Merge pull request #5 from wy65701436/release/2.8-tls

enable tls

Author: wy65701436

cmd/registry/config-cache.yml

@@ -21,6 +21,7 @@ http:
         X-Content-Type-Options: [nosniff]
 redis:
   addr: localhost:6379
+  enabletls: true
   pool:
     maxidle: 16
     maxactive: 64

configuration/configuration.go

@@ -177,6 +177,8 @@ type Configuration struct {
 		// DB specifies the database to connect to on the redis instance.
 		DB int `yaml:"db,omitempty"`
 
+		EnableTLS bool `yaml:"enabletls,omitempty"`
+
 		DialTimeout  time.Duration `yaml:"dialtimeout,omitempty"`  // timeout for connect
 		ReadTimeout  time.Duration `yaml:"readtimeout,omitempty"`  // timeout for reads of data
 		WriteTimeout time.Duration `yaml:"writetimeout,omitempty"` // timeout for writes of data

registry/handlers/app.go

@@ -41,7 +41,7 @@ import (
 	"github.com/docker/distribution/version"
 	"github.com/docker/go-metrics"
 	"github.com/docker/libtrust"
-	"github.com/garyburd/redigo/redis"
+	"github.com/gomodule/redigo/redis"
 	"github.com/gorilla/mux"
 	"github.com/sirupsen/logrus"
 )
@@ -503,15 +503,28 @@ func (app *App) configureRedis(configuration *configuration.Configuration) {
 
 	var getRedisAddr func() (string, error)
 	var testOnBorrow func(c redis.Conn, t time.Time) error
+
+	var redisOptions []redis.DialOption
+	if configuration.Redis.DialTimeout > 0 {
+		redisOptions = append(redisOptions, redis.DialConnectTimeout(configuration.Redis.DialTimeout))
+	}
+	if configuration.Redis.ReadTimeout > 0 {
+		redisOptions = append(redisOptions, redis.DialReadTimeout(configuration.Redis.ReadTimeout))
+	}
+	if configuration.Redis.WriteTimeout > 0 {
+		redisOptions = append(redisOptions, redis.DialWriteTimeout(configuration.Redis.WriteTimeout))
+	}
+	if configuration.Redis.EnableTLS {
+		redisOptions = append(redisOptions, redis.DialUseTLS(true))
+	}
+
 	if configuration.Redis.SentinelMasterSet != "" {
 		sntnl := &sentinel.Sentinel{
 			Addrs:      strings.Split(configuration.Redis.Addr, ","),
 			MasterName: configuration.Redis.SentinelMasterSet,
 			Dial: func(addr string) (redis.Conn, error) {
-				c, err := redis.DialTimeout("tcp", addr,
-					configuration.Redis.DialTimeout,
-					configuration.Redis.ReadTimeout,
-					configuration.Redis.WriteTimeout)
+				c, err := redis.Dial("tcp", addr,
+					redisOptions...)
 				if err != nil {
 					return nil, err
 				}
@@ -559,10 +572,8 @@ func (app *App) configureRedis(configuration *configuration.Configuration) {
 			if err != nil {
 				return nil, err
 			}
-			conn, err := redis.DialTimeout("tcp", redisAddr,
-				configuration.Redis.DialTimeout,
-				configuration.Redis.ReadTimeout,
-				configuration.Redis.WriteTimeout)
+			conn, err := redis.Dial("tcp", redisAddr,
+				redisOptions...)
 			if err != nil {
 				dcontext.GetLogger(app).Errorf("error connecting to redis instance %s: %v",
 					configuration.Redis.Addr, err)

registry/handlers/app_test.go

@@ -209,6 +209,32 @@ func TestNewAppWithRedisSentinelCluster(t *testing.T) {
 	runAppWithConfig(t, config)
 }
 
+// TestNewApp covers the creation of an application via NewApp with a
+// configuration(with redis sentinel cluster).
+func TestNewAppWithRedisTLSSentinelCluster(t *testing.T) {
+	config := configuration.Configuration{
+		Storage: configuration.Storage{
+			"testdriver": nil,
+			"maintenance": configuration.Parameters{"uploadpurging": map[interface{}]interface{}{
+				"enabled": false,
+			}},
+		},
+		Auth: configuration.Auth{
+			// For now, we simply test that new auth results in a viable
+			// application.
+			"silly": {
+				"realm":   "realm-test",
+				"service": "service-test",
+			},
+		},
+	}
+	config.Redis.Addr = "192.168.0.11:26379,192.168.0.12:26379"
+	config.Redis.DB = 0
+	config.Redis.SentinelMasterSet = "mymaster"
+	config.Redis.EnableTLS = true
+	runAppWithConfig(t, config)
+}
+
 func runAppWithConfig(t *testing.T, config configuration.Configuration) {
 	ctx := context.Background()
 	// Mostly, with this test, given a sane configuration, we are simply

registry/storage/cache/redis/redis.go

@@ -7,7 +7,7 @@ import (
 	"github.com/distribution/reference"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/registry/storage/cache"
-	"github.com/garyburd/redigo/redis"
+	"github.com/gomodule/redigo/redis"
 	"github.com/opencontainers/go-digest"
 )
 

registry/storage/cache/redis/redis_test.go

@@ -7,7 +7,7 @@ import (
 	"time"
 
 	"github.com/docker/distribution/registry/storage/cache/cachecheck"
-	"github.com/garyburd/redigo/redis"
+	"github.com/gomodule/redigo/redis"
 )
 
 var redisAddr string

vendor.conf

@@ -12,7 +12,7 @@ github.com/dgrijalva/jwt-go 4bbdd8ac624fc7a9ef7aec841c43d99b5fe65a29 https://git
 github.com/distribution/reference 49c28499d219290c3226822e9cfcd4ede6d75379 # v0.5.0
 github.com/docker/go-metrics 399ea8c73916000c64c2c76e8da00ca82f8387ab
 github.com/docker/libtrust fa567046d9b14f6aa788882a950d69651d230b21
-github.com/garyburd/redigo 535138d7bcd717d6531c701ef5933d98b1866257
+github.com/gomodule/redigo a83ebbeea6928a0236f332458532b8e978d51f11
 github.com/go-ini/ini 2ba15ac2dc9cdf88c110ec2dc0ced7fa45f5678c
 github.com/golang/protobuf 8d92cf5fc15a4382f8964b08e1f42a75c0591aa3
 github.com/gorilla/handlers 60c7bfde3e33c201519a200a4507a158cc03a17b
@@ -51,4 +51,4 @@ gopkg.in/yaml.v2 v2.2.1
 rsc.io/letsencrypt e770c10b0f1a64775ae91d240407ce00d1a5bdeb https://github.com/dmcgowan/letsencrypt.git
 github.com/opencontainers/go-digest ea51bea511f75cfa3ef6098cc253c5c3609b037a # v1.0.0
 github.com/opencontainers/image-spec 67d2d5658fe0476ab9bf414cec164077ebff3920 # v1.0.2
-github.com/FZambia/sentinel 5585739eb4b6478aa30161866ccf9ce0ef5847c7 https://github.com/jeremyxu2010/sentinel.git
+github.com/FZambia/sentinel f57c7b5fd3c67c6f12bf1a29d757af6e5add30b4