StarlingX System Configuration Management
71bfe8a610
This commit adds a new operation to IPSec server/client to verify if local CA certificate is different from active controller and renew it in case of failure. This operation is executed everytime a system boot. The operation is the comparison of the server cert serial and the local cert serial. Because during initial authentication, the server sends public CA certificate to each node to validade the connection, but it's changed when the server update the certificates. Test Plan: PASS: Full build, system install, bootstrap and unlock DX system w/ unlocked enabled available status. Then, add a worker node and observe IPSec is enabled in all nodes and SAs are established. PASS: Turn worker node off and update certificates in the controller nodes. Then, turn on the worker node again and observe that after reboot, the node will update the certificates and establish SAs with the other nodes. Story: 2010940 Task: 50379 Change-Id: I1e765964797db9a35dc6fad00789b9c9c6232a49 Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com> |
||
---|---|---|
api-ref/source | ||
config-gate | ||
controllerconfig | ||
devstack | ||
doc | ||
releasenotes | ||
storageconfig | ||
sysinv | ||
tmp/patch-scripts/EXAMPLE_SYSINV/scripts | ||
tools/docker/images | ||
tsconfig | ||
workerconfig | ||
.gitignore | ||
.gitreview | ||
.yamllint | ||
.zuul.yaml | ||
bindep.txt | ||
CONTRIBUTORS.wrs | ||
debian_build_layer.cfg | ||
debian_iso_image.inc | ||
debian_pkg_dirs | ||
debian_stable_wheels.inc | ||
LICENSE | ||
README.rst | ||
test-requirements.txt | ||
tox.ini |
config
The starlingx/config repository handles the StarlingX configuration management services.
Its key component is the System Inventory Service (Sysinv), which provides the system command-line interface (CLI)1.
This repository is not intended to be developed standalone, but rather as part of the StarlingX Source System, which is defined by the StarlingX manifest2.