158e300d54
This commit adds functionality for Docker registry to authenticate using Keystone. First, this commit contains puppet changes which are required to manage the new token server required for Keystone authentication. Second, with proper authentication now implemented, we are removing the "insecure" flag for the controller registry in the "daemon.json" file in "/etc/docker". With the "insecure" flag removed, Docker will start complaining about certificate issues. This commit also includes generation of default certificates suitable for use by Docker registry as well as a sysinv command "system certificate-install -m docker_registry" to update the certificate. Docker registry token server works only with PKCS1 style keys while we would like to use PKCS8 keys by default. This is why our default certificate and installed certificate create both a PKCS1 style key as well as a PKCS8 style key. The keys are installed to "/etc/ssl/private/" as registry-cert.crt, registry-cert.key, and registry-cert-pkcs1.key. Story: 2002840 Task: 22783 Depends-On: https://review.openstack.org/#/c/626354/ Change-Id: I0127bd5f10f3950739678929b92eb1b77e2119db Signed-off-by: Jerry Sun <jerry.sun@windriver.com> |
||
|---|---|---|
| .. | ||
| .eggs | ||
| contrib | ||
| doc/source | ||
| etc/sysinv | ||
| scripts | ||
| sysinv | ||
| tools | ||
| .coveragerc | ||
| .gitignore | ||
| .stestr.conf | ||
| babel.cfg | ||
| CONTRIBUTING.rst | ||
| LICENSE | ||
| MANIFEST.in | ||
| openstack-common.conf | ||
| pylint.rc | ||
| README.rst | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
Placeholder to allow setup.py to work. Removing this requires modifying the setup.py manifest.