starlingx/docs
Code Issues Proposed changes
docs/doc/source/dist_cloud/kubernetes/shared-configurations.rst
Elisamara Aoki Gonçalves 46630063f4 Distributed Cloud review updates/upgrades - draft (r10,dsR10) 
Fix updates and upgrades in distributed cloud guide
Review of the Distributed Cloud Guide to adjust to USM
Fix merge conflict https://review.opendev.org/c/starlingx/docs/+/937086
Fix merge conflict with https://review.opendev.org/c/starlingx/docs/+/937352
Created Horizon Section for Orchestrate Subcloud Prestage

Change-Id: I8b288e35ec76fcbc11ccbe7715aefff70722094d
Signed-off-by: Elisamara Aoki Gonçalves <elisamaraaoki.goncalves@windriver.com>
2025-01-30 21:35:14 +00:00

59 lines
12 KiB
ReStructuredText
Raw Blame History

.. chj1558616978053
.. _shared-configurations:
=====================
Shared Configurations
=====================
Shared configurations are |prod-long| system settings or services managed by
the System Controller and synchronized across all subclouds.
Synchronizations can be delayed slightly, depending on network traffic
conditions and the amount of information to be synchronized.
|prod| synchronizes configuration for selected attributes of system-wide
configurations (see :ref:`Table 1
<shared-configurations-shared-sys-configs>`) and synchronizes configuration
for resources of the Keystone Identity Service (see :ref:`Table 2
<shared-configurations-shared-keystone-configs>`).
.. _shared-configurations-shared-sys-configs:
.. table:: Table 1. Shared System Configurations
:widths: auto
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Shared Configuration | Remarks |
+=============================+==============================================================================================================================================================================================================================================================================================================================================================+
| **sysadmin** Password | The **sysadmin** password may take up to 10 minutes to sync with the controller. The **sysadmin** password is not modified via the :command:`system` command. It is modified using the regular Linux :command:`passwd` command. |
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Certificates | Subclouds use the Trusted CA certificates installed on the System Controller. |
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _shared-configurations-shared-keystone-configs:
.. table:: Table 2. Shared Platform Keystone Resource Configurations
:widths: auto
+---------------+--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Local Service | Shared Configuration | Remarks |
+===============+==========================+==================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| Keystone | Users | To facilitate Single Sign-On across the entire |prod-dc|, and to enable centralized User Management, the Platform's Keystone's platform authentication identity resources are synced to the subclouds. If a new user, project, role or assignment, or changes to these resources are detected on the System Controller via Audit, they are automatically synced to the subclouds. If a subcloud is inaccessible or unmanaged at that time, then these resources and changes will be queued and synchronized once the subcloud becomes available. |
| | | |
| | Roles | The specific Keystone resources synchronized are: users, roles, projects, project roles, assignments, passwords and token revocation events. |
| | | |
| | Projects | |
| | | |
| | Project Role Assignments | |
| | | |
| | Passwords | |
| | | |
| | Token revocation events | |
+---------------+--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
View Git Blame Copy Permalink