Comment 2 for bug 2002452

Reviewed: https://review.opendev.org/c/starlingx/config/+/869782
Committed: https://opendev.org/starlingx/config/commit/8cd5f76083f21ac0684825bbd9450edda1f9f5ea
Submitter: "Zuul (22348)"
Branch: master

commit 8cd5f76083f21ac0684825bbd9450edda1f9f5ea
Author: Carmen Rata <email address hidden>
Date: Wed Jan 11 03:56:44 2023 +0000

    Fix subcloud going offline if certificates expire

    K8s certificates rotation after they reach the expiry date requires
    restart of sysinv services, both sysinv-conductor and sysinv-inv.
    The sysinv services cache k8s client object and get credentials
    from admin.conf. Restaring only the sysinv-conductor and missing the
    restart of the sysinv api causes the certificates not to be updated
    and this way affecting subcloud management functionality.
    The fix updates the script "kube-cert-rotation.sh" to restart all
    sysinv services and not only sysinv-conductor.
    The script "kube-cert-rotation.sh" requires to be installed with
    "700" permission.

    Tests performed:
    PASS: kube-cert-rotation.sh script gets installed correctly in
    directory /usr/bin and is set with permissions "700".
    PASS: kube-cert-rotation.sh script executes without errors when run
    to renew K8s certificates.
    PASS: After K8s certificates are renewed, all sysinv services get
    restarted.
    PASS: Executed successfully kube-cert-rotation.sh in AIO-SX and DC
    system configurations.

    Closes-Bug: 2002452
    Signed-off-by: Carmen Rata <email address hidden>
    Change-Id: Ie74a47226280b9362558ebfa158a4bf91209e957