airship
/
pegleg
Code Issues Proposed changes
474 Commits 3 Branches 0 Tags 9.9 MiB
Commit Graph

4 Commits

Author SHA1 Message Date
Felipe Monteiro 2a8d2638b3 pki: Port Promenade's PKI catalog into Pegleg 
This patch set implements the PKICatalog [0] requirements
as well as PeglegManagedDocument [1] generation requirements
outlined in the spec [2].

Included in this patch set:

* New CLI entry point called "pegleg site secrets generate-pki"
* PeglegManagedDocument generation logic in
  engine.cache.managed_document
* Refactored PKICatalog logic in engine.cache.pki_catalog derived
  from the Promenade PKI implementation [3], responsible for
  generating certificates, CAs, and keypairs
* Refactored PKIGenerator logic in engine.cache.pki_generator
  derived from Promenade Generator implementation [4],
  responsible for reading in pegleg/PKICatalog/v1 documents (as
  well as promenade/PKICatalog/v1 documents for backwards
  compatibility) and generating required secrets and storing
  them into the paths specified under [0]
* Unit tests for all of the above [5]
* Example pki-catalog.yaml document under pegleg/site_yamls
* Validation schema for pki-catalog.yaml (TODO: implement
  validation logic here: [6])
* Updates to CLI documentation and inclusion of PKICatalog
  and PeglegManagedDocument documentation
* Documentation updates with PKI information [7]

TODO (in follow-up patch sets):

* Expand on overview documentation to include new Pegleg
  responsibilities
* Allow the original repository (not the copied one) to
  be the destination where the secrets are written to
* Finish up cert expiry/revocation logic

[0] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html#document-generation
[1] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html#peglegmanageddocument
[2] https://airship-specs.readthedocs.io/en/latest/specs/approved/pegleg-secrets.html
[3] https://github.com/openstack/airship-promenade/blob/master/promenade/pki.py
[4] https://github.com/openstack/airship-promenade/blob/master/promenade/generator.py
[5] https://review.openstack.org/#/c/611739/
[6] https://review.openstack.org/#/c/608159/
[7] https://review.openstack.org/#/c/611738/

Change-Id: I3010d04cac6d22c656d144f0dafeaa5e19a13068
 2019-01-15 13:29:21 -06:00
Felipe Monteiro d80aa0bd8f docs: Update getting started documentation 
Currently the getting started documentation is somewhat incorrect:
usage of pip3 install is not necessary as "regular" usage of
pegleg entails using ./tools/pegleg.sh which uses the Pegleg
Docker image.

Also, the CLI guide doesn't include any useful examples so some
have been added.

Change-Id: I851b1c8b4f9c38672fce7b4a017e31882c7006ea
Depends-On: Iaa928ec2f777ed6f899d3b1790f5f9de613da9bb
 2018-09-14 11:14:36 -06:00
Matt McEuen 15b5062f84 Refresh docs for Airship 
Now that Pegleg is a proud member of the OpenStack Airship family,
this PS makes a few updates to reflect this change, in terms
of project name (s/pegleg/airship-pegleg/), doc links, and
old-skool UCP vs Airship terminology.
Http URLs have also been updated to https.

Change-Id: I27bc725b3cf3c1ccee20221722733807af51cd44
 2018-08-06 09:04:58 -05:00
Felipe Monteiro f5fc46c7af Rename docs to doc to align with OpenStack standard 
This patchset updates docs to doc to align with OpenStack
standard. Follow-up patchset will be needed to publish
documentation to OpenStack [0].

[0] https://docs.openstack.org/doc-contrib-guide/project-guides.html

Change-Id: I90e5f9129207901402e26ed9488ec6e065568fe1
 2018-06-06 09:25:14 -04:00