A configuration management service with support for secrets.
Go to file
Felipe Monteiro 039f9830da Move retrieval of encrypted documents to Deckhand controller
This patchset moves retrieval of encrypted documents to the
Deckhand controller so that components like Pegleg and
Promenade can consume the Deckhand engine offline without
running into Barbican errors.

Components can pass in `encryption_sources` to Deckhand's
rendering module which Deckhand will now use instead to resolve
secret references.

`encryption_sources` is a dictionary that maps the reference
contained in the destination document's data section to the
actual unecrypted data. If encrypting data with Barbican, the
reference will be a Barbican secret reference.

Change-Id: I1a457d3bd37101d73a28882845c2ce74ac09fdf4
2018-07-08 23:16:26 +00:00
alembic [396582] Add alembic support to Deckhand 2018-04-06 23:30:16 -04:00
charts/deckhand Merge "chore(image): update image" 2018-06-05 15:15:15 +00:00
deckhand Move retrieval of encrypted documents to Deckhand controller 2018-07-08 23:16:26 +00:00
doc Move retrieval of encrypted documents to Deckhand controller 2018-07-08 23:16:26 +00:00
etc/deckhand Add missing Keystone options to registration of config 2018-06-16 06:31:03 +00:00
images/deckhand Allow Deckhand image to be built behind proxy 2018-06-07 21:18:51 +01:00
releasenotes style(pep8): remove identation ignores 2018-06-01 22:08:42 +00:00
tools Fix gate: update osh-infra-deploy-docker.yaml to align with osh 2018-07-02 21:52:33 -04:00
.coveragerc Add Deckhand coverage job 2017-08-15 16:11:35 -04:00
.dockerignore Collect profile data on DH requests 2018-02-15 13:09:16 -05:00
.gitignore Rename docs to doc to align with OpenStack standard 2018-06-05 13:19:24 -04:00
.gitreview Update .gitreview for openstack infra 2018-05-17 19:21:56 +01:00
.stestr.conf Switch to stestr 2018-03-28 13:06:46 -04:00
.zuul.yaml Add a readthedocs publish trigger to .zuul.yaml 2018-06-21 03:56:05 +01:00
alembic.ini [396582] Add alembic support to Deckhand 2018-04-06 23:30:16 -04:00
entrypoint.sh [fix] Drop deckhand.conf from default DECKHAND_CONF_DIR path 2018-04-07 00:20:47 -04:00
HACKING.rst Add sphinx job for auto-generating docs 2017-09-21 16:16:23 +01:00
LICENSE Update Apache LICENSE 2018-05-10 22:25:14 +01:00
Makefile Unifying proxy variables for docker build 2018-06-22 14:43:03 +02:00
README.rst Update README to correct typos and deprecated, misleading sections 2018-04-30 18:42:58 +00:00
requirements.txt Add better caching to jsonpath-ng wrapper functions 2018-07-03 02:07:27 +00:00
REVIEWING.rst docs: Add developer overview documentation 2018-06-20 15:00:46 -04:00
setup.cfg Update releasenotes/docs tox jobs 2018-04-24 22:34:49 +01:00
setup.py Oslo config integration (#1) 2017-06-26 16:57:50 -07:00
test-requirements.txt Update Deckhand test-/requirements.txt 2018-06-16 18:18:28 -04:00
tox.ini docs: Add developer overview documentation 2018-06-20 15:00:46 -04:00

Deckhand

Doc Status

Deckhand is a storage service for YAML-based configuration documents, which are managed through version control and automatically validated. Deckhand provides users with a variety of different document types that describe complex configurations using the features listed below.

Find more documentation for Deckhand on Read the Docs.

Core Responsibilities

  • layering - helps reduce duplication in configuration by applying the notion of inheritance to documents
  • substitution - provides separation between secret data and other configuration data for security purposes and reduces data duplication by allowing common data to be defined once and substituted elsewhere dynamically
  • revision history - maintains well-defined collections of documents within immutable revisions that are meant to operate together, while providing the ability to rollback to previous revisions
  • validation - allows services to implement and register different kinds of validations and report errors
  • secret management - leverages existing OpenStack APIs -- namely Barbican -- to reliably and securely store sensitive data

Getting Started

For more detailed installation and setup information, please refer to the Getting Started guide.

Testing

Automated Testing

To run unit tests using sqlite, execute:

$ tox -epy27
$ tox -epy35

against a py27- or py35-backed environment, respectively. To run individual unit tests, run:

$ tox -e py27 -- deckhand.tests.unit.db.test_revisions

for example.

To run functional tests:

$ tox -e functional

You can also run a subset of tests via a regex:

$ tox -e functional -- gabbi.suitemaker.test_gabbi_document-crud-success-multi-bucket

Integration Points

Deckhand has the following integration points:

Note

Currently, other database back-ends are not supported.

Though, being a low-level service, has many other UCP services that integrate with it, including:

  • Drydock is orchestrated by Shipyard to perform bare metal node provisioning.
  • Promenade is indirectly orchestrated by Shipyard to configure and join Kubernetes nodes.
  • Armada is orchestrated by Shipyard to deploy and test Kubernetes workloads.

Further Reading

Undercloud Platform (UCP).