config/controllerconfig
Jerry Sun 158e300d54 Docker Registry Keystone Authentication
This commit adds functionality for Docker registry to authenticate
using Keystone.

First, this commit contains puppet changes which are required to
manage the new token server required for Keystone authentication.

Second, with proper authentication now implemented, we are removing
the "insecure" flag for the controller registry in the "daemon.json"
file in "/etc/docker".

With the "insecure" flag removed, Docker will start complaining about
certificate issues. This commit also includes generation of default
certificates suitable for use by Docker registry as well as a sysinv
command "system certificate-install -m docker_registry" to update the
certificate.

Docker registry token server works only with PKCS1 style keys while we
would like to use PKCS8 keys by default. This is why our default
certificate and installed certificate create both a PKCS1 style key as
well as a PKCS8 style key. The keys are installed to
"/etc/ssl/private/" as registry-cert.crt, registry-cert.key, and
registry-cert-pkcs1.key.

Story: 2002840
Task: 22783
Depends-On: https://review.openstack.org/#/c/626354/

Change-Id: I0127bd5f10f3950739678929b92eb1b77e2119db
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
2019-03-07 12:55:59 -05:00
..
centos Configurable Host HTTP/HTTPS Port Binding 2019-02-06 12:47:00 -06:00
controllerconfig Docker Registry Keystone Authentication 2019-03-07 12:55:59 -05:00
.gitignore StarlingX open source release updates 2018-05-31 07:35:52 -07:00
PKG-INFO StarlingX open source release updates 2018-05-31 07:35:52 -07:00