This change added ipsec-auth client invocation in controller_config,
worker_config and storage_config init scripts that will run during
first reboot after installation, to configure and enable IPsec for the
node.
Note that IPsec for the first controller is configured and enabled by
bootstrap ansible playbook. So the invocation of ipsec-client is
skipped in controller_config.
Test Plan:
PASS: DX system, install controller-0, bootstrap and unlock, verify
IPsec is configured and enabled.
PASS: Install controller-1, verify IPsec is configured and enabled
after first reboot, SAs are established, and controller-1 is
online.
PASS: Install a worker node, verify IPsec is configured and enabled
after first reboot, SAs are establishe, and the worker node is
online.
PASS: After controller-1 and worker hosts are unlocked, verify SAs are
established among all hosts, and all nodes are in unlocked,
enabled and available states.
PASS: DC system with SX subcloud, verify System Controller and subcloud
are deployed successfully. In central cloud, SAs are established
among all hosts, all nodes are in unlocked, enabled and available
states.
Verify subcloud are online, managed, and all resource are in
in-sync states.
Verfiy user can ssh to subcloud.
Story: 2010940
Task: 50021
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/917868
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: I5572b4b50238c0c5e76cc04cabd24078e9defa5b
c36a031f3d