Browse Source

Merge "miniMirror spec"

Zuul 5 months ago
parent
commit
8b2027f69f
1 changed files with 134 additions and 0 deletions
  1. 134
    0
      specs/approved/mini-mirror.rst

+ 134
- 0
specs/approved/mini-mirror.rst View File

@@ -0,0 +1,134 @@
1
+..
2
+  This work is licensed under a Creative Commons Attribution 3.0 Unported
3
+  License.
4
+
5
+  http://creativecommons.org/licenses/by/3.0/legalcode
6
+
7
+.. index::
8
+   single: template
9
+   single: creating specs
10
+
11
+==========
12
+miniMirror
13
+==========
14
+
15
+miniMirror is an application providing Debian packages for deployment.
16
+Basically, it is `Aptly`_  in a container.
17
+
18
+Links
19
+=====
20
+
21
+The work to author and implement this spec will be tracked under this
22
+`Storyboard Story`_.
23
+
24
+Problem description
25
+===================
26
+
27
+We need an ability to install Airship without any external sources for
28
+Debian packages. The main goal is to have a single source holding
29
+secured and pinned Debian packages only. An additional goal is a step
30
+toward a self-contained mechanism for deploying Airship.
31
+
32
+Proposed change
33
+===============
34
+
35
+miniMirror is an application providing Debian repository mirror within
36
+k8s cluster. Debian packages are held inside miniMirror docker image.
37
+Before the image build one should provide a list of desired repo URLs
38
+that will be used for package downloading and optionally a list of
39
+packages with or without specific versions. During the docker image
40
+building, packages are downloaded and stored within the image.
41
+Blacklist for package names can be provided as a configuration for the
42
+container run from the built image.
43
+
44
+How miniMirror works?
45
+---------------------
46
+
47
+miniMirror uses Aptly as a tool to replicate Debian repositories.
48
+To add or modify the list of repositories one needs to rebuild the docker image.
49
+Blacklist and/or whitelist is a list of rules for a web server
50
+which can block requests do not satisfy to a configuration.
51
+With such an approach the blacklist could be modified dynamically
52
+as a chart option and it does not require image rebuild.
53
+
54
+How miniMirror can be used?
55
+---------------------------
56
+
57
+If a site is configured with miniMirror the initialization script
58
+(genesis, join) would download the miniMiror image and extract packages
59
+required for docker and finally install docker with dpkg command.
60
+
61
+In pseudocode it can be::
62
+
63
+  if deploy_with_miniMirror:
64
+     download_miniMirror_image()
65
+     extract_debian_packages_from_miniMirror_image()
66
+     install_docker_from_deb_package()
67
+  else:
68
+     install_docker_from_ubuntu_apt()
69
+
70
+Next step, if a site is configured with miniMirror Promenade has to
71
+create a static pod for miniMirror. After the miniMirror static pod
72
+run, the apt source should be updated to point on localhost:$port provided
73
+by miniMirror.
74
+
75
+After that, Armada should deploy miniMirror from a chart, providing
76
+k8s deployment, service, and ingress.
77
+
78
+Impacted components
79
+===================
80
+
81
+The following Airship components will be impacted by this solution:
82
+
83
+#. Airship-utils: hold miniMirror Dockerfile and Helm chart.
84
+#. Promenade: initialization scripts are updated to install docker
85
+   from miniMirror, run miniMirror static Pod, update apt source for a host.
86
+#. Treasuremap, Airship-in-a-bottle: update documents to include
87
+   miniMirror Armada chart.
88
+
89
+Security impact
90
+===============
91
+
92
+These changes will result in a system that monitors Debian package
93
+installation as logs from the miniMirror web server are available
94
+in the k8s cluster. It should be more stable deployment as Debian package
95
+versions are changed only with miniMiror image rebuild.
96
+
97
+Performance impact
98
+==================
99
+
100
+Performance impact to existing flows will be minimal. It even could
101
+lead to quicker Debian package installation due to the Debian package
102
+source is localized.
103
+
104
+Alternatives
105
+============
106
+
107
+One alternation is to avoid miniMirror implementation and use existing
108
+tools like `Artifactory` to install apt sources directly. It is clearly
109
+about controlled, pinned source of packages, having a blacklist,
110
+installation monitoring, and offline installation for Debian packages
111
+inside k8s cluster. As one of the Airship principles is a self-contained
112
+deployment miniMirror could be a good step toward it.
113
+
114
+Implementation
115
+==============
116
+
117
+Please refer to the `Storyboard Story`_ for implementation planning information.
118
+
119
+Dependencies
120
+============
121
+
122
+Divingbell package management feature is dependent on these changes.
123
+
124
+Documentation Impact
125
+====================
126
+
127
+Promenade, Treasuremap docs have to be updated according to changes.
128
+
129
+References
130
+==========
131
+
132
+.. _Storyboard Story: https://storyboard.openstack.org/#!/story/2004110
133
+.. _Aptly: https://www.aptly.info/doc/overview/
134
+.. _Artifactory: https://www.jfrog.com/confluence/display/RTF/Welcome+to+Artifactory

Loading…
Cancel
Save