1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

registry: defaultService: use sync.RWMutex

Most operations only require read access, so change this to use an RWMutex,
and some minor refactoring in lookupV2Endpoints() so that we are not
constructing tlsconfig multiple times in some cases.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2022-02-26 14:52:12 +01:00
parent 9cb0aa4c91
commit dae2173568
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
3 changed files with 20 additions and 25 deletions

View file

@ -20,6 +20,7 @@ func HostCertsDir(hostname string) string {
return filepath.Join(CertsDir(), cleanPath(hostname)) return filepath.Join(CertsDir(), cleanPath(hostname))
} }
// newTLSConfig constructs a client TLS configuration based on server defaults
func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) { func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
// PreferredServerCipherSuites should have no effect // PreferredServerCipherSuites should have no effect
tlsConfig := tlsconfig.ServerDefault() tlsConfig := tlsconfig.ServerDefault()

View file

@ -39,7 +39,7 @@ type Service interface {
// of mirrors. // of mirrors.
type defaultService struct { type defaultService struct {
config *serviceConfig config *serviceConfig
mu sync.Mutex mu sync.RWMutex
} }
// NewService returns a new instance of defaultService ready to be // NewService returns a new instance of defaultService ready to be
@ -52,8 +52,8 @@ func NewService(options ServiceOptions) (Service, error) {
// ServiceConfig returns the public registry service configuration. // ServiceConfig returns the public registry service configuration.
func (s *defaultService) ServiceConfig() *registry.ServiceConfig { func (s *defaultService) ServiceConfig() *registry.ServiceConfig {
s.mu.Lock() s.mu.RLock()
defer s.mu.Unlock() defer s.mu.RUnlock()
servConfig := registry.ServiceConfig{ servConfig := registry.ServiceConfig{
AllowNondistributableArtifactsCIDRs: make([]*(registry.NetIPNet), 0), AllowNondistributableArtifactsCIDRs: make([]*(registry.NetIPNet), 0),
@ -167,9 +167,9 @@ func (s *defaultService) Search(ctx context.Context, term string, limit int, aut
indexName, remoteName := splitReposSearchTerm(term) indexName, remoteName := splitReposSearchTerm(term)
// Search is a long-running operation, just lock s.config to avoid block others. // Search is a long-running operation, just lock s.config to avoid block others.
s.mu.Lock() s.mu.RLock()
index, err := newIndexInfo(s.config, indexName) index, err := newIndexInfo(s.config, indexName)
s.mu.Unlock() s.mu.RUnlock()
if err != nil { if err != nil {
return nil, err return nil, err
@ -226,8 +226,8 @@ func (s *defaultService) Search(ctx context.Context, term string, limit int, aut
// ResolveRepository splits a repository name into its components // ResolveRepository splits a repository name into its components
// and configuration of the associated registry. // and configuration of the associated registry.
func (s *defaultService) ResolveRepository(name reference.Named) (*RepositoryInfo, error) { func (s *defaultService) ResolveRepository(name reference.Named) (*RepositoryInfo, error) {
s.mu.Lock() s.mu.RLock()
defer s.mu.Unlock() defer s.mu.RUnlock()
return newRepositoryInfo(s.config, name) return newRepositoryInfo(s.config, name)
} }
@ -244,22 +244,18 @@ type APIEndpoint struct {
// TLSConfig constructs a client TLS configuration based on server defaults // TLSConfig constructs a client TLS configuration based on server defaults
func (s *defaultService) TLSConfig(hostname string) (*tls.Config, error) { func (s *defaultService) TLSConfig(hostname string) (*tls.Config, error) {
s.mu.Lock() s.mu.RLock()
defer s.mu.Unlock() secure := isSecureIndex(s.config, hostname)
s.mu.RUnlock()
return s.tlsConfig(hostname) return newTLSConfig(hostname, secure)
}
// tlsConfig constructs a client TLS configuration based on server defaults
func (s *defaultService) tlsConfig(hostname string) (*tls.Config, error) {
return newTLSConfig(hostname, isSecureIndex(s.config, hostname))
} }
// LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference. // LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference.
// It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP. // It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP.
func (s *defaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) { func (s *defaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
s.mu.Lock() s.mu.RLock()
defer s.mu.Unlock() defer s.mu.RUnlock()
return s.lookupV2Endpoints(hostname) return s.lookupV2Endpoints(hostname)
} }
@ -267,8 +263,8 @@ func (s *defaultService) LookupPullEndpoints(hostname string) (endpoints []APIEn
// LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference. // LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference.
// It gives preference to HTTPS over plain HTTP. Mirrors are not included. // It gives preference to HTTPS over plain HTTP. Mirrors are not included.
func (s *defaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) { func (s *defaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
s.mu.Lock() s.mu.RLock()
defer s.mu.Unlock() defer s.mu.RUnlock()
allEndpoints, err := s.lookupV2Endpoints(hostname) allEndpoints, err := s.lookupV2Endpoints(hostname)
if err == nil { if err == nil {

View file

@ -8,7 +8,6 @@ import (
) )
func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) { func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
tlsConfig := tlsconfig.ServerDefault()
if hostname == DefaultNamespace || hostname == IndexHostname { if hostname == DefaultNamespace || hostname == IndexHostname {
for _, mirror := range s.config.Mirrors { for _, mirror := range s.config.Mirrors {
if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") { if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
@ -18,7 +17,7 @@ func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
if err != nil { if err != nil {
return nil, invalidParam(err) return nil, invalidParam(err)
} }
mirrorTLSConfig, err := s.tlsConfig(mirrorURL.Host) mirrorTLSConfig, err := newTLSConfig(mirrorURL.Host, isSecureIndex(s.config, mirrorURL.Host))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -35,19 +34,18 @@ func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
Version: APIVersion2, Version: APIVersion2,
Official: true, Official: true,
TrimHostname: true, TrimHostname: true,
TLSConfig: tlsConfig, TLSConfig: tlsconfig.ServerDefault(),
}) })
return endpoints, nil return endpoints, nil
} }
ana := allowNondistributableArtifacts(s.config, hostname) tlsConfig, err := newTLSConfig(hostname, isSecureIndex(s.config, hostname))
tlsConfig, err = s.tlsConfig(hostname)
if err != nil { if err != nil {
return nil, err return nil, err
} }
ana := allowNondistributableArtifacts(s.config, hostname)
endpoints = []APIEndpoint{ endpoints = []APIEndpoint{
{ {
URL: &url.URL{ URL: &url.URL{