config

History

Bin Qian 8df382b256 Add cert-mon service Add new certificate monitoring service. This is a service to perform monitoring certificates of admin endpoint, admin endpoint subcloud intermediate CA, and admin endpoint DC root CA. The certificates are managed and renewed by cert-manager. This change includes monitoring admin endpoint certificate and apply the new certificate (crt+key) to be used by haproxy for admin endpoint https. admin endpoint certificate renew will also replace the private key. The implementation is a workaround to delete the secret so that cert-manager regenerate the certificate with new private key. Currently cert-manager has a bug preventing rekey when renewing cert. Monitoring of intermediate CA and DC root CA will be coming soon. Passed TCs: 1. provisioned cert-mon service on system controller and subcloud controller, successfully swact 2. simulate endpoint certificate renew by shorten the endpoint certificate expiry time. observed the certificate (/etc/ssl/private/admin-ep-cert.pem) updated. verify admin endpoints accessible (local or remotely) verify admin endpoints accessible after haproxy restart 3. simulate an action to fail (hardcoded) and observe the action being configured number reattempted before giving up. Story: 2007347 Task: 40168 Depends-on https://review.opendev.org/#/c/739890 Depends-on https://review.opendev.org/#/c/741511 Depends-on https://review.opendev.org/#/c/741993 Change-Id: Ie341e2e4896c291b7485e95c89c5c3f370ffea00	2020-07-20 14:06:31 -04:00
..
build_srpm.data	Add cert-mon service	2020-07-20 14:06:31 -04:00
cert-mon.spec	Add cert-mon service	2020-07-20 14:06:31 -04:00

Bin Qian 8df382b256 Add cert-mon service

Add new certificate monitoring service.
This is a service to perform monitoring certificates of
admin endpoint,
admin endpoint subcloud intermediate CA, and
admin endpoint DC root CA.
The certificates are managed and renewed by cert-manager.
This change includes monitoring admin endpoint certificate and
apply the new certificate (crt+key) to be used by haproxy for
admin endpoint https.
admin endpoint certificate renew will also replace the private
key. The implementation is a workaround to delete the secret
so that cert-manager regenerate the certificate with new private
key. Currently cert-manager has a bug preventing rekey when
renewing cert.

Monitoring of intermediate CA and DC root CA will be coming soon.

Passed TCs:
1. provisioned cert-mon service on system controller and subcloud
   controller, successfully swact

2. simulate endpoint certificate renew by shorten the endpoint
   certificate expiry time.
   observed the certificate (/etc/ssl/private/admin-ep-cert.pem)
   updated.
   verify admin endpoints accessible (local or remotely)
   verify admin endpoints accessible after haproxy restart

3. simulate an action to fail (hardcoded) and observe the action
   being configured number reattempted before giving up.

Story: 2007347
Task: 40168

Depends-on https://review.opendev.org/#/c/739890
Depends-on https://review.opendev.org/#/c/741511
Depends-on https://review.opendev.org/#/c/741993
Change-Id: Ie341e2e4896c291b7485e95c89c5c3f370ffea00

2020-07-20 14:06:31 -04:00

build_srpm.data

Add cert-mon service

2020-07-20 14:06:31 -04:00

cert-mon.spec

Add cert-mon service

2020-07-20 14:06:31 -04:00