starlingx
/
config
Code Issues Proposed changes
StarlingX System Configuration Management
5,216 Commits 22 Branches 10 Tags 78 MiB
Python 97.3%
Shell 2.3%
CSS 0.2%
Go to file
Manoel Benedito Neto 937ce744b0 Implement IPsec Cert-Renewal Operation 
This commit adds IPsec Cert-Renewal implementation to work
properly when specified by "--opcode" parameter in IPsec
client execution.

This implementation adds to IPsec client a rekey step after
the generated keys and cert are stored and exchanged during
cert-renewal operation. The main goal of this implementation
is to provide new certificates and keys for an IPsec client
host that has already been authenticated by IPsec server host.

Test Plan:
PASS: Full build, system install, bootstrap and unlock DX system w/
      unlocked enabled available status.
PASS: Execute "ipsec-client pxecontroller --opcode 2" in controller-1.
      Observe the previously created CertificateRequest was deleted and
      generated a new one for controller-1's node. The new certificate
      is sent to IPsec Client and stored with the swanctl rekey command
      executed sucessfully.
PASS: In a DC system with available enabled active status with IPsec
      server being executed from controller-0. Change c0 and c1 dates
      to expire IPsec certificates. If needed, recover kubernetes
      certificates or pods. Execute "sudo ipsec-client pxecontroller
      -o 2" command from controller-0 and controller-1. Observe that
      certificates and keys were generated and stored in /etc/swanctl/
      directory. Observe new SAs have been created between controllers
      by executing "sudo swanctl --list-sas" command.

Story: 2010940
Task: 49656

Change-Id: I69383005c2e204fe0a6401b2efaf05e8754f2bc3
Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
 		2024-03-08 12:24:02 -03:00
api-ref/source Improve kube-rootca-get-id API and error handling 2023-11-24 09:16:48 -05:00
config-gate Update debian package versions to use git commits 2023-02-10 20:11:06 +00:00
controllerconfig Retrieve only the deploy plug-in helm-chart 2024-03-01 12:10:17 -05:00
devstack Deprecate old policy engine and restrict access 2022-08-10 11:18:38 -03:00
doc Fix tsconfig/root constraints file in tox.ini 2024-03-04 22:22:31 +00:00
releasenotes Remove host hardware sysinv profile 2021-10-18 18:01:40 -03:00
storageconfig Remove the use of the mgmt_ip field in host table 2023-11-01 10:30:21 -04:00
sysinv Implement IPsec Cert-Renewal Operation 2024-03-08 12:24:02 -03:00
tmp/patch-scripts/EXAMPLE_SYSINV/scripts StarlingX open source release updates 2018-05-31 07:35:52 -07:00
tools/docker/images Enable kubernetes SCTPSupport feature 2019-09-03 19:23:05 +00:00
tsconfig Fix tsconfig/root constraints file in tox.ini 2024-03-04 22:22:31 +00:00
workerconfig Remove the use of the mgmt_ip field in host table 2023-11-01 10:30:21 -04:00
.gitignore Minor zuul and tox file cleanup after manifest re-org 2019-09-06 15:40:37 -05:00
.gitreview OpenDev Migration Patch 2019-04-19 19:52:42 +00:00
.yamllint clear yamllint errors under stx-config 2018-09-12 21:11:57 +08:00
.zuul.yaml Update controllerconfig tox environment for debian 2023-05-31 15:25:25 +00:00
CONTRIBUTORS.wrs StarlingX open source release updates 2018-05-31 07:35:52 -07:00
LICENSE StarlingX open source release updates 2018-05-31 07:35:52 -07:00
README.rst starlingx/config README improvement 2023-07-19 12:18:04 -03:00
bindep.txt py3: Add py39 gate for sysinv 2021-08-27 08:39:06 -04:00
centos_build_layer.cfg Build layering, add layer build config file 2019-10-15 12:29:05 +08:00
centos_dev_wheels.inc Config file changes to add 'tsconfig' after relocation from 'update' 2019-09-05 11:51:05 -04:00
centos_iso_image.inc Merge sysinv_fpga_agent with sysinv_agent 2022-10-03 14:12:28 -04:00
centos_pkg_dirs Merge sysinv_fpga_agent with sysinv_agent 2022-10-03 14:12:28 -04:00
centos_pkg_dirs_containers Config file changes for packages relocated to repo 'openstack-armada-app' 2019-09-05 10:42:00 -04:00
centos_stable_wheels.inc Config file changes to add 'tsconfig' after relocation from 'update' 2019-09-05 11:51:05 -04:00
debian_build_layer.cfg Add debian_build_layer.cfg file 2021-10-05 14:50:08 -04:00
debian_iso_image.inc Setup debian build directory and ipsec-auth package 2024-01-26 09:46:14 -03:00
debian_pkg_dirs Setup debian build directory and ipsec-auth package 2024-01-26 09:46:14 -03:00
debian_stable_wheels.inc debian: Add sysinv wheel to the build 2022-11-21 13:33:24 +00:00
test-requirements.txt Calling an additional shell lint command from zuul 2021-06-03 17:35:50 -05:00
tox.ini Fix tsconfig/root constraints file in tox.ini 2024-03-04 22:22:31 +00:00

README.rst

config

The starlingx/config repository handles the StarlingX configuration management services.

Its key component is the System Inventory Service (Sysinv), which provides the system command-line interface (CLI)1.

This repository is not intended to be developed standalone, but rather as part of the StarlingX Source System, which is defined by the StarlingX manifest2.

References

  1. https://docs.starlingx.io/cli_ref/system.html↩︎

  2. https://opendev.org/starlingx/manifest.git↩︎