airship
/
pegleg
Code Issues Proposed changes
A configuration organization tool.
289 Commits 3 Branches 0 Tags 9.9 MiB
Python 98.4%
Shell 0.8%
Makefile 0.8%
Go to file
Hughes, Alexander (ah8742) 7d440b39e9 Update Pegleg base image to use Ubuntu 16.04 
Currently the Pegleg base image is python:3.6, after a full build of
the Pegleg image and pushing it to quay it was discovered that the
final image had more than 600 vulnerabilities in the image scan
report [0].

When inspecting other Airship projects it became evident that only
the Pegleg and Spyglass projects were using python:3.6. The remaining
projects use ubuntu:16.04 as their default base image

Locally scanning with Clair [1] confirmed that the base image plays a
substantial role in the number and severity of vulnerabilities
present in the final Pegleg image. By switching from python:3.6 to
ubuntu:16.04 the number of vulnerabilities reported by Clair was
reduced to 130, none of which were high - from the original 600+ with
~50 high.

This patchset makes the following changes with the aim to reduce the
vulnerability count and severity in the final Pegleg image by:
1. Updating the Dockerfile for Ubuntu builds to use 16.04
2. Updating the Dockerfile to install necessary packages for Pegleg
   to run that are not included with the ubuntu:16.04 base image
3. Renaming the Dockerfile to accurately reflect the Ubuntu
   distribution
4. Updating the docker build jobs in .zuul.yaml to set the
   distribution to ubuntu_xenial
5. Updating the Makefile to set distribution to ubuntu_xenial
6. Updating the pegleg.sh script to use the correct image tag with
   the changes to the distribution in (1-5)
7. Updating the documentation to reflect that the Ubuntu base image
   is 16.04 (Xenial)

[0]: https://quay.io/repository/airshipit/pegleg/manifest/sha256:86d47bf777216eb28c4fc3594e57b0f758fd532b7e88a17ab8e5bd4f42dcd44e?tab=vulnerabilities
[1]: https://github.com/arminc/clair-scanner

Change-Id: I3c5ef761f9ea01b9673f6a2d08c499e8dc409c9d
 		2019-06-04 16:41:22 +00:00
doc Update AIAB repo names 2019-06-03 15:59:22 +00:00
images/pegleg Update Pegleg base image to use Ubuntu 16.04 2019-06-04 16:41:22 +00:00
pegleg Merge "Fix multiple I/O issues in cert generation" 2019-05-29 14:12:02 +00:00
releasenotes Add releasenotes 2018-11-28 02:48:40 -06:00
site_yamls/site CLI capability to generate and encrypt passphrases 2019-01-29 16:24:31 -06:00
tests Update AIAB repo names 2019-06-03 15:59:22 +00:00
tools Update Pegleg docs jobs 2019-05-20 08:16:16 -05:00
.dockerignore Update to UCP layout standard 2018-03-05 07:42:00 -06:00
.gitignore Update .gitignore 2018-10-31 15:08:42 -05:00
.gitreview OpenDev Migration Patch 2019-04-19 19:52:19 +00:00
.style.yapf trivial: fix yapf/pep8 interaction failing on logical operator 2019-03-25 05:07:59 +00:00
.zuul.yaml Fix pegleg ssh_key for git mirroring 2019-05-23 11:51:08 -05:00
LICENSE Initial commit 2018-01-26 15:47:15 -06:00
Makefile Support pegleg to run on opensuse leap15 image 2019-05-14 09:41:21 -07:00
README.rst Typo fix: getting started URL 2019-01-23 09:35:27 +01:00
requirements.txt Pin dependency versions 2019-05-29 14:06:38 -05:00
setup.py Update references from openstack to opendev 2019-04-24 15:22:53 -05:00
test-requirements.txt Pin dependency versions 2019-05-29 14:06:38 -05:00
tox.ini Merge "Add py37 to tox" 2019-05-08 21:56:44 +00:00

README.rst

Pegleg

Docker Repository on Quay Doc Status

Introduction

Pegleg is a document aggregator that provides early linting and validations via Deckhand, a document management micro-service within Airship.

Pegleg supports local and remote Git repositories. Remote repositories can be cloned using a variety of protocols -- HTTP(S) or SSH. Afterward, specific revisions within those repositories can be checked out, their documents aggregated, linted, and passed to the rest of Airship for orchestration, allowing document authors to manage their site definitions using version control.

Find more documentation for Pegleg on Read the Docs.

Core Responsibilities

  • aggregation - Aggregates all documents required for site deployment across multiple Git repositories, each of which can be used to maintain separate document sets in isolation
  • linting - Configurable linting checks documents for common syntactical and semantical mistakes

Getting Started

For more detailed installation and setup information, please refer to the Getting Started guide.

Integration Points

Pegleg has the following integration points:

  • Deckhand which provides document revision management, storage and rendering functionality upon which the rest of the Airship components rely for orchestration of infrastructure provisioning.

Further Reading

Airship.