Leonardo Mendes 71bfe8a610 Add IPSec cert validation after system boot
This commit adds a new operation to IPSec server/client
to verify if local CA certificate is different from active
controller and renew it in case of failure. This operation
is executed everytime a system boot.

The operation is the comparison of the server cert serial
and the local cert serial. Because during initial authentication,
the server sends public CA certificate to each node to validade
the connection, but it's changed when the server update the

Test Plan:
PASS: Full build, system install, bootstrap and unlock DX system w/
      unlocked enabled available status. Then, add a worker node and
      observe IPSec is enabled in all nodes and SAs are established.
PASS: Turn worker node off and update certificates in the controller
      nodes. Then, turn on the worker node again and observe that
      after reboot, the node will update the certificates and
      establish SAs with the other nodes.

Story: 2010940
Task: 50379

Change-Id: I1e765964797db9a35dc6fad00789b9c9c6232a49
Signed-off-by: Leonardo Mendes <>
2024-06-20 10:56:59 -03:00
LICENSE StarlingX open source release updates 2018-05-31 07:35:52 -07:00
Makefile Add notices on Intel authored files. 2019-03-20 10:03:44 -06:00 Fixing linters errors E010, E011, E020, E041,E043, E003, E001,E042 2018-09-11 21:47:40 +08:00
storage_config Add IPSec cert validation after system boot 2024-06-20 10:56:59 -03:00
storageconfig.service Add storageconfig.service file 2022-10-13 10:27:23 -04:00