starlingx/config
Code Issues Proposed changes
StarlingX System Configuration Management
5,490 Commits 22 Branches 9 Tags 84 MiB
Python 97.1%
Shell 2.5%
CSS 0.2%
71bfe8a610
Go to file
Leonardo Mendes 71bfe8a610 Add IPSec cert validation after system boot 
This commit adds a new operation to IPSec server/client
to verify if local CA certificate is different from active
controller and renew it in case of failure. This operation
is executed everytime a system boot.

The operation is the comparison of the server cert serial
and the local cert serial. Because during initial authentication,
the server sends public CA certificate to each node to validade
the connection, but it's changed when the server update the
certificates.

Test Plan:
PASS: Full build, system install, bootstrap and unlock DX system w/
      unlocked enabled available status. Then, add a worker node and
      observe IPSec is enabled in all nodes and SAs are established.
PASS: Turn worker node off and update certificates in the controller
      nodes. Then, turn on the worker node again and observe that
      after reboot, the node will update the certificates and
      establish SAs with the other nodes.

Story: 2010940
Task: 50379

Change-Id: I1e765964797db9a35dc6fad00789b9c9c6232a49
Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
2024-06-20 10:56:59 -03:00
api-ref/source Add new sysinv unauthenticated region_id api 2024-04-17 14:21:28 -04:00
config-gate Remove CentOS/OpenSUSE build support 2024-04-26 13:45:07 -04:00
controllerconfig Add IPSec cert validation after system boot 2024-06-20 10:56:59 -03:00
devstack Deprecate old policy engine and restrict access 2022-08-10 11:18:38 -03:00
doc Fix tsconfig/root constraints file in tox.ini 2024-03-04 22:22:31 +00:00
releasenotes Remove host hardware sysinv profile 2021-10-18 18:01:40 -03:00
storageconfig Add IPSec cert validation after system boot 2024-06-20 10:56:59 -03:00
sysinv Add IPSec cert validation after system boot 2024-06-20 10:56:59 -03:00
tmp/patch-scripts/EXAMPLE_SYSINV/scripts StarlingX open source release updates 2018-05-31 07:35:52 -07:00
tools/docker/images Enable kubernetes SCTPSupport feature 2019-09-03 19:23:05 +00:00
tsconfig Remove CentOS/OpenSUSE build support 2024-04-26 13:45:07 -04:00
workerconfig Add IPSec cert validation after system boot 2024-06-20 10:56:59 -03:00
.gitignore Minor zuul and tox file cleanup after manifest re-org 2019-09-06 15:40:37 -05:00
.gitreview OpenDev Migration Patch 2019-04-19 19:52:42 +00:00
.yamllint clear yamllint errors under stx-config 2018-09-12 21:11:57 +08:00
.zuul.yaml Update controllerconfig tox environment for debian 2023-05-31 15:25:25 +00:00
bindep.txt py3: Add py39 gate for sysinv 2021-08-27 08:39:06 -04:00
CONTRIBUTORS.wrs StarlingX open source release updates 2018-05-31 07:35:52 -07:00
debian_build_layer.cfg Add debian_build_layer.cfg file 2021-10-05 14:50:08 -04:00
debian_iso_image.inc Setup debian build directory and ipsec-auth package 2024-01-26 09:46:14 -03:00
debian_pkg_dirs Setup debian build directory and ipsec-auth package 2024-01-26 09:46:14 -03:00
debian_stable_wheels.inc debian: Add sysinv wheel to the build 2022-11-21 13:33:24 +00:00
LICENSE StarlingX open source release updates 2018-05-31 07:35:52 -07:00
README.rst starlingx/config README improvement 2023-07-19 12:18:04 -03:00
test-requirements.txt Calling an additional shell lint command from zuul 2021-06-03 17:35:50 -05:00
tox.ini Fix tsconfig/root constraints file in tox.ini 2024-03-04 22:22:31 +00:00

README.rst

config

The starlingx/config repository handles the StarlingX configuration management services.

Its key component is the System Inventory Service (Sysinv), which provides the system command-line interface (CLI)1.

This repository is not intended to be developed standalone, but rather as part of the StarlingX Source System, which is defined by the StarlingX manifest2.

References

  1. https://docs.starlingx.io/cli_ref/system.html↩︎

  2. https://opendev.org/starlingx/manifest.git↩︎