3 Commits

Author SHA1 Message Date
Jerry Sun
158e300d54 Docker Registry Keystone Authentication
This commit adds functionality for Docker registry to authenticate
using Keystone.

First, this commit contains puppet changes which are required to
manage the new token server required for Keystone authentication.

Second, with proper authentication now implemented, we are removing
the "insecure" flag for the controller registry in the "daemon.json"
file in "/etc/docker".

With the "insecure" flag removed, Docker will start complaining about
certificate issues. This commit also includes generation of default
certificates suitable for use by Docker registry as well as a sysinv
command "system certificate-install -m docker_registry" to update the
certificate.

Docker registry token server works only with PKCS1 style keys while we
would like to use PKCS8 keys by default. This is why our default
certificate and installed certificate create both a PKCS1 style key as
well as a PKCS8 style key. The keys are installed to
"/etc/ssl/private/" as registry-cert.crt, registry-cert.key, and
registry-cert-pkcs1.key.

Story: 2002840
Task: 22783
Depends-On: https://review.openstack.org/#/c/626354/

Change-Id: I0127bd5f10f3950739678929b92eb1b77e2119db
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
2019-03-07 12:55:59 -05:00
Tao Liu
0b4f304be9 Configurable Host HTTP/HTTPS Port Binding
In order to avoid conflicts with containerized services
binding to standard HTTP (80) / HTTPS (443) port numbers,
the default port numbers are changed to 8080 and 8443.
Furthermore, CLI commands are provided to allow binding
to alternate port numbers.

List of changes:
. Add service parameters for HTTP and HTTPS port
. Configure the lighttpd ports via puppet and use port
  8008 for platform horizon
. Add http port to platform.conf for the config scripts
. Support helm repo URL update
. Add helm-toolkit plugin for location override
. Override Armada manifest location
. Add installer base URL option to pxeboot-update
  script
. Add a patching run time class to restart patch-agent
  when the port config is changed
. Add a semantic check to block port config when a
  patching operation is in progress or a host is not
  in unlocked/enabled state

CLI commands for viewing and updating port numbers are:
system service-parameter-list --service http
system service-parameter-modify lighttpd port http=8090
system service-parameter-apply  lighttpd

Tests Performed:
Non-containerized deployment installation and sanity
AIO-DX: Sanity and Nightly automated test suite
2+2 System: Sanity and Nightly automated test suite
2+4+6 System: Sanity and Nightly automated test suite

Kubernetes deployment on VBox:
AIO-SX: application apply and launch instance
AIO-DX: application apply and launch instance
2+2 System: application apply and launch instance

HTTP/HTTPS port configuration
Enable/Disable https

Story: 2004642
Task: 28592

Change-Id: I65029e0c15aaf626acb56ab71e7bbde64c7e76a8
Signed-off-by: Tao Liu <tao.liu@windriver.com>
2019-02-06 12:47:00 -06:00
Tao Liu
6256b0d106 Change compute node to worker node personality
This update replaced the compute personality & subfunction
to worker, and updated internal and customer visible
references.

In addition, the compute-huge package has been renamed to
worker-utils as it contains various scripts/services that
used to affine running tasks or interface IRQ to specific CPUs.
The worker_reserved.conf is now installed to /etc/platform.

The cpu function 'VM' has also been renamed to 'Application'.

Tests Performed:
Non-containerized deployment
AIO-SX: Sanity and Nightly automated test suite
AIO-DX: Sanity and Nightly automated test suite
2+2 System: Sanity and Nightly automated test suite
2+2 System: Horizon Patch Orchestration
Kubernetes deployment:
AIO-SX: Create, delete, reboot and rebuild instances
2+2+2 System: worker nodes are unlock enable and no alarms

Story: 2004022
Task: 27013

Change-Id: I0e0be6b3a6f25f7fb8edf64ea4326854513aa396
Signed-off-by: Tao Liu <tao.liu@windriver.com>
2018-12-13 14:15:55 -05:00