airship
/
deckhand
Code Issues Proposed changes
A configuration management service with support for secrets.
716 Commits 3 Branches 0 Tags 8.5 MiB
Python 97.5%
Shell 2%
Makefile 0.4%
Go to file
Phil Sphicas 5cd799cc5d Allow source substring extraction 
When performing substitutions, there are occasions when the source value
does not exactly match the format required by the destination document
(e.g. the values.yaml structure of an Armada chart).

This change provides the ability extract a substring of the source
value, and substitute that into the destination document.

Two optional fields are added to `src` under `metadata.substitutions`:

  * `pattern`: a regular expression, with optional capture groups
  * `match_group`: the number of the desired capture group

The canonical use case is a chart that requires an image with the repo
name and tag in separate fields, while the substitution source has the
full image path as a single value.

For example, assuming that the source document "software-versions" has:

    data:
      images:
        hello: docker.io/library/hello-world:latest

Then the following set of substitutions would put the repo and tag in
the applicable values in the destination document:

    metadata:
      substitutions:
        - src:
            schema: pegleg/SoftwareVersions/v1
            name: software-versions
            path: .images.hello
            pattern: '^(.*):(.*)'
            match_group: 1
          dest:
            path: .values.images.hello.repo
        - src:
            schema: pegleg/SoftwareVersions/v1
            name: software-versions
            path: .images.hello
            pattern: '^(.*):(.*)'
            match_group: 2
          dest:
            path: .values.images.hello.tag
    data:
      values:
        images:
          hello:
            repo:  # docker.io/library/hello-world
            tag:   # latest

Change-Id: I2fcb0d2b8e2fe3d85479ac2bad0b7b90f434eb77
 		2022-01-18 13:04:25 -08:00
.github Add SECURITY.md 2020-03-02 16:32:42 +00:00
alembic Fix pep8 gate running on py3.8 2020-09-24 22:35:22 -05:00
charts/deckhand Helm 3: Fix Job labels 2021-10-01 11:28:22 -05:00
deckhand Allow source substring extraction 2022-01-18 13:04:25 -08:00
doc Allow source substring extraction 2022-01-18 13:04:25 -08:00
etc/deckhand Redacts Raw Documents 2018-10-19 23:56:12 -05:00
images/deckhand Deckhand gate fix 2021-08-30 07:53:24 -07:00
releasenotes style(pep8): remove identation ignores 2018-06-01 22:08:42 +00:00
tools Update HTK stable commit (Ingress) 2021-10-19 15:20:38 -07:00
.coveragerc Add Deckhand coverage job 2017-08-15 16:11:35 -04:00
.dockerignore Collect profile data on DH requests 2018-02-15 13:09:16 -05:00
.gitignore docs: Use sphinx-apidoc library for autodoc compatibility 2018-10-27 22:52:39 +01:00
.gitreview OpenDev Migration Patch 2019-04-19 19:52:20 +00:00
.stestr.conf Switch to stestr 2018-03-28 13:06:46 -04:00
.zuul.yaml Make failing Zuul job non-voting 2022-01-14 08:30:26 -08:00
HACKING.rst Update url in HACKING.rst 2018-11-15 00:22:41 +08:00
LICENSE Update Apache LICENSE 2018-05-10 22:25:14 +01:00
Makefile Add support for Ubuntu bionic base image 2020-02-06 17:42:33 -06:00
README.rst Merge "docs: Reorganize documentation structure" 2018-10-05 20:49:07 +00:00
REVIEWING.rst docs: Add developer overview documentation 2018-06-20 15:00:46 -04:00
alembic.ini [396582] Add alembic support to Deckhand 2018-04-06 23:30:16 -04:00
bindep.txt Embed UML generated diagrams into docs, fix docs build 2019-02-14 13:55:44 +01:00
entrypoint.sh Scaling deckhand uwsgi workers 2020-08-05 22:05:57 +00:00
requirements.txt Revert jsonschema to 3.2.0 2021-09-08 05:09:32 +00:00
setup.cfg Remove Python 2.x support 2019-10-08 12:41:12 +00:00
setup.py Oslo config integration (#1) 2017-06-26 16:57:50 -07:00
test-requirements.txt Gate fixes 2021-05-18 08:05:23 -07:00
tox.ini Drop Python 3.5, make xenial/opensuse non-voting 2021-10-19 15:20:38 -07:00

README.rst

Deckhand

Docker Repository on Quay Doc Status

Deckhand provides document revision management, storage and mutation functionality upon which the rest of the Airship components rely for orchestration of infrastructure provisioning. Deckhand understands declarative YAML documents that define, end-to-end, the configuration of sites: from the hardware -- encompassing network topology and hardware and host profile information -- up to the software level that comprises the overcloud.

Core Responsibilities

  • layering - helps reduce duplication in configuration by applying the notion of inheritance to documents
  • substitution - provides separation between secret data and other configuration data for security purposes and reduces data duplication by allowing common data to be defined once and substituted elsewhere dynamically
  • revision history - maintains well-defined collections of documents within immutable revisions that are meant to operate together, while providing the ability to rollback to previous revisions
  • validation - allows services to implement and register different kinds of validations and report errors
  • secret management - leverages existing OpenStack APIs -- namely Barbican -- to reliably and securely store sensitive data

Getting Started

For more detailed installation and setup information, please refer to the Getting Started guide.

Integration Points

Deckhand has the following integration points:

Note

Currently, other database back-ends are not supported.

Though, being a low-level service, has many other Airship services that integrate with it, including:

  • Drydock is orchestrated by Shipyard to perform bare metal node provisioning.
  • Promenade is indirectly orchestrated by Shipyard to configure and join Kubernetes nodes.
  • Armada is orchestrated by Shipyard to deploy and test Kubernetes workloads.

Further Reading

Airship.