d989d98bc3
This commit adds the initial implementation for IPsec Auth Server, responsible for executing IPsec Auth procedure for an IPsec client host, by creating and exchanging keys and certificates for trustful hosts in MGMT network environment. The IPsec Auth Server should be able to initially perform 2 operations: initial-auth (OP code 1) and cert-renewal (OP code 2). Those operations consider connected host informations to proceed with their execution as the host is recognized as trustful. The keys and certificates generated in this procedure are used to enable IPsec in communication between two peers by establishing Security Associations via swanctl configuration. The main goal of this commit is to create an authentication server to perform IPsec PKI Auth procedure that remains active and running for multiple connections requests by different clients in a local network environment. The IPsec Auth Server should be resilient to maintain open multiple requests from different clients or procedures in on-going execution. Test Plan: PASS: Build, install and bootstrap an AIO-DX system with a worker node associated. PASS: In a DX system with a worker node associated, login to a controller node and execute "ipsec-server -h" command. Observe that a help message is displayed in terminal screen specifying the command description, arguments and default values that may be passed in to the command line. All systems in this environment are in enable available active statuses. PASS: In a DX system with a worker node associated, login to a controller node and execute "sudo ipsec-server" command. Observe that IPsec Auth Server is initiated and waiting for connections. All systems in this environment are in enable available active statuses. Perform this test with ipsec.service in active and inactive status. Story: 2010940 Task: 49417 Co-Authored-By: Andy Ning <andy.ning@windriver.com> Co-Authored-By: Leonardo Mendes <Leonardo.MendesSantana@windriver.com> Signed-off-by: Manoel Benedito Neto <manoel.beneditoneto@windriver.com> Change-Id: Ic9665e83062ae7bb2d55710e38c48ad8152c36c1 (cherry picked from commit be8dee17f0040c8d6af98747a6b69aec4aa501e0) |
||
---|---|---|
.. | ||
cert-alarm | ||
cert-mon | ||
cgts-client | ||
ipsec-auth | ||
sysinv | ||
sysinv-agent |