d989d98bc3
This commit adds the initial implementation for IPsec Auth Server,
responsible for executing IPsec Auth procedure for an IPsec client
host, by creating and exchanging keys and certificates for trustful
hosts in MGMT network environment.
The IPsec Auth Server should be able to initially perform 2 operations:
initial-auth (OP code 1) and cert-renewal (OP code 2). Those operations
consider connected host informations to proceed with their execution as
the host is recognized as trustful. The keys and certificates generated
in this procedure are used to enable IPsec in communication between two
peers by establishing Security Associations via swanctl configuration.
The main goal of this commit is to create an authentication server to
perform IPsec PKI Auth procedure that remains active and running for
multiple connections requests by different clients in a local network
environment. The IPsec Auth Server should be resilient to maintain open
multiple requests from different clients or procedures in on-going
execution.
Test Plan:
PASS: Build, install and bootstrap an AIO-DX system with a worker node
associated.
PASS: In a DX system with a worker node associated, login to a
controller node and execute "ipsec-server -h" command. Observe
that a help message is displayed in terminal screen specifying
the command description, arguments and default values that may be
passed in to the command line.
All systems in this environment are in enable available active
statuses.
PASS: In a DX system with a worker node associated, login to a
controller node and execute "sudo ipsec-server" command. Observe
that IPsec Auth Server is initiated and waiting for connections.
All systems in this environment are in enable available active
statuses. Perform this test with ipsec.service in active and
inactive status.
Story: 2010940
Task: 49417
Co-Authored-By: Andy Ning <andy.ning@windriver.com>
Co-Authored-By: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
Signed-off-by: Manoel Benedito Neto <manoel.beneditoneto@windriver.com>
Change-Id: Ic9665e83062ae7bb2d55710e38c48ad8152c36c1
(cherry picked from commit be8dee17f0040c8d6af98747a6b69aec4aa501e0)
|
||
|---|---|---|
| .. | ||
| cert-alarm | ||
| cert-mon | ||
| cgts-client | ||
| ipsec-auth | ||
| sysinv | ||
| sysinv-agent | ||