starlingx/docs
Code Issues Proposed changes

Merge "Update admin tasks folder"

Browse Source
This commit is contained in:
Zuul 2021-03-17 11:37:31 +00:00 committed by Gerrit Code Review
commit d95d23373d
9 changed files with 101 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
doc/source/admintasks/admin-application-commands-and-helm-overrides.rst
View File

@ -16,7 +16,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-list [--nowrap]
~(keystone_admin)]$ system application-list [--nowrap]
where:
@ -27,7 +27,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-list --nowrap
~(keystone_admin)]$ system application-list --nowrap
+-------------+---------+---------------+---------------+----------+-----------+
| application | version | manifest name | manifest file | status | progress |
@ -43,7 +43,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-show <app_name>
~(keystone_admin)]$ system application-show <app_name>
where:
@ -54,7 +54,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-show stx-openstack
~(keystone_admin)]$ system application-show stx-openstack
+---------------+----------------------------------+
| Property | Value |
@ -75,7 +75,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-upload [-n | --app-name] <app_name> [-v | --version] <version> <tar_file>
~(keystone_admin)]$ system application-upload [-n | --app-name] <app_name> [-v | --version] <version> <tar_file>
where the following are optional arguments:
@ -95,7 +95,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-upload stx-openstack-1.0-18.tgz
~(keystone_admin)]$ system application-upload stx-openstack-1.0-18.tgz
+---------------+----------------------------------+
| Property | Value |
+---------------+----------------------------------+
@ -117,7 +117,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system helm-override-list
~(keystone_admin)]$ system helm-override-list
usage: system helm-override-list [--nowrap] [-l | --long] <app_name>
where the following is a positional argument:
@ -137,7 +137,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system helm-override-list stx-openstack --long
~(keystone_admin)]$ system helm-override-list stx-openstack --long
+---------------------+--------------------------------+---------------+
| chart name | overrides namespaces | chart enabled |
+---------------------+--------------------------------+---------------+
@ -176,7 +176,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system helm-override-show
~(keystone_admin)]$ system helm-override-show
usage: system helm-override-show <app_name> <chart_name> <namespace>
where the following are positional arguments:
@ -194,7 +194,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system helm-override-show stx-openstack glance openstack
~(keystone_admin)]$ system helm-override-show stx-openstack glance openstack
- To modify service configuration parameters using user-specified overrides,
use the following command. To update a single configuration parameter, you
@ -203,7 +203,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system helm-override-update
~(keystone_admin)]$ system helm-override-update
usage: system helm-override-update <app_name> <chart_name> <namespace> --reuse-values --reset-values --values <file_name> --set <commandline_overrides>
where the following are positional arguments:
@ -241,7 +241,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system helm-override-update stx-openstack glance openstack --set conf.glance.DEFAULT.DEBUG=true
~(keystone_admin)]$ system helm-override-update stx-openstack glance openstack --set conf.glance.DEFAULT.DEBUG=true
+----------------+-------------------+
| Property | Value |
+----------------+-------------------+
@ -267,7 +267,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system helm-chart-attribute-modify [--enabled <true/false>] <app_name> <chart_name> <namespace>
~(keystone_admin)]$ system helm-chart-attribute-modify [--enabled <true/false>] <app_name> <chart_name> <namespace>
where the following is an optional argument:
@ -293,7 +293,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system helm-override-delete
~(keystone_admin)]$ system helm-override-delete
usage: system helm-override-delete <app_name> <chart_name> <namespace>
where the following are positional arguments:
@ -311,7 +311,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system helm-override-delete stx-openstack glance openstack
~(keystone_admin)]$ system helm-override-delete stx-openstack glance openstack
Deleted chart overrides glance:openstack for application stx-openstack
- Use the following command to apply or reapply an application, making it
@ -319,7 +319,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-apply [-m | --mode] <mode> <app_name>
~(keystone_admin)]$ system application-apply [-m | --mode] <mode> <app_name>
where the following is an optional argument:
@ -337,7 +337,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-apply stx-openstack
~(keystone_admin)]$ system application-apply stx-openstack
+---------------+----------------------------------+
| Property | Value |
+---------------+----------------------------------+
@ -358,7 +358,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-abort <app_name>
~(keystone_admin)]$ system application-abort <app_name>
where:
@ -369,7 +369,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-abort stx-openstack
~(keystone_admin)]$ system application-abort stx-openstack
Application abort request has been accepted. If the previous operation has not
completed/failed, it will be cancelled shortly.
@ -381,7 +381,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-update [-n | --app-name] <app_name> [-v | --app-version] <version> <tar_file>
~(keystone_admin)]$ system application-update [-n | --app-name] <app_name> [-v | --app-version] <version> <tar_file>
where the following are optional arguments:
@ -393,7 +393,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-list
~(keystone_admin)]$ system application-list
+--------------------------+----------+-------------------------------+---------------------------+----------+-----------+
| application | version | manifest name | manifest file | status | progress |
+--------------------------+----------+-------------------------------+---------------------------+----------+-----------+
@ -402,7 +402,7 @@ commands to manage containerized applications provided as part of |prod|.
| | | -manifest | _manifest.yaml | | |
| oidc-auth-apps | 20.06-26 | oidc-auth-manifest | manifest.yaml | uploaded | completed |
| platform-integ-apps | 20.06-9 | platform-integration-manifest | manifest.yaml | applied | completed |
| wr-analytics | 20.06-2 | analytics-armada-manifest | wr-analytics.yaml | applied | completed |
| wr-analytics | 20.06-2 | analytics-armada-manifest | wr-analytics.yaml | applied | completed |
+--------------------------+----------+-------------------------------+---------------------------+----------+-----------+
The output indicates that the currently installed version of
@ -423,7 +423,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-remove <app_name>
~(keystone_admin)]$ system application-remove <app_name>
where:
@ -434,7 +434,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-remove stx-openstack
~(keystone_admin)]$ system application-remove stx-openstack
+---------------+----------------------------------+
| Property | Value |
+---------------+----------------------------------+
@ -458,7 +458,7 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-delete <app_name>
~(keystone_admin)]$ system application-delete <app_name>
where:
@ -471,5 +471,5 @@ commands to manage containerized applications provided as part of |prod|.
.. code-block:: none
~(keystone_admin)$ system application-delete stx-openstack
~(keystone_admin)]$ system application-delete stx-openstack
Application stx-openstack deleted.

8
doc/source/admintasks/freeing-space-in-the-local-docker-registry.rst
View File

@ -21,7 +21,7 @@ associated space from the file system. To do so, you must also run the
.. code-block:: none
~(keystone_admin)$ system registry-image-list
~(keystone_admin)]$ system registry-image-list
+------------------------------------------------------+
| Image Name |
+------------------------------------------------------+
@ -46,13 +46,13 @@ associated space from the file system. To do so, you must also run the
.. code-block:: none
~(keystone_admin)$ system registry-image-tags <imageName>
~(keystone_admin)]$ system registry-image-tags <imageName>
#. Free file system space.
.. code-block:: none
~(keystone_admin)$ system registry-image-delete <imageName>:<tagName>
~(keystone_admin)]$ system registry-image-delete <imageName>:<tagName>
This step only removes the registry's reference to the **image:tag**.
@ -75,7 +75,7 @@ associated space from the file system. To do so, you must also run the
.. code-block:: none
~(keystone_admin)$ system registry-garbage-collect
~(keystone_admin)]$ system registry-garbage-collect
Running docker registry garbage collect
.. note::

52
doc/source/admintasks/installing-updating-the-docker-registry-certificate.rst
View File

@ -11,50 +11,58 @@ The local Docker registry provides secure HTTPS access using the registry API.
.. rubric:: |context|
By default a self-signed certificate is generated at installation time for the
registry API. For more secure access, a Root CA-signed certificate is strongly
recommended.
registry API. For more secure access, an intermediate or Root CA-signed
certificate is strongly recommended.
The Root CA-signed certificate for the registry must have at least the
following |SANs|: DNS:registry.local,DNS:registry.central,
IP Address:<oam-floating-ip-address>, IP Address:<mgmt-floating-ip-address>.
Use the :command:`system addrpool-list` command to get the |OAM| floating IP
The intermediate or Root CA-signed certificate for the registry must have at
least the following |SANs|: DNS:registry.local, DNS:registry.central, IP
Address:<oam-floating-ip-address>, IP Address:<mgmt-floating-ip-address>. Use
the :command:`system addrpool-list` command to get the |OAM| floating IP
Address and management floating IP Address for your system. You can add any
additional DNS entry\(s\) that you have set up for your OAM floating IP Address.
additional |DNS| entry\(s\) that you have set up for your |OAM| floating IP
Address.
Use the following procedure to install a Root CA-signed certificate to either
replace the default self-signed certificate or to replace an expired or soon to
expire certificate.
Use the following procedure to install an intermediate or Root CA-signed
certificate to either replace the default self-signed certificate or to replace
an expired or soon to expire certificate.
.. rubric:: |prereq|
Obtain a Root CA-signed certificate and key from a trusted Root Certificate
Authority \(CA\). Refer to the documentation for the external Root CA that you
are using, on how to create public certificate and private key pairs, signed by
a Root CA, for HTTPS.
Obtain an intermediate or Root CA-signed certificate and key from a trusted
intermediate or Root Certificate Authority \(CA\). Refer to the documentation
for the external Root CA that you are using, on how to create public
certificate and private key pairs, signed by an intermediate or Root CA, for
HTTPS.
.. xreflink For lab purposes, see |sec-doc|: :ref:`Locally Creating Certificates <creating-certificates-locally-using-openssl>` to create a test Root CA certificate and key, and use it to sign test certificates.
.. xreflink For lab purposes, see |sec-doc|: :ref:`Locally Creating
Certificates <creating-certificates-locally-using-openssl>` to create a
Intermediate or test Root CA certificate and key, and use it to sign test
certificates.
Put the Privacy Enhanced Mail \(PEM\) encoded versions of the certificate and
key in a single file, and copy the file to the controller host.
Also obtain the certificate of the Root CA that signed the above certificate.
Also obtain the certificate of the intermediate or Root CA that signed the
above certificate.
.. rubric:: |proc|
.. _installing-updating-the-docker-registry-certificate-d271e71:
#. In order to enable internal use of the Docker registry certificate, update
the trusted CA list for this system with the Root CA associated with the
Docker registry certificate.
.. code-block:: none
~(keystone_admin)$ system certificate-install --mode ssl_ca <pathTocertificate>
~(keystone_admin)]$ system certificate-install --mode ssl_ca <pathTocertificate>
where:
**<pathTocertificate>**
is the path to the Root CA certificate associated with the Docker
registry Root CA-signed certificate.
is the path to the intermediate or Root CA certificate associated with the
Docker registry's intermediate or Root CA-signed certificate.
#. Update the Docker registry certificate using the
:command:`certificate-install` command.
@ -63,11 +71,11 @@ Also obtain the certificate of the Root CA that signed the above certificate.
.. code-block:: none
~(keystone_admin)$ system certificate-install --mode docker_registry <pathTocertificateAndKey>
~(keystone_admin)]$ system certificate-install --mode docker_registry <pathTocertificateAndKey>
where:
**<pathTocertificateAndKey>**
is the path to the file containing both the Docker registry certificate
and private key to install.
is the path to the file containing both the Docker registry's Intermediate
or Root CA-signed certificate and private key to install.

30
doc/source/admintasks/kubernetes-admin-tutorials-authentication-and-authorization.rst
View File

@ -15,12 +15,26 @@ For example:
$ docker login registry.local:9001 -u <keystoneUserName> -p <keystonePassword>
An authorized administrator can perform any Docker action, while regular users
can only interact with their own repositories
\(i.e. registry.local:9001/<keystoneUserName>/\). For example, only
**admin** and **testuser** accounts can push to or pull from
An authorized administrator \('admin' and 'sysinv'\) can perform any Docker
action. Regular users can only interact with their own repositories \(i.e.
registry.local:9001/<keystoneUserName>/\). Any authenticated user can pull from
the following list of public images:
.. _kubernetes-admin-tutorials-authentication-and-authorization-d383e50:
- registry.local:9001:/public/\*
- registry.local:9001:/k8s.gcr.io/pause
- registry.local:9001:/quay.io/jetstack/cert-manager-acmesolver
The **mtce** user can only pull public images, but cannot push any images.
For example, only **admin** and **testuser** accounts can push to or pull from
**registry.local:9001/testuser/busybox:latest**
.. _kubernetes-admin-tutorials-authentication-and-authorization-d383e87:
---------------------------------
Username and Docker compatibility
---------------------------------
@ -32,6 +46,14 @@ example, the user **testuser** is correct in the following URL, while
**registry.local:9001/testuser/busybox:latest**
.. note::
Use of the auto-generated self-signed certificate for the registry
certificate is not recommended. If you must do so, then from the central
cloud/systemController, access to the local registry can only be done using
registry.local:9001. registry.central:9001 will be inaccessible. Installing
a |CA|-signed certificate for the registry and the certificate of the |CA| as
an 'ssl\_ca' certificate will remove this restriction.
For more information about Docker commands, see
`https://docs.docker.com/engine/reference/commandline/docker/ <https://docs.docker.com/engine/reference/commandline/docker/>`__.

2
doc/source/admintasks/kubernetes-admin-tutorials-helm-package-manager.rst
View File

@ -28,7 +28,7 @@ Use the following command to list the Helm repositories:
.. code-block:: none
~(keystone_admin)$ helm repo list
~(keystone_admin)]$ helm repo list
NAME URL
stable `https://kubernetes-charts.storage.googleapis.com`__
local `http://127.0.0.1:8879/charts`__

2
doc/source/admintasks/kubernetes-admin-tutorials-starlingx-application-package-manager.rst
View File

@ -26,6 +26,8 @@ information.
CLI commands for managing the lifecycle of an application, which includes
managing overrides to the Helm charts within the application.
.. _kubernetes-admin-tutorials-tarlingx-application-package-manager-d463e61:
.. table:: Table 1. Application Package Manager Commands
:widths: auto

14
doc/source/admintasks/setting-up-a-public-repository.rst
View File

@ -22,13 +22,13 @@ those images by sharing the registry/public user's credentials with other users.
.. code-block:: none
~(keystone_admin)$ openstack project create registry
~(keystone_admin)$ TENANTNAME="registry"
~(keystone_admin)$ TENANTID=`openstack project list | grep ${TENANTNAME} | awk '{print $2}'`
~(keystone_admin)$ USERNAME="public"
~(keystone_admin)$ USERPASSWORD="${USERNAME}K8*"
~(keystone_admin)$ openstack user create --password ${USERPASSWORD} --project ${TENANTID} ${USERNAME}
~(keystone_admin)$ openstack role add --project ${TENANTNAME} --user ${USERNAME} _member
~(keystone_admin)]$ openstack project create registry
~(keystone_admin)]$ TENANTNAME="registry"
~(keystone_admin)]$ TENANTID=`openstack project list | grep ${TENANTNAME} | awk '{print $2}'`
~(keystone_admin)]$ USERNAME="public"
~(keystone_admin)]$ USERPASSWORD="${USERNAME}K8*"
~(keystone_admin)]$ openstack user create --password ${USERPASSWORD} --project ${TENANTID} ${USERNAME}
~(keystone_admin)]$ openstack role add --project ${TENANTNAME} --user ${USERNAME} _member
#. Create a secret containing the credentials of the public repository in
kube-system namespace.

6
doc/source/admintasks/uninstalling-cpu-manager-for-kubernetes-on-ipv6.rst
View File

@ -14,7 +14,7 @@ then run the following commands:
.. code-block:: none
~(keystone_admin)$ kubectl delete pod/cmk-uninstall-webhook -n kube-system
~(keystone_admin)$ kubectl delete ds cmk-uninstall -n kube-system
~(keystone_admin)$ kubectl delete pod delete-uninstall -n kube-system
~(keystone_admin)]$ kubectl delete pod/cmk-uninstall-webhook -n kube-system
~(keystone_admin)]$ kubectl delete ds cmk-uninstall -n kube-system
~(keystone_admin)]$ kubectl delete pod delete-uninstall -n kube-system

2
doc/source/shared/abbrevs.txt
View File

@ -19,11 +19,13 @@
.. |CAs| replace:: :abbr:`CAs (Certificate Authorities)`
.. |CLI| replace:: :abbr:`CLI (Command Line Interface)`
.. |CNI| replace:: :abbr:`CNI (Container Networking Interface)`
.. |CMK| replace:: :abbr:`CMK (CPU Manager for Kubernetes)`
.. |CoW| replace:: :abbr:`CoW (Copy on Write)`
.. |CSK| replace:: :abbr:`CSK (Code Signing Key)`
.. |CSKs| replace:: :abbr:`CSKs (Code Signing Keys)`
.. |CVE| replace:: :abbr:`CVE (Common Vulnerabilities and Exposures)`
.. |DHCP| replace:: :abbr:`DHCP (Dynamic Host Configuration Protocol)`
.. |DNS| replace:: :abbr:`DNS (Domain Name System)`
.. |DPDK| replace:: :abbr:`DPDK (Data Plane Development Kit)`
.. |DRBD| replace:: :abbr:`DRBD (Distributed Replicated Block Device)`
.. |DSCP| replace:: :abbr:`DSCP (Differentiated Services Code Point)`