From 1f507e0e6208ff016dab46b867b320e237b7015e Mon Sep 17 00:00:00 2001 From: Andy Ning Date: Fri, 15 Dec 2023 09:57:07 -0500 Subject: [PATCH] Add ipsec auth server pmon configuration This update added ipsec auth server pmon configuration file in mtce-control package. The pmon configuration file is only needed on controller node, as ipsec-server is running on controllers only. Test Plan: PASS: In a deployed system, verify ipsec-server is running PASS: kill the ipsec-server process, verify that it is started by pmon. Story: 2010940 Task: 49484 Co-Authored-By: Andy Ning Change-Id: Iadb9ca6f086640d008880a21cfd97256b00ab7ab Signed-off-by: Leonardo Mendes --- kickstart/files/kickstart.cfg | 1 + kickstart/files/miniboot.cfg | 1 + .../debian/deb_folder/mtce-control.install | 1 + mtce-control/src/Makefile | 2 ++ mtce-control/src/scripts/ipsec-server.conf | 17 +++++++++++++++++ 5 files changed, 22 insertions(+) create mode 100644 mtce-control/src/scripts/ipsec-server.conf diff --git a/kickstart/files/kickstart.cfg b/kickstart/files/kickstart.cfg index fcc51cc7..77f896be 100644 --- a/kickstart/files/kickstart.cfg +++ b/kickstart/files/kickstart.cfg @@ -3163,6 +3163,7 @@ if [ "${controller}" = true ] ; then ln -s /usr/share/starlingx/pmon.d/sysinv-agent.conf ${IMAGE_ROOTFS}/etc/pmon.d/sysinv-agent.conf ln -s /usr/share/starlingx/pmon.d/syslog-ng.conf ${IMAGE_ROOTFS}/etc/pmon.d/syslog-ng.conf ln -s /usr/share/starlingx/pmon.d/luks.conf ${IMAGE_ROOTFS}/etc/pmon.d/luks.conf + ln -s /usr/share/starlingx/pmon.d/ipsec-server.conf ${IMAGE_ROOTFS}/etc/pmon.d/ipsec-server.conf fi if [ "${worker}" = true ] ; then ilog "Setting up pmon files for ${TRAIT__WORKER} and/or ${TRAIT__WORKER} side of ${SYSTEM_TYPE__AIO}" diff --git a/kickstart/files/miniboot.cfg b/kickstart/files/miniboot.cfg index a19c45fc..dbb72e22 100644 --- a/kickstart/files/miniboot.cfg +++ b/kickstart/files/miniboot.cfg @@ -3127,6 +3127,7 @@ if [ "${controller}" = true ] ; then ln -s /usr/share/starlingx/pmon.d/sysinv-agent.conf ${IMAGE_ROOTFS}/etc/pmon.d/sysinv-agent.conf ln -s /usr/share/starlingx/pmon.d/syslog-ng.conf ${IMAGE_ROOTFS}/etc/pmon.d/syslog-ng.conf ln -s /usr/share/starlingx/pmon.d/luks.conf ${IMAGE_ROOTFS}/etc/pmon.d/luks.conf + ln -s /usr/share/starlingx/pmon.d/ipsec-server.conf ${IMAGE_ROOTFS}/etc/pmon.d/ipsec-server.conf fi if [ "${worker}" = true ] ; then ilog "Setting up pmon files for ${TRAIT__WORKER} and/or ${TRAIT__WORKER} side of ${SYSTEM_TYPE__AIO}" diff --git a/mtce-control/debian/deb_folder/mtce-control.install b/mtce-control/debian/deb_folder/mtce-control.install index 4a2f30ae..cc604d11 100644 --- a/mtce-control/debian/deb_folder/mtce-control.install +++ b/mtce-control/debian/deb_folder/mtce-control.install @@ -2,3 +2,4 @@ lib/systemd/system/hbsAgent.service etc/init.d/goenabledControl etc/init.d/hbsAgent usr/share/starlingx/pmon.d/hbsAgent.conf +usr/share/starlingx/pmon.d/ipsec-server.conf diff --git a/mtce-control/src/Makefile b/mtce-control/src/Makefile index f68875c9..0f361699 100755 --- a/mtce-control/src/Makefile +++ b/mtce-control/src/Makefile @@ -3,6 +3,7 @@ SOURCE2 = goenabled SOURCE3 = hbsAgent SOURCE4 = hbsAgent.conf SOURCE5 = hbsAgent.service +SOURCE6 = ipsec-server.conf PMONDIR ?= $(_sysconfdir)/pmon.d local_etc_goenabledd = $(_sysconfdir)/goenabled.d @@ -23,6 +24,7 @@ install: # Controller-Only Process Monitor Config files install -m 755 -d $(buildroot)/$(PMONDIR) install -m 644 -p -D scripts/$(SOURCE4) $(buildroot)/$(PMONDIR)/hbsAgent.conf + install -m 644 -p -D scripts/$(SOURCE6) $(buildroot)/$(PMONDIR)/ipsec-server.conf # Controller-Only Heartbeat Service file install -m 644 -p -D scripts/$(SOURCE5) $(buildroot)/$(_unitdir)/hbsAgent.service diff --git a/mtce-control/src/scripts/ipsec-server.conf b/mtce-control/src/scripts/ipsec-server.conf new file mode 100644 index 00000000..7b466bd2 --- /dev/null +++ b/mtce-control/src/scripts/ipsec-server.conf @@ -0,0 +1,17 @@ +[process] +process = ipsec-server +service = ipsec-server +pidfile = /var/run/ipsec-server.pid +style = lsb ; ocf or lsb +severity = major ; minor, major, critical +restarts = 3 ; restart retries before error assertion +interval = 5 ; number of seconds to wait between restarts +debounce = 20 ; number of seconds that a process needs to remain + ; running before degrade is removed and retry count + ; is cleared. +startuptime = 5 ; Seconds to wait after process start before starting the debounce monitor +mode = passive ; Monitoring mode: passive (default) or active + ; passive: process death monitoring (default: always) + ; active : heartbeat monitoring, i.e. request / response messaging + ; ignore : do not monitor or stop monitoring +