Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cloudfront storage documentation issue #2838

Closed
juliosmelo opened this issue Jan 31, 2019 · 5 comments
Closed

Cloudfront storage documentation issue #2838

juliosmelo opened this issue Jan 31, 2019 · 5 comments

Comments

@juliosmelo
Copy link

So, after restart the registry, it stopped working . Then I got the error bellow in my logs.

goroutine 1 [running]:
github.com/docker/distribution/registry/storage/driver/middleware/cloudfront.newCloudFrontStorageMiddleware(0xffd980, 0xc0004e0450, 0xc000427020, 0xa, 0xc>
        /go/src/github.com/docker/distribution/registry/storage/driver/middleware/cloudfront/middleware.go:141 +0x128f
github.com/docker/distribution/registry/storage/driver/middleware.Get(0xc0000372c0, 0xa, 0xc000427020, 0xffd980, 0xc0004e0450, 0xd18720, 0xfe14f0, 0x0, 0x>
        /go/src/github.com/docker/distribution/registry/storage/driver/middleware/storagemiddleware.go:34 +0x14b
github.com/docker/distribution/registry/handlers.applyStorageMiddleware(0xffd980, 0xc0004e0450, 0xc000466520, 0x1, 0x1, 0xc000360be0, 0xc0001d3b08, 0x0, 0>
        /go/src/github.com/docker/distribution/registry/handlers/app.go:989 +0xc9
github.com/docker/distribution/registry/handlers.NewApp(0xff1820, 0xc0004270b0, 0xc000456000, 0x0)
        /go/src/github.com/docker/distribution/registry/handlers/app.go:153 +0x800
github.com/docker/distribution/registry.NewRegistry(0xff1820, 0xc0004270b0, 0xc000456000, 0xc000456000, 0x0, 0x0)
        /go/src/github.com/docker/distribution/registry/registry.go:105 +0x1dc
github.com/docker/distribution/registry.glob..func1(0x171ae40, 0xc00003bb80, 0x1, 0x1)
        /go/src/github.com/docker/distribution/registry/registry.go:63 +0x187
github.com/docker/distribution/vendor/github.com/spf13/cobra.(*Command).execute(0x171ae40, 0xc00003bb40, 0x1, 0x1, 0x171ae40, 0xc00003bb40)
        /go/src/github.com/docker/distribution/vendor/github.com/spf13/cobra/command.go:495 +0x191
github.com/docker/distribution/vendor/github.com/spf13/cobra.(*Command).Execute(0x171afe0, 0xc0001d3f88, 0xc00007a058)
        /go/src/github.com/docker/distribution/vendor/github.com/spf13/cobra/command.go:560 +0x2f4
main.main()
        /go/src/github.com/docker/distribution/cmd/registry/main.go:23 +0x2d

Then I went to the documentation at: https://docs.docker.com/registry/configuration/#cloudfront. I checked my config.yml and I dind't found out
any missconfiguration as you can see bellow.

log:
  fields:
    service: my-registry
http:
  addr: :5000
  host: https://docker-registry.****.com
storage:
  s3:
    accesskey: *******
    secretkey: *******
    region: us-east-1
    bucket: ****-s3-bucket
    encrypt: true
    secure: true
    v4auth: true
    chunksize: 5242880
    rootdirectory: /
  redirect:
    disable: true
middleware:
  storage:
    - name: cloudfront
      options:
        baseurl: https://*******.cloudfront.net/
        privatekey: /etc/docker/cloudfront/pk-******.pem
        keypairid: *******

As you can see, all required storage options are in there.

baseurl
privatekey
keypairid

After that I went to check the code and then a reliazed that there is a undocumented storage options "ipfilteredby" that is checked in the line:
https://github.com/docker/distribution/blob/b75069ef13a1de846c0cdf964f5917f5b00c1a47/registry/storage/driver/middleware/cloudfront/middleware.go#L141

So, I added the ipfilteredby to the options and then the registry works again.

....
middleware:
  storage:
    - name: cloudfront
      options:
        baseurl: https://*******.cloudfront.net/
        privatekey: /etc/docker/cloudfront/pk-******.pem
        keypairid: *******
        ipfilteredby: ""

I think you can update the documentation with that option as required, set a default value or not check the type (string) if it's not a required option.
https://docs.docker.com/registry/configuration/#cloudfront
https://github.com/docker/distribution/blob/b75069ef13a1de846c0cdf964f5917f5b00c1a47/registry/storage/driver/middleware/cloudfront/middleware.go#L141

# docker version
Client:
 Version:           18.06.1-ce
 API version:       1.38
 Go version:        go1.10.6
 Git commit:        e68fc7a
 Built:             Tue Aug 21 17:16:31 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.1-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       e68fc7a
  Built:            Tue Aug 21 17:16:31 2018
  OS/Arch:          linux/amd64
  Experimental:     false
Containers: 2
 Running: 2
 Paused: 0
 Stopped: 0
Images: 21
Server Version: 18.06.1-ce
Storage Driver: overlay
 Backing Filesystem: extfs
 Supports d_type: true
Logging Driver: json-file
Cgroup Driver: systemd
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: v0.13.2 (expected: fec3683b971d9c3ef73f284f176672c44b448662)
Security Options:
 seccomp
  Profile: default
 selinux
Kernel Version: 4.14.96-coreos
Operating System: Container Linux by CoreOS 1967.4.0 (Rhyolite)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.853GiB
Name: ip-10-1-14-30.ec2.internal
ID: NNS5:WQJG:3WGS:XMME:XQBE:UEN3:CSIM:X52U:K7UJ:HPNU:X6EC:CECC
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 40
 Goroutines: 70
 System Time: 2019-01-31T15:30:06.187472756Z
 EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
@manishtomar
Copy link
Contributor

Thanks for the detailed bug report. The latest docs are there in docs/ directory which has documented ipfilteredby. The documentation at docs.docker.com is outdated and I am not sure when it is updated. Moreover, the doc says that it is optional but is still required which is another bug getting fixed in #2837. Since the doc is up to date in https://github.com/docker/distribution/blob/master/docs/configuration.md, lmk if you are ok if I closed this issue.

@juliosmelo
Copy link
Author

Hello @manishtomar

You can close this issue. Thanks for the feedback.

@diranged
Copy link

Why is this not actually fixed yet? In 2.7.1 this setting is still required - even though the docs don't say it is..

@thaJeztah thaJeztah mentioned this issue Jan 28, 2020
Merged
@thaJeztah
Copy link
Member

looks like it was not backported / cherry-picked in the 2.7 release branch. I just opened a backport for consideration: #3088

@milosgajdos
Copy link
Member

Closing as fixed in #3088 and generally, outdated. Feel free to reopen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@manishtomar @diranged @juliosmelo @milosgajdos @thaJeztah