mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chun-Hung Hsiao <>
Subject Re: Review Request 58778: Supported GCE container registry.
Date Sat, 13 May 2017 00:45:06 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated May 13, 2017, 12:45 a.m.)

Review request for mesos, Gilbert Song, Jie Yu, and Vinod Kone.


Updated the logic so it is easier to support image secrets. In the future, we would like to
do the following things:
1. Support image secrets: `fetch()` would receive one more `data` argument for secret credentials,
and it would merge the default docker config and the secret credentials and pass the combined
`auths` into `getAuthHeaderBasic()`.
2. Currently the `Basic` credential is constructed in `fetch()` and thus if the token is expired
when downloading the blobs there's no way to get the `Basic` cerdential again. I'd like to
refactor this part so the `Basic` credential could be integrated into the `userinfo` field
in the new `URI` standard to avoid this problem, and the whole docker config should be processed
in the docker registry puller instead of the fetcher plugin.

Bugs: MESOS-7431

Repository: mesos


Certain registries, such as GCE registry, reply 403 instead of 401 for
unauthorized requests. When fetching image manifests and blobs, instead
of sending out unauthorized requests first and waiting for a possible
401, we should always look up the docker config and send requests with
basic authorization when possible.

Diffs (updated)

  src/uri/fetchers/docker.cpp dbfc1b2f2918ccaf90fa31496a0792f585489397 




sudo make check (covers all supported public registries)
Manually tested on the following private registries:
1. Local registry (2.0.1, 2.1.1, 2.2.1, ..., 2.6.1)
2. Amazon ECR
3. Google GCR
4. JFrog SaaS
5. Local Nexus registry 3.3.1


Chun-Hung Hsiao

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message