This introduces a new document called `EncryptionPolicy` to configure
this behavior. It currently only supports using symmetric encryption
with `GPG`, but that should be available on all Ubuntu systems (which is
what we currently support) and should also be fairly reliable.
Change-Id: I06d4faa119b736773df0d8cbf0e7a23fd98edcdf
Depends-On: https://review.openstack.org/#/c/602175/
- This addresses a bug where Promenade doesn't detect some invalid
configurations during genesis script generation.
- Refactor some validation checks for performance
Change-Id: I8b39caaab04819a935b83eb544979eac333fe409
Use the Deckhand engine module directly to manage local configuration
files during CLI usage.
Note: not doing document validation as DH currently requires schemas to
be sourced from the database. Simple schema validation in place.
- Layering/substitution
- Schema validation based on DataSchema documents in payload
- Add deckhand to requirements
A few tooling updates
- concatenate test & schema yaml files into a single file to avoid name
conflicts
- make nginx directory in build-scripts stage
Change-Id: I2d56244f01c58052f14331bc09fd5843d4c95292
This change includes several interconnected features:
* Migration to Deckhand-based configuration. This is integrated here,
because new configuration data were needed, so it would have been
wasted effort to either implement it in the old format or to update
the old configuration data to Dechkand format.
* Failing faster with stronger validation. Migration to Deckhand
configuration was a good opportunity to add schema validation, which
is a requirement in the near term anyway. Additionally, rendering
all templates up front adds an additional layer of "fail-fast".
* Separation of certificate generation and configuration assembly into
different commands. Combined with Deckhand substitution, this creates
a much clearer distinction between Promenade configuration and
deployable secrets.
* Migration of components to charts. This is a key step that will
enable support for dynamic node management. Additionally, this paves
the way for significant configurability in component deployment.
* Version of kubelet is configurable & controlled via download url.
* Restructuring templates to be more intuitive. Many of the templates
require changes or deletion due to the migration to charts.
* Installation of pre-configured useful tools on hosts, including calicoctl.
* DNS is now provided by coredns, which is highly configurable.
Change-Id: I9f2d8da6346f4308be5083a54764ce6035a2e10c
Sergiy Markin