!18 docker: append the passed hostname to the endpoint when pull image with mirror

From: @abelvon Reviewed-by: @jing-rui Signed-off-by: @jing-rui
2020-12-21 16:57:07 +08:00 · 2020-12-21 16:57:07 +08:00 · a6a851b83b
commit a6a851b83b
parent 63ea1458e1 27493a1bf2
3 changed files with 148 additions and 1 deletions
--- a/docker.spec
+++ b/docker.spec
@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 109
+Release: 110
 Summary: The open-source application container engine
 Group: Tools/Docker

@ -223,3 +223,10 @@ fi
 5.do not sync if BYPAAS_SYNC is false
 6.fix panic on single-character volumes
 7.mask /proc/pin_memory
+
+* Mon Dec 21 2020 fengshaobao<shaobao.feng@huawei.com> - 18.09.110
+- Type:bugfix
+- ID:NA
+- CVE:NA
+- SUG:restart
+- DESC: append the image hostname itself as an endpoint even the registry mirror matched.
--- a/patch/0174-docker-do-not-return-when-matched-registry-mirror.patch
+++ b/patch/0174-docker-do-not-return-when-matched-registry-mirror.patch
@ -0,0 +1,139 @@
+From 56c1d6c149b18214a8d01ab3f1738cae4792109a Mon Sep 17 00:00:00 2001
+From: f00231050 <shaobao.feng@huawei.com>
+Date: Mon, 7 Dec 2020 15:30:11 +0800
+Subject: [PATCH] docker: do not return when matched registry mirror
+
+reason: append hostname itself to make sure the hostname itself will be tried.
+---
+ components/engine/registry/service_v2.go | 86 +++++++++++++++-----------------
+ 1 file changed, 41 insertions(+), 45 deletions(-)
+ mode change 100644 => 100755 components/engine/registry/service_v2.go
+
+diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go
+old mode 100644
+new mode 100755
+index adeb10c..df66cd7
+--- a/components/engine/registry/service_v2.go
+++ b/components/engine/registry/service_v2.go
+@@ -19,8 +19,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
+ 		if reg != nil {
+ 			var regEndpoints []registrytypes.Endpoint = reg.Mirrors
+ 
+-			lastIndex := len(regEndpoints) - 1
+-			for i, regEP := range regEndpoints {
+			for _, regEP := range regEndpoints {
+ 				official := regEP.Address == registrytypes.DefaultEndpoint.Address
+ 				regURL := regEP.GetURL()
+ 
+@@ -41,49 +40,48 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
+ 					TLSConfig:    tlsConfig,
+ 					Prefix:       hostname,
+ 					// the last endpoint is not considered a mirror
+-					Mirror: i != lastIndex,
+					Mirror: true,
+ 				})
+ 			}
+-			return endpoints, nil
+			// don't return here, otherwise the hostname itself will not be appended to the endpoints,
+			// and the hostname itself will not be tried, which is not a desired action.
+ 		}
+-	} else {
+	}
+	if hostname == DefaultNamespace || hostname == IndexHostname {
+ 		tlsConfig = tlsconfig.ServerDefault()
+-		if hostname == DefaultNamespace || hostname == IndexHostname {
+-			// v2 mirrors
+-			for _, mirror := range s.config.Mirrors {
+-				if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
+-					mirror = "https://" + mirror
+-				}
+-				mirrorURL, err := url.Parse(mirror)
+-				if err != nil {
+-					return nil, err
+-				}
+-				mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
+-				if err != nil {
+-					return nil, err
+-				}
+-				endpoints = append(endpoints, APIEndpoint{
+-					URL: mirrorURL,
+-					// guess mirrors are v2
+-					Version:      APIVersion2,
+-					Mirror:       true,
+-					TrimHostname: true,
+-					TLSConfig:    mirrorTLSConfig,
+-				})
+		// v2 mirrors
+		for _, mirror := range s.config.Mirrors {
+			if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
+				mirror = "https://" + mirror
+			}
+			mirrorURL, err := url.Parse(mirror)
+			if err != nil {
+				return nil, err
+			}
+			mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
+			if err != nil {
+				return nil, err
+ 			}
+-			// v2 registry
+ 			endpoints = append(endpoints, APIEndpoint{
+-				URL:          DefaultV2Registry,
+				URL: mirrorURL,
+				// guess mirrors are v2
+ 				Version:      APIVersion2,
+-				Official:     true,
+				Mirror:       true,
+ 				TrimHostname: true,
+-				TLSConfig:    tlsConfig,
+				TLSConfig:    mirrorTLSConfig,
+ 			})
+-
+-			return endpoints, nil
+ 		}
+-	}
+		// v2 registry
+		endpoints = append(endpoints, APIEndpoint{
+			URL:          DefaultV2Registry,
+			Version:      APIVersion2,
+			Official:     true,
+			TrimHostname: true,
+			TLSConfig:    tlsConfig,
+		})
+ 
+		return endpoints, nil
+	}
+ 	ana := allowNondistributableArtifacts(s.config, hostname)
+ 
+ 	tlsConfig, err = s.tlsConfig(hostname)
+@@ -91,18 +89,16 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
+ 		return nil, err
+ 	}
+ 
+-	endpoints = []APIEndpoint{
+-		{
+-			URL: &url.URL{
+-				Scheme: "https",
+-				Host:   hostname,
+-			},
+-			Version:                        APIVersion2,
+-			AllowNondistributableArtifacts: ana,
+-			TrimHostname:                   true,
+-			TLSConfig:                      tlsConfig,
+	endpoints = append(endpoints, APIEndpoint{
+		URL: &url.URL{
+			Scheme: "https",
+			Host:   hostname,
+ 		},
+-	}
+		Version:                        APIVersion2,
+		AllowNondistributableArtifacts: ana,
+		TrimHostname:                   true,
+		TLSConfig:                      tlsConfig,
+	})
+ 
+ 	if tlsConfig.InsecureSkipVerify {
+ 		endpoints = append(endpoints, APIEndpoint{
+-- 
+1.8.3.1
+
--- a/series.conf
+++ b/series.conf
@ -168,4 +168,5 @@ patch/0170-docker-fix-docker-load-files-leak.patch
 patch/0171-docker-do-not-sync-if-BYPAAS_SYNC-is-false.patch
 patch/0172-docker-fix-panic-on-single-character-volumes.patch
 patch/0173-docker-mask-proc-pin_memory.patch
+patch/0174-docker-do-not-return-when-matched-registry-mirror.patch
 #end