Hello community, here is the log from the commit of package docker_1_12_6 for openSUSE:Factory checked in at 2017-10-19 19:32:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker_1_12_6 (Old) and /work/SRC/openSUSE:Factory/.docker_1_12_6.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker_1_12_6" Thu Oct 19 19:32:23 2017 rev:3 rq:534169 version:1.12.6 Changes: -------- --- /work/SRC/openSUSE:Factory/docker_1_12_6/docker_1_12_6.changes 2017-09-23 21:37:18.744283607 +0200 +++ /work/SRC/openSUSE:Factory/.docker_1_12_6.new/docker_1_12_6.changes 2017-10-19 19:32:25.896048738 +0200 @@ -1,0 +2,8 @@ +Thu Oct 12 12:55:18 UTC 2017 - vrothb...@suse.com + +- Add patch to support mirroring of private/non-upstream registries. As soon as + the upstream PR (https://github.com/moby/moby/pull/34319) is merged, this + patch will be replaced by the backported one from upstream. + + private-registry-0001-Implement-private-registry-mirror-support.patch + +------------------------------------------------------------------- New: ---- private-registry-0001-Implement-private-registry-mirror-support.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker_1_12_6.spec ++++++ --- /var/tmp/diff_new_pack.ooQzEZ/_old 2017-10-19 19:32:26.860003636 +0200 +++ /var/tmp/diff_new_pack.ooQzEZ/_new 2017-10-19 19:32:26.860003636 +0200 @@ -86,6 +86,8 @@ # SUSE-BACKPORT: Patch fixing a DoS bug that makes certain operations fail on # a libdm device. bsc#1045628 Patch500: bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch +# SUSE-FEATURE: Add support to mirror non-upstream/private registries. +Patch600: private-registry-0001-Implement-private-registry-mirror-support.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: device-mapper-devel >= 1.2.68 @@ -217,6 +219,7 @@ %patch420 -p1 # bsc#1045628 %patch500 -p1 +%patch600 -p1 cp %{SOURCE7} . cp %{SOURCE10} . ++++++ private-registry-0001-Implement-private-registry-mirror-support.patch ++++++ >From 7934aa58e16c030048337513427109a4b920cff9 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg <vrothb...@suse.com> Date: Fri, 28 Jul 2017 16:15:04 +0200 Subject: [PATCH] Implement private-registry mirror support This is a temporary solution until the upstream PR gets merged. It is not intended to get into any product other than SUSE CaaS Platform, where we have full control over the necessary configuration steps, making it independent from low-level docker details. In order to use mirrors for private registries, the /etc/docker/daemon.json must be configured as follows: ```json { "private-registry-mirrors": [ { "registry": "quay.io", "mirrors": ["http://mirror-1.foo.example.com";, "http://mirror-2.foo.example.com";] } ] } ``` With the upper example, the registry `foo.example.com` will be mirrored by `mirror-{1,2}.foo.example.com`. Signed-off-by: Flavio Castelli <fcaste...@suse.com> Signed-off-by: Valentin Rothberg <vrothb...@suse.com> --- daemon/config.go | 3 ++ distribution/pull.go | 3 +- distribution/pull_v2.go | 2 +- registry/config.go | 18 ++++++++-- registry/service_v2.go | 91 +++++++++++++++++++++++++++++++++---------------- 5 files changed, 83 insertions(+), 34 deletions(-) diff --git a/daemon/config.go b/daemon/config.go index bf568efefa5c..89a192b039ee 100644 --- a/daemon/config.go +++ b/daemon/config.go @@ -340,6 +340,9 @@ func findConfigurationConflicts(config map[string]interface{}, flags *flag.FlagS // 1. Search keys from the file that we don't recognize as flags. unknownKeys := make(map[string]interface{}) for key, value := range config { + if key == "private-registry-mirrors" { + continue + } flagName := "-" + key if flag := flags.Lookup(flagName); flag == nil { unknownKeys[key] = value diff --git a/distribution/pull.go b/distribution/pull.go index dad93b656d65..707a918e8ae6 100644 --- a/distribution/pull.go +++ b/distribution/pull.go @@ -129,10 +129,11 @@ func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullCo } } - logrus.Debugf("Trying to pull %s from %s %s", repoInfo.Name(), endpoint.URL, endpoint.Version) + logrus.Infof("Trying to pull %s from %s %s", repoInfo.Name(), endpoint.URL, endpoint.Version) puller, err := newPuller(endpoint, repoInfo, imagePullConfig) if err != nil { + logrus.Infof("Error pulling %s from %s %s: %v", repoInfo.Name(), endpoint.URL, endpoint.Version, err) lastErr = err continue } diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go index 5a786fba4bb5..f0d77245d4c8 100644 --- a/distribution/pull_v2.go +++ b/distribution/pull_v2.go @@ -371,7 +371,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named) (tagUpdat // the other side speaks the v2 protocol. p.confirmedV2 = true - logrus.Debugf("Pulling ref from V2 registry: %s", ref.String()) + logrus.Infof("Pulling ref %s from V2 registry %s", ref.String(), p.endpoint.URL) progress.Message(p.config.ProgressOutput, tagOrDigest, "Pulling from "+p.repo.Named().Name()) var ( diff --git a/registry/config.go b/registry/config.go index e349660e3261..75e954fbb573 100644 --- a/registry/config.go +++ b/registry/config.go @@ -13,6 +13,15 @@ import ( registrytypes "github.com/docker/engine-api/types/registry" ) +// SUSE PATCH: PrivateRegistryMirror is currently used for the purpose of +// mirroring registries other than the Docker hub. +// *** WARNING *** This type isn't meant to be used outside of CaaSP and will +// change in the future. +type PrivateRegistryMirror struct { + Name string `json:"registry,omitempty"` + Mirrors []string `json:"mirrors,omitempty"` +} + // ServiceOptions holds command line options. type ServiceOptions struct { Mirrors []string `json:"registry-mirrors,omitempty"` @@ -21,12 +30,16 @@ type ServiceOptions struct { // V2Only controls access to legacy registries. If it is set to true via the // command line flag the daemon will not attempt to contact v1 legacy registries V2Only bool `json:"disable-legacy-registry,omitempty"` + + // SUSE PATCH: array for configuring registries. + PrivateRegistryMirrors []PrivateRegistryMirror `json:"private-registry-mirrors,omitempty"` } // serviceConfig holds daemon configuration for the registry service. type serviceConfig struct { registrytypes.ServiceConfig - V2Only bool + V2Only bool + PrivateRegistryMirrors []PrivateRegistryMirror } var ( @@ -97,7 +110,8 @@ func newServiceConfig(options ServiceOptions) *serviceConfig { // and Mirrors are only for the official registry anyways. Mirrors: options.Mirrors, }, - V2Only: options.V2Only, + V2Only: options.V2Only, + PrivateRegistryMirrors: options.PrivateRegistryMirrors, } // Split --insecure-registry into CIDR and registry-specific settings. for _, r := range options.InsecureRegistries { diff --git a/registry/service_v2.go b/registry/service_v2.go index 5e62f8ff8c68..5d8abbe5c0a7 100644 --- a/registry/service_v2.go +++ b/registry/service_v2.go @@ -1,48 +1,79 @@ package registry import ( + "crypto/tls" "net/url" "strings" "github.com/docker/go-connections/tlsconfig" + "github.com/Sirupsen/logrus" ) -func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) { - var cfg = tlsconfig.ServerDefault - tlsConfig := &cfg - if hostname == DefaultNamespace || hostname == DefaultV1Registry.Host { - // v2 mirrors - for _, mirror := range s.config.Mirrors { - if !strings.HasPrefix(mirror, "http://";) && !strings.HasPrefix(mirror, "https://";) { - mirror = "https://"; + mirror - } - mirrorURL, err := url.Parse(mirror) - if err != nil { - return nil, err - } - mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL) - if err != nil { - return nil, err - } - endpoints = append(endpoints, APIEndpoint{ - URL: mirrorURL, - // guess mirrors are v2 - Version: APIVersion2, - Mirror: true, - TrimHostname: true, - TLSConfig: mirrorTLSConfig, - }) +func (s *DefaultService) createMirrorEndpoints(mirrors []string, tlsConfig *tls.Config, registryURL *url.URL, isOfficial bool) (endpoints []APIEndpoint, err error) { + // v2 mirrors + for _, mirror := range mirrors { + if !strings.HasPrefix(mirror, "http://";) && !strings.HasPrefix(mirror, "https://";) { + mirror = "https://"; + mirror + } + mirrorURL, err := url.Parse(mirror) + if err != nil { + return nil, err + } + mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL) + if err != nil { + return nil, err } - // v2 registry endpoints = append(endpoints, APIEndpoint{ - URL: DefaultV2Registry, + URL: mirrorURL, + // guess mirrors are v2 Version: APIVersion2, - Official: true, + Mirror: true, TrimHostname: true, - TLSConfig: tlsConfig, + TLSConfig: mirrorTLSConfig, }) + } + // v2 registry + endpoints = append(endpoints, APIEndpoint{ + URL: registryURL, + Version: APIVersion2, + Official: isOfficial, + TrimHostname: true, + TLSConfig: tlsConfig, + }) + + return endpoints, nil +} + +func (s *DefaultService) getRegistryMirrors(hostname string) (PrivateRegistryMirror, bool) { + var registry PrivateRegistryMirror + var mirrored bool - return endpoints, nil + for _, r := range s.config.PrivateRegistryMirrors { + if r.Name == hostname { + mirrored = len(r.Mirrors) > 0 + registry = r + break + } + } + + logrus.Infof("Private registries: host %s is mirrored %v", hostname, mirrored) + return registry, mirrored +} + +func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) { + var cfg = tlsconfig.ServerDefault + tlsConfig := &cfg + + if hostname == DefaultNamespace || hostname == DefaultV1Registry.Host { + return s.createMirrorEndpoints(s.config.Mirrors, tlsConfig, DefaultV2Registry, true) + } + + if registry, mirrored := s.getRegistryMirrors(hostname); mirrored { + registryURL := &url.URL { + Scheme: "https", + Host: hostname, + } + return s.createMirrorEndpoints(registry.Mirrors, tlsConfig, registryURL, false) } tlsConfig, err = s.TLSConfig(hostname) -- 2.13.6
