937ce744b0
This commit adds IPsec Cert-Renewal implementation to work properly when specified by "--opcode" parameter in IPsec client execution. This implementation adds to IPsec client a rekey step after the generated keys and cert are stored and exchanged during cert-renewal operation. The main goal of this implementation is to provide new certificates and keys for an IPsec client host that has already been authenticated by IPsec server host. Test Plan: PASS: Full build, system install, bootstrap and unlock DX system w/ unlocked enabled available status. PASS: Execute "ipsec-client pxecontroller --opcode 2" in controller-1. Observe the previously created CertificateRequest was deleted and generated a new one for controller-1's node. The new certificate is sent to IPsec Client and stored with the swanctl rekey command executed sucessfully. PASS: In a DC system with available enabled active status with IPsec server being executed from controller-0. Change c0 and c1 dates to expire IPsec certificates. If needed, recover kubernetes certificates or pods. Execute "sudo ipsec-client pxecontroller -o 2" command from controller-0 and controller-1. Observe that certificates and keys were generated and stored in /etc/swanctl/ directory. Observe new SAs have been created between controllers by executing "sudo swanctl --list-sas" command. Story: 2010940 Task: 49656 Change-Id: I69383005c2e204fe0a6401b2efaf05e8754f2bc3 Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com> |
||
---|---|---|
api-ref/source | ||
config-gate | ||
controllerconfig | ||
devstack | ||
doc | ||
releasenotes | ||
storageconfig | ||
sysinv | ||
tmp/patch-scripts/EXAMPLE_SYSINV/scripts | ||
tools/docker/images | ||
tsconfig | ||
workerconfig | ||
.gitignore | ||
.gitreview | ||
.yamllint | ||
.zuul.yaml | ||
CONTRIBUTORS.wrs | ||
LICENSE | ||
README.rst | ||
bindep.txt | ||
centos_build_layer.cfg | ||
centos_dev_wheels.inc | ||
centos_iso_image.inc | ||
centos_pkg_dirs | ||
centos_pkg_dirs_containers | ||
centos_stable_wheels.inc | ||
debian_build_layer.cfg | ||
debian_iso_image.inc | ||
debian_pkg_dirs | ||
debian_stable_wheels.inc | ||
test-requirements.txt | ||
tox.ini |
README.rst
config
The starlingx/config repository handles the StarlingX configuration management services.
Its key component is the System Inventory Service (Sysinv), which provides the system command-line interface (CLI)1.
This repository is not intended to be developed standalone, but rather as part of the StarlingX Source System, which is defined by the StarlingX manifest2.