Commit f519a4b7 authored by Valery Sizov's avatar Valery Sizov

Backport of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3809

Introducing Docker Registry replication
parent beb7d892
...@@ -70,10 +70,14 @@ class ContainerRepository < ApplicationRecord ...@@ -70,10 +70,14 @@ class ContainerRepository < ApplicationRecord
digests = tags.map { |tag| tag.digest }.to_set digests = tags.map { |tag| tag.digest }.to_set
digests.all? do |digest| digests.all? do |digest|
client.delete_repository_tag(self.path, digest) delete_tag_by_digest(digest)
end end
end end
def delete_tag_by_digest(digest)
client.delete_repository_tag(self.path, digest)
end
def self.build_from_path(path) def self.build_from_path(path)
self.new(project: path.repository_project, self.new(project: path.repository_project,
name: path.repository_name) name: path.repository_name)
......
...@@ -17,6 +17,14 @@ module Auth ...@@ -17,6 +17,14 @@ module Auth
end end
def self.full_access_token(*names) def self.full_access_token(*names)
access_token(%w(*), names)
end
def self.pull_access_token(*names)
access_token(['pull'], names)
end
def self.access_token(actions, names)
names = names.flatten names = names.flatten
registry = Gitlab.config.registry registry = Gitlab.config.registry
token = JSONWebToken::RSAToken.new(registry.key) token = JSONWebToken::RSAToken.new(registry.key)
...@@ -25,7 +33,7 @@ module Auth ...@@ -25,7 +33,7 @@ module Auth
token.expire_time = token_expire_at token.expire_time = token_expire_at
token[:access] = names.map do |name| token[:access] = names.map do |name|
{ type: 'repository', name: name, actions: %w(*) } { type: 'repository', name: name, actions: actions }
end end
token.encoded token.encoded
......
...@@ -427,6 +427,11 @@ production: &base ...@@ -427,6 +427,11 @@ production: &base
# If it is blank, it defaults to external_url. # If it is blank, it defaults to external_url.
node_name: '' node_name: ''
registry_replication:
# enabled: true
# primary_api_url: http://localhost:5000/ # internal address to the primary registry, will be used by GitLab to directly communicate with primary registry API
# #
# 2. GitLab CI settings # 2. GitLab CI settings
# ========================== # ==========================
......
...@@ -19,6 +19,7 @@ ActiveSupport::Inflector.inflections do |inflect| ...@@ -19,6 +19,7 @@ ActiveSupport::Inflector.inflections do |inflect|
project_registry project_registry
file_registry file_registry
job_artifact_registry job_artifact_registry
container_repository_registry
vulnerability_feedback vulnerability_feedback
vulnerabilities_feedback vulnerabilities_feedback
group_view group_view
......
...@@ -296,6 +296,12 @@ Gitlab.ee do ...@@ -296,6 +296,12 @@ Gitlab.ee do
Settings['geo'] ||= Settingslogic.new({}) Settings['geo'] ||= Settingslogic.new({})
# For backwards compatibility, default to gitlab_url and if so, ensure it ends with "/" # For backwards compatibility, default to gitlab_url and if so, ensure it ends with "/"
Settings.geo['node_name'] = Settings.geo['node_name'].presence || Settings.gitlab['url'].chomp('/').concat('/') Settings.geo['node_name'] = Settings.geo['node_name'].presence || Settings.gitlab['url'].chomp('/').concat('/')
#
# Registry replication
#
Settings.geo['registry_replication'] ||= Settingslogic.new({})
Settings.geo.registry_replication['enabled'] ||= false
end end
# #
...@@ -473,6 +479,9 @@ Gitlab.ee do ...@@ -473,6 +479,9 @@ Gitlab.ee do
Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['cron'] ||= '*/1 * * * *' Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['cron'] ||= '*/1 * * * *'
Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['job_class'] ||= 'Geo::RepositoryVerification::Secondary::SchedulerWorker' Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['job_class'] ||= 'Geo::RepositoryVerification::Secondary::SchedulerWorker'
Settings.cron_jobs['geo_container_repository_sync_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['geo_container_repository_sync_worker']['cron'] ||= '*/1 * * * *'
Settings.cron_jobs['geo_container_repository_sync_worker']['job_class'] ||= 'Geo::ContainerRepositorySyncDispatchWorker'
Settings.cron_jobs['historical_data_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['historical_data_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['historical_data_worker']['cron'] ||= '0 12 * * *' Settings.cron_jobs['historical_data_worker']['cron'] ||= '0 12 * * *'
Settings.cron_jobs['historical_data_worker']['job_class'] = 'HistoricalDataWorker' Settings.cron_jobs['historical_data_worker']['job_class'] = 'HistoricalDataWorker'
......
# frozen_string_literal: true
class AddGeoContainerSyncCapacity < ActiveRecord::Migration[5.1]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def change
change_table :geo_nodes do |t|
t.column :container_repositories_max_capacity, :integer, default: 10, null: false
end
end
end
...@@ -1435,6 +1435,7 @@ ActiveRecord::Schema.define(version: 2019_07_29_090456) do ...@@ -1435,6 +1435,7 @@ ActiveRecord::Schema.define(version: 2019_07_29_090456) do
t.integer "minimum_reverification_interval", default: 7, null: false t.integer "minimum_reverification_interval", default: 7, null: false
t.string "internal_url" t.string "internal_url"
t.string "name", null: false t.string "name", null: false
t.integer "container_repositories_max_capacity", default: 10, null: false
t.index ["access_key"], name: "index_geo_nodes_on_access_key" t.index ["access_key"], name: "index_geo_nodes_on_access_key"
t.index ["name"], name: "index_geo_nodes_on_name", unique: true t.index ["name"], name: "index_geo_nodes_on_name", unique: true
t.index ["primary"], name: "index_geo_nodes_on_primary" t.index ["primary"], name: "index_geo_nodes_on_primary"
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
FactoryBot.define do FactoryBot.define do
factory :container_repository do factory :container_repository do
name 'test_image' sequence(:name) { |n| "test_image_#{n}" }
project project
transient do transient do
......
...@@ -145,6 +145,19 @@ describe Auth::ContainerRegistryAuthenticationService do ...@@ -145,6 +145,19 @@ describe Auth::ContainerRegistryAuthenticationService do
it_behaves_like 'not a container repository factory' it_behaves_like 'not a container repository factory'
end end
describe '#pull_access_token' do
let(:project) { create(:project) }
let(:token) { described_class.pull_access_token(project.full_path) }
subject { { token: token } }
it_behaves_like 'an accessible' do
let(:actions) { ['pull'] }
end
it_behaves_like 'not a container repository factory'
end
context 'user authorization' do context 'user authorization' do
let(:current_user) { create(:user) } let(:current_user) { create(:user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment