a26b4b4050
This task will adapt existing implementation to run full certificate expiration audit in "health-query-upgrade" and return fail in _check_alarms in case of existence of any cert alarm in the system. Both "expiring soon" and "expired" alarms will block upgrades, but can be skipped with the use of the force flag. This change will also add a information about certificate expiration alarms to the line related to existing alarms of the output in "health-query-upgrade". Note: Now that 'keystone_opt_group' is used for both cert_alarm and health.py, the variable 'keystone_authtoken' had to be changed to 'KEYSTONE_AUTHTOKEN' to match with the key that is used by the CONF object from health.py which is configured as uppercase in line 118 of openstack.py. Test Plan: PASS: Run "health-query-upgrade" with one or more 'expiring soon'or 'expired' alarms and verify that a message is show in 'health-query-upgrade' output saying that there is certificate expiration alarms. PASS: Run 'health-query-upgrade' with no active certificate alarm and verify that no certificate alarms were shown in the output of 'health-query-upgrade'. PASS: Run 'system upgrade-start' with the --force flag with one or more certificate alarms and verify that the upgrade can be started normally. PASS: Add a new certificate with expiry date of less than 30 days and run 'health-query-upgrade' before the scheduled full audit runs and check if the alarm was created and detected by 'health-query-upgrade'. PASS: Delete secret from a certificate that is monitored by cert-mon and check if cert-mon was able to reinstall the secret to the filesystem. Task: 47478 Story: 2009303 Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com> Change-Id: Iaba585b6ecd7f63e0ed186f87c7274c4b9778889 |
||
---|---|---|
.. | ||
cert-alarm | ||
cert-mon | ||
cgts-client | ||
sysinv | ||
sysinv-agent |