starlingx/docs
Code Issues Proposed changes
docs/doc/source/dist_cloud/updating-docker-registry-credentials-on-a-subcloud.rst
Adil ac4d8fea44 Node Management and Distributed cloud Guide updates 
Global Pass Upgrades

Added content from emails attached to ticket and sharepoint

Pacth 01: inputs from email by Greg

Patch 03: Created new section for subcloud group
          updated table 1 shared system configurations

Patch 04: corrected typos (Mary's comments)

Patch 05: solved merged conflict

patch 06: removed broken link

Story: TBD
Task: TBD



Signed-off-by: Adil <mohamed.adilassakkali@windriver.com>
Change-Id: I60b0a40a60a44d30429cd3a4dd8374c16345951a
2021-05-27 16:31:17 -03:00

3.1 KiB
Raw Blame History

Update Docker Registry Credentials on a Subcloud

On a subcloud that uses the System Controller's Docker registry (registry.central) as its install registry, you should use the System Controller's sysinv service credentials for accessing registry.central. This makes access to registry.central independent of changes to the Distributed Cloud's Keystone admin user password.

Use the following procedure to update the install registry credentials on the subcloud to the sysinv service credentials of the System Controller.

  1. On the System Controller, get the password for the sysinv services.

    $ keyring get sysinv services

  2. On each subcloud, run the following script to update the Docker registry credentials to sysinv:

    $ ./update_docker_registry_auth.sh sysinv <sysinv_password>

    Where ./update_docker_registry_auth.sh script is:

    #!/bin/bash -e

USAGE="usage: ${0##*/} <username> <password>"

if [ "$#" -ne 2 ]
then
  echo Missing arguments.
  echo $USAGE
  echo
  exit
fi

NEW_CREDS="username:$1 password:$2"

echo

for REGISTRY in docker-registry quay-registry elastic-registry gcr-registry k8s-registry
do

  echo -n "Updating" $REGISTRY "credentials ."
  SECRET_UUID=`system service-parameter-list | fgrep $REGISTRY | fgrep auth-secret | awk '{print $10}'`
  if [ -z "$SECRET_UUID" ]
  then
   echo "No $REGISTRY entry in service-parameters"
   echo
   continue
  fi
  SECRET_REF=`openstack secret list | fgrep ${SECRET_UUID} | awk '{print $2}'`
  echo -n "."
  SECRET_VALUE=`openstack secret get ${SECRET_REF} --payload -f value`
  echo -n "."

  openstack secret delete ${SECRET_REF} > /dev/null
  echo -n "."
  NEW_SECRET_VALUE=$NEW_CREDS
  openstack secret store -n ${REGISTRY}-secret -p "${NEW_SECRET_VALUE}" > /dev/null
  echo -n "."
  NEW_SECRET_REF=`openstack secret list | fgrep ${REGISTRY}-secret | awk '{print $2}'`
  NEW_SECRET_UUID=`echo "${NEW_SECRET_REF}" | awk -F/ '{print $6}'`
  system service-parameter-modify docker $REGISTRY auth-secret="${NEW_SECRET_UUID}" > /dev/null
  echo -n "."
  echo " done."

  echo -n "Validating $REGISTRY credentials updated to:  "
  SECRET_UUID=`system service-parameter-list | fgrep $REGISTRY | fgrep auth-secret | awk '{print $10}'`
  if [ -z "$SECRET_UUID" ]
  then
   continue
  fi
  SECRET_REF=`openstack secret list | fgrep ${SECRET_UUID} | awk '{print $2}'`
  SECRET_VALUE=`openstack secret get ${SECRET_REF} --payload -f value`
  echo $SECRET_VALUE

  echo

done