commit 8cd5f76083f21ac0684825bbd9450edda1f9f5ea
Author: Carmen Rata <email address hidden>
Date: Wed Jan 11 03:56:44 2023 +0000
Fix subcloud going offline if certificates expire
K8s certificates rotation after they reach the expiry date requires
restart of sysinv services, both sysinv-conductor and sysinv-inv.
The sysinv services cache k8s client object and get credentials
from admin.conf. Restaring only the sysinv-conductor and missing the
restart of the sysinv api causes the certificates not to be updated
and this way affecting subcloud management functionality.
The fix updates the script "kube-cert-rotation.sh" to restart all
sysinv services and not only sysinv-conductor.
The script "kube-cert-rotation.sh" requires to be installed with
"700" permission.
Tests performed:
PASS: kube-cert-rotation.sh script gets installed correctly in
directory /usr/bin and is set with permissions "700".
PASS: kube-cert-rotation.sh script executes without errors when run
to renew K8s certificates.
PASS: After K8s certificates are renewed, all sysinv services get
restarted.
PASS: Executed successfully kube-cert-rotation.sh in AIO-SX and DC
system configurations.
Closes-Bug: 2002452
Signed-off-by: Carmen Rata <email address hidden>
Change-Id: Ie74a47226280b9362558ebfa158a4bf91209e957
Reviewed: https:/ /review. opendev. org/c/starlingx /config/ +/869782 /opendev. org/starlingx/ config/ commit/ 8cd5f76083f21ac 0684825bbd9450e dda1f9f5ea
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 8cd5f76083f21ac 0684825bbd9450e dda1f9f5ea
Author: Carmen Rata <email address hidden>
Date: Wed Jan 11 03:56:44 2023 +0000
Fix subcloud going offline if certificates expire
K8s certificates rotation after they reach the expiry date requires rotation. sh" to restart all rotation. sh" requires to be installed with
restart of sysinv services, both sysinv-conductor and sysinv-inv.
The sysinv services cache k8s client object and get credentials
from admin.conf. Restaring only the sysinv-conductor and missing the
restart of the sysinv api causes the certificates not to be updated
and this way affecting subcloud management functionality.
The fix updates the script "kube-cert-
sysinv services and not only sysinv-conductor.
The script "kube-cert-
"700" permission.
Tests performed: rotation. sh script gets installed correctly in rotation. sh script executes without errors when run rotation. sh in AIO-SX and DC
PASS: kube-cert-
directory /usr/bin and is set with permissions "700".
PASS: kube-cert-
to renew K8s certificates.
PASS: After K8s certificates are renewed, all sysinv services get
restarted.
PASS: Executed successfully kube-cert-
system configurations.
Closes-Bug: 2002452 362558ebfa158a4 bf91209e957
Signed-off-by: Carmen Rata <email address hidden>
Change-Id: Ie74a47226280b9