8cd5f76083
K8s certificates rotation after they reach the expiry date requires restart of sysinv services, both sysinv-conductor and sysinv-inv. The sysinv services cache k8s client object and get credentials from admin.conf. Restaring only the sysinv-conductor and missing the restart of the sysinv api causes the certificates not to be updated and this way affecting subcloud management functionality. The fix updates the script "kube-cert-rotation.sh" to restart all sysinv services and not only sysinv-conductor. The script "kube-cert-rotation.sh" requires to be installed with "700" permission. Tests performed: PASS: kube-cert-rotation.sh script gets installed correctly in directory /usr/bin and is set with permissions "700". PASS: kube-cert-rotation.sh script executes without errors when run to renew K8s certificates. PASS: After K8s certificates are renewed, all sysinv services get restarted. PASS: Executed successfully kube-cert-rotation.sh in AIO-SX and DC system configurations. Closes-Bug: 2002452 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> Change-Id: Ie74a47226280b9362558ebfa158a4bf91209e957 |
||
---|---|---|
api-ref/source | ||
config-gate | ||
controllerconfig | ||
devstack | ||
doc | ||
releasenotes | ||
storageconfig | ||
sysinv | ||
tmp/patch-scripts/EXAMPLE_SYSINV/scripts | ||
tools/docker/images | ||
tsconfig | ||
workerconfig | ||
.gitignore | ||
.gitreview | ||
.yamllint | ||
.zuul.yaml | ||
CONTRIBUTORS.wrs | ||
LICENSE | ||
README.rst | ||
bindep.txt | ||
centos_build_layer.cfg | ||
centos_dev_wheels.inc | ||
centos_iso_image.inc | ||
centos_pkg_dirs | ||
centos_pkg_dirs_containers | ||
centos_stable_wheels.inc | ||
debian_build_layer.cfg | ||
debian_iso_image.inc | ||
debian_pkg_dirs | ||
debian_stable_wheels.inc | ||
test-requirements.txt | ||
tox.ini |
README.rst
stx-config
StarlingX Configuration Management