Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 78f09c9102ac
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: b28d151ac9b9
Choose a head ref
  • 5 commits
  • 3 files changed
  • 4 contributors

Commits on May 1, 2018

  1. nixos/docker-registry: add more configuration options for docker-regi… 

    …stry
    @ironpinguin @Ma27
    ironpinguin authored and Ma27 committed May 1, 2018
    Copy the full SHA
    f5c0b3f View commit details

  2. nixos/docker-registry: cleanup module definition & enhance testcase 

    The following changes have been applied:

- the property `http.headers.X-Content-Type-Options` must a list of
  strings rather than a serialized list
- instead of `/etc/docker/registry/config.yml` the configuration will be
  written with `pkgs.writeText` and the store path will be used to run
  the registry. This reduces the risk of possible impurities by relying
  on the Nix store only.
- cleaned up the property paths to easy readability and reduce the
  verbosity.
- enhanced the testcase to ensure that digests can be deleted as well
- the `services.docker-registry.extraConfig` object will be merged with
  `registryConfig`

/cc @ironpinguin
    @Ma27
    Ma27 committed May 1, 2018
    Copy the full SHA
    593dc45 View commit details

  3. nixos/docker-registry: Add support for garbage collector to docker re… 

    …gistry
    @ironpinguin @Ma27
    ironpinguin authored and Ma27 committed May 1, 2018
    Copy the full SHA
    afd3136 View commit details

Commits on May 2, 2018

  1. Merge branch 'master' into docker-registry-enhancements

    @globin
    globin authored May 2, 2018
    Copy the full SHA
    fe9096e View commit details

  2. Merge pull request #37871 from Ma27/docker-registry-enhancements 

    nixos/docker-registry: add configuration options to support image deletions
    @globin
    globin authored May 2, 2018
    Copy the full SHA
    b28d151 View commit details
Showing with 117 additions and 9 deletions.
  1. +7 −0 nixos/doc/manual/release-notes/rl-1809.xml
  2. +89 −8 nixos/modules/services/misc/docker-registry.nix
  3. +21 −1 nixos/tests/docker-registry.nix
7 changes: 7 additions & 0 deletions nixos/doc/manual/release-notes/rl-1809.xml
View file
Original file line number Diff line number Diff line change
@@ -94,6 +94,13 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
accepted by the nc command.
</para>
</listitem>
<listitem>
<para>
The <varname>services.docker-registry.extraConfig</varname> object doesn't contain
environment variables anymore. Instead it needs to provide an object structure
that can be mapped onto the YAML configuration defined in <link xlink:href="https://github.com/docker/distribution/blob/v2.6.2/docs/configuration.md">the <varname>docker/distribution</varname> docs</link>.
</para>
</listitem>
</itemizedlist>
</section>

97 changes: 89 additions & 8 deletions nixos/modules/services/misc/docker-registry.nix
View file
Original file line number Diff line number Diff line change
@@ -5,6 +5,45 @@ with lib;
let
cfg = config.services.dockerRegistry;

blobCache = if cfg.enableRedisCache
then "redis"
else "inmemory";

registryConfig = {
version = "0.1";
log.fields.service = "registry";
storage = {
cache.blobdescriptor = blobCache;
filesystem.rootdirectory = cfg.storagePath;
delete.enabled = cfg.enableDelete;
};
http = {
addr = ":${builtins.toString cfg.port}";
headers.X-Content-Type-Options = ["nosniff"];
};
health.storagedriver = {
enabled = true;
interval = "10s";
threshold = 3;
};
};

registryConfig.redis = mkIf cfg.enableRedisCache {
addr = "${cfg.redisUrl}";
password = "${cfg.redisPassword}";
db = 0;
dialtimeout = "10ms";
readtimeout = "10ms";
writetimeout = "10ms";
pool = {
maxidle = 16;
maxactive = 64;
idletimeout = "300s";
};
};

configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (registryConfig // cfg.extraConfig));

in {
options.services.dockerRegistry = {
enable = mkEnableOption "Docker Registry";
@@ -27,29 +66,55 @@ in {
description = "Docker registry storage path.";
};

enableDelete = mkOption {
type = types.bool;
default = false;
description = "Enable delete for manifests and blobs.";
};

enableRedisCache = mkEnableOption "redis as blob cache";

redisUrl = mkOption {
type = types.str;
default = "localhost:6379";
description = "Set redis host and port.";
};

redisPassword = mkOption {
type = types.str;
default = "";
description = "Set redis password.";
};

extraConfig = mkOption {
description = ''
Docker extra registry configuration via environment variables.
'';
default = {};
type = types.attrsOf types.str;
};

enableGarbageCollect = mkEnableOption "garbage collect";

garbageCollectDates = mkOption {
default = "daily";
type = types.str;
description = ''
Specification (in the format described by
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>) of the time at
which the garbage collect will occur.
'';
};
};

config = mkIf cfg.enable {
systemd.services.docker-registry = {
description = "Docker Container Registry";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];

environment = {
REGISTRY_HTTP_ADDR = "${cfg.listenAddress}:${toString cfg.port}";
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY = cfg.storagePath;
} // cfg.extraConfig;

script = ''
${pkgs.docker-distribution}/bin/registry serve \
${pkgs.docker-distribution.out}/share/go/src/github.com/docker/distribution/cmd/registry/config-example.yml
${pkgs.docker-distribution}/bin/registry serve ${configFile}
'';

serviceConfig = {
@@ -58,6 +123,22 @@ in {
};
};

systemd.services.docker-registry-garbage-collect = {
description = "Run Garbage Collection for docker registry";

restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;

serviceConfig.Type = "oneshot";

script = ''
${pkgs.docker-distribution}/bin/registry garbage-collect ${configFile}
${pkgs.systemd}/bin/systemctl restart docker-registry.service
'';

startAt = optional cfg.enableGarbageCollect cfg.garbageCollectDates;
};

users.extraUsers.docker-registry = {
createHome = true;
home = cfg.storagePath;
22 changes: 21 additions & 1 deletion nixos/tests/docker-registry.nix
View file
Original file line number Diff line number Diff line change
@@ -3,14 +3,16 @@
import ./make-test.nix ({ pkgs, ...} : {
name = "docker-registry";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ globin ];
maintainers = [ globin ma27 ironpinguin ];
};

nodes = {
registry = { config, pkgs, ... }: {
services.dockerRegistry.enable = true;
services.dockerRegistry.enableDelete = true;
services.dockerRegistry.port = 8080;
services.dockerRegistry.listenAddress = "0.0.0.0";
services.dockerRegistry.enableGarbageCollect = true;
networking.firewall.allowedTCPPorts = [ 8080 ];
};

@@ -33,11 +35,29 @@ import ./make-test.nix ({ pkgs, ...} : {
$registry->start();
$registry->waitForUnit("docker-registry.service");
$registry->waitForOpenPort("8080");
$client1->succeed("docker push registry:8080/scratch");
$client2->start();
$client2->waitForUnit("docker.service");
$client2->succeed("docker pull registry:8080/scratch");
$client2->succeed("docker images | grep scratch");
$client2->succeed(
'curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H"Accept: application/vnd.docker.distribution.manifest.v2+json" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e \'s/Docker-Content-Digest: //\' | tr -d \'\r\')'
);
$registry->systemctl("start docker-registry-garbage-collect.service");
$registry->waitUntilFails("systemctl status docker-registry-garbage-collect.service");
$registry->waitForUnit("docker-registry.service");
$registry->fail(
'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
);
$client1->succeed("docker push registry:8080/scratch");
$registry->succeed(
'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
);
'';
})