Allow subcloud to use central-cloud's local registry

Add the following to setup the environment which allows the subcloud to use central-cloud's local registry via the OAM interface - controller_config: copy registry.central certificate from the shared directory to docker certificate directory - worker_config: copy registry.central certificate from the shared directory to docker certificate directory - sysinv: Add a new network type for system controller OAM network Retrieve the system controller's OAM floating IP address from DB and populate the hiera record for dnsmasq Add a public URL encoded address for haproxy Depends-On: https://review.opendev.org/#/c/690082/ Change-Id: Ibbc7f0ed84679a3ced3a9fee712bd1da5865f213 Partial-Bug: 1846799 Signed-off-by: Tao Liu <tao.liu@windriver.com>
2019-10-22 09:57:50 -04:00 · 2019-10-22 09:57:50 -04:00 · 0d8df17df6
parent d2ffecde5a
commit 0d8df17df6
5 changed files with 42 additions and 1 deletions
--- a/controllerconfig/controllerconfig/scripts/controller_config
+++ b/controllerconfig/controllerconfig/scripts/controller_config
@ -308,6 +308,17 @@ start()
        fi
    fi

+    if [ -e $CONFIG_DIR/registry.central/registry-cert.crt ]
+    then
+        mkdir -p /etc/docker/certs.d/registry.central:9001/
+        chmod 700 /etc/docker/certs.d/registry.central:9001/
+        cp $CONFIG_DIR/registry.central/registry-cert.crt /etc/docker/certs.d/registry.central:9001/registry-cert.crt
+        if [ $? -ne 0 ]
+        then
+            fatal_error "Unable to copy $CONFIG_DIR/registry-cert.crt to docker dir for central registry"
+        fi
+    fi
+
    if [ -e $CONFIG_DIR/openstack ]
    then
        if [ ! -e /etc/ssl/private/openstack ]
--- a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/network.py
+++ b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/network.py
@ -53,6 +53,7 @@ ALLOWED_NETWORK_TYPES = [constants.NETWORK_TYPE_MGMT,
                         constants.NETWORK_TYPE_CLUSTER_POD,
                         constants.NETWORK_TYPE_CLUSTER_SERVICE,
                         constants.NETWORK_TYPE_IRONIC,
+                         constants.NETWORK_TYPE_SYSTEM_CONTROLLER_OAM,
                         ]


--- a/sysinv/sysinv/sysinv/sysinv/common/constants.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py
@ -629,6 +629,7 @@ NETWORK_TYPE_BM = 'bm'
 NETWORK_TYPE_MULTICAST = 'multicast'
 NETWORK_TYPE_DATA = 'data'
 NETWORK_TYPE_SYSTEM_CONTROLLER = 'system-controller'
+NETWORK_TYPE_SYSTEM_CONTROLLER_OAM = 'system-controller-oam'
 NETWORK_TYPE_CLUSTER_HOST = 'cluster-host'
 NETWORK_TYPE_CLUSTER_POD = 'cluster-pod'
 NETWORK_TYPE_CLUSTER_SERVICE = 'cluster-service'
--- a/sysinv/sysinv/sysinv/sysinv/puppet/platform.py
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/platform.py
@ -48,6 +48,7 @@ class PlatformPuppet(base.BasePuppet):
        config.update(self._get_remotelogging_config())
        config.update(self._get_snmp_config())
        config.update(self._get_certificate_config())
+        config.update(self._get_systemcontroller_config())
        return config

    def get_secure_system_config(self):
@ -243,12 +244,14 @@ class PlatformPuppet(base.BasePuppet):
            constants.CONTROLLER, constants.NETWORK_TYPE_OAM)
        private_address = self._get_address_by_name(
            constants.CONTROLLER, constants.NETWORK_TYPE_MGMT)
-
+        public_address_url = self._format_url_address(public_address.address)
        https_enabled = self._https_enabled()

        config = {
            'platform::haproxy::params::public_ip_address':
                public_address.address,
+            'platform::haproxy::params::public_address_url':
+                public_address_url,
            'platform::haproxy::params::private_ip_address':
                private_address.address,
            'platform::haproxy::params::enable_https':
@ -846,3 +849,17 @@ class PlatformPuppet(base.BasePuppet):
        return {
            'sysinv::agent::lldp_drivers': driver_list
        }
+
+    def _get_systemcontroller_config(self):
+        config = {}
+        if self._distributed_cloud_role() == \
+                constants.DISTRIBUTED_CLOUD_ROLE_SUBCLOUD:
+            sc_network = self.dbapi.network_get_by_type(
+                constants.NETWORK_TYPE_SYSTEM_CONTROLLER_OAM)
+            sc_network_addr_pool = self.dbapi.address_pool_get(
+                sc_network.pool_uuid)
+            sc_addr = sc_network_addr_pool.floating_address
+            sc_host = self._format_url_address(sc_addr)
+            config.update({'platform::params::system_controller_addr':
+                          sc_host})
+        return config
--- a/workerconfig/workerconfig/worker_config
+++ b/workerconfig/workerconfig/worker_config
@ -261,6 +261,17 @@ start()
        fi
    fi

+    if [ -e $CONFIG_DIR/registry.central/registry-cert.crt ]
+    then
+        mkdir -p /etc/docker/certs.d/registry.central:9001/
+        chmod 700 /etc/docker/certs.d/registry.central:9001/
+        cp $CONFIG_DIR/registry.central/registry-cert.crt /etc/docker/certs.d/registry.central:9001/registry-cert.crt
+        if [ $? -ne 0 ]
+        then
+            fatal_error "Unable to copy $CONFIG_DIR/registry-cert.crt to docker dir for central registry"
+        fi
+    fi
+
    # banner customization always returns 0, success:
    /usr/sbin/install_banner_customization