ac4d8fea44
Global Pass Upgrades
Added content from emails attached to ticket and sharepoint
Pacth 01: inputs from email by Greg
Patch 03: Created new section for subcloud group
updated table 1 shared system configurations
Patch 04: corrected typos (Mary's comments)
Patch 05: solved merged conflict
patch 06: removed broken link
Story: TBD
Task: TBD
Signed-off-by: Adil <mohamed.adilassakkali@windriver.com>
Change-Id: I60b0a40a60a44d30429cd3a4dd8374c16345951a
97 lines
3.1 KiB
ReStructuredText
97 lines
3.1 KiB
ReStructuredText
|
|
.. qdu1595389242059
|
|
.. _updating-docker-registry-credentials-on-a-subcloud:
|
|
|
|
================================================
|
|
Update Docker Registry Credentials on a Subcloud
|
|
================================================
|
|
|
|
On a subcloud that uses the System Controller's Docker registry
|
|
(registry.central) as its install registry, you should use the
|
|
System Controller's sysinv service credentials for accessing registry.central.
|
|
This makes access to registry.central independent of changes to the Distributed
|
|
Cloud's Keystone admin user password.
|
|
|
|
Use the following procedure to update the install registry credentials on the
|
|
subcloud to the sysinv service credentials of the System Controller.
|
|
|
|
.. rubric:: |proc|
|
|
|
|
.. _updating-docker-registry-credentials-on-a-subcloud-steps-ywx-wyt-kmb:
|
|
|
|
#. On the System Controller, get the password for the sysinv services.
|
|
|
|
.. code-block:: none
|
|
|
|
$ keyring get sysinv services
|
|
|
|
#. On each subcloud, run the following script to update the Docker registry
|
|
credentials to sysinv:
|
|
|
|
.. code-block:: none
|
|
|
|
$ ./update_docker_registry_auth.sh sysinv <sysinv_password>
|
|
|
|
Where **./update\_docker\_registry\_auth.sh** script is:
|
|
|
|
.. code-block:: none
|
|
|
|
#!/bin/bash -e
|
|
|
|
USAGE="usage: ${0##*/} <username> <password>"
|
|
|
|
if [ "$#" -ne 2 ]
|
|
then
|
|
echo Missing arguments.
|
|
echo $USAGE
|
|
echo
|
|
exit
|
|
fi
|
|
|
|
NEW_CREDS="username:$1 password:$2"
|
|
|
|
echo
|
|
|
|
for REGISTRY in docker-registry quay-registry elastic-registry gcr-registry k8s-registry
|
|
do
|
|
|
|
echo -n "Updating" $REGISTRY "credentials ."
|
|
SECRET_UUID=`system service-parameter-list | fgrep $REGISTRY | fgrep auth-secret | awk '{print $10}'`
|
|
if [ -z "$SECRET_UUID" ]
|
|
then
|
|
echo "No $REGISTRY entry in service-parameters"
|
|
echo
|
|
continue
|
|
fi
|
|
SECRET_REF=`openstack secret list | fgrep ${SECRET_UUID} | awk '{print $2}'`
|
|
echo -n "."
|
|
SECRET_VALUE=`openstack secret get ${SECRET_REF} --payload -f value`
|
|
echo -n "."
|
|
|
|
openstack secret delete ${SECRET_REF} > /dev/null
|
|
echo -n "."
|
|
NEW_SECRET_VALUE=$NEW_CREDS
|
|
openstack secret store -n ${REGISTRY}-secret -p "${NEW_SECRET_VALUE}" > /dev/null
|
|
echo -n "."
|
|
NEW_SECRET_REF=`openstack secret list | fgrep ${REGISTRY}-secret | awk '{print $2}'`
|
|
NEW_SECRET_UUID=`echo "${NEW_SECRET_REF}" | awk -F/ '{print $6}'`
|
|
system service-parameter-modify docker $REGISTRY auth-secret="${NEW_SECRET_UUID}" > /dev/null
|
|
echo -n "."
|
|
echo " done."
|
|
|
|
echo -n "Validating $REGISTRY credentials updated to: "
|
|
SECRET_UUID=`system service-parameter-list | fgrep $REGISTRY | fgrep auth-secret | awk '{print $10}'`
|
|
if [ -z "$SECRET_UUID" ]
|
|
then
|
|
continue
|
|
fi
|
|
SECRET_REF=`openstack secret list | fgrep ${SECRET_UUID} | awk '{print $2}'`
|
|
SECRET_VALUE=`openstack secret get ${SECRET_REF} --payload -f value`
|
|
echo $SECRET_VALUE
|
|
|
|
echo
|
|
|
|
done
|
|
|
|
|