01a5ea0843
As of now, the script only verifies the validity of leaf certificates and, if expired, will regenerate them based on K8s/etcd Root CAs. It doesn't account for the possibility of Root CAs being expired. It will generate leaf certificates based on Root CAs, even if said Root CAs are expired. This change fixes that behaviour by first checking validity of Root CAs and only allowing leaf certificate renewal if RCAs are valid. Test plan: PASS: Cause Root CAs to expire, run kube-cert-rotation.sh script and verify that it fails with an error saying Root CAs are expired and leaf certificates are not renewed. PASS: Ensure to have valid Root CAs, cause leaf certificates to expire, run kube-cert-rotation.sh and verify that the script executes normally and is able to renew the leaf certificates. Closes-Bug: 2059708 Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com> Change-Id: I98dfd8d1417754f3c723d8ddd52a856785ffc83b |
||
---|---|---|
api-ref/source | ||
config-gate | ||
controllerconfig | ||
devstack | ||
doc | ||
releasenotes | ||
storageconfig | ||
sysinv | ||
tmp/patch-scripts/EXAMPLE_SYSINV/scripts | ||
tools/docker/images | ||
tsconfig | ||
workerconfig | ||
.gitignore | ||
.gitreview | ||
.yamllint | ||
.zuul.yaml | ||
CONTRIBUTORS.wrs | ||
LICENSE | ||
README.rst | ||
bindep.txt | ||
centos_build_layer.cfg | ||
centos_dev_wheels.inc | ||
centos_iso_image.inc | ||
centos_pkg_dirs | ||
centos_pkg_dirs_containers | ||
centos_stable_wheels.inc | ||
debian_build_layer.cfg | ||
debian_iso_image.inc | ||
debian_pkg_dirs | ||
debian_stable_wheels.inc | ||
test-requirements.txt | ||
tox.ini |
README.rst
config
The starlingx/config repository handles the StarlingX configuration management services.
Its key component is the System Inventory Service (Sysinv), which provides the system command-line interface (CLI)1.
This repository is not intended to be developed standalone, but rather as part of the StarlingX Source System, which is defined by the StarlingX manifest2.