Exit if service config is loaded unsuccessfully on startup
Yong Tang authored on 2017/09/19 13:59:14... | ... |
@@ -199,7 +199,11 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) { |
199 | 199 |
cli.api.Accept(addr, ls...) |
200 | 200 |
} |
201 | 201 |
|
202 |
- registryService := registry.NewService(cli.Config.ServiceOptions) |
|
202 |
+ registryService, err := registry.NewService(cli.Config.ServiceOptions) |
|
203 |
+ if err != nil { |
|
204 |
+ return err |
|
205 |
+ } |
|
206 |
+ |
|
203 | 207 |
containerdRemote, err := libcontainerd.New(cli.getLibcontainerdRoot(), cli.getPlatformRemoteOptions()...) |
204 | 208 |
if err != nil { |
205 | 209 |
return err |
... | ... |
@@ -47,8 +47,9 @@ func TestDaemonReloadAllowNondistributableArtifacts(t *testing.T) { |
47 | 47 |
configStore: &config.Config{}, |
48 | 48 |
} |
49 | 49 |
|
50 |
+ var err error |
|
50 | 51 |
// Initialize daemon with some registries. |
51 |
- daemon.RegistryService = registry.NewService(registry.ServiceOptions{ |
|
52 |
+ daemon.RegistryService, err = registry.NewService(registry.ServiceOptions{ |
|
52 | 53 |
AllowNondistributableArtifacts: []string{ |
53 | 54 |
"127.0.0.0/8", |
54 | 55 |
"10.10.1.11:5000", |
... | ... |
@@ -57,6 +58,9 @@ func TestDaemonReloadAllowNondistributableArtifacts(t *testing.T) { |
57 | 57 |
"docker2.com", // This will be removed during reload. |
58 | 58 |
}, |
59 | 59 |
}) |
60 |
+ if err != nil { |
|
61 |
+ t.Fatal(err) |
|
62 |
+ } |
|
60 | 63 |
|
61 | 64 |
registries := []string{ |
62 | 65 |
"127.0.0.0/8", |
... | ... |
@@ -95,7 +99,8 @@ func TestDaemonReloadAllowNondistributableArtifacts(t *testing.T) { |
95 | 95 |
|
96 | 96 |
func TestDaemonReloadMirrors(t *testing.T) { |
97 | 97 |
daemon := &Daemon{} |
98 |
- daemon.RegistryService = registry.NewService(registry.ServiceOptions{ |
|
98 |
+ var err error |
|
99 |
+ daemon.RegistryService, err = registry.NewService(registry.ServiceOptions{ |
|
99 | 100 |
InsecureRegistries: []string{}, |
100 | 101 |
Mirrors: []string{ |
101 | 102 |
"https://mirror.test1.com", |
... | ... |
@@ -103,6 +108,9 @@ func TestDaemonReloadMirrors(t *testing.T) { |
103 | 103 |
"https://mirror.test3.com", // this will be removed when reloading |
104 | 104 |
}, |
105 | 105 |
}) |
106 |
+ if err != nil { |
|
107 |
+ t.Fatal(err) |
|
108 |
+ } |
|
106 | 109 |
|
107 | 110 |
daemon.configStore = &config.Config{} |
108 | 111 |
|
... | ... |
@@ -188,8 +196,9 @@ func TestDaemonReloadMirrors(t *testing.T) { |
188 | 188 |
|
189 | 189 |
func TestDaemonReloadInsecureRegistries(t *testing.T) { |
190 | 190 |
daemon := &Daemon{} |
191 |
+ var err error |
|
191 | 192 |
// initialize daemon with existing insecure registries: "127.0.0.0/8", "10.10.1.11:5000", "10.10.1.22:5000" |
192 |
- daemon.RegistryService = registry.NewService(registry.ServiceOptions{ |
|
193 |
+ daemon.RegistryService, err = registry.NewService(registry.ServiceOptions{ |
|
193 | 194 |
InsecureRegistries: []string{ |
194 | 195 |
"127.0.0.0/8", |
195 | 196 |
"10.10.1.11:5000", |
... | ... |
@@ -198,6 +207,9 @@ func TestDaemonReloadInsecureRegistries(t *testing.T) { |
198 | 198 |
"docker2.com", // this will be removed when reloading |
199 | 199 |
}, |
200 | 200 |
}) |
201 |
+ if err != nil { |
|
202 |
+ t.Fatal(err) |
|
203 |
+ } |
|
201 | 204 |
|
202 | 205 |
daemon.configStore = &config.Config{} |
203 | 206 |
|
... | ... |
@@ -71,9 +71,14 @@ func CreateInRegistry(ctx context.Context, repo string, auth *types.AuthConfig, |
71 | 71 |
} |
72 | 72 |
defer tar.Close() |
73 | 73 |
|
74 |
+ regService, err := registry.NewService(registry.ServiceOptions{V2Only: true}) |
|
75 |
+ if err != nil { |
|
76 |
+ return err |
|
77 |
+ } |
|
78 |
+ |
|
74 | 79 |
managerConfig := plugin.ManagerConfig{ |
75 | 80 |
Store: plugin.NewStore(), |
76 |
- RegistryService: registry.NewService(registry.ServiceOptions{V2Only: true}), |
|
81 |
+ RegistryService: regService, |
|
77 | 82 |
Root: filepath.Join(tmpDir, "root"), |
78 | 83 |
ExecRoot: "/run/docker", // manager init fails if not set |
79 | 84 |
Executor: dummyExecutor{}, |
... | ... |
@@ -60,7 +60,7 @@ var ( |
60 | 60 |
// not have the correct form |
61 | 61 |
ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")") |
62 | 62 |
|
63 |
- emptyServiceConfig = newServiceConfig(ServiceOptions{}) |
|
63 |
+ emptyServiceConfig, _ = newServiceConfig(ServiceOptions{}) |
|
64 | 64 |
) |
65 | 65 |
|
66 | 66 |
var ( |
... | ... |
@@ -71,7 +71,7 @@ var ( |
71 | 71 |
var lookupIP = net.LookupIP |
72 | 72 |
|
73 | 73 |
// newServiceConfig returns a new instance of ServiceConfig |
74 |
-func newServiceConfig(options ServiceOptions) *serviceConfig { |
|
74 |
+func newServiceConfig(options ServiceOptions) (*serviceConfig, error) { |
|
75 | 75 |
config := &serviceConfig{ |
76 | 76 |
ServiceConfig: registrytypes.ServiceConfig{ |
77 | 77 |
InsecureRegistryCIDRs: make([]*registrytypes.NetIPNet, 0), |
... | ... |
@@ -81,12 +81,17 @@ func newServiceConfig(options ServiceOptions) *serviceConfig { |
81 | 81 |
}, |
82 | 82 |
V2Only: options.V2Only, |
83 | 83 |
} |
84 |
+ if err := config.LoadAllowNondistributableArtifacts(options.AllowNondistributableArtifacts); err != nil { |
|
85 |
+ return nil, err |
|
86 |
+ } |
|
87 |
+ if err := config.LoadMirrors(options.Mirrors); err != nil { |
|
88 |
+ return nil, err |
|
89 |
+ } |
|
90 |
+ if err := config.LoadInsecureRegistries(options.InsecureRegistries); err != nil { |
|
91 |
+ return nil, err |
|
92 |
+ } |
|
84 | 93 |
|
85 |
- config.LoadAllowNondistributableArtifacts(options.AllowNondistributableArtifacts) |
|
86 |
- config.LoadMirrors(options.Mirrors) |
|
87 |
- config.LoadInsecureRegistries(options.InsecureRegistries) |
|
88 |
- |
|
89 |
- return config |
|
94 |
+ return config, nil |
|
90 | 95 |
} |
91 | 96 |
|
92 | 97 |
// LoadAllowNondistributableArtifacts loads allow-nondistributable-artifacts registries into config. |
... | ... |
@@ -5,6 +5,8 @@ import ( |
5 | 5 |
"sort" |
6 | 6 |
"strings" |
7 | 7 |
"testing" |
8 |
+ |
|
9 |
+ "github.com/stretchr/testify/assert" |
|
8 | 10 |
) |
9 | 11 |
|
10 | 12 |
func TestLoadAllowNondistributableArtifacts(t *testing.T) { |
... | ... |
@@ -90,7 +92,7 @@ func TestLoadAllowNondistributableArtifacts(t *testing.T) { |
90 | 90 |
}, |
91 | 91 |
} |
92 | 92 |
for _, testCase := range testCases { |
93 |
- config := newServiceConfig(ServiceOptions{}) |
|
93 |
+ config := emptyServiceConfig |
|
94 | 94 |
err := config.LoadAllowNondistributableArtifacts(testCase.registries) |
95 | 95 |
if testCase.err == "" { |
96 | 96 |
if err != nil { |
... | ... |
@@ -233,7 +235,7 @@ func TestLoadInsecureRegistries(t *testing.T) { |
233 | 233 |
}, |
234 | 234 |
} |
235 | 235 |
for _, testCase := range testCases { |
236 |
- config := newServiceConfig(ServiceOptions{}) |
|
236 |
+ config := emptyServiceConfig |
|
237 | 237 |
err := config.LoadInsecureRegistries(testCase.registries) |
238 | 238 |
if testCase.err == "" { |
239 | 239 |
if err != nil { |
... | ... |
@@ -258,3 +260,60 @@ func TestLoadInsecureRegistries(t *testing.T) { |
258 | 258 |
} |
259 | 259 |
} |
260 | 260 |
} |
261 |
+ |
|
262 |
+func TestNewServiceConfig(t *testing.T) { |
|
263 |
+ testCases := []struct { |
|
264 |
+ opts ServiceOptions |
|
265 |
+ errStr string |
|
266 |
+ }{ |
|
267 |
+ { |
|
268 |
+ ServiceOptions{}, |
|
269 |
+ "", |
|
270 |
+ }, |
|
271 |
+ { |
|
272 |
+ ServiceOptions{ |
|
273 |
+ Mirrors: []string{"example.com:5000"}, |
|
274 |
+ }, |
|
275 |
+ `invalid mirror: unsupported scheme "example.com" in "example.com:5000"`, |
|
276 |
+ }, |
|
277 |
+ { |
|
278 |
+ ServiceOptions{ |
|
279 |
+ Mirrors: []string{"http://example.com:5000"}, |
|
280 |
+ }, |
|
281 |
+ "", |
|
282 |
+ }, |
|
283 |
+ { |
|
284 |
+ ServiceOptions{ |
|
285 |
+ InsecureRegistries: []string{"[fe80::]/64"}, |
|
286 |
+ }, |
|
287 |
+ `insecure registry [fe80::]/64 is not valid: invalid host "[fe80::]/64"`, |
|
288 |
+ }, |
|
289 |
+ { |
|
290 |
+ ServiceOptions{ |
|
291 |
+ InsecureRegistries: []string{"102.10.8.1/24"}, |
|
292 |
+ }, |
|
293 |
+ "", |
|
294 |
+ }, |
|
295 |
+ { |
|
296 |
+ ServiceOptions{ |
|
297 |
+ AllowNondistributableArtifacts: []string{"[fe80::]/64"}, |
|
298 |
+ }, |
|
299 |
+ `allow-nondistributable-artifacts registry [fe80::]/64 is not valid: invalid host "[fe80::]/64"`, |
|
300 |
+ }, |
|
301 |
+ { |
|
302 |
+ ServiceOptions{ |
|
303 |
+ AllowNondistributableArtifacts: []string{"102.10.8.1/24"}, |
|
304 |
+ }, |
|
305 |
+ "", |
|
306 |
+ }, |
|
307 |
+ } |
|
308 |
+ |
|
309 |
+ for _, testCase := range testCases { |
|
310 |
+ _, err := newServiceConfig(testCase.opts) |
|
311 |
+ if testCase.errStr != "" { |
|
312 |
+ assert.EqualError(t, err, testCase.errStr) |
|
313 |
+ } else { |
|
314 |
+ assert.Nil(t, err) |
|
315 |
+ } |
|
316 |
+ } |
|
317 |
+} |
... | ... |
@@ -175,7 +175,7 @@ func makePublicIndex() *registrytypes.IndexInfo { |
175 | 175 |
return index |
176 | 176 |
} |
177 | 177 |
|
178 |
-func makeServiceConfig(mirrors []string, insecureRegistries []string) *serviceConfig { |
|
178 |
+func makeServiceConfig(mirrors []string, insecureRegistries []string) (*serviceConfig, error) { |
|
179 | 179 |
options := ServiceOptions{ |
180 | 180 |
Mirrors: mirrors, |
181 | 181 |
InsecureRegistries: insecureRegistries, |
... | ... |
@@ -540,7 +540,7 @@ func TestNewIndexInfo(t *testing.T) { |
540 | 540 |
} |
541 | 541 |
} |
542 | 542 |
|
543 |
- config := newServiceConfig(ServiceOptions{}) |
|
543 |
+ config := emptyServiceConfig |
|
544 | 544 |
noMirrors := []string{} |
545 | 545 |
expectedIndexInfos := map[string]*registrytypes.IndexInfo{ |
546 | 546 |
IndexName: { |
... | ... |
@@ -571,7 +571,11 @@ func TestNewIndexInfo(t *testing.T) { |
571 | 571 |
testIndexInfo(config, expectedIndexInfos) |
572 | 572 |
|
573 | 573 |
publicMirrors := []string{"http://mirror1.local", "http://mirror2.local"} |
574 |
- config = makeServiceConfig(publicMirrors, []string{"example.com"}) |
|
574 |
+ var err error |
|
575 |
+ config, err = makeServiceConfig(publicMirrors, []string{"example.com"}) |
|
576 |
+ if err != nil { |
|
577 |
+ t.Fatal(err) |
|
578 |
+ } |
|
575 | 579 |
|
576 | 580 |
expectedIndexInfos = map[string]*registrytypes.IndexInfo{ |
577 | 581 |
IndexName: { |
... | ... |
@@ -619,7 +623,10 @@ func TestNewIndexInfo(t *testing.T) { |
619 | 619 |
} |
620 | 620 |
testIndexInfo(config, expectedIndexInfos) |
621 | 621 |
|
622 |
- config = makeServiceConfig(nil, []string{"42.42.0.0/16"}) |
|
622 |
+ config, err = makeServiceConfig(nil, []string{"42.42.0.0/16"}) |
|
623 |
+ if err != nil { |
|
624 |
+ t.Fatal(err) |
|
625 |
+ } |
|
623 | 626 |
expectedIndexInfos = map[string]*registrytypes.IndexInfo{ |
624 | 627 |
"example.com": { |
625 | 628 |
Name: "example.com", |
... | ... |
@@ -664,7 +671,11 @@ func TestMirrorEndpointLookup(t *testing.T) { |
664 | 664 |
} |
665 | 665 |
return false |
666 | 666 |
} |
667 |
- s := DefaultService{config: makeServiceConfig([]string{"https://my.mirror"}, nil)} |
|
667 |
+ cfg, err := makeServiceConfig([]string{"https://my.mirror"}, nil) |
|
668 |
+ if err != nil { |
|
669 |
+ t.Fatal(err) |
|
670 |
+ } |
|
671 |
+ s := DefaultService{config: cfg} |
|
668 | 672 |
|
669 | 673 |
imageName, err := reference.WithName(IndexName + "/test/image") |
670 | 674 |
if err != nil { |
... | ... |
@@ -841,9 +852,12 @@ func TestAllowNondistributableArtifacts(t *testing.T) { |
841 | 841 |
{"invalid.domain.com:5000", []string{"invalid.domain.com:5000"}, true}, |
842 | 842 |
} |
843 | 843 |
for _, tt := range tests { |
844 |
- config := newServiceConfig(ServiceOptions{ |
|
844 |
+ config, err := newServiceConfig(ServiceOptions{ |
|
845 | 845 |
AllowNondistributableArtifacts: tt.registries, |
846 | 846 |
}) |
847 |
+ if err != nil { |
|
848 |
+ t.Error(err) |
|
849 |
+ } |
|
847 | 850 |
if v := allowNondistributableArtifacts(config, tt.addr); v != tt.expected { |
848 | 851 |
t.Errorf("allowNondistributableArtifacts failed for %q %v, expected %v got %v", tt.addr, tt.registries, tt.expected, v) |
849 | 852 |
} |
... | ... |
@@ -883,7 +897,10 @@ func TestIsSecureIndex(t *testing.T) { |
883 | 883 |
{"invalid.domain.com:5000", []string{"invalid.domain.com:5000"}, false}, |
884 | 884 |
} |
885 | 885 |
for _, tt := range tests { |
886 |
- config := makeServiceConfig(nil, tt.insecureRegistries) |
|
886 |
+ config, err := makeServiceConfig(nil, tt.insecureRegistries) |
|
887 |
+ if err != nil { |
|
888 |
+ t.Error(err) |
|
889 |
+ } |
|
887 | 890 |
if sec := isSecureIndex(config, tt.addr); sec != tt.expected { |
888 | 891 |
t.Errorf("isSecureIndex failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec) |
889 | 892 |
} |
... | ... |
@@ -45,10 +45,10 @@ type DefaultService struct { |
45 | 45 |
|
46 | 46 |
// NewService returns a new instance of DefaultService ready to be |
47 | 47 |
// installed into an engine. |
48 |
-func NewService(options ServiceOptions) *DefaultService { |
|
49 |
- return &DefaultService{ |
|
50 |
- config: newServiceConfig(options), |
|
51 |
- } |
|
48 |
+func NewService(options ServiceOptions) (*DefaultService, error) { |
|
49 |
+ config, err := newServiceConfig(options) |
|
50 |
+ |
|
51 |
+ return &DefaultService{config: config}, err |
|
52 | 52 |
} |
53 | 53 |
|
54 | 54 |
// ServiceConfig returns the public registry service configuration. |