starlingx/config
Code Issues Proposed changes
53e3797fca
config/centos_iso_image.inc
Bin Qian 8df382b256 Add cert-mon service 
Add new certificate monitoring service.
This is a service to perform monitoring certificates of
admin endpoint,
admin endpoint subcloud intermediate CA, and
admin endpoint DC root CA.
The certificates are managed and renewed by cert-manager.
This change includes monitoring admin endpoint certificate and
apply the new certificate (crt+key) to be used by haproxy for
admin endpoint https.
admin endpoint certificate renew will also replace the private
key. The implementation is a workaround to delete the secret
so that cert-manager regenerate the certificate with new private
key. Currently cert-manager has a bug preventing rekey when
renewing cert.

Monitoring of intermediate CA and DC root CA will be coming soon.

Passed TCs:
1. provisioned cert-mon service on system controller and subcloud
   controller, successfully swact

2. simulate endpoint certificate renew by shorten the endpoint
   certificate expiry time.
   observed the certificate (/etc/ssl/private/admin-ep-cert.pem)
   updated.
   verify admin endpoints accessible (local or remotely)
   verify admin endpoints accessible after haproxy restart

3. simulate an action to fail (hardcoded) and observe the action
   being configured number reattempted before giving up.

Story: 2007347
Task: 40168

Depends-on https://review.opendev.org/#/c/739890
Depends-on https://review.opendev.org/#/c/741511
Depends-on https://review.opendev.org/#/c/741993
Change-Id: Ie341e2e4896c291b7485e95c89c5c3f370ffea00
2020-07-20 14:06:31 -04:00

43 lines
522 B
PHP
Raw Blame History

# List of packages to be included/installed in ISO
# If these have dependencies, they will be pulled in automatically
#
# workerconfig
workerconfig
workerconfig-standalone
workerconfig-subfunction
# controllerconfig
controllerconfig
# storageconfig
storageconfig
# cert-mon
cert-mon
# cgts-client
cgts-client
# sysinv-agent
sysinv-agent
# sysinv-fpga-agent
sysinv-fpga-agent
# sysinv
sysinv
# config-gate
config-gate
config-gate-worker
# Platform helm charts
# PM QoS cpu latency manager
# tsconfig
tsconfig
View Git Blame Copy Permalink