Merge "Config and enable IPsec during first reboot"
This commit is contained in:
commit
beef51596d
@ -28,6 +28,8 @@ CONFIG_DIR=$CONFIG_PATH
|
||||
VOLATILE_CONFIG_PASS="/var/run/.config_pass"
|
||||
VOLATILE_CONFIG_FAIL="/var/run/.config_fail"
|
||||
COMPLETED="/etc/platform/.initial_config_complete"
|
||||
FIRST_BOOT="/etc/platform/.first_boot"
|
||||
FIRST_CONTROLLER="/etc/platform/.first_controller"
|
||||
INITIAL_MANIFEST_APPLY_FAILED="/etc/platform/.initial_manifest_apply_failed"
|
||||
DELAY_SEC=70
|
||||
CONTROLLER_UPGRADE_STARTED_FILE="$(basename ${CONTROLLER_UPGRADE_STARTED_FLAG})"
|
||||
@ -36,6 +38,8 @@ PUPPET_CACHE=/etc/puppet/cache
|
||||
PUPPET_CACHE_TMP=/etc/puppet/cache.tmp
|
||||
ACTIVE_CONTROLLER_NOT_FOUND_FLAG="/var/run/.active_controller_not_found"
|
||||
CERT_DIR=/etc/pki/ca-trust/source/anchors
|
||||
IPSEC_ENABLING_RETRIES=3
|
||||
IPSEC_ENABLING_DELAY=5
|
||||
|
||||
OS_ID=$(grep '^ID=' /etc/os-release | cut -f2- -d= | sed -e 's/\"//g')
|
||||
if [ "$OS_ID" == "debian" ]
|
||||
@ -96,6 +100,24 @@ EOF
|
||||
exit 1
|
||||
}
|
||||
|
||||
warning_error()
|
||||
{
|
||||
cat <<EOF
|
||||
*****************************************************
|
||||
*****************************************************
|
||||
$1
|
||||
*****************************************************
|
||||
*****************************************************
|
||||
EOF
|
||||
if [ -e /usr/bin/logger ]
|
||||
then
|
||||
logger "Warning error: $1"
|
||||
fi
|
||||
|
||||
echo "Pausing for 5 seconds..."
|
||||
sleep 5
|
||||
}
|
||||
|
||||
get_ip()
|
||||
{
|
||||
local host=$1
|
||||
@ -248,6 +270,32 @@ start()
|
||||
fi
|
||||
fi
|
||||
|
||||
# Call ipsec-client to config and enable IPsec during first boot,
|
||||
# except for the first controller. IPsec is configured and enabled
|
||||
# during bootstrap for the first controller.
|
||||
if [ -e ${FIRST_BOOT} ] && [ ! -e ${FIRST_CONTROLLER} ]
|
||||
then
|
||||
logger -t $0 -p info "Config and enable IPsec ......"
|
||||
|
||||
ipsec_enable_failed=1
|
||||
for retry in $( seq 1 ${IPSEC_ENABLING_RETRIES} )
|
||||
do
|
||||
/usr/bin/ipsec-client pxecontroller > /dev/null
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
ipsec_enable_failed=0
|
||||
break
|
||||
fi
|
||||
logger -t $0 -p warn "Enabling IPsec failed (${retry}), retry in ${IPSEC_ENABLING_DELAY} seconds ..."
|
||||
sleep ${IPSEC_ENABLING_DELAY}
|
||||
done
|
||||
# Fail if retried maximum times
|
||||
if [ ${ipsec_enable_failed} -ne 0 ]
|
||||
then
|
||||
warning_error "WARNING: Failed to config and enable IPsec for the node"
|
||||
fi
|
||||
fi
|
||||
|
||||
# If hostname is undefined or localhost, something is wrong
|
||||
HOST=$(hostname)
|
||||
if [ -z "$HOST" -o "$HOST" = "localhost" ]
|
||||
|
@ -27,6 +27,7 @@ VOLATILE_CONFIG_PASS="/var/run/.config_pass"
|
||||
VOLATILE_CONFIG_FAIL="/var/run/.config_fail"
|
||||
DELAY_SEC=600
|
||||
IMA_POLICY=/etc/ima.policy
|
||||
FIRST_BOOT="/etc/platform/.first_boot"
|
||||
|
||||
fatal_error()
|
||||
{
|
||||
@ -44,6 +45,24 @@ EOF
|
||||
exit 1
|
||||
}
|
||||
|
||||
warning_error()
|
||||
{
|
||||
cat <<EOF
|
||||
*****************************************************
|
||||
*****************************************************
|
||||
$1
|
||||
*****************************************************
|
||||
*****************************************************
|
||||
EOF
|
||||
if [ -e /usr/bin/logger ]
|
||||
then
|
||||
logger "Warning error: $1"
|
||||
fi
|
||||
|
||||
echo "Pausing for 5 seconds..."
|
||||
sleep 5
|
||||
}
|
||||
|
||||
get_ip()
|
||||
{
|
||||
local host=$1
|
||||
@ -112,6 +131,30 @@ start()
|
||||
fi
|
||||
fi
|
||||
|
||||
# Call ipsec-auth-client to config and enable IPsec for the node
|
||||
if [ -e ${FIRST_BOOT} ]
|
||||
then
|
||||
logger -t $0 -p info "Config and enable IPsec ......"
|
||||
|
||||
ipsec_enable_failed=1
|
||||
for retry in $( seq 1 ${IPSEC_ENABLING_RETRIES} )
|
||||
do
|
||||
/usr/bin/ipsec-client pxecontroller > /dev/null
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
ipsec_enable_failed=0
|
||||
break
|
||||
fi
|
||||
logger -t $0 -p warn "Enabling IPsec failed (${retry}), retry in ${IPSEC_ENABLING_DELAY} seconds ..."
|
||||
sleep ${IPSEC_ENABLING_DELAY}
|
||||
done
|
||||
# Fail if retried maximum times
|
||||
if [ ${ipsec_enable_failed} -ne 0 ]
|
||||
then
|
||||
warning_error "WARNING: Failed to config and enable IPsec for the node"
|
||||
fi
|
||||
fi
|
||||
|
||||
HOST=$(hostname)
|
||||
if [ -z "$HOST" -o "$HOST" = "localhost" ]
|
||||
then
|
||||
|
@ -27,6 +27,7 @@ VOLATILE_CONFIG_PASS="/var/run/.config_pass"
|
||||
VOLATILE_CONFIG_FAIL="/var/run/.config_fail"
|
||||
LOGFILE="/var/log/worker_config.log"
|
||||
IMA_POLICY=/etc/ima.policy
|
||||
FIRST_BOOT="/etc/platform/.first_boot"
|
||||
|
||||
# Copy of /opt/platform required for worker_services
|
||||
VOLATILE_PLATFORM_PATH=$VOLATILE_PATH/cpe_upgrade_opt_platform
|
||||
@ -55,6 +56,24 @@ EOF
|
||||
exit 1
|
||||
}
|
||||
|
||||
warning_error()
|
||||
{
|
||||
cat <<EOF
|
||||
*****************************************************
|
||||
*****************************************************
|
||||
$1
|
||||
*****************************************************
|
||||
*****************************************************
|
||||
EOF
|
||||
if [ -e /usr/bin/logger ]
|
||||
then
|
||||
logger "Warning error: $1"
|
||||
fi
|
||||
|
||||
echo "Pausing for 5 seconds..."
|
||||
sleep 5
|
||||
}
|
||||
|
||||
get_ip()
|
||||
{
|
||||
local host=$1
|
||||
@ -179,6 +198,30 @@ start()
|
||||
fi
|
||||
fi
|
||||
|
||||
# Call ipsec-auth-client to config and enable IPsec for the node
|
||||
if [ -e ${FIRST_BOOT} ]
|
||||
then
|
||||
logger -t $0 -p info "Config and enable IPsec ......"
|
||||
|
||||
ipsec_enable_failed=1
|
||||
for retry in $( seq 1 ${IPSEC_ENABLING_RETRIES} )
|
||||
do
|
||||
/usr/bin/ipsec-client pxecontroller > /dev/null
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
ipsec_enable_failed=0
|
||||
break
|
||||
fi
|
||||
logger -t $0 -p warn "Enabling IPsec failed (${retry}), retry in ${IPSEC_ENABLING_DELAY} seconds ..."
|
||||
sleep ${IPSEC_ENABLING_DELAY}
|
||||
done
|
||||
# Fail if retried maximum times
|
||||
if [ ${ipsec_enable_failed} -ne 0 ]
|
||||
then
|
||||
warning_error "WARNING: Failed to config and enable IPsec for the node"
|
||||
fi
|
||||
fi
|
||||
|
||||
HOST=$(hostname)
|
||||
if [ -z "$HOST" -o "$HOST" = "localhost" ]
|
||||
then
|
||||
|
Loading…
Reference in New Issue
Block a user