starlingx
/
config
Code Issues Proposed changes
StarlingX System Configuration Management
3,681 Commits 22 Branches 10 Tags 76 MiB
Python 97.4%
Shell 2.2%
CSS 0.2%
Go to file
Carmen Rata ac2604e9a0 OpenLDAP certificate support in sysinv apis 
A secure openldap server requires support for openldap certificates.
Internal sysinv rest api "cerificate_install" and system certificate
management CLIs "certificate-install" and "certificate-list" need to
have sysinv cert-mon support for openldap certificate.
This commit is the first step in making rest api "certificate-install"
and CLI "certificate-list" fully functional.
Subsequent "sysinv/conductor/manager.py" support code changes for
openldap certificate configuration will complete the sysinv cert-mon
implementation as they would need to be accompanied by openldap
schema updates for ssl certificate and key, updates done using puppet
configuration and part of a follow up commit.
New “mode=openldap” was added to internal sysinv rest api
"certificate_install" but it's usage is disallowed in the system CLI
"certificate-install".
The new secure endpoint for openldap/slapd is not yet being used.
In future next step, when SSSD (System Security Services Daemon)
client is introduced, security will be enhanced with use of LDAPS
for openldap/slapd.

Tests performed:
PASS: Add new mode=openldap to sysinv rest api "certificate_install".
Testing verifies the instrumentation of the rest api option
"m=openldap" in the sysinv cert-mon code and does not verifies the
full functionality of the option that is not enabled yet beyond
cert-mon. Testing shows in debug mode that the option is working and
cert-mon calls are logged. The option triggers cert-mon apis for
openldap as expected.
PASS: Disable mode-openldap in the system CLI "certificate-install".
PASS: Create new certificate and secret.
PASS: List all certificates. This test is to ensure installed
certificates are listed and CLI "certificate-list" is not broken.
The openldap certificate is expected not to be in the list.
PASS: Delete a certificate and secret.

Story: 2009834
Task: 44655

Change-Id: I01db5a7ea9848187655174b1b5451f73d9c5c220
Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
 		2022-03-07 18:01:50 -05:00
api-ref/source Merge "Remove force option for k8s rootca update complete/abort" 2021-11-25 17:32:40 +00:00
config-gate Add debian package for config-gate 2021-10-05 03:58:30 -04:00
controllerconfig [PTP dual NIC config] Fix parameters from legacy 2022-02-23 12:23:47 -03:00
devstack Remove host hardware sysinv profile 2021-10-18 18:01:40 -03:00
doc Switch to newer openstackdocstheme and reno versions 2020-06-04 14:13:51 +02:00
releasenotes Remove host hardware sysinv profile 2021-10-18 18:01:40 -03:00
storageconfig Add debian packaging directory for storageconfig 2021-10-18 10:05:38 -03:00
sysinv OpenLDAP certificate support in sysinv apis 2022-03-07 18:01:50 -05:00
tmp/patch-scripts/EXAMPLE_SYSINV/scripts StarlingX open source release updates 2018-05-31 07:35:52 -07:00
tools/docker/images Enable kubernetes SCTPSupport feature 2019-09-03 19:23:05 +00:00
tsconfig Merge "debian: Install tsconfig in the right place" 2021-12-08 15:27:08 +00:00
workerconfig Add debian packaging directory for workerconfig 2021-09-28 09:51:54 -04:00
.gitignore Minor zuul and tox file cleanup after manifest re-org 2019-09-06 15:40:37 -05:00
.gitreview OpenDev Migration Patch 2019-04-19 19:52:42 +00:00
.yamllint clear yamllint errors under stx-config 2018-09-12 21:11:57 +08:00
.zuul.yaml Removing py36 gates from zuul for config 2021-10-05 16:29:11 +00:00
CONTRIBUTORS.wrs StarlingX open source release updates 2018-05-31 07:35:52 -07:00
LICENSE StarlingX open source release updates 2018-05-31 07:35:52 -07:00
README.rst StarlingX open source release updates 2018-05-31 07:35:52 -07:00
bindep.txt py3: Add py39 gate for sysinv 2021-08-27 08:39:06 -04:00
centos_build_layer.cfg Build layering, add layer build config file 2019-10-15 12:29:05 +08:00
centos_dev_wheels.inc Config file changes to add 'tsconfig' after relocation from 'update' 2019-09-05 11:51:05 -04:00
centos_helm.inc Infrastructure and Cluster Monitoring 2019-08-21 17:19:54 -04:00
centos_iso_image.inc Add cert-alarm service 2021-07-22 08:29:23 -04:00
centos_pkg_dirs Add cert-alarm service 2021-07-22 08:29:23 -04:00
centos_pkg_dirs_containers Config file changes for packages relocated to repo 'openstack-armada-app' 2019-09-05 10:42:00 -04:00
centos_stable_wheels.inc Config file changes to add 'tsconfig' after relocation from 'update' 2019-09-05 11:51:05 -04:00
debian_build_layer.cfg Add debian_build_layer.cfg file 2021-10-05 14:50:08 -04:00
debian_iso_image.inc Add debian_iso_image.inc file 2021-11-04 09:07:23 -04:00
debian_pkg_dirs Add missing packages that have debian directories. 2021-11-01 19:20:40 -04:00
test-requirements.txt Calling an additional shell lint command from zuul 2021-06-03 17:35:50 -05:00
tox.ini Calling an additional shell lint command from zuul 2021-06-03 17:35:50 -05:00

README.rst

stx-config

StarlingX Configuration Management