Allow subcloud to use central-cloud's local registry
Add the following to setup the environment which allows the subcloud to use central-cloud's local registry via the OAM interface - controller_config: copy registry.central certificate from the shared directory to docker certificate directory - worker_config: copy registry.central certificate from the shared directory to docker certificate directory - sysinv: Add a new network type for system controller OAM network Retrieve the system controller's OAM floating IP address from DB and populate the hiera record for dnsmasq Add a public URL encoded address for haproxy Depends-On: https://review.opendev.org/#/c/690082/ Change-Id: Ibbc7f0ed84679a3ced3a9fee712bd1da5865f213 Partial-Bug: 1846799 Signed-off-by: Tao Liu <tao.liu@windriver.com>
This commit is contained in:
parent
d2ffecde5a
commit
0d8df17df6
|
@ -308,6 +308,17 @@ start()
|
|||
fi
|
||||
fi
|
||||
|
||||
if [ -e $CONFIG_DIR/registry.central/registry-cert.crt ]
|
||||
then
|
||||
mkdir -p /etc/docker/certs.d/registry.central:9001/
|
||||
chmod 700 /etc/docker/certs.d/registry.central:9001/
|
||||
cp $CONFIG_DIR/registry.central/registry-cert.crt /etc/docker/certs.d/registry.central:9001/registry-cert.crt
|
||||
if [ $? -ne 0 ]
|
||||
then
|
||||
fatal_error "Unable to copy $CONFIG_DIR/registry-cert.crt to docker dir for central registry"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -e $CONFIG_DIR/openstack ]
|
||||
then
|
||||
if [ ! -e /etc/ssl/private/openstack ]
|
||||
|
|
|
@ -53,6 +53,7 @@ ALLOWED_NETWORK_TYPES = [constants.NETWORK_TYPE_MGMT,
|
|||
constants.NETWORK_TYPE_CLUSTER_POD,
|
||||
constants.NETWORK_TYPE_CLUSTER_SERVICE,
|
||||
constants.NETWORK_TYPE_IRONIC,
|
||||
constants.NETWORK_TYPE_SYSTEM_CONTROLLER_OAM,
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -629,6 +629,7 @@ NETWORK_TYPE_BM = 'bm'
|
|||
NETWORK_TYPE_MULTICAST = 'multicast'
|
||||
NETWORK_TYPE_DATA = 'data'
|
||||
NETWORK_TYPE_SYSTEM_CONTROLLER = 'system-controller'
|
||||
NETWORK_TYPE_SYSTEM_CONTROLLER_OAM = 'system-controller-oam'
|
||||
NETWORK_TYPE_CLUSTER_HOST = 'cluster-host'
|
||||
NETWORK_TYPE_CLUSTER_POD = 'cluster-pod'
|
||||
NETWORK_TYPE_CLUSTER_SERVICE = 'cluster-service'
|
||||
|
|
|
@ -48,6 +48,7 @@ class PlatformPuppet(base.BasePuppet):
|
|||
config.update(self._get_remotelogging_config())
|
||||
config.update(self._get_snmp_config())
|
||||
config.update(self._get_certificate_config())
|
||||
config.update(self._get_systemcontroller_config())
|
||||
return config
|
||||
|
||||
def get_secure_system_config(self):
|
||||
|
@ -243,12 +244,14 @@ class PlatformPuppet(base.BasePuppet):
|
|||
constants.CONTROLLER, constants.NETWORK_TYPE_OAM)
|
||||
private_address = self._get_address_by_name(
|
||||
constants.CONTROLLER, constants.NETWORK_TYPE_MGMT)
|
||||
|
||||
public_address_url = self._format_url_address(public_address.address)
|
||||
https_enabled = self._https_enabled()
|
||||
|
||||
config = {
|
||||
'platform::haproxy::params::public_ip_address':
|
||||
public_address.address,
|
||||
'platform::haproxy::params::public_address_url':
|
||||
public_address_url,
|
||||
'platform::haproxy::params::private_ip_address':
|
||||
private_address.address,
|
||||
'platform::haproxy::params::enable_https':
|
||||
|
@ -846,3 +849,17 @@ class PlatformPuppet(base.BasePuppet):
|
|||
return {
|
||||
'sysinv::agent::lldp_drivers': driver_list
|
||||
}
|
||||
|
||||
def _get_systemcontroller_config(self):
|
||||
config = {}
|
||||
if self._distributed_cloud_role() == \
|
||||
constants.DISTRIBUTED_CLOUD_ROLE_SUBCLOUD:
|
||||
sc_network = self.dbapi.network_get_by_type(
|
||||
constants.NETWORK_TYPE_SYSTEM_CONTROLLER_OAM)
|
||||
sc_network_addr_pool = self.dbapi.address_pool_get(
|
||||
sc_network.pool_uuid)
|
||||
sc_addr = sc_network_addr_pool.floating_address
|
||||
sc_host = self._format_url_address(sc_addr)
|
||||
config.update({'platform::params::system_controller_addr':
|
||||
sc_host})
|
||||
return config
|
||||
|
|
|
@ -261,6 +261,17 @@ start()
|
|||
fi
|
||||
fi
|
||||
|
||||
if [ -e $CONFIG_DIR/registry.central/registry-cert.crt ]
|
||||
then
|
||||
mkdir -p /etc/docker/certs.d/registry.central:9001/
|
||||
chmod 700 /etc/docker/certs.d/registry.central:9001/
|
||||
cp $CONFIG_DIR/registry.central/registry-cert.crt /etc/docker/certs.d/registry.central:9001/registry-cert.crt
|
||||
if [ $? -ne 0 ]
|
||||
then
|
||||
fatal_error "Unable to copy $CONFIG_DIR/registry-cert.crt to docker dir for central registry"
|
||||
fi
|
||||
fi
|
||||
|
||||
# banner customization always returns 0, success:
|
||||
/usr/sbin/install_banner_customization
|
||||
|
||||
|
|
Loading…
Reference in New Issue