abef79e45f
This commit introduces a new configuration for swanctl.conf file
where cacerts references two system-local-ca files. The two files
represents the last (system-local-ca-0.crt) and the current
(system-local-ca-1.crt) certificates associated with system-local-ca.
The main goal of this implementation is to maintain SAs in all nodes
during the update of system-local-ca certificate.
Test plan:
PASS: In a DX system with available enabled active status with IPsec
server being executed from controller-0. Run "ipsec-client
pxecontroller --opcode 1" in worker-0. Observe that certificates,
keys and swanctl.conf files are created in worker-0 node. Observe
that a security association is established between the hosts via
"sudo swanctl --list-sas" command.
PASS: In a DX system with available enabled active status with IPsec
server being executed from controller-0. Run "ipsec-client
pxecontroller --opcode 2" in controller-1. Observe the previously
created CertificateRequest was deleted and generated a new one for
controller-1's node. The new certificate is sent to IPsec Client
and stored with the swanctl rekey command executed sucessfully.
Story: 2010940
Task: 49777
Change-Id: I638932a602ed9423d20ed448e5aada499ef65d77
Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
|
||
|---|---|---|
| .. | ||
| __init__.py | ||
| constants.py | ||
| objects.py | ||
| utils.py | ||