Backport of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3809

Introducing Docker Registry replication

Backport of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3809
f519a4b7 · Valery Sizov · beb7d892 · f519a4b7 · f519a4b7 · f519a4b7
Commit f519a4b7 authored 5 years ago by Valery Sizov
--- a/app/models/container_repository.rb
+++ b/app/models/container_repository.rb
@@ -70,10 +70,14 @@ class ContainerRepository < ApplicationRecord
    digests = tags.map { |tag| tag.digest }.to_set
  
    digests.all? do |digest|
-      client.delete_repository_tag(self.path, digest)
+      delete_tag_by_digest(digest)
    end
  end
  
+  def delete_tag_by_digest(digest)
+    client.delete_repository_tag(self.path, digest)
+  end
+
  def self.build_from_path(path)
    self.new(project: path.repository_project,
             name: path.repository_name)

--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -17,6 +17,14 @@ module Auth
    end
  
    def self.full_access_token(*names)
+      access_token(%w(*), names)
+    end
+
+    def self.pull_access_token(*names)
+      access_token(['pull'], names)
+    end
+
+    def self.access_token(actions, names)
      names = names.flatten
      registry = Gitlab.config.registry
      token = JSONWebToken::RSAToken.new(registry.key)
@@ -25,7 +33,7 @@ module Auth
      token.expire_time = token_expire_at
  
      token[:access] = names.map do |name|
-        { type: 'repository', name: name, actions: %w(*) }
+        { type: 'repository', name: name, actions: actions }
      end
  
      token.encoded

--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -427,6 +427,11 @@ production: &base
    # If it is blank, it defaults to external_url.
    node_name: ''
  
+    registry_replication:
+      # enabled: true
+      # primary_api_url: http://localhost:5000/ # internal address to the primary registry, will be used by GitLab to directly communicate with primary registry API
+
+
  #
  # 2. GitLab CI settings
  # ==========================

--- a/config/initializers/0_inflections.rb
+++ b/config/initializers/0_inflections.rb
@@ -19,6 +19,7 @@ ActiveSupport::Inflector.inflections do |inflect|
    project_registry
    file_registry
    job_artifact_registry
+    container_repository_registry
    vulnerability_feedback
    vulnerabilities_feedback
    group_view

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -296,6 +296,12 @@ Gitlab.ee do
  Settings['geo'] ||= Settingslogic.new({})
  # For backwards compatibility, default to gitlab_url and if so, ensure it ends with "/"
  Settings.geo['node_name'] = Settings.geo['node_name'].presence || Settings.gitlab['url'].chomp('/').concat('/')
+
+  #
+  # Registry replication
+  #
+  Settings.geo['registry_replication'] ||= Settingslogic.new({})
+  Settings.geo.registry_replication['enabled'] ||= false
 end
  
 #
@@ -473,6 +479,9 @@ Gitlab.ee do
  Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker'] ||= Settingslogic.new({})
  Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['cron'] ||= '*/1 * * * *'
  Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['job_class'] ||= 'Geo::RepositoryVerification::Secondary::SchedulerWorker'
+  Settings.cron_jobs['geo_container_repository_sync_worker'] ||= Settingslogic.new({})
+  Settings.cron_jobs['geo_container_repository_sync_worker']['cron'] ||= '*/1 * * * *'
+  Settings.cron_jobs['geo_container_repository_sync_worker']['job_class'] ||= 'Geo::ContainerRepositorySyncDispatchWorker'
  Settings.cron_jobs['historical_data_worker'] ||= Settingslogic.new({})
  Settings.cron_jobs['historical_data_worker']['cron'] ||= '0 12 * * *'
  Settings.cron_jobs['historical_data_worker']['job_class'] = 'HistoricalDataWorker'

--- a/db/migrate/20190612111404_add_geo_container_sync_capacity.rb
+++ b/db/migrate/20190612111404_add_geo_container_sync_capacity.rb
+# frozen_string_literal: true
+
+class AddGeoContainerSyncCapacity < ActiveRecord::Migration[5.1]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def change
+    change_table :geo_nodes do |t|
+      t.column :container_repositories_max_capacity, :integer, default: 10, null: false
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -1435,6 +1435,7 @@ ActiveRecord::Schema.define(version: 2019_07_29_090456) do
    t.integer "minimum_reverification_interval", default: 7, null: false
    t.string "internal_url"
    t.string "name", null: false
+    t.integer "container_repositories_max_capacity", default: 10, null: false
    t.index ["access_key"], name: "index_geo_nodes_on_access_key"
    t.index ["name"], name: "index_geo_nodes_on_name", unique: true
    t.index ["primary"], name: "index_geo_nodes_on_primary"

--- a/spec/factories/container_repositories.rb
+++ b/spec/factories/container_repositories.rb
@@ -2,7 +2,7 @@
  
 FactoryBot.define do
  factory :container_repository do
-    name 'test_image'
+    sequence(:name) { |n| "test_image_#{n}" }
    project
  
    transient do

--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -145,6 +145,19 @@ describe Auth::ContainerRegistryAuthenticationService do
    it_behaves_like 'not a container repository factory'
  end
  
+  describe '#pull_access_token' do
+    let(:project) { create(:project) }
+    let(:token) { described_class.pull_access_token(project.full_path) }
+
+    subject { { token: token } }
+
+    it_behaves_like 'an accessible' do
+      let(:actions) { ['pull'] }
+    end
+
+    it_behaves_like 'not a container repository factory'
+  end
+
  context 'user authorization' do
    let(:current_user) { create(:user) }