69 lines
2.2 KiB
Python
69 lines
2.2 KiB
Python
#
|
|
# Copyright (c) 2024 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
PROCESS_ID = '/var/run/ipsec-server.pid'
|
|
|
|
DEFAULT_BIND_ADDR = "0.0.0.0"
|
|
DEFAULT_LISTEN_PORT = 54724
|
|
TCP_SERVER = (DEFAULT_BIND_ADDR, DEFAULT_LISTEN_PORT)
|
|
|
|
PLATAFORM_CONF_FILE = '/etc/platform/platform.conf'
|
|
|
|
SIOCGIFADDR = 0x8915
|
|
SIOCGIFHWADDR = 0x8927
|
|
|
|
API_VERSION_CERT_MANAGER = 'cert-manager.io/v1'
|
|
CERTIFICATE_REQUEST_DURATION = '2160h'
|
|
CERTIFICATE_REQUEST_RESOURCE = 'certificaterequests.cert-manager.io'
|
|
GROUP_CERT_MANAGER = 'cert-manager.io'
|
|
NAMESPACE_CERT_MANAGER = 'cert-manager'
|
|
NAMESPACE_DEPLOYMENT = 'deployment'
|
|
|
|
CLUSTER_ISSUER_SYSTEM_LOCAL_CA = 'system-local-ca'
|
|
SECRET_SYSTEM_LOCAL_CA = 'system-local-ca'
|
|
|
|
# The system-local-ca certificates are stored by IPsec client
|
|
# named w/ 0 or 1 in their names. The system-local-ca-0.crt file represents
|
|
# the last tls certificate associated with system-local-ca,
|
|
# while system-local-ca-1.crt file is the current certificate
|
|
# associated with system-local-ca.
|
|
TRUSTED_CA_CERT_FILE_0 = 'system-local-ca-0.crt'
|
|
TRUSTED_CA_CERT_FILE_1 = 'system-local-ca-1.crt'
|
|
TRUSTED_CA_CERT_FILES = TRUSTED_CA_CERT_FILE_0 + ',' + TRUSTED_CA_CERT_FILE_1
|
|
TRUSTED_CA_CERT_DIR = '/etc/swanctl/x509ca/'
|
|
TRUSTED_CA_CERT_0_PATH = TRUSTED_CA_CERT_DIR + TRUSTED_CA_CERT_FILE_0
|
|
TRUSTED_CA_CERT_1_PATH = TRUSTED_CA_CERT_DIR + TRUSTED_CA_CERT_FILE_1
|
|
|
|
CERT_SYSTEM_LOCAL_DIR = '/etc/swanctl/x509/'
|
|
CERT_SYSTEM_LOCAL_PRIVATE_DIR = '/etc/swanctl/private/'
|
|
CERT_NAME_PREFIX = 'system-ipsec-certificate-'
|
|
|
|
TMP_DIR_IPSEC = '/tmp/ipsec/'
|
|
TMP_DIR_IPSEC_KEYS = TMP_DIR_IPSEC + 'keys/'
|
|
TMP_FILE_IPSEC_PUK1 = 'puk1.crt'
|
|
TMP_FILE_IPSEC_AK1_KEY = 'ak1.key'
|
|
TMP_PUK1_FILE = TMP_DIR_IPSEC + TMP_FILE_IPSEC_PUK1
|
|
TMP_AK1_FILE = TMP_DIR_IPSEC_KEYS + TMP_FILE_IPSEC_AK1_KEY
|
|
|
|
UNIT_HOSTNAME = 'unit_hostname'
|
|
FLOATING_UNIT_HOSTNAME = 'floating_unit_hostname'
|
|
|
|
CONTROLLER = 'controller'
|
|
|
|
REGION_NAME = 'SystemController'
|
|
PXECONTROLLER_URL = 'http://pxecontroller:6385'
|
|
|
|
OP_CODE_INITIAL_AUTH = "1"
|
|
OP_CODE_CERT_RENEWAL = "2"
|
|
SUPPORTED_OP_CODES = [OP_CODE_INITIAL_AUTH,
|
|
OP_CODE_CERT_RENEWAL]
|
|
|
|
MGMT_IPSEC_ENABLING = 'enabling'
|
|
MGMT_IPSEC_ENABLED = 'enabled'
|
|
MGMT_IPSEC_DISABLED = 'disabled'
|
|
|
|
CHILD_SA_NAME = 'node'
|
|
IKE_SA_NAME = 'system-nodes'
|