Merge "Recipe for integrating SDO RV service on Starlingx"

2021-04-06 18:42:12 +00:00 · 2021-04-06 18:42:12 +00:00 · e356c4b2ac
commit e356c4b2ac
parent d22daf9b11 e6965ea9da
2 changed files with 140 additions and 0 deletions
--- a/doc/source/developer_resources/index.rst
+++ b/doc/source/developer_resources/index.rst
@ -17,6 +17,7 @@ Developer Resources
   code-submission-guide
   debug_issues
   stx_tsn_in_kata
   stx_sdo_rv
   mirror_repo
   move_to_new_openstack_version_in_starlingx
   navigate_source_code
--- a/doc/source/developer_resources/stx_sdo_rv.rst
+++ b/doc/source/developer_resources/stx_sdo_rv.rst
@ -0,0 +1,139 @@
 ==================================
 Enable SDO RV Service on StarlingX
 ==================================
 .. contents::
   :local:
   :depth: 2
 ------------
 Introduction
 ------------
 `Secure Device Onboard (SDO) <https://secure-device-onboard.github.io/docs/>`_
 is an open source software that is in the process of becoming an industry
 standard through the FIDO (Fast IDentity Online) alliance, which automates the
 process of securely onboarding SDO capable devices. By “onboard” we mean the
 process by which device establishes its first trusted connection with the
 device management service.
 The devices to be onboarded through SDO can be X-86/ARM based platform ranging
 from small compute IoT devices to higher compute Xeon devices. The only condition
 is that, the device must come with necessary credentials and SDO client software
 during the manufacturing stage.
 The Secure Device Onboard process involves interactions between a number of
 different entities that participate in the process. Those include: Manufacturer,
 Device, Owner, Rendezvous service, Device platform service.
 This documents talks about enabling Rendezvous service on StarlingX.
 -----------------
 Integration Steps
 -----------------
 Following are the steps to build and enable SDO RV service.
 #. Complete building all the build layers. See `build guide <https://docs.starlingx.io/developer_resources/layered_build_guide.html>`_ for reference.
 #. You can build application exclusively. Enter the flock layer, please refer
   `flock layer <https://docs.starlingx.io/developer_resources/layered_build_guide.html#build-flock-layer>`_
   for same.
 #. Build application using below command:
   ::
     $ build-pkgs --clean stx-sdo-helm
     $ build-pkgs --dep-test stx-sdo-helm
   Following is the sample of a successful logs:
   ::
     13:49:21 ===== iteration 1 complete =====
     13:49:21
     13:49:21 Results out to: /localdisk/loadbuild/stx/flock/std/results/stx-flock-4.0-std
     13:49:21
     13:49:21 Pkgs built: 2
     13:49:21 Packages successfully built in this order:
     13:49:21 /localdisk/loadbuild/stx/flock/std/rpmbuild/SRPMS/build-info-1.0-4.tis.src.rpm
     13:49:21 /localdisk/loadbuild/stx/flock/std/rpmbuild/SRPMS/stx-sdo-helm-1.0-2.tis.src.rpm
     13:49:22 Recreate repodata
     ######## Tue Feb 23 13:49:23 UTC 2021: build-rpm-parallel --std was successful
     Tue Feb 23 13:49:23 UTC 2021: std complete
     Skipping 'rt' build, no valid targets in list:  stx-sdo-helm
     Skipping 'installer' build
     Skipping 'containers' build
     All builds were successful
 #. Create the armada application using below command:
   ::
     $ build-helm-charts.sh -a stx-sdo
   Sample console output is as follows:
   ::
     Merging yaml from file: usr/lib/armada/sdo_manifest.yaml
     Writing merged yaml file: stx-sdo.yaml
     Results:
     /localdisk/loadbuild/stx/flock/std/build-helm/stx/stx-sdo-1.0-2.tgz
 #. Exit from the container, the SDO-RV armada application will be found in the
   location as follows:
   ::
     $HOME/starlingx/workspace/localdisk/loadbuild/stx/flock/std/build-helm/stx/stx-sdo-<version>.tgz
 #. Copy the application into home folder of the controller.
 #. Copy the certs folder of the SDO version 1.10 release to the home
   folder using below command.
   ::
     curl --progress-bar -LO https://github.com/secure-device-onboard/release/releases/download/v1.10.0/rendezvous-service-v1.10.0.tar.gz
     tar -zxf rendezvous-service-v1.10.0.tar.gz
 #. Acquire admin credentials:
   ::
     source /etc/platform/openrc
 #. Load the stx-openstack application’s package into StarlingX. The tarball package contains stx-openstack’s Airship Armada manifest and stx-openstack’s set of helm charts. For example:
   ::
     system application-upload stx-sdo-<version>.tgz
 #. Apply the stx-sdo application in order to bring SDO RV application into service. If your environment is preconfigured with a proxy server, then make sure HTTPS proxy is set before applying stx-sdo.
   ::
     system application-apply stx-sdo
 #. Check the application status using below command:
   ::
     system application-show stx-sdo
 After the application apply is success, you will see the RV service and redis
 DB pods running. For example:
 ::
  [sysadmin@controller-0 ~(keystone_admin)]$ kubectl get pods -n kube-system
  NAME                         READY   STATUS    RESTARTS   AGE
  redis-6d76cdd759-wpnv7       1/1     Running   0          11d
  rv.deploy-6b9c4b8b65-chf2v   1/1     Running   0          11d