starlingx/docs
Code Issues Proposed changes
docs/doc/source/dist_cloud/kubernetes/shared-configurations.rst
Elisamara Aoki Goncalves 7286dd31c1 Cleanup of 'system' certificate CLI/RestAPI 
Remove deprecated CLIs.

Story: 2010848
Task: 50153

Change-Id: Ia5e160d6bf80a3ae80b5cbf6a6a6a0c3365bd8b3
Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
2024-06-21 13:39:41 +00:00

61 lines
13 KiB
ReStructuredText
Raw Blame History

.. chj1558616978053
.. _shared-configurations:
=====================
Shared Configurations
=====================
Shared configurations are |prod-long| system settings or services managed by
the System Controller and synchronized across all subclouds.
Synchronizations can be delayed slightly, depending on network traffic
conditions and the amount of information to be synchronized.
|prod| synchronizes configuration for selected attributes of system-wide
configurations (see :ref:`Table 1
<shared-configurations-shared-sys-configs>`) and synchronizes configuration
for resources of the Keystone Identity Service (see :ref:`Table 2
<shared-configurations-shared-keystone-configs>`).
.. _shared-configurations-shared-sys-configs:
.. table:: Table 1. Shared System Configurations
:widths: auto
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Shared Configuration | Remarks |
+=============================+==============================================================================================================================================================================================================================================================================================================================================================+
| DNS IP addresses | Subclouds use the DNS servers specified at the System Controller. |
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **sysadmin** Password | The **sysadmin** password may take up to 10 minutes to sync with the controller. The **sysadmin** password is not modified via the :command:`system` command. It is modified using the regular Linux :command:`passwd` command. |
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Certificates | Subclouds use the Trusted CA certificates installed on the System Controller using the system ca-certificate-install command. |
+-----------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
.. _shared-configurations-shared-keystone-configs:
.. table:: Table 2. Shared Platform Keystone Resource Configurations
:widths: auto
+---------------+--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Local Service | Shared Configuration | Remarks |
+===============+==========================+==================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| Keystone | Users | To facilitate Single Sign-On across the entire |prod-dc|, and to enable centralized User Management, the Platform's Keystone's platform authentication identity resources are synced to the subclouds. If a new user, project, role or assignment, or changes to these resources are detected on the System Controller via Audit, they are automatically synced to the subclouds. If a subcloud is inaccessible or unmanaged at that time, then these resources and changes will be queued and synchronized once the subcloud becomes available. |
| | | |
| | Roles | The specific Keystone resources synchronized are: users, roles, projects, project roles, assignments, passwords and token revocation events. |
| | | |
| | Projects | |
| | | |
| | Project Role Assignments | |
| | | |
| | Passwords | |
| | | |
| | Token revocation events | |
+---------------+--------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
View Git Blame Copy Permalink