mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
registry: defaultService: use sync.RWMutex
Most operations only require read access, so change this to use an RWMutex, and some minor refactoring in lookupV2Endpoints() so that we are not constructing tlsconfig multiple times in some cases. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
9cb0aa4c91
commit
dae2173568
3 changed files with 20 additions and 25 deletions
|
@ -20,6 +20,7 @@ func HostCertsDir(hostname string) string {
|
||||||
return filepath.Join(CertsDir(), cleanPath(hostname))
|
return filepath.Join(CertsDir(), cleanPath(hostname))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// newTLSConfig constructs a client TLS configuration based on server defaults
|
||||||
func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
|
func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
|
||||||
// PreferredServerCipherSuites should have no effect
|
// PreferredServerCipherSuites should have no effect
|
||||||
tlsConfig := tlsconfig.ServerDefault()
|
tlsConfig := tlsconfig.ServerDefault()
|
||||||
|
|
|
@ -39,7 +39,7 @@ type Service interface {
|
||||||
// of mirrors.
|
// of mirrors.
|
||||||
type defaultService struct {
|
type defaultService struct {
|
||||||
config *serviceConfig
|
config *serviceConfig
|
||||||
mu sync.Mutex
|
mu sync.RWMutex
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewService returns a new instance of defaultService ready to be
|
// NewService returns a new instance of defaultService ready to be
|
||||||
|
@ -52,8 +52,8 @@ func NewService(options ServiceOptions) (Service, error) {
|
||||||
|
|
||||||
// ServiceConfig returns the public registry service configuration.
|
// ServiceConfig returns the public registry service configuration.
|
||||||
func (s *defaultService) ServiceConfig() *registry.ServiceConfig {
|
func (s *defaultService) ServiceConfig() *registry.ServiceConfig {
|
||||||
s.mu.Lock()
|
s.mu.RLock()
|
||||||
defer s.mu.Unlock()
|
defer s.mu.RUnlock()
|
||||||
|
|
||||||
servConfig := registry.ServiceConfig{
|
servConfig := registry.ServiceConfig{
|
||||||
AllowNondistributableArtifactsCIDRs: make([]*(registry.NetIPNet), 0),
|
AllowNondistributableArtifactsCIDRs: make([]*(registry.NetIPNet), 0),
|
||||||
|
@ -167,9 +167,9 @@ func (s *defaultService) Search(ctx context.Context, term string, limit int, aut
|
||||||
indexName, remoteName := splitReposSearchTerm(term)
|
indexName, remoteName := splitReposSearchTerm(term)
|
||||||
|
|
||||||
// Search is a long-running operation, just lock s.config to avoid block others.
|
// Search is a long-running operation, just lock s.config to avoid block others.
|
||||||
s.mu.Lock()
|
s.mu.RLock()
|
||||||
index, err := newIndexInfo(s.config, indexName)
|
index, err := newIndexInfo(s.config, indexName)
|
||||||
s.mu.Unlock()
|
s.mu.RUnlock()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -226,8 +226,8 @@ func (s *defaultService) Search(ctx context.Context, term string, limit int, aut
|
||||||
// ResolveRepository splits a repository name into its components
|
// ResolveRepository splits a repository name into its components
|
||||||
// and configuration of the associated registry.
|
// and configuration of the associated registry.
|
||||||
func (s *defaultService) ResolveRepository(name reference.Named) (*RepositoryInfo, error) {
|
func (s *defaultService) ResolveRepository(name reference.Named) (*RepositoryInfo, error) {
|
||||||
s.mu.Lock()
|
s.mu.RLock()
|
||||||
defer s.mu.Unlock()
|
defer s.mu.RUnlock()
|
||||||
return newRepositoryInfo(s.config, name)
|
return newRepositoryInfo(s.config, name)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -244,22 +244,18 @@ type APIEndpoint struct {
|
||||||
|
|
||||||
// TLSConfig constructs a client TLS configuration based on server defaults
|
// TLSConfig constructs a client TLS configuration based on server defaults
|
||||||
func (s *defaultService) TLSConfig(hostname string) (*tls.Config, error) {
|
func (s *defaultService) TLSConfig(hostname string) (*tls.Config, error) {
|
||||||
s.mu.Lock()
|
s.mu.RLock()
|
||||||
defer s.mu.Unlock()
|
secure := isSecureIndex(s.config, hostname)
|
||||||
|
s.mu.RUnlock()
|
||||||
|
|
||||||
return s.tlsConfig(hostname)
|
return newTLSConfig(hostname, secure)
|
||||||
}
|
|
||||||
|
|
||||||
// tlsConfig constructs a client TLS configuration based on server defaults
|
|
||||||
func (s *defaultService) tlsConfig(hostname string) (*tls.Config, error) {
|
|
||||||
return newTLSConfig(hostname, isSecureIndex(s.config, hostname))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference.
|
// LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference.
|
||||||
// It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP.
|
// It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP.
|
||||||
func (s *defaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
func (s *defaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||||
s.mu.Lock()
|
s.mu.RLock()
|
||||||
defer s.mu.Unlock()
|
defer s.mu.RUnlock()
|
||||||
|
|
||||||
return s.lookupV2Endpoints(hostname)
|
return s.lookupV2Endpoints(hostname)
|
||||||
}
|
}
|
||||||
|
@ -267,8 +263,8 @@ func (s *defaultService) LookupPullEndpoints(hostname string) (endpoints []APIEn
|
||||||
// LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference.
|
// LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference.
|
||||||
// It gives preference to HTTPS over plain HTTP. Mirrors are not included.
|
// It gives preference to HTTPS over plain HTTP. Mirrors are not included.
|
||||||
func (s *defaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
func (s *defaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||||
s.mu.Lock()
|
s.mu.RLock()
|
||||||
defer s.mu.Unlock()
|
defer s.mu.RUnlock()
|
||||||
|
|
||||||
allEndpoints, err := s.lookupV2Endpoints(hostname)
|
allEndpoints, err := s.lookupV2Endpoints(hostname)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
|
|
@ -8,7 +8,6 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
||||||
tlsConfig := tlsconfig.ServerDefault()
|
|
||||||
if hostname == DefaultNamespace || hostname == IndexHostname {
|
if hostname == DefaultNamespace || hostname == IndexHostname {
|
||||||
for _, mirror := range s.config.Mirrors {
|
for _, mirror := range s.config.Mirrors {
|
||||||
if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
|
if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
|
||||||
|
@ -18,7 +17,7 @@ func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, invalidParam(err)
|
return nil, invalidParam(err)
|
||||||
}
|
}
|
||||||
mirrorTLSConfig, err := s.tlsConfig(mirrorURL.Host)
|
mirrorTLSConfig, err := newTLSConfig(mirrorURL.Host, isSecureIndex(s.config, mirrorURL.Host))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -35,19 +34,18 @@ func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
|
||||||
Version: APIVersion2,
|
Version: APIVersion2,
|
||||||
Official: true,
|
Official: true,
|
||||||
TrimHostname: true,
|
TrimHostname: true,
|
||||||
TLSConfig: tlsConfig,
|
TLSConfig: tlsconfig.ServerDefault(),
|
||||||
})
|
})
|
||||||
|
|
||||||
return endpoints, nil
|
return endpoints, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
ana := allowNondistributableArtifacts(s.config, hostname)
|
tlsConfig, err := newTLSConfig(hostname, isSecureIndex(s.config, hostname))
|
||||||
|
|
||||||
tlsConfig, err = s.tlsConfig(hostname)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ana := allowNondistributableArtifacts(s.config, hostname)
|
||||||
endpoints = []APIEndpoint{
|
endpoints = []APIEndpoint{
|
||||||
{
|
{
|
||||||
URL: &url.URL{
|
URL: &url.URL{
|
||||||
|
|
Loading…
Reference in a new issue