package distribution import ( "fmt" "github.com/Sirupsen/logrus" "github.com/docker/distribution/digest" "github.com/docker/docker/api" "github.com/docker/docker/api/types" "github.com/docker/docker/distribution/metadata" "github.com/docker/docker/distribution/xfer" "github.com/docker/docker/image" "github.com/docker/docker/pkg/progress" "github.com/docker/docker/reference" "github.com/docker/docker/registry" "golang.org/x/net/context" ) // ImagePullConfig stores pull configuration. type ImagePullConfig struct { // MetaHeaders stores HTTP headers with metadata about the image MetaHeaders map[string][]string // AuthConfig holds authentication credentials for authenticating with // the registry. AuthConfig *types.AuthConfig // ProgressOutput is the interface for showing the status of the pull // operation. ProgressOutput progress.Output // RegistryService is the registry service to use for TLS configuration // and endpoint lookup. RegistryService registry.Service // ImageEventLogger notifies events for a given image ImageEventLogger func(id, name, action string) // MetadataStore is the storage backend for distribution-specific // metadata. MetadataStore metadata.Store // ImageStore manages images. ImageStore image.Store // ReferenceStore manages tags. ReferenceStore reference.Store // DownloadManager manages concurrent pulls. DownloadManager *xfer.LayerDownloadManager } // Puller is an interface that abstracts pulling for different API versions. type Puller interface { // Pull tries to pull the image referenced by `tag` // Pull returns an error if any, as well as a boolean that determines whether to retry Pull on the next configured endpoint. // Pull(ctx context.Context, ref reference.Named) error } // newPuller returns a Puller interface that will pull from either a v1 or v2 // registry. The endpoint argument contains a Version field that determines // whether a v1 or v2 puller will be created. The other parameters are passed // through to the underlying puller implementation for use during the actual // pull operation. func newPuller(endpoint registry.APIEndpoint, repoInfo *registry.RepositoryInfo, imagePullConfig *ImagePullConfig) (Puller, error) { switch endpoint.Version { case registry.APIVersion2: return &v2Puller{ V2MetadataService: metadata.NewV2MetadataService(imagePullConfig.MetadataStore), endpoint: endpoint, config: imagePullConfig, repoInfo: repoInfo, }, nil case registry.APIVersion1: return &v1Puller{ v1IDService: metadata.NewV1IDService(imagePullConfig.MetadataStore), endpoint: endpoint, config: imagePullConfig, repoInfo: repoInfo, }, nil } return nil, fmt.Errorf("unknown version %d for registry %s", endpoint.Version, endpoint.URL) } // Pull initiates a pull operation. image is the repository name to pull, and // tag may be either empty, or indicate a specific tag to pull. func Pull(ctx context.Context, ref reference.Named, imagePullConfig *ImagePullConfig) error { // Resolve the Repository name from fqn to RepositoryInfo repoInfo, err := imagePullConfig.RegistryService.ResolveRepository(ref) if err != nil { return err } // makes sure name is not empty or `scratch` if err := ValidateRepoName(repoInfo.Name()); err != nil { return err } endpoints, err := imagePullConfig.RegistryService.LookupPullEndpoints(repoInfo.Hostname()) if err != nil { return err } var ( lastErr error // discardNoSupportErrors is used to track whether an endpoint encountered an error of type registry.ErrNoSupport // By default it is false, which means that if an ErrNoSupport error is encountered, it will be saved in lastErr. // As soon as another kind of error is encountered, discardNoSupportErrors is set to true, avoiding the saving of // any subsequent ErrNoSupport errors in lastErr. // It's needed for pull-by-digest on v1 endpoints: if there are only v1 endpoints configured, the error should be // returned and displayed, but if there was a v2 endpoint which supports pull-by-digest, then the last relevant // error is the ones from v2 endpoints not v1. discardNoSupportErrors bool // confirmedV2 is set to true if a pull attempt managed to // confirm that it was talking to a v2 registry. This will // prevent fallback to the v1 protocol. confirmedV2 bool // confirmedTLSRegistries is a map indicating which registries // are known to be using TLS. There should never be a plaintext // retry for any of these. confirmedTLSRegistries = make(map[string]struct{}) ) for _, endpoint := range endpoints { if confirmedV2 && endpoint.Version == registry.APIVersion1 { logrus.Debugf("Skipping v1 endpoint %s because v2 registry was detected", endpoint.URL) continue } if endpoint.URL.Scheme != "https" { if _, confirmedTLS := confirmedTLSRegistries[endpoint.URL.Host]; confirmedTLS { logrus.Debugf("Skipping non-TLS endpoint %s for host/port that appears to use TLS", endpoint.URL) continue } } logrus.Debugf("Trying to pull %s from %s %s", repoInfo.Name(), endpoint.URL, endpoint.Version) puller, err := newPuller(endpoint, repoInfo, imagePullConfig) if err != nil { lastErr = err continue } if err := puller.Pull(ctx, ref); err != nil { // Was this pull cancelled? If so, don't try to fall // back. fallback := false select { case <-ctx.Done(): default: if fallbackErr, ok := err.(fallbackError); ok { fallback = true confirmedV2 = confirmedV2 || fallbackErr.confirmedV2 if fallbackErr.transportOK && endpoint.URL.Scheme == "https" { confirmedTLSRegistries[endpoint.URL.Host] = struct{}{} } err = fallbackErr.err } } if fallback { if _, ok := err.(ErrNoSupport); !ok { // Because we found an error that's not ErrNoSupport, discard all subsequent ErrNoSupport errors. discardNoSupportErrors = true // append subsequent errors lastErr = err } else if !discardNoSupportErrors { // Save the ErrNoSupport error, because it's either the first error or all encountered errors // were also ErrNoSupport errors. // append subsequent errors lastErr = err } logrus.Errorf("Attempting next endpoint for pull after error: %v", err) continue } logrus.Errorf("Not continuing with pull after error: %v", err) return err } imagePullConfig.ImageEventLogger(ref.String(), repoInfo.Name(), "pull") return nil } if lastErr == nil { lastErr = fmt.Errorf("no endpoints found for %s", ref.String()) } return lastErr } // writeStatus writes a status message to out. If layersDownloaded is true, the // status message indicates that a newer image was downloaded. Otherwise, it // indicates that the image is up to date. requestedTag is the tag the message // will refer to. func writeStatus(requestedTag string, out progress.Output, layersDownloaded bool) { if layersDownloaded { progress.Message(out, "", "Status: Downloaded newer image for "+requestedTag) } else { progress.Message(out, "", "Status: Image is up to date for "+requestedTag) } } // ValidateRepoName validates the name of a repository. func ValidateRepoName(name string) error { if name == "" { return fmt.Errorf("Repository name can't be empty") } if name == api.NoBaseImageSpecifier { return fmt.Errorf("'%s' is a reserved name", api.NoBaseImageSpecifier) } return nil } func addDigestReference(store reference.Store, ref reference.Named, dgst digest.Digest, imageID image.ID) error { dgstRef, err := reference.WithDigest(ref, dgst) if err != nil { return err } if oldTagImageID, err := store.Get(dgstRef); err == nil { if oldTagImageID != imageID { // Updating digests not supported by reference store logrus.Errorf("Image ID for digest %s changed from %s to %s, cannot update", dgst.String(), oldTagImageID, imageID) } return nil } else if err != reference.ErrDoesNotExist { return err } return store.AddDigest(dgstRef, imageID, true) }