config

History

Manoel Benedito Neto 68b06da7b8 Add and Configure IPsec Config Service This commit adds and installs ipsec-config script executed during the execution of the sm-service. The ipsec-config service has the goal to create a symbolic link between swanctl.conf file and different .conf files depending on which personality the controller node is assuming, swanctl_active.conf or swanctl_standby.conf. This script implements 5 actions: start, stop, status, meta-data and monitor. 1) The start action creates a symbolic link between swanctl.conf and swanctl_active.conf file, as the active controller has ipsec-config service on enabled-active status. 2) The stop action creates a symbolic link between swanctl.conf and swanctl_standby.conf file, as the stand-by controller has ipsec- config service on disabled status. 3) The status action reports the current service status based on the symbolic link associated with swanctl.conf file. 4) The meta-data action reports ipsec-config's meta-data info. 5) The monitor action indicates ipsec-config service is working as expected. This action is performed on a specific interval to check in-service status. Test Plan: PASS: Build a debian iso containing the changes. PASS: Bootstrap, install and unlock a DX system w/ IPsec enabled. Wait until system reboots and verify unlocked enable available status. On controller-0, manually execute ipsec-config's start action and observe that a symbolic link is created between swanctl.conf and swanctl_active.conf. /etc/swanctl/swanctl.conf -> /etc/swanctl/swanctl_active.conf PASS: Bootstrap, install and unlock a DX system w/ IPsec enabled. Wait until system reboots and verify unlocked enable available status. On controller-1, manually execute ipsec-config's stop action and observe that a symbolic link is created between swanctl.conf and swanctl_standby.conf. /etc/swanctl/swanctl.conf -> /etc/swanctl/swanctl_standby.conf PASS: Manually execute ipsec-config's status action and observe status report output. Observe that the output matches with the symbolic link associated with /etc/swanctl/swanctl.conf. PASS: Manually execute ipsec-config's monitor action. Observe that the output matches with the symbolic link associated with /etc/swanctl/swanctl.conf. It is expected that controller's floating IP is addressed on system-local-nodes configuration for an active controller. In return, controller's floating IP is not expected on swanctl configuration for a stand-by controller. Story: 2010940 Task: 49990 Change-Id: I45f06ad41f3240d4149a688cef130cd7c9ae7019 Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>	2024-05-02 21:18:22 +00:00
..
debian	Add and Configure IPsec Config Service	2024-05-02 21:18:22 +00:00
files	Add and Configure IPsec Config Service	2024-05-02 21:18:22 +00:00

Manoel Benedito Neto 68b06da7b8 Add and Configure IPsec Config Service

This commit adds and installs ipsec-config script executed during the
execution of the sm-service. The ipsec-config service has the goal to
create a symbolic link between swanctl.conf file and different .conf
files depending on which personality the controller node is assuming,
swanctl_active.conf or swanctl_standby.conf.

This script implements 5 actions: start, stop, status, meta-data and
monitor.
1) The start action creates a symbolic link between swanctl.conf and
   swanctl_active.conf file, as the active controller has ipsec-config
   service on enabled-active status.
2) The stop action creates a symbolic link between swanctl.conf and
   swanctl_standby.conf file, as the stand-by controller has ipsec-
   config service on disabled status.
3) The status action reports the current service status based on the
   symbolic link associated with swanctl.conf file.
4) The meta-data action reports ipsec-config's meta-data info.
5) The monitor action indicates ipsec-config service is working as
   expected. This action is performed on a specific interval to check
   in-service status.

Test Plan:
PASS: Build a debian iso containing the changes.
PASS: Bootstrap, install and unlock a DX system w/ IPsec enabled. Wait
      until system reboots and verify unlocked enable available status.
      On controller-0, manually execute ipsec-config's start action and
      observe that a symbolic link is created between swanctl.conf and
      swanctl_active.conf.
      /etc/swanctl/swanctl.conf -> /etc/swanctl/swanctl_active.conf
PASS: Bootstrap, install and unlock a DX system w/ IPsec enabled. Wait
      until system reboots and verify unlocked enable available status.
      On controller-1, manually execute ipsec-config's stop action and
      observe that a symbolic link is created between swanctl.conf and
      swanctl_standby.conf.
      /etc/swanctl/swanctl.conf -> /etc/swanctl/swanctl_standby.conf
PASS: Manually execute ipsec-config's status action and observe status
      report output. Observe that the output matches with the symbolic
      link associated with /etc/swanctl/swanctl.conf.
PASS: Manually execute ipsec-config's monitor action. Observe that the
      output matches with the symbolic link associated with
      /etc/swanctl/swanctl.conf. It is expected that controller's
      floating IP is addressed on system-local-nodes configuration for
      an active controller. In return, controller's floating IP is not
      expected on swanctl configuration for a stand-by controller.

Story: 2010940
Task: 49990

Change-Id: I45f06ad41f3240d4149a688cef130cd7c9ae7019
Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>

2024-05-02 21:18:22 +00:00

debian

Add and Configure IPsec Config Service

2024-05-02 21:18:22 +00:00

files

Add and Configure IPsec Config Service

2024-05-02 21:18:22 +00:00