8df382b256
Add new certificate monitoring service. This is a service to perform monitoring certificates of admin endpoint, admin endpoint subcloud intermediate CA, and admin endpoint DC root CA. The certificates are managed and renewed by cert-manager. This change includes monitoring admin endpoint certificate and apply the new certificate (crt+key) to be used by haproxy for admin endpoint https. admin endpoint certificate renew will also replace the private key. The implementation is a workaround to delete the secret so that cert-manager regenerate the certificate with new private key. Currently cert-manager has a bug preventing rekey when renewing cert. Monitoring of intermediate CA and DC root CA will be coming soon. Passed TCs: 1. provisioned cert-mon service on system controller and subcloud controller, successfully swact 2. simulate endpoint certificate renew by shorten the endpoint certificate expiry time. observed the certificate (/etc/ssl/private/admin-ep-cert.pem) updated. verify admin endpoints accessible (local or remotely) verify admin endpoints accessible after haproxy restart 3. simulate an action to fail (hardcoded) and observe the action being configured number reattempted before giving up. Story: 2007347 Task: 40168 Depends-on https://review.opendev.org/#/c/739890 Depends-on https://review.opendev.org/#/c/741511 Depends-on https://review.opendev.org/#/c/741993 Change-Id: Ie341e2e4896c291b7485e95c89c5c3f370ffea00 |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| agent.py | ||
| api.py | ||
| cert_mon.py | ||
| conductor.py | ||
| dbsync.py | ||
| dnsmasq_lease_update.py | ||
| fpga_agent.py | ||
| helm.py | ||
| puppet.py | ||
| upgrade.py | ||
| utils.py | ||