starlingx/docs
Code Issues Proposed changes
Files
b983ab66d0daf8f16a63d8c83c57d2a2c3f890a1
docs/doc/source/dist_cloud/kubernetes/updating-docker-registry-credentials-on-a-subcloud.rst
Ron Stone ab2c5331c8 Apply dir convention to DC 
Moved all DC content under a kubernetes directory. This is needed
to allow title versioning distinctions in partner builds.

Signed-off-by: Ron Stone <ronald.stone@windriver.com>
Change-Id: Ia7ab4fccc7cb9ed6c242cf584f237165f00e5ef2
(cherry picked from commit 10805c3e8f)

Move files into 'kuberneres' subdir

Needed for compatability with downstream builds per master 10805c3

Signed-off-by: Ron Stone <ronald.stone@windriver.com>
Change-Id: I4a15a09217584795274887837318113deabf1f9d
Signed-off-by: Ron Stone <ronald.stone@windriver.com>
2021-09-03 17:19:18 +00:00

3.1 KiB
Raw Blame History

Update Docker Registry Credentials on a Subcloud

On a subcloud that uses the System Controller's Docker registry (registry.central) as its install registry, you should use the System Controller's sysinv service credentials for accessing registry.central. This makes access to registry.central independent of changes to the Distributed Cloud's Keystone admin user password.

Use the following procedure to update the install registry credentials on the subcloud to the sysinv service credentials of the System Controller.

  1. On the System Controller, get the password for the sysinv services.

    $ keyring get sysinv services

  2. On each subcloud, run the following script to update the Docker registry credentials to sysinv:

    $ ./update_docker_registry_auth.sh sysinv <sysinv_password>

    Where ./update_docker_registry_auth.sh script is:

    #!/bin/bash -e

USAGE="usage: ${0##*/} <username> <password>"

if [ "$#" -ne 2 ]
then
  echo Missing arguments.
  echo $USAGE
  echo
  exit
fi

NEW_CREDS="username:$1 password:$2"

echo

for REGISTRY in docker-registry quay-registry elastic-registry gcr-registry k8s-registry
do

  echo -n "Updating" $REGISTRY "credentials ."
  SECRET_UUID=`system service-parameter-list | fgrep $REGISTRY | fgrep auth-secret | awk '{print $10}'`
  if [ -z "$SECRET_UUID" ]
  then
   echo "No $REGISTRY entry in service-parameters"
   echo
   continue
  fi
  SECRET_REF=`openstack secret list | fgrep ${SECRET_UUID} | awk '{print $2}'`
  echo -n "."
  SECRET_VALUE=`openstack secret get ${SECRET_REF} --payload -f value`
  echo -n "."

  openstack secret delete ${SECRET_REF} > /dev/null
  echo -n "."
  NEW_SECRET_VALUE=$NEW_CREDS
  openstack secret store -n ${REGISTRY}-secret -p "${NEW_SECRET_VALUE}" > /dev/null
  echo -n "."
  NEW_SECRET_REF=`openstack secret list | fgrep ${REGISTRY}-secret | awk '{print $2}'`
  NEW_SECRET_UUID=`echo "${NEW_SECRET_REF}" | awk -F/ '{print $6}'`
  system service-parameter-modify docker $REGISTRY auth-secret="${NEW_SECRET_UUID}" > /dev/null
  echo -n "."
  echo " done."

  echo -n "Validating $REGISTRY credentials updated to:  "
  SECRET_UUID=`system service-parameter-list | fgrep $REGISTRY | fgrep auth-secret | awk '{print $10}'`
  if [ -z "$SECRET_UUID" ]
  then
   continue
  fi
  SECRET_REF=`openstack secret list | fgrep ${SECRET_UUID} | awk '{print $2}'`
  SECRET_VALUE=`openstack secret get ${SECRET_REF} --payload -f value`
  echo $SECRET_VALUE

  echo

done