This commit adds functionality for Docker registry to authenticate
using Keystone.
First, this commit contains puppet changes which are required to
manage the new token server required for Keystone authentication.
Second, with proper authentication now implemented, we are removing
the "insecure" flag for the controller registry in the "daemon.json"
file in "/etc/docker".
With the "insecure" flag removed, Docker will start complaining about
certificate issues. This commit also includes generation of default
certificates suitable for use by Docker registry as well as a sysinv
command "system certificate-install -m docker_registry" to update the
certificate.
Docker registry token server works only with PKCS1 style keys while we
would like to use PKCS8 keys by default. This is why our default
certificate and installed certificate create both a PKCS1 style key as
well as a PKCS8 style key. The keys are installed to
"/etc/ssl/private/" as registry-cert.crt, registry-cert.key, and
registry-cert-pkcs1.key.
Story: 2002840
Task: 22783
Depends-On: https://review.openstack.org/#/c/626354/
Change-Id: I0127bd5f10f3950739678929b92eb1b77e2119db
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
158e300d54