This change added the IPsec certificates renewal script, and set it up
as a cron job to run daily at mid night.
Test Plan:
PASS: After a DX system deployed, verify the script is in the correct
directory with right permission, and is added in
/var/spool/cron/crontabs/root
PASS: Simulate the IPsec cert is about to expire, run the script,
verify IPsec cert, private key and trusted CA cert are renewed,
and IKE SAs and CHILD SAs are re-established.
PASS: Simulate a failure condition (eg, ipsec-client return non zero),
run the script, verify the IPsec renewal fails, and alarm
250.004 is raised.
PASS: Run the script with IPsec cert not being about to expire, verify
the script finish successfully and alarm 250.004 is cleared.
PASS: Simulate the IPsec trusted CA cert is different from the
system-local-ca in k8s secret, run the script, verify the trusted
CA and IPsec cert/key are renewed, and IKE SAs and CHILD SAs are
re-established.
Story: 2010940
Task: 49705
Depends-On: https://review.opendev.org/c/starlingx/fault/+/912598
Change-Id: I69236399b59655dd67ac7b01c4472a4b7ab911e5
Signed-off-by: Andy Ning <andy.ning@windriver.com>