starlingx
/
config
Code Issues Proposed changes
StarlingX System Configuration Management
5,187 Commits 22 Branches 9 Tags 78 MiB
Python 97.3%
Shell 2.3%
CSS 0.2%
Go to file
Rei Oliveira 01a5ea0843 First check Root CAs on kube-cert-rotation.sh 
As of now, the script only verifies the validity of leaf certificates
and, if expired, will regenerate them based on K8s/etcd Root CAs.
It doesn't account for the possibility of Root CAs being expired.
It will generate leaf certificates based on Root CAs, even if said
Root CAs are expired.

This change fixes that behaviour by first checking validity of
Root CAs and only allowing leaf certificate renewal if RCAs are
valid.

Test plan:

PASS: Cause Root CAs to expire, run kube-cert-rotation.sh script
      and verify that it fails with an error saying Root CAs are
      expired and leaf certificates are not renewed.
PASS: Ensure to have valid Root CAs, cause leaf certificates
      to expire, run kube-cert-rotation.sh and verify that the
      script executes normally and is able to renew
      the leaf certificates.

Closes-Bug: 2059708

Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
Change-Id: I98dfd8d1417754f3c723d8ddd52a856785ffc83b
 		2024-03-28 14:28:34 -03:00
api-ref/source Improve kube-rootca-get-id API and error handling 2023-11-24 09:16:48 -05:00
config-gate Update debian package versions to use git commits 2023-02-10 20:11:06 +00:00
controllerconfig Avoid copy of encryption-provider from drbd location 2024-02-08 05:09:57 +00:00
devstack Deprecate old policy engine and restrict access 2022-08-10 11:18:38 -03:00
doc Fix Zuul failures due to new Sphinx release 2023-08-21 13:06:19 -03:00
releasenotes Remove host hardware sysinv profile 2021-10-18 18:01:40 -03:00
storageconfig Remove the use of the mgmt_ip field in host table 2023-11-01 10:30:21 -04:00
sysinv First check Root CAs on kube-cert-rotation.sh 2024-03-28 14:28:34 -03:00
tmp/patch-scripts/EXAMPLE_SYSINV/scripts StarlingX open source release updates 2018-05-31 07:35:52 -07:00
tools/docker/images Enable kubernetes SCTPSupport feature 2019-09-03 19:23:05 +00:00
tsconfig Updates after the mgmt network reconfiguration 2023-12-07 10:58:18 -03:00
workerconfig Remove the use of the mgmt_ip field in host table 2023-11-01 10:30:21 -04:00
.gitignore Minor zuul and tox file cleanup after manifest re-org 2019-09-06 15:40:37 -05:00
.gitreview OpenDev Migration Patch 2019-04-19 19:52:42 +00:00
.yamllint clear yamllint errors under stx-config 2018-09-12 21:11:57 +08:00
.zuul.yaml Update controllerconfig tox environment for debian 2023-05-31 15:25:25 +00:00
CONTRIBUTORS.wrs StarlingX open source release updates 2018-05-31 07:35:52 -07:00
LICENSE StarlingX open source release updates 2018-05-31 07:35:52 -07:00
README.rst starlingx/config README improvement 2023-07-19 12:18:04 -03:00
bindep.txt py3: Add py39 gate for sysinv 2021-08-27 08:39:06 -04:00
centos_build_layer.cfg Build layering, add layer build config file 2019-10-15 12:29:05 +08:00
centos_dev_wheels.inc Config file changes to add 'tsconfig' after relocation from 'update' 2019-09-05 11:51:05 -04:00
centos_iso_image.inc Merge sysinv_fpga_agent with sysinv_agent 2022-10-03 14:12:28 -04:00
centos_pkg_dirs Merge sysinv_fpga_agent with sysinv_agent 2022-10-03 14:12:28 -04:00
centos_pkg_dirs_containers Config file changes for packages relocated to repo 'openstack-armada-app' 2019-09-05 10:42:00 -04:00
centos_stable_wheels.inc Config file changes to add 'tsconfig' after relocation from 'update' 2019-09-05 11:51:05 -04:00
debian_build_layer.cfg Add debian_build_layer.cfg file 2021-10-05 14:50:08 -04:00
debian_iso_image.inc Setup debian build directory and ipsec-auth package 2024-01-26 09:46:14 -03:00
debian_pkg_dirs Setup debian build directory and ipsec-auth package 2024-01-26 09:46:14 -03:00
debian_stable_wheels.inc debian: Add sysinv wheel to the build 2022-11-21 13:33:24 +00:00
test-requirements.txt Calling an additional shell lint command from zuul 2021-06-03 17:35:50 -05:00
tox.ini Update tox.ini to work with tox 4 2022-12-26 18:55:39 +00:00

README.rst

config

The starlingx/config repository handles the StarlingX configuration management services.

Its key component is the System Inventory Service (Sysinv), which provides the system command-line interface (CLI)1.

This repository is not intended to be developed standalone, but rather as part of the StarlingX Source System, which is defined by the StarlingX manifest2.

References

  1. https://docs.starlingx.io/cli_ref/system.html↩︎

  2. https://opendev.org/starlingx/manifest.git↩︎