3fbe5f1aa6
This change added the IPsec certificates renewal script, and set it up as a cron job to run daily at mid night. Test Plan: PASS: After a DX system deployed, verify the script is in the correct directory with right permission, and is added in /var/spool/cron/crontabs/root PASS: Simulate the IPsec cert is about to expire, run the script, verify IPsec cert, private key and trusted CA cert are renewed, and IKE SAs and CHILD SAs are re-established. PASS: Simulate a failure condition (eg, ipsec-client return non zero), run the script, verify the IPsec renewal fails, and alarm 250.004 is raised. PASS: Run the script with IPsec cert not being about to expire, verify the script finish successfully and alarm 250.004 is cleared. PASS: Simulate the IPsec trusted CA cert is different from the system-local-ca in k8s secret, run the script, verify the trusted CA and IPsec cert/key are renewed, and IKE SAs and CHILD SAs are re-established. Story: 2010940 Task: 49705 Depends-On: https://review.opendev.org/c/starlingx/fault/+/912598 Change-Id: I69236399b59655dd67ac7b01c4472a4b7ab911e5 Signed-off-by: Andy Ning <andy.ning@windriver.com> |
||
---|---|---|
api-ref/source | ||
config-gate | ||
controllerconfig | ||
devstack | ||
doc | ||
releasenotes | ||
storageconfig | ||
sysinv | ||
tmp/patch-scripts/EXAMPLE_SYSINV/scripts | ||
tools/docker/images | ||
tsconfig | ||
workerconfig | ||
.gitignore | ||
.gitreview | ||
.yamllint | ||
.zuul.yaml | ||
CONTRIBUTORS.wrs | ||
LICENSE | ||
README.rst | ||
bindep.txt | ||
centos_build_layer.cfg | ||
centos_dev_wheels.inc | ||
centos_iso_image.inc | ||
centos_pkg_dirs | ||
centos_pkg_dirs_containers | ||
centos_stable_wheels.inc | ||
debian_build_layer.cfg | ||
debian_iso_image.inc | ||
debian_pkg_dirs | ||
debian_stable_wheels.inc | ||
test-requirements.txt | ||
tox.ini |
README.rst
config
The starlingx/config repository handles the StarlingX configuration management services.
Its key component is the System Inventory Service (Sysinv), which provides the system command-line interface (CLI)1.
This repository is not intended to be developed standalone, but rather as part of the StarlingX Source System, which is defined by the StarlingX manifest2.