PKI 10.8 Containerization

From Dogtag
Jump to: navigation, search

Issue

Currently PKI cannot run inside OpenShift due to the following issues:

  • pkispawn needs to run as root
  • OpenShift requires containers to run as non-root (except during initialization in Dockerfile)
  • pkispawn needs systemd for installation and runtime
  • OpenShift doesn't support systemd (except after running /usr/sbin/init at the end of Dockerfile)

Solution

Remove PKI's dependency on systemd for installation and runtime.

Installation

Convert the configuration servlets into CLIs that can run without starting the server:

  • pki-server config-init
  • pki-server db-setup
  • pki-server cert-setup
  • pki-server admin-setup
  • pki-server nssdb-backup
  • pki-server sd-setup
  • pki-server db-user-setup
  • pki-server config-finalize

Runtime

Provide a CLI to run the server in the foreground:

  • pki-server run

Tasks

  • Refactor installation code not to depend on CMSEngine.
  • Refactor configuration servlets into CLIs.
  • Update installation code to use the CLIs instead of servlets (without systemd).
  • Add CLI to run PKI server in the foreground (without systemd).
  • Create Dockerfile to call pkispawn and then run the server in the foreground.
  • Publish PKI server image on DockerHub.
  • Deploy PKI server on OpenShift for demo.

See Also