starlingx/stx-puppet
Code Issues Proposed changes

Merge "Allow subcloud to use central-cloud's local registry"

Browse Source
This commit is contained in:
Zuul
2019-10-30 16:58:14 +00:00
committed by Gerrit Code Review
parent 1984f21664 f274e1391b
commit 607d4f9f9a
9 changed files with 63 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
puppet-manifests/src/modules/platform/manifests/dns.pp
View File

@@ -38,12 +38,15 @@ class platform::dns::dnsmasq {
include ::platform::kubernetes::params
$service_domain = $::platform::kubernetes::params::service_domain
$dns_service_ip = $::platform::kubernetes::params::dns_service_ip
$distributed_cloud_role = $::platform::params::distributed_cloud_role
$sc_address = $::platform::params::system_controller_addr
file { '/etc/dnsmasq.conf':
ensure => 'present',
replace => true,
content => template('platform/dnsmasq.conf.erb'),
}
}

21
puppet-manifests/src/modules/platform/manifests/docker.pp
View File

@@ -12,6 +12,8 @@ class platform::docker::params (
$quay_registry_secret = undef,
$docker_registry_secret = undef,
$insecure_registry = undef,
$registry_port = '9001',
$token_port = '9002',
) { }
class platform::docker::config
@@ -90,3 +92,22 @@ class platform::docker::bootstrap
include ::platform::docker::config::bootstrap
}
class platform::docker::haproxy
inherits ::platform::docker::params {
platform::haproxy::proxy { 'docker-registry':
server_name => 's-docker-registry',
public_port => $registry_port,
private_port => $registry_port,
x_forwarded_proto => false,
tcp_mode => true,
}
platform::haproxy::proxy { 'docker-token':
server_name => 's-docker-token',
public_port => $token_port,
private_port => $token_port,
x_forwarded_proto => false,
tcp_mode => true,
}
}

13
puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp
View File

@@ -9,6 +9,7 @@ define platform::dockerdistribution::write_config (
$file_path = '/etc/docker-distribution/registry/runtime_config.yml',
$docker_registry_ip = undef,
$docker_registry_host = undef,
$docker_realm_host = undef,
){
file { $file_path:
ensure => present,
@@ -26,9 +27,12 @@ class platform::dockerdistribution::config
include ::platform::network::mgmt::params
include ::platform::docker::params
include ::platform::haproxy::params
$docker_registry_ip = $::platform::network::mgmt::params::controller_address
$docker_registry_host = $::platform::network::mgmt::params::controller_address_url
$docker_realm_host = $::platform::haproxy::params::public_address_url
$runtime_config = '/etc/docker-distribution/registry/runtime_config.yml'
$used_config = '/etc/docker-distribution/registry/config.yml'
@@ -57,7 +61,8 @@ class platform::dockerdistribution::config
platform::dockerdistribution::write_config { 'runtime_config':
docker_registry_ip => $docker_registry_ip,
docker_registry_host => $docker_registry_host
docker_registry_host => $docker_registry_host,
docker_realm_host => $docker_realm_host,
}
-> exec { 'use runtime config file':
@@ -68,7 +73,8 @@ class platform::dockerdistribution::config
registry_readonly => true,
file_path => '/etc/docker-distribution/registry/readonly_config.yml',
docker_registry_ip => $docker_registry_ip,
docker_registry_host => $docker_registry_host
docker_registry_host => $docker_registry_host,
docker_realm_host => $docker_realm_host,
}
file { '/etc/docker-distribution/registry/token_server.conf':
@@ -100,6 +106,7 @@ class platform::dockerdistribution::config
if str2bool($::is_initial_config_primary) {
$shared_dir = $::platform::params::config_path
$certs_dir = '/etc/ssl/private'
$docker_registry_public_ip = $::platform::haproxy::params::public_ip_address
# create the certificate files
file { "${certs_dir}/registry-cert-extfile.cnf":
@@ -247,6 +254,8 @@ class platform::dockerdistribution
include platform::dockerdistribution::config
include ::platform::docker::haproxy
Class['::platform::docker::config'] -> Class[$name]
}

5
puppet-manifests/src/modules/platform/manifests/firewall.pp
View File

@@ -90,6 +90,7 @@ class platform::firewall::calico::oam::services {
include ::openstack::horizon::params
include ::platform::dcmanager::params
include ::platform::dcorch::params
include ::platform::docker::params
$ip_version = $::platform::network::oam::params::subnet_version
@@ -118,6 +119,8 @@ class platform::firewall::calico::oam::services {
$patching_port = [$::platform::patching::params::public_port]
$sysinv_port = [$::platform::sysinv::params::api_port]
$sm_api_port = [$::platform::smapi::params::port]
$docker_registry_port = [$::platform::docker::params::registry_port]
$docker_token_port = [$::platform::docker::params::token_port]
$kube_apiserver_port = [6443]
if $::platform::ceph::params::service_enabled {
@@ -157,7 +160,7 @@ class platform::firewall::calico::oam::services {
$t_udp_ports = concat($sm_port, $ntp_port, $snmp_port, $ptp_port)
$t_tcp_ports = concat($ssh_port,
$fm_port, $nfv_vim_port, $patching_port, $sysinv_port, $sm_api_port,
$kube_apiserver_port,
$kube_apiserver_port, $docker_registry_port, $docker_token_port,
$ceph_radosgw_port, $barbican_api_port, $keystone_port, $horizon_port,
$dc_port)

11
puppet-manifests/src/modules/platform/manifests/haproxy.pp
View File

@@ -1,6 +1,7 @@
class platform::haproxy::params (
$private_ip_address,
$public_ip_address,
$public_address_url,
$enable_https = false,
$global_options = undef,
@@ -20,6 +21,7 @@ define platform::haproxy::proxy (
$x_forwarded_proto = true,
$enable_https = undef,
$public_api = true,
$tcp_mode = false,
) {
include ::platform::haproxy::params
@@ -47,6 +49,12 @@ define platform::haproxy::proxy (
$hsts_option = undef
}
if $tcp_mode {
$mode_option = 'tcp'
} else {
$mode_option = undef
}
if $public_ip_address {
$public_ip = $public_ip_address
} else {
@@ -76,6 +84,7 @@ define platform::haproxy::proxy (
'reqadd' => $proto,
'timeout' => $real_client_timeout,
'rspadd' => $hsts_option,
'mode' => $mode_option,
},
}
@@ -91,6 +100,7 @@ define platform::haproxy::proxy (
options => {
'server' => "${server_name} ${private_ip}:${private_port}",
'timeout' => $timeout_option,
'mode' => $mode_option,
}
}
}
@@ -141,6 +151,7 @@ class platform::haproxy::runtime {
include ::platform::dcmanager::haproxy
include ::platform::dcorch::haproxy
}
include ::platform::docker::haproxy
include ::openstack::keystone::haproxy
include ::openstack::barbican::haproxy

1
puppet-manifests/src/modules/platform/manifests/params.pp
View File

@@ -24,6 +24,7 @@ class platform::params (
$security_profile = undef,
$security_feature = undef,
$stx_openstack_applied = false,
$system_controller_addr = undef,
) {
$ipv4 = 4
$ipv6 = 6

10
puppet-manifests/src/modules/platform/templates/dnsmasq.conf.erb
View File

@@ -116,4 +116,12 @@ server=/<%= @service_domain %>/<%= @dns_service_ip %>
# Local CNAME records
cname=registry.local,controller
cname=registry-token-server.local,controller
cname=registry-token-server.local,controller
<%- if @distributed_cloud_role == 'systemcontroller' -%>
cname=registry.central,controller
<%- end -%>
<%- if @distributed_cloud_role == 'subcloud' -%>
address=/registry.central/<%= @sc_address %>
<%- end -%>

2
puppet-manifests/src/modules/platform/templates/dockerdistribution.conf.erb
View File

@@ -24,7 +24,7 @@ health:
threshold: 3
auth:
token:
realm: "https://<%= @docker_registry_host %>:9002/token/"
realm: "https://<%= @docker_realm_host %>:9002/token/"
service: "<%= @docker_registry_host %>:9001"
issuer: bird-token-server
rootcertbundle: /etc/ssl/private/registry-cert.crt

2
puppet-manifests/src/modules/platform/templates/registry-cert-extfile.erb
View File

@@ -8,4 +8,6 @@ CN = registry.local
subjectAltName = @alt_names
[alt_names]
DNS.1 = registry.local
DNS.2 = registry.central
IP.1 = <%= @docker_registry_ip %>
IP.2 = <%= @docker_registry_public_ip %>