centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-04-01 16:58:54 +07:00
Code Issues Packages Projects Releases Wiki Activity
755 Commits 55 Branches 28 Tags
5ea5b40d3fd030c867d68b5966a3c19187682019
Commit Graph

238 Commits

Author SHA1 Message Date
Ying Li
aa5b621968 Fix import error after rebase 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-28 15:44:33 -07:00
Ying Li
adda5776cb Use ListenAndServeTLS with blank args, since ListenAndServe doesn't actually set up TLS 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-28 15:42:36 -07:00
Ying Li
126691ac9e Update the notary server and signer configs to make use of client authentication. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-28 15:42:33 -07:00
Ying Li
34aecae033 Split out parsing the client TLS in notary-server. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-28 15:40:41 -07:00
Ying Li
04a78e720f Factor out and test TLS configuration in notary-server. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-28 15:39:52 -07:00
Ying Li
bbf941d198 Allow client CAs to be provided to notary-signer. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-28 15:39:52 -07:00
David Lawrence
daa36b43b7 Merge pull request #242 from docker/unify-root-nonroot-keystore 
Unify root nonroot keystore
 2015-10-28 13:14:19 -07:00
Ying Li
6150c931dd Make a keysMap rather than just declaring 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-28 12:47:42 -07:00
David Lawrence
fa70a79ed7 go fmt was complaining about import order after my sed replacement 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 17:22:08 -07:00
David Lawrence
2833a88292 adding gotuf to notary 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 16:36:06 -07:00
Ying Li
566bd3ce67 Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting 
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.

Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-27 12:33:46 -07:00
Ying Li
61f9f84254 Use configuration option structures to set up client TLS and server TLS. 
Test for if client cert is passed without a client key and vice versa.
Fail in ConfigureClientTLS if only one of client cert/key is passed.
Lint fixes.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-21 18:43:33 -07:00
Ying Li
412e0facc8 Explicitly check the skip tls verify boolean in notary client 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-21 10:38:48 -07:00
Ying Li
fc389b7bc3 Use tls client config utility in notary as well. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-19 17:31:18 -07:00
Ying Li
8d96cf0c1f Use ConfigureServerTLS for notary-server and notary-signer 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-19 17:29:54 -07:00
Ying Li
a5e64ecf03 Do not use the viper singleton instance everywhere 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-19 11:50:04 -07:00
Ying Li
6db76a873e Small cleanup as per review comments 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-16 14:48:05 -07:00
Ying Li
81380e0862 Even simpler - cancel the GRPC call using the context object passed 
to the GRPC clients - thanks @endophage!

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-16 09:46:08 -07:00
Ying Li
a49406de42 Log an error if the notary server cannot reach the signer or otherwise 
if the signer is in trouble, but do not fail the health check, since
the server can operate for a while without the signer (the server will
have degraded performance, but is not down)

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-15 10:48:10 -07:00
Ying Li
bca919c65f Making an RPC call would hang forever if the connection to the GRPC server dies 
(it just retries to connect, and the RPC call would just block until it does), so change up
how this works by timing out the health check.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-14 18:03:19 -07:00
Ying Li
cd5015592a Fix the key names for the server health checks 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-14 14:52:31 -07:00
Ying Li
60271f3014 Enable the signer RPC health check calls to return the last checked health 
status from the health package.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-14 14:49:39 -07:00
Ying Li
30330f43e2 Register trust health checks and DB health check with the notary server. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-14 13:23:38 -07:00
Ying Li
6b98278282 Merge pull request #215 from cyli/server-uses-gorm 
Use gorm for storing notary-server information
 2015-10-14 13:09:37 -07:00
Diogo Monica
b18e890e1c Changing the default config to point to notary-server 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-10-12 18:21:39 -07:00
Diogo Monica
70fe89f69c Adding check for relative VS full path 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-10-12 18:15:38 -07:00
Diogo Monica
8299e01b0a Fixed comments, changed default config 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-10-12 17:14:23 -07:00
Diogo Monica
aeb96f27a2 Adding client-side root-ca server and config 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-10-12 17:13:39 -07:00
Ying Li
7fa991c3ff Gormizes the server database and make it SQL-DB agnostic. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-12 16:45:41 -07:00
David Lawrence
98cde51f18 working basic key rotation for targets and snapshot key. Command is 'notary key rotate [GUN]' 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-09 20:35:06 -07:00
David Lawrence
ac54370fb0 cleanup after discussing with Diogo 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-09 19:40:36 -07:00
David Lawrence
009400650e minor tweaks to key rotation 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-09 19:24:08 -07:00
David Lawrence
959d0267ac command skeletons in place, changelist actions implemented 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-09 19:24:08 -07:00
David Lawrence
83f96997d3 changelist management of key rotation 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-09 19:23:47 -07:00
Ryan Cox
7bee606f43 Add support for 'notary status' command to show details about unpublished changes 
Signed-off-by: Ryan Cox <ryan.a.cox@gmail.com>
 2015-10-08 22:07:36 -07:00
Diogo Mónica
53467fd417 Merge pull request #85 from docker/simple_test_script 
add a simple test script, eventually this can grow to be our CI script
 2015-10-08 16:58:44 -07:00
Ying Li
d092f78f05 Merge pull request #205 from cyli/signer-healthcheck 
Adding a DB check to the signer health check
 2015-10-08 16:53:57 -07:00
Ying Li
a70605a9e6 Shorten health check name and remove redundant logging 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-08 15:42:14 -07:00
Ying Li
815675eea9 After upgrading grpc, update how the server is set up with TLS for the signer 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-07 20:52:48 -07:00
Ying Li
75516a1e84 Add the CheckHealth implementations to the RPC servers, go fmt some other files 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-07 20:51:53 -07:00
Ying Li
a67ed67bdc Add a health check function for the key DB store that verifies we can access the required table 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-07 16:31:24 -07:00
cyli
684a8253fb Provide the default uesrname/password in the mysql start file, for ease of starting with notary 
As per #75, the default username/password should not be hardcoded, so when that changes this README should also change
 2015-10-05 12:08:24 -07:00
moxiegirl
1ce6aa4c34 Merge pull request #196 from ggtools/birthday-pr 
Minor improvements on server url
 2015-09-24 17:15:01 -07:00
Christophe Labouisse
f9508e37e0 Add env var for default server url 
The default server URL can now be set using the `NOTARY_SERVER_URL`
environment variable. Specifying the `--server` parameter still
override this value.

Signed-off-by: Christophe Labouisse <christophe@labouisse.org>
 2015-09-19 17:25:12 +02:00
Christophe Labouisse
36594b360c Add missing --server option to verify. 
Verify was making call to the server but didn't have a way to
override the default value.

Signed-off-by: Christophe Labouisse <christophe@labouisse.org>
 2015-09-19 17:15:08 +02:00
Joe Beda
f7d0ea70af Use pure-go library to get user home directory. 
Fixes #194.

Signed-off-by: Joe Beda <joe.github@bedafamily.com>
 2015-09-10 16:07:38 -07:00
David Lawrence
2532363fa3 wrapping up token authentication 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-08-19 14:36:30 -07:00
Derek McGowan
a5aea53ef5 Add username and password prompt 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-08-19 13:48:16 -07:00
Derek McGowan
16ff63599d Updated notary cli to use authenticated transport 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-08-19 13:48:16 -07:00
Nathan McCauley
bbe780fba1 Update README 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-08-11 23:26:49 -07:00