Remove mini-mirror spec
This commit removes the mini-mirror spec, which was realized as a component of OpenStack-Helm addons, and therefore, not in any Airship repository [0]. The decision to remove this spec was proposed at the Feb 19 Airship IRC meeting [1]. [0] https://review.openstack.org/623314 [1] http://eavesdrop.openstack.org/meetings/airship/2019/airship.2019-02-19-14.00.log.txt Change-Id: I02994dbc24eb3cb297c5a39e5dbe23f983a5cafe
This commit is contained in:
Drew Walters
parent
8fac0abb2b
commit
d317ef57ce
@ -1,134 +0,0 @@
|
||||
..
|
||||
This work is licensed under a Creative Commons Attribution 3.0 Unported
|
||||
License.
|
||||
|
||||
http://creativecommons.org/licenses/by/3.0/legalcode
|
||||
|
||||
.. index::
|
||||
single: template
|
||||
single: creating specs
|
||||
|
||||
==========
|
||||
miniMirror
|
||||
==========
|
||||
|
||||
miniMirror is an application providing Debian packages for deployment.
|
||||
Basically, it is `Aptly`_ in a container.
|
||||
|
||||
Links
|
||||
=====
|
||||
|
||||
The work to author and implement this spec will be tracked under this
|
||||
`Storyboard Story`_.
|
||||
|
||||
Problem description
|
||||
===================
|
||||
|
||||
We need an ability to install Airship without any external sources for
|
||||
Debian packages. The main goal is to have a single source holding
|
||||
secured and pinned Debian packages only. An additional goal is a step
|
||||
toward a self-contained mechanism for deploying Airship.
|
||||
|
||||
Proposed change
|
||||
===============
|
||||
|
||||
miniMirror is an application providing Debian repository mirror within
|
||||
k8s cluster. Debian packages are held inside miniMirror docker image.
|
||||
Before the image build one should provide a list of desired repo URLs
|
||||
that will be used for package downloading and optionally a list of
|
||||
packages with or without specific versions. During the docker image
|
||||
building, packages are downloaded and stored within the image.
|
||||
Blacklist for package names can be provided as a configuration for the
|
||||
container run from the built image.
|
||||
|
||||
How miniMirror works?
|
||||
---------------------
|
||||
|
||||
miniMirror uses Aptly as a tool to replicate Debian repositories.
|
||||
To add or modify the list of repositories one needs to rebuild the docker image.
|
||||
Blacklist and/or whitelist is a list of rules for a web server
|
||||
which can block requests do not satisfy to a configuration.
|
||||
With such an approach the blacklist could be modified dynamically
|
||||
as a chart option and it does not require image rebuild.
|
||||
|
||||
How miniMirror can be used?
|
||||
---------------------------
|
||||
|
||||
If a site is configured with miniMirror the initialization script
|
||||
(genesis, join) would download the miniMiror image and extract packages
|
||||
required for docker and finally install docker with dpkg command.
|
||||
|
||||
In pseudocode it can be::
|
||||
|
||||
if deploy_with_miniMirror:
|
||||
download_miniMirror_image()
|
||||
extract_debian_packages_from_miniMirror_image()
|
||||
install_docker_from_deb_package()
|
||||
else:
|
||||
install_docker_from_ubuntu_apt()
|
||||
|
||||
Next step, if a site is configured with miniMirror Promenade has to
|
||||
create a static pod for miniMirror. After the miniMirror static pod
|
||||
run, the apt source should be updated to point on localhost:$port provided
|
||||
by miniMirror.
|
||||
|
||||
After that, Armada should deploy miniMirror from a chart, providing
|
||||
k8s deployment, service, and ingress.
|
||||
|
||||
Impacted components
|
||||
===================
|
||||
|
||||
The following Airship components will be impacted by this solution:
|
||||
|
||||
#. Airship-utils: hold miniMirror Dockerfile and Helm chart.
|
||||
#. Promenade: initialization scripts are updated to install docker
|
||||
from miniMirror, run miniMirror static Pod, update apt source for a host.
|
||||
#. Treasuremap, Airship-in-a-bottle: update documents to include
|
||||
miniMirror Armada chart.
|
||||
|
||||
Security impact
|
||||
===============
|
||||
|
||||
These changes will result in a system that monitors Debian package
|
||||
installation as logs from the miniMirror web server are available
|
||||
in the k8s cluster. It should be more stable deployment as Debian package
|
||||
versions are changed only with miniMiror image rebuild.
|
||||
|
||||
Performance impact
|
||||
==================
|
||||
|
||||
Performance impact to existing flows will be minimal. It even could
|
||||
lead to quicker Debian package installation due to the Debian package
|
||||
source is localized.
|
||||
|
||||
Alternatives
|
||||
============
|
||||
|
||||
One alternation is to avoid miniMirror implementation and use existing
|
||||
tools like `Artifactory` to install apt sources directly. It is clearly
|
||||
about controlled, pinned source of packages, having a blacklist,
|
||||
installation monitoring, and offline installation for Debian packages
|
||||
inside k8s cluster. As one of the Airship principles is a self-contained
|
||||
deployment miniMirror could be a good step toward it.
|
||||
|
||||
Implementation
|
||||
==============
|
||||
|
||||
Please refer to the `Storyboard Story`_ for implementation planning information.
|
||||
|
||||
Dependencies
|
||||
============
|
||||
|
||||
Divingbell package management feature is dependent on these changes.
|
||||
|
||||
Documentation Impact
|
||||
====================
|
||||
|
||||
Promenade, Treasuremap docs have to be updated according to changes.
|
||||
|
||||
References
|
||||
==========
|
||||
|
||||
.. _Storyboard Story: https://storyboard.openstack.org/#!/story/2004110
|
||||
.. _Aptly: https://www.aptly.info/doc/overview/
|
||||
.. _Artifactory: https://www.jfrog.com/confluence/display/RTF/Welcome+to+Artifactory
|
||||
Loading…
Reference in New Issue
Block a user