2a8d2638b3
This patch set implements the PKICatalog [0] requirements as well as PeglegManagedDocument [1] generation requirements outlined in the spec [2]. Included in this patch set: * New CLI entry point called "pegleg site secrets generate-pki" * PeglegManagedDocument generation logic in engine.cache.managed_document * Refactored PKICatalog logic in engine.cache.pki_catalog derived from the Promenade PKI implementation [3], responsible for generating certificates, CAs, and keypairs * Refactored PKIGenerator logic in engine.cache.pki_generator derived from Promenade Generator implementation [4], responsible for reading in pegleg/PKICatalog/v1 documents (as well as promenade/PKICatalog/v1 documents for backwards compatibility) and generating required secrets and storing them into the paths specified under [0] * Unit tests for all of the above [5] * Example pki-catalog.yaml document under pegleg/site_yamls * Validation schema for pki-catalog.yaml (TODO: implement validation logic here: [6]) * Updates to CLI documentation and inclusion of PKICatalog and PeglegManagedDocument documentation * Documentation updates with PKI information [7] TODO (in follow-up patch sets): * Expand on overview documentation to include new Pegleg responsibilities * Allow the original repository (not the copied one) to be the destination where the secrets are written to * Finish up cert expiry/revocation logic [0] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html#document-generation [1] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html#peglegmanageddocument [2] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html [3] https://github.com/openstack/airship-promenade/blob/master/promenade/pki.py [4] https://github.com/openstack/airship-promenade/blob/master/promenade/generator.py [5] https://review.openstack.org/#/c/611739/ [6] https://review.openstack.org/#/c/608159/ [7] https://review.openstack.org/#/c/611738/ Change-Id: I3010d04cac6d22c656d144f0dafeaa5e19a13068 |
||
|---|---|---|
| doc | ||
| images/pegleg | ||
| pegleg | ||
| releasenotes | ||
| site_yamls/site | ||
| tests | ||
| tools | ||
| .dockerignore | ||
| .gitignore | ||
| .gitreview | ||
| .zuul.yaml | ||
| LICENSE | ||
| Makefile | ||
| README.rst | ||
| requirements.txt | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
README.rst
Pegleg
Introduction
Pegleg is a document aggregator that provides early linting and validations via Deckhand, a document management micro-service within Airship.
Pegleg supports local and remote Git repositories. Remote repositories can be cloned using a variety of protocols -- HTTP(S) or SSH. Afterward, specific revisions within those repositories can be checked out, their documents aggregated, linted, and passed to the rest of Airship for orchestration, allowing document authors to manage their site definitions using version control.
Find more documentation for Pegleg on Read the Docs.
Core Responsibilities
- aggregation - Aggregates all documents required for site deployment across multiple Git repositories, each of which can be used to maintain separate document sets in isolation
- linting - Configurable linting checks documents for common syntactical and semantical mistakes
Getting Started
For more detailed installation and setup information, please refer to the Getting Started guide.
Integration Points
Pegleg has the following integration points: