!18 docker: append the passed hostname to the endpoint when pull image with mirror

From: @abelvon Reviewed-by: @jing-rui Signed-off-by: @jing-rui
2020-12-21 16:57:07 +08:00 · 2020-12-21 16:57:07 +08:00 · a6a851b83b
commit a6a851b83b
parent 63ea1458e1 27493a1bf2
3 changed files with 148 additions and 1 deletions
--- a/docker.spec
+++ b/docker.spec
@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 109
+Release: 110
 Summary: The open-source application container engine
 Group: Tools/Docker
@ -223,3 +223,10 @@ fi
 5.do not sync if BYPAAS_SYNC is false
 6.fix panic on single-character volumes
 7.mask /proc/pin_memory
 * Mon Dec 21 2020 fengshaobao<shaobao.feng@huawei.com> - 18.09.110
 - Type:bugfix
 - ID:NA
 - CVE:NA
 - SUG:restart
 - DESC: append the image hostname itself as an endpoint even the registry mirror matched.
--- a/patch/0174-docker-do-not-return-when-matched-registry-mirror.patch
+++ b/patch/0174-docker-do-not-return-when-matched-registry-mirror.patch
@ -0,0 +1,139 @@
 From 56c1d6c149b18214a8d01ab3f1738cae4792109a Mon Sep 17 00:00:00 2001
 From: f00231050 <shaobao.feng@huawei.com>
 Date: Mon, 7 Dec 2020 15:30:11 +0800
 Subject: [PATCH] docker: do not return when matched registry mirror
 reason: append hostname itself to make sure the hostname itself will be tried.
 ---
 components/engine/registry/service_v2.go | 86 +++++++++++++++-----------------
 1 file changed, 41 insertions(+), 45 deletions(-)
 mode change 100644 => 100755 components/engine/registry/service_v2.go
 diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go
 old mode 100644
 new mode 100755
 index adeb10c..df66cd7
 --- a/components/engine/registry/service_v2.go
 +++ b/components/engine/registry/service_v2.go
@@ -19,8 +19,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
 		if reg != nil {
 			var regEndpoints []registrytypes.Endpoint = reg.Mirrors
 -			lastIndex := len(regEndpoints) - 1
 -			for i, regEP := range regEndpoints {
 +			for _, regEP := range regEndpoints {
 				official := regEP.Address == registrytypes.DefaultEndpoint.Address
 				regURL := regEP.GetURL()
@@ -41,49 +40,48 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
 					TLSConfig:    tlsConfig,
 					Prefix:       hostname,
 					// the last endpoint is not considered a mirror
 -					Mirror: i != lastIndex,
 +					Mirror: true,
 				})
 			}
 -			return endpoints, nil
 +			// don't return here, otherwise the hostname itself will not be appended to the endpoints,
 +			// and the hostname itself will not be tried, which is not a desired action.
 		}
 -	} else {
 +	}
 +	if hostname == DefaultNamespace || hostname == IndexHostname {
 		tlsConfig = tlsconfig.ServerDefault()
 -		if hostname == DefaultNamespace || hostname == IndexHostname {
 -			// v2 mirrors
 -			for _, mirror := range s.config.Mirrors {
 -				if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
 -					mirror = "https://" + mirror
 -				}
 -				mirrorURL, err := url.Parse(mirror)
 -				if err != nil {
 -					return nil, err
 -				}
 -				mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
 -				if err != nil {
 -					return nil, err
 -				}
 -				endpoints = append(endpoints, APIEndpoint{
 -					URL: mirrorURL,
 -					// guess mirrors are v2
 -					Version:      APIVersion2,
 -					Mirror:       true,
 -					TrimHostname: true,
 -					TLSConfig:    mirrorTLSConfig,
 -				})
 +		// v2 mirrors
 +		for _, mirror := range s.config.Mirrors {
 +			if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
 +				mirror = "https://" + mirror
 +			}
 +			mirrorURL, err := url.Parse(mirror)
 +			if err != nil {
 +				return nil, err
 +			}
 +			mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
 +			if err != nil {
 +				return nil, err
 			}
 -			// v2 registry
 			endpoints = append(endpoints, APIEndpoint{
 -				URL:          DefaultV2Registry,
 +				URL: mirrorURL,
 +				// guess mirrors are v2
 				Version:      APIVersion2,
 -				Official:     true,
 +				Mirror:       true,
 				TrimHostname: true,
 -				TLSConfig:    tlsConfig,
 +				TLSConfig:    mirrorTLSConfig,
 			})
 -
 -			return endpoints, nil
 		}
 -	}
 +		// v2 registry
 +		endpoints = append(endpoints, APIEndpoint{
 +			URL:          DefaultV2Registry,
 +			Version:      APIVersion2,
 +			Official:     true,
 +			TrimHostname: true,
 +			TLSConfig:    tlsConfig,
 +		})
 +		return endpoints, nil
 +	}
 	ana := allowNondistributableArtifacts(s.config, hostname)
 	tlsConfig, err = s.tlsConfig(hostname)
@@ -91,18 +89,16 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
 		return nil, err
 	}
 -	endpoints = []APIEndpoint{
 -		{
 -			URL: &url.URL{
 -				Scheme: "https",
 -				Host:   hostname,
 -			},
 -			Version:                        APIVersion2,
 -			AllowNondistributableArtifacts: ana,
 -			TrimHostname:                   true,
 -			TLSConfig:                      tlsConfig,
 +	endpoints = append(endpoints, APIEndpoint{
 +		URL: &url.URL{
 +			Scheme: "https",
 +			Host:   hostname,
 		},
 -	}
 +		Version:                        APIVersion2,
 +		AllowNondistributableArtifacts: ana,
 +		TrimHostname:                   true,
 +		TLSConfig:                      tlsConfig,
 +	})
 	if tlsConfig.InsecureSkipVerify {
 		endpoints = append(endpoints, APIEndpoint{
 -- 
 1.8.3.1
--- a/series.conf
+++ b/series.conf
@ -168,4 +168,5 @@ patch/0170-docker-fix-docker-load-files-leak.patch
 patch/0171-docker-do-not-sync-if-BYPAAS_SYNC-is-false.patch
 patch/0172-docker-fix-panic-on-single-character-volumes.patch
 patch/0173-docker-mask-proc-pin_memory.patch
 patch/0174-docker-do-not-return-when-matched-registry-mirror.patch
 #end