config/sysinv/sysinv/debian
Andy Ning 3fbe5f1aa6 Add IPsec certificates renewal cron job
This change added the IPsec certificates renewal script, and set it up
as a cron job to run daily at mid night.

Test Plan:
PASS: After a DX system deployed, verify the script is in the correct
      directory with right permission, and is added in
      /var/spool/cron/crontabs/root
PASS: Simulate the IPsec cert is about to expire, run the script,
      verify IPsec cert, private key and trusted CA cert are renewed,
      and IKE SAs and CHILD SAs are re-established.
PASS: Simulate a failure condition (eg, ipsec-client return non zero),
      run the script, verify the IPsec renewal fails, and alarm
      250.004 is raised.
PASS: Run the script with IPsec cert not being about to expire, verify
      the script finish successfully and alarm 250.004 is cleared.
PASS: Simulate the IPsec trusted CA cert is different from the
      system-local-ca in k8s secret, run the script, verify the trusted
      CA and IPsec cert/key are renewed, and IKE SAs and CHILD SAs are
      re-established.

Story: 2010940
Task: 49705

Depends-On: https://review.opendev.org/c/starlingx/fault/+/912598
Change-Id: I69236399b59655dd67ac7b01c4472a4b7ab911e5
Signed-off-by: Andy Ning <andy.ning@windriver.com>
2024-03-13 10:46:24 -04:00
..
deb_folder Add IPsec certificates renewal cron job 2024-03-13 10:46:24 -04:00
meta_data.yaml Update debian package versions to use git commits 2023-02-10 20:11:06 +00:00