Issue#
Currently PKI cannot run inside OpenShift due to the following issues:
pkispawn needs to run as root
OpenShift requires containers to run as non-root (except during initialization in Dockerfile)
pkispawn needs systemd for installation and runtime
OpenShift doesn’t support systemd (except after running /usr/sbin/init at the end of Dockerfile)
Solution#
Remove PKI’s dependency on systemd for installation and runtime.
Installation#
Convert the configuration servlets into CLIs that can run without starting the server:
pki-server config-init
pki-server db-setup
pki-server cert-setup
pki-server admin-setup
pki-server nssdb-backup
pki-server sd-setup
pki-server db-user-setup
pki-server config-finalize
Runtime#
Provide a CLI to run the server in the foreground:
pki-server run
Tasks#
Refactor installation code not to depend on CMSEngine.
Refactor configuration servlets into CLIs.
Update installation code to use the CLIs instead of servlets (without systemd).
Add CLI to run PKI server in the foreground (without systemd).
Create Dockerfile to call pkispawn and then run the server in the foreground.
Publish PKI server image on DockerHub.
Deploy PKI server on OpenShift for demo.