========
Deckhand
========
|Doc Status|
Deckhand is a storage service for YAML-based configuration documents, which are
managed through version control and automatically validated. Deckhand provides
users with a variety of different document types that describe complex
configurations using the features listed below.
Find more documentation for Deckhand on `Read the Docs `_.
Core Responsibilities
=====================
* layering - helps reduce duplication in configuration by applying the notion
of inheritance to documents
* substitution - provides separation between secret data and other
configuration data for security purposes and reduces data duplication by
allowing common data to be defined once and substituted elsewhere dynamically
* revision history - maintains well-defined collections of documents within
immutable revisions that are meant to operate together, while providing the
ability to rollback to previous revisions
* validation - allows services to implement and register different kinds of
validations and report errors
* secret management - leverages existing OpenStack APIs -- namely
`Barbican`_ -- to reliably and securely store sensitive data
.. _Barbican: https://docs.openstack.org/barbican/latest/api/
Getting Started
===============
For more detailed installation and setup information, please refer to the
`Getting Started `_
guide.
Testing
-------
Automated Testing
^^^^^^^^^^^^^^^^^
To run unit tests using sqlite, execute:
::
$ tox -epy27
$ tox -epy35
against a py27- or py35-backed environment, respectively. To run individual
unit tests, run:
::
$ tox -e py27 -- deckhand.tests.unit.db.test_revisions
for example.
To run functional tests:
::
$ tox -e functional
You can also run a subset of tests via a regex:
::
$ tox -e functional -- gabbi.suitemaker.test_gabbi_document-crud-success-multi-bucket
Integration Points
==================
Deckhand has the following integration points:
* `Barbican (OpenStack Key Manager) `_
provides secure storage for sensitive data.
* `Keystone (OpenStack Identity service) `_
provides authentication and support for role based authorization.
* `PostgreSQL `_ is used to persist information
to correlate workflows with users and history of workflow commands.
.. note::
Currently, other database back-ends are not supported.
Though, being a low-level service, has many other UCP services that integrate
with it, including:
* `Drydock `_ is orchestrated by
Shipyard to perform bare metal node provisioning.
* `Promenade `_ is indirectly
orchestrated by Shipyard to configure and join Kubernetes nodes.
* `Armada `_ is orchestrated by
Shipyard to deploy and test Kubernetes workloads.
Further Reading
===============
`Airship `_.
.. |Doc Status| image:: https://readthedocs.org/projects/deckhand/badge/?version=latest
:target: http://deckhand.readthedocs.io/