starlingx/docs
Code Issues Proposed changes
Files
343c06ff7617ac32b45bde348ca6ec5533c5d95a
docs/doc/source/dist_cloud/kubernetes/shared-configurations.rst
Ron Stone 10805c3e8f Apply dir convention to DC 
Moved all DC content under a kubernetes directory. This is needed
to allow title versioning distinctions in partner builds.

Signed-off-by: Ron Stone <ronald.stone@windriver.com>
Change-Id: Ia7ab4fccc7cb9ed6c242cf584f237165f00e5ef2
2021-08-03 07:57:24 -04:00

61 lines
13 KiB
ReStructuredText
Raw Blame History

.. chj1558616978053
.. _shared-configurations:
=====================
Shared Configurations
=====================
Shared configurations are |prod-long| system settings or services managed by
the System Controller and synchronized across all subclouds.
Synchronizations can be delayed slightly, depending on network traffic
conditions and the amount of information to be synchronized.
|prod| synchronizes configuration for selected attributes of system-wide
configurations \(see :ref:`Table 1
<shared-configurations-shared-sys-configs>`\) and synchronizes configuration
for resources of the Keystone Identity Service \(see :ref:`Table 2
<shared-configurations-shared-keystone-configs>`\).
.. _shared-configurations-shared-sys-configs:
.. table:: Table 1. Shared System Configurations
:widths: auto
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Shared Configuration | Remarks |
+=============================+==============================================================================================================================================================================================================================================================================================================================================================+
| DNS IP addresses | Subclouds use the DNS servers specified at the System Controller. |
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **sysadmin** Password | The **sysadmin** password may take up to 10 minutes to sync with the controller. The **sysadmin** password is not modified via the :command:`system` command. It is modified using the regular Linux :command:`passwd` command. |
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Certificates | Subclouds use the Trusted |CA| certificates installed on the System Controller using the :command:`system certificate-install -m ssl_ca` command. |
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _shared-configurations-shared-keystone-configs:
.. table:: Table 2. Shared Platform Keystone Resource Configurations
:widths: auto
+---------------+--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Local Service | Shared Configuration | Remarks |
+===============+==========================+==================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| Keystone | Users | To facilitate Single Sign-On across the entire |prod-dc|, and to enable centralized User Management, the Platform's Keystone's platform authentication identity resources are synced to the subclouds. If a new user, project, role or assignment, or changes to these resources are detected on the System Controller via Audit, they are automatically synced to the subclouds. If a subcloud is inaccessible or unmanaged at that time, then these resources and changes will be queued and synchronized once the subcloud becomes available. |
| | | |
| | Roles | The specific Keystone resources synchronized are: users, roles, projects, project roles, assignments, passwords and token revocation events. |
| | | |
| | Projects | |
| | | |
| | Project Role Assignments | |
| | | |
| | Passwords | |
| | | |
| | Token revocation events | |
+---------------+--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
View Git Blame Copy Permalink