single command to config coe clients
Right now for a client to get access to an existing bay the following sequence (or similar) is required:
1. openssl genrsa -out key.pem 4096
2. openssl req -new ... -key key.pem -out cert.csr
3. magnum ca-sign --bay mybay --csr cert.csr > cert.pem
4. magnum ca-show --bay mybay > ca.pem
And then clients still need to know how to configure TLS for the specific COE they are using.
This is ok but maybe we could wrap this into a single command taking care of everything.
# magnum config --bay mybay
which would do all the steps above, and create a local config file either in the local dir or directly in the expected coe config dirs. Example for docker swarm would be ~/.docker/
Blueprint information
- Status:
- Complete
- Approver:
- hongbin
- Priority:
- High
- Drafter:
- Ricardo Rocha
- Direction:
- Approved
- Assignee:
- Ricardo Rocha
- Definition:
- Superseded
- Series goal:
- Accepted for newton
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- hongbin
Related branches
Related bugs
Sprints
Whiteboard
This seems like user CLI improvement, but good to have it I think. A config.json maybe not good enough, what about k8s/mesos which are using ca file directly? (Eli 5-17-2016)
(ricardo_rocha): There should be a similar mechanism for kubernetes, passing a similar file to --kubeconfig. Currently we're doing the following sequence for kubectl:
# kubectl config set-credentials mybay-test --client-
# kubectl config set-cluster mybay-test --server=https:/
# kubectl config set-context default/mybay-test --user=mybay-test --cluster=
# kubectl config use-context default/mybay-test
which results in the following in ~/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate
server: https:/
name: mybay-test
contexts:
- context:
cluster: mybay-test
user: mybay-test
name: default/mybay-test
current-context: default/mybay-test
kind: Config
preferences: {}
users:
- name: mybay-test
user:
client-
client-key: /home/ricardo/
We can generate something like this for k8s so users pass it later with kubectl --kubeconfig.
I'm willing to take this BP myself :-)
This bp is duplicated of following bp.
https:/
(hongbin): I closed this BP since it duplicates with https:/