abef79e45f
This commit introduces a new configuration for swanctl.conf file where cacerts references two system-local-ca files. The two files represents the last (system-local-ca-0.crt) and the current (system-local-ca-1.crt) certificates associated with system-local-ca. The main goal of this implementation is to maintain SAs in all nodes during the update of system-local-ca certificate. Test plan: PASS: In a DX system with available enabled active status with IPsec server being executed from controller-0. Run "ipsec-client pxecontroller --opcode 1" in worker-0. Observe that certificates, keys and swanctl.conf files are created in worker-0 node. Observe that a security association is established between the hosts via "sudo swanctl --list-sas" command. PASS: In a DX system with available enabled active status with IPsec server being executed from controller-0. Run "ipsec-client pxecontroller --opcode 2" in controller-1. Observe the previously created CertificateRequest was deleted and generated a new one for controller-1's node. The new certificate is sent to IPsec Client and stored with the swanctl rekey command executed sucessfully. Story: 2010940 Task: 49777 Change-Id: I638932a602ed9423d20ed448e5aada499ef65d77 Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com> |
||
---|---|---|
.. | ||
__init__.py | ||
constants.py | ||
objects.py | ||
utils.py |