfactory layer handler into a more generic storage
middleware concept.

This also breaks the dependency the storage package had on goamz
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-03-11 08:56:28 -07:00
David Lawrence
1700f518cb Path prefix support for running registry somewhere other than root of server
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-02-26 16:04:43 -08:00
Brian Bland
c69764a745 Adds yaml omitempty tags to config fields 2015-02-10 16:56:19 -08:00
Stephen J Day
0a29b59e14 Webhook notification support in registry webapp
Endpoints are now created at applications startup time, using notification
configuration. The instances are then added to a Broadcaster instance, which
becomes the main event sink for the application. At request time, an event
bridge is configured to listen to repository method calls. The actor and source
of the eventBridge are created from the requeest context and application,
respectively. The result is notifications are dispatched with calls to the
context's Repository instance and are queued to each endpoint via the
broadcaster.

This commit also adds the concept of a RequestID and App.InstanceID. The
request id uniquely identifies each request and the InstanceID uniquely
identifies a run of the registry. These identifiers can be used in the future
to correlate log messages with generated events to support rich debugging.

The fields of the app were slightly reorganized for clarity and a few horrid
util functions have been removed.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-03 13:32:37 -08:00
Stephen J Day
499382dd0b Add debug server to support pprof and expvar
If configured, a debug http server will be started to serve default registered
endpoints, such as pprof and expvar. The endpoint should be secured carefully
and not available to external traffic. It is disabled by default but the
development config has been modified to make it available on localhost.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-03 13:32:37 -08:00
Stephen J Day
9f5916b2c4 Add native TLS support to registry
This changeset provides simple tls support for a registry instance. Simply
providing a cert and key file are enough to get a tls registry running. If the
certs are trusted by the client, tls can be used throughout the push and pull
process.

If more complex TLS options are required, it is recommend that a proxy be used.
Contributions will be accepted to add more features, if necessary.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-02 14:38:47 -08:00
Brian Bland
cc3c648f44 Fixes tests, moves layerhandler in config file 2015-01-08 17:29:22 -08:00
Brian Bland
17915e1b01 Adds support for content redirects for layer downloads
Includes a delegate implementation which redirects to the URL generated
by the storagedriver, and a cloudfront implementation.
Satisfies proposal #49
2015-01-08 17:01:28 -08:00
Brian Bland
dbc3ecdff5 Updates configuration README with explanations of more fields
Documents auth, reporting, and http
2015-01-06 10:59:52 -08:00
Brian Bland
ea6c082e85 Minor cleanup/testing for HMAC upload tokens
Changes configuration variable, lowercases private interface methods,
adds token sanity tests.
2015-01-05 14:37:56 -08:00
Brian Bland
07ba5db168 Serializes upload state to an HMAC token for subsequent requests
To support clustered registry, upload UUIDs must be recognizable by
registries that did not issue the UUID. By creating an HMAC verifiable
upload state token, registries can validate upload requests that other
instances authorized. The tokenProvider interface could also use a redis
store or other system for token handling in the future.
2015-01-05 14:27:05 -08:00
Stephen J Day
d0a9e9b475 Integrate auth.AccessController into registry app
This changeset integrates the AccessController into the main registry app. This
includes support for configuration and a test implementation, called "silly"
auth. Auth is only enabled if the configuration is present but takes measure to
ensure that configuration errors don't allow the appserver to start with open
access.
2014-12-18 12:34:56 -08:00
Brian Bland
030b0ff310 Allows storagedriver parameter values to be of type interface{}
This enables use of nil, booleans, numeric types, and even complex structures for parameter values, assuming they can be parsed from yaml.
2014-12-17 19:06:55 -08:00
Brian Bland
f9b119974d Genericizes the yaml+environment versioned configuration parser
Registry configuration parsing uses the new parser with a single version
declaration and an environment prefix of "REGISTRY"
2014-12-17 14:22:02 -08:00
Brian Bland
c51ea97234 Allows HTTP bind address to be overridden by an environment variable
Uses REGISTRY_HTTP_ADDR
2014-12-15 14:17:51 -08:00
Brian Bland
cd057fd120 Updates configuration tests for bugsnag and newrelic params 2014-12-12 18:05:37 -08:00
Brian Bland
43a50b5e82 Adds bugsnag and newrelic metrics and error reporting
Configuration variables are added under the REGISTRY_REPORTING
namespace, for example REGISTRY_REPORTING_BUGSNAG_APIKEY
2014-12-12 17:49:06 -08:00
Stephen J Day
dd8eb6a8df configuration.Parse should take io.Reader 2014-12-01 17:32:31 -08:00
Brian Bland
88795e0a14 Lots of various golint fixes
Changes some names to match go conventions
Comments all exported methods
Removes dot imports
2014-11-17 15:46:06 -08:00
Brian Bland
c8ea224f9c Miscellaneous go vet fixes
Fixes some format strings and uses keyed fields for struct construction
2014-11-12 17:19:19 -08:00
Brian Bland
96d26842f8 Refactors configuration parser, removes Registry level from config file
Most conditional parsing code has been moved into UnmarshalYAML
functions for simplicity

Uses the BrianBland fork of goyaml in configuration.go temporarily until
fix https://github.com/go-yaml/yaml/pull/52 is merged in
2014-11-04 22:31:59 -08:00
Brian Bland
2013ef5a5b Adds documentation for the configuration parser and tests 2014-11-04 22:31:59 -08:00
Brian Bland
0ad4bba103 Initial configuration parser 2014-11-04 22:31:59 -08:00