PKI 10.8 Containerization
Currently PKI cannot run inside OpenShift due to the following issues:
- pkispawn needs to run as root
- OpenShift requires containers to run as non-root (except during initialization in Dockerfile)
- pkispawn needs systemd for installation and runtime
- OpenShift doesn't support systemd (except after running /usr/sbin/init at the end of Dockerfile)
Remove PKI's dependency on systemd for installation and runtime.
Convert the configuration servlets into CLIs that can run without starting the server:
- pki-server config-init
- pki-server db-setup
- pki-server cert-setup
- pki-server admin-setup
- pki-server nssdb-backup
- pki-server sd-setup
- pki-server db-user-setup
- pki-server config-finalize
Provide a CLI to run the server in the foreground:
- pki-server run
- Refactor installation code not to depend on CMSEngine.
- Refactor configuration servlets into CLIs.
- Update installation code to use the CLIs instead of servlets (without systemd).
- Add CLI to run PKI server in the foreground (without systemd).
- Create Dockerfile to call pkispawn and then run the server in the foreground.
- Publish PKI server image on DockerHub.
- Deploy PKI server on OpenShift for demo.