summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-11-13 17:09:46 +0000
committerGerrit Code Review <review@openstack.org>2018-11-13 17:09:46 +0000
commit8b2027f69f3d3e80478b20e69de58cb4b5d4f572 (patch)
treead0b5191cb253966cc5cb435cd830f95ec0cf0fe
parent685fce16cb92281ba2417cbeb96df7cda374381a (diff)
parent5df7e07517104230461d4968d99fcbf924a99934 (diff)
Merge "miniMirror spec"
-rw-r--r--specs/approved/mini-mirror.rst134
1 files changed, 134 insertions, 0 deletions
diff --git a/specs/approved/mini-mirror.rst b/specs/approved/mini-mirror.rst
new file mode 100644
index 0000000..052da98
--- /dev/null
+++ b/specs/approved/mini-mirror.rst
@@ -0,0 +1,134 @@
1..
2 This work is licensed under a Creative Commons Attribution 3.0 Unported
3 License.
4
5 http://creativecommons.org/licenses/by/3.0/legalcode
6
7.. index::
8 single: template
9 single: creating specs
10
11==========
12miniMirror
13==========
14
15miniMirror is an application providing Debian packages for deployment.
16Basically, it is `Aptly`_ in a container.
17
18Links
19=====
20
21The work to author and implement this spec will be tracked under this
22`Storyboard Story`_.
23
24Problem description
25===================
26
27We need an ability to install Airship without any external sources for
28Debian packages. The main goal is to have a single source holding
29secured and pinned Debian packages only. An additional goal is a step
30toward a self-contained mechanism for deploying Airship.
31
32Proposed change
33===============
34
35miniMirror is an application providing Debian repository mirror within
36k8s cluster. Debian packages are held inside miniMirror docker image.
37Before the image build one should provide a list of desired repo URLs
38that will be used for package downloading and optionally a list of
39packages with or without specific versions. During the docker image
40building, packages are downloaded and stored within the image.
41Blacklist for package names can be provided as a configuration for the
42container run from the built image.
43
44How miniMirror works?
45---------------------
46
47miniMirror uses Aptly as a tool to replicate Debian repositories.
48To add or modify the list of repositories one needs to rebuild the docker image.
49Blacklist and/or whitelist is a list of rules for a web server
50which can block requests do not satisfy to a configuration.
51With such an approach the blacklist could be modified dynamically
52as a chart option and it does not require image rebuild.
53
54How miniMirror can be used?
55---------------------------
56
57If a site is configured with miniMirror the initialization script
58(genesis, join) would download the miniMiror image and extract packages
59required for docker and finally install docker with dpkg command.
60
61In pseudocode it can be::
62
63 if deploy_with_miniMirror:
64 download_miniMirror_image()
65 extract_debian_packages_from_miniMirror_image()
66 install_docker_from_deb_package()
67 else:
68 install_docker_from_ubuntu_apt()
69
70Next step, if a site is configured with miniMirror Promenade has to
71create a static pod for miniMirror. After the miniMirror static pod
72run, the apt source should be updated to point on localhost:$port provided
73by miniMirror.
74
75After that, Armada should deploy miniMirror from a chart, providing
76k8s deployment, service, and ingress.
77
78Impacted components
79===================
80
81The following Airship components will be impacted by this solution:
82
83#. Airship-utils: hold miniMirror Dockerfile and Helm chart.
84#. Promenade: initialization scripts are updated to install docker
85 from miniMirror, run miniMirror static Pod, update apt source for a host.
86#. Treasuremap, Airship-in-a-bottle: update documents to include
87 miniMirror Armada chart.
88
89Security impact
90===============
91
92These changes will result in a system that monitors Debian package
93installation as logs from the miniMirror web server are available
94in the k8s cluster. It should be more stable deployment as Debian package
95versions are changed only with miniMiror image rebuild.
96
97Performance impact
98==================
99
100Performance impact to existing flows will be minimal. It even could
101lead to quicker Debian package installation due to the Debian package
102source is localized.
103
104Alternatives
105============
106
107One alternation is to avoid miniMirror implementation and use existing
108tools like `Artifactory` to install apt sources directly. It is clearly
109about controlled, pinned source of packages, having a blacklist,
110installation monitoring, and offline installation for Debian packages
111inside k8s cluster. As one of the Airship principles is a self-contained
112deployment miniMirror could be a good step toward it.
113
114Implementation
115==============
116
117Please refer to the `Storyboard Story`_ for implementation planning information.
118
119Dependencies
120============
121
122Divingbell package management feature is dependent on these changes.
123
124Documentation Impact
125====================
126
127Promenade, Treasuremap docs have to be updated according to changes.
128
129References
130==========
131
132.. _Storyboard Story: https://storyboard.openstack.org/#!/story/2004110
133.. _Aptly: https://www.aptly.info/doc/overview/
134.. _Artifactory: https://www.jfrog.com/confluence/display/RTF/Welcome+to+Artifactory