public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/docker-registry: Add support for garbage collector to docker registry

This commit is contained in:
Michele Catalano 2018-04-06 15:11:52 +02:00 committed by Maximilian Bosch
parent 593dc45141
commit afd3136e8e
No known key found for this signature in database
GPG Key ID: 091DBF4D1FC46B8E
2 changed files with 50 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
nixos/modules/services/misc/docker-registry.nix
View File

@ -42,6 +42,8 @@ let
}; };
}; };
configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (registryConfig // cfg.extraConfig));
in { in {
options.services.dockerRegistry = { options.services.dockerRegistry = {
enable = mkEnableOption "Docker Registry"; enable = mkEnableOption "Docker Registry";
@ -70,11 +72,7 @@ in {
description = "Enable delete for manifests and blobs."; description = "Enable delete for manifests and blobs.";
}; };
enableRedisCache = mkOption { enableRedisCache = mkEnableOption "redis as blob cache";
type = types.bool;
default = false;
description = "Enable redis as blob cache instade of inmemory.";
};
redisUrl = mkOption { redisUrl = mkOption {
type = types.str; type = types.str;
@ -95,6 +93,19 @@ in {
default = {}; default = {};
type = types.attrsOf types.str; type = types.attrsOf types.str;
}; };
enableGarbageCollect = mkEnableOption "garbage collect";
garbageCollectDates = mkOption {
default = "daily";
type = types.str;
description = ''
Specification (in the format described by
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>) of the time at
which the garbage collect will occur.
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -102,9 +113,7 @@ in {
description = "Docker Container Registry"; description = "Docker Container Registry";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
script = let script = ''
configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (registryConfig // cfg.extraConfig));
in ''
${pkgs.docker-distribution}/bin/registry serve ${configFile} ${pkgs.docker-distribution}/bin/registry serve ${configFile}
''; '';
@ -114,6 +123,22 @@ in {
}; };
}; };
systemd.services.docker-registry-garbage-collect = {
description = "Run Garbage Collection for docker registry";
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig.Type = "oneshot";
script = ''
${pkgs.docker-distribution}/bin/registry garbage-collect ${configFile}
${pkgs.systemd}/bin/systemctl restart docker-registry.service
'';
startAt = optional cfg.enableGarbageCollect cfg.garbageCollectDates;
};
users.extraUsers.docker-registry = { users.extraUsers.docker-registry = {
createHome = true; createHome = true;
home = cfg.storagePath; home = cfg.storagePath;

20
nixos/tests/docker-registry.nix
View File

@ -3,7 +3,7 @@
import ./make-test.nix ({ pkgs, ...} : { import ./make-test.nix ({ pkgs, ...} : {
name = "docker-registry"; name = "docker-registry";
meta = with pkgs.stdenv.lib.maintainers; { meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ globin ma27 ]; maintainers = [ globin ma27 ironpinguin ];
}; };
nodes = { nodes = {
@ -12,6 +12,7 @@ import ./make-test.nix ({ pkgs, ...} : {
services.dockerRegistry.enableDelete = true; services.dockerRegistry.enableDelete = true;
services.dockerRegistry.port = 8080; services.dockerRegistry.port = 8080;
services.dockerRegistry.listenAddress = "0.0.0.0"; services.dockerRegistry.listenAddress = "0.0.0.0";
services.dockerRegistry.enableGarbageCollect = true;
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [ 8080 ];
}; };
@ -23,7 +24,6 @@ import ./make-test.nix ({ pkgs, ...} : {
client2 = { config, pkgs, ...}: { client2 = { config, pkgs, ...}: {
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
virtualisation.docker.extraOptions = "--insecure-registry registry:8080"; virtualisation.docker.extraOptions = "--insecure-registry registry:8080";
environment.systemPackages = [ pkgs.jq ];
}; };
}; };
@ -35,6 +35,7 @@ import ./make-test.nix ({ pkgs, ...} : {
$registry->start(); $registry->start();
$registry->waitForUnit("docker-registry.service"); $registry->waitForUnit("docker-registry.service");
$registry->waitForOpenPort("8080");
$client1->succeed("docker push registry:8080/scratch"); $client1->succeed("docker push registry:8080/scratch");
$client2->start(); $client2->start();
@ -43,7 +44,20 @@ import ./make-test.nix ({ pkgs, ...} : {
$client2->succeed("docker images | grep scratch"); $client2->succeed("docker images | grep scratch");
$client2->succeed( $client2->succeed(
'curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl registry:8080/v2/scratch/manifests/latest | jq ".fsLayers[0].blobSum" | sed -e \'s/"//g\')' 'curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H"Accept: application/vnd.docker.distribution.manifest.v2+json" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e \'s/Docker-Content-Digest: //\' | tr -d \'\r\')'
);
$registry->systemctl("start docker-registry-garbage-collect.service");
$registry->waitUntilFails("systemctl status docker-registry-garbage-collect.service");
$registry->waitForUnit("docker-registry.service");
$registry->fail(
'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
);
$client1->succeed("docker push registry:8080/scratch");
$registry->succeed(
'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
); );
''; '';
}) })