From @dmp42 on October 7, 2014 19:14
Dear community (on top of the head: @wking @bacongobbler @noxiouz @ncdc @proppy @vbatts and many others - also @shin- @samalba @jlhawn @dmcgowan ),
In a shell
Work is starting to design an entirely new "registry" - meaning new storage driver API, new image format, new http API, new architecture (eg: relation to other services), new docker engine code, and finally new technology for the service.
If you haven't seen it yet, there is a proposal for the new image format allowing "signing" there: moby/moby#8093 that triggered and fuels this desire for change.
Reading it will give you a hint on the envisioned new image format from an engine perspective.
Below, I'll try to cover all bases in a Q&A fashion. Please comment if you have more questions. If you have ideas and suggestions, you can open tickets with a title like "NG: Fantastic Idea".
Holy c! What will happen to the registry as we know it?
As a part of the docker infrastructure, the existing "V1" registry will continue to be used on production servers for the foreseeable future, delivering V1 images to V1-only docker engines (< 1.4) and "both-ways" engines (>=1.4,<2?). It might eventually be replaced by a V2 registry with a reimplementation of V1 endpoints, but that remains to be seen, since that would be a rather dull task.
As an open-source project, I'll continue to steward it and will merge interesting work and fixes from the community, and we will continue to provide security releases if need be, but it's unlikely major new features or changes will happen.
I feel that it has now reached its full "maturity" (for better or worse), and that the new extension mechanism we merged in 0.9 opens room enough to everyone to keep doing interesting things with it while the core of it will enter "maintenance" mode.
Thus registry 1.0 will be the last (and final, IMO) major release of "V1", that will likely be maintained (like I said) for at least a full year.
You said, "new technology"?
Yes. The new registry will be developed in go instead of python.
The reasons for that are:
- reduce the "gap" inside the community and build on a common technology, using common libraries (libtrust and @dmcgowan, I'm looking at you)
- thus easing integration test with the rest of the platform, etc
- start with a clean slate
- bet on a language that has a good concurrency model from the get go - no pun - https://golang.org/doc/effective_go.html#concurrency
- while python is a robust, mature and well established technology (stack), it really starts smelling funny in a number of places - some young blood / fresh air will do us all good :)
Starting from scratch sure has its downsides, and I can't say I'm happy ditching the accumulated experience with V1/python (especially all the good work done on drivers), but in the end it's a reasonned choice, and I believe the benefits out-weight the downsides.
Why oh why change? ... the storage format
We want image signing capability. We believe we can't have it without an image format change (content addressable ids for a start).
Furthermore, the current storage format has terrible shortcomings:
- it's hard to garbage collect
- it has a long history of security issues
- it's awkward to understand and use
- it consumes space
- it breaks too easily
- it's not versioned, or extensible
- it's impossible to map that format to a purely "static" delivery service
- hence it's not possible to envision radically different distribution channels (bittorrent, filesystem, etc)
The new image format drastically simplifies the concepts:
- an image is a json file, with a mandatory, namespaced name, a list of tarsums (eg: content-addressable layers ids), some opaque metadata, a signature
- a layer is a binary blob, mapping to a tarsum
Exit "ancestry" (now implicit from the order of layers inside the image "manifest").
Exit "layers are images are layers".
Exit "layer json" etc.
Backward compatibility is a requirement, so, it's likely the V2 registry will be able to "generate" V1 content as well on the backend storage. Generating V2 content from V1 datastores should also be possible (might be provided by third-party scripts).
Why oh why change? ... the rest API
The current API ties to the format, and shares most of its defects (awkward, needlessly complex, not "static-able").
Also, the authentication model and relation to other bricks I consider "broken" (given how difficult it is to use/implement for most people).
The new API will be much simpler, with only a couple endpoints.
GET/PUT image manifest
PUT link layer into image
PUT layer
GET layer from image
GET list tags
And the GET part will make it super-easy to deliver the payload through a simple "static" http server.
We hence expect cache mirroring (for example) to be much more simple.
As far as authentication is concerned, the plan should be standardizing on JWT/OAuth.
Why oh why change? ... the technology - I mean, man, that really sucks, python is so cool and I barely started understanding the codebase
Change is good, man.
New things, new adventures! Be a part of it!
Why oh why change? ... the drivers API
The drivers API was never really "designed".
There was an initial interface that eventually grew organically, then was then ripped out of the registry to provide a basis for third-party drivers implementors.
It does bear the scars of its history (eg: it's butt-ugly for one thing).
The new interface will likely be way more concise and clean.
What I can think of for now is something like:
write_stream
read_stream
put
get
list
mv
Given go nature, we need to figure out what's the best way to make drivers standalone (eg: without the need to recompile the registry to use a new one).
Also, I definitely want push-resume support in there (S3 does support that, though we don't exploit it right now).
These are the two challenges that face us.
Any other cool ideas on the driver side of things, please jump in (thinking specifically about you @noxiouz and @bacongobbler).
New extensions model?
It took us a year to finally come-up with a decent extension mechanism for the V1 registry (on top of signals).
I strongly believe that good extensibility is what will make the new registry cool, and I would love to have it, well thought, from the very first version of registry V2.
Again, given go nature, we can't have dynamically (runtime) loaded standalone extensions, so, we need to figure out something also there.
HTTP based communication is fine by me (in a micro-services world), and also elegantly solve scalability and delegation problems.
Here as well, ideas are welcome :).
Do you say the previous registry was just crap entirely?
No. It did serve its purpose well, parts of it are really cool, I enjoyed stewarding it a lot, and I really think the most awesome part of it is the nascent community around it.
Now, it's not ready for the future, which is why we need to move on.
Wait! You have it all figured out?
No, not yet.
The vision is there.
We know the shortcomings.
And we did all the errors.
But it remains to be designed and built, and I want this process to happen with the community, capitalizing on the good vibe we had these past months.
So, how does this work?
I'll start a V2 (or next-gen) branch soon, so that development happens in the open and PRs can be merged, and will bring in more manpower to contribute the "foundations" (research is going on for S3 and filesystem drivers).
The plan is to figure out ASAP:
- the drivers interface and model soon enough so that drivers author can jump on it and dogfood it
- the extension model
- the HTTP API
so that we can move on the actual implementation and let the community get crazy with extensions.
Also, if you have desires, wishes, ideas, please submit a ticket here, starting with "NG: " in the title. I don't think we need this to be too formal to start with - so let see how this goes.
If you want to be more involved than that, then you can definitely help with answering / triaging said tickets, or go ahead with fully-fleshed proposals and PRs (proposals can be PRs themselves I guess? do we need to be formal on that?).
Thanks again community, for it has been a very good journey so far, and I'm confident the next one will be even more awesome!
Copied from original issue: docker-archive/docker-registry#612