Add more IPSec info to the collect tool

This commit adds more IPSec info to the collect tool to help debugging/troubleshooting IPsec related issues. Now, the certificates loaded in the ipsec daemon and the content of the certificates are collected by the tool. At the moment, the following ipsec data are collected: - swanctl --list-certs - swanctl --list-conns - swanctl --list-sas - ip -s xfrm policy - ip -s xfrm state - The content of the certificates (var/extra/certs/etc/swanctl) Test Plan: PASS: Run 'collect --all', IPSec information collected correctly under var/extra. Story: 2010940 Task: 51472 Change-Id: Icd99e495153a52d78683544f5e7ac36f1544f85a Signed-off-by: Leonardo Mendes <Leonardo.MendesSantana@windriver.com>
2024-12-10 16:30:38 -03:00 · 2024-12-10 16:30:38 -03:00 · ca412b85c2
commit ca412b85c2
parent 94afab2a6b
2 changed files with 7 additions and 2 deletions
--- a/tools/collector/debian-scripts/certs.include
+++ b/tools/collector/debian-scripts/certs.include
@ -40,3 +40,7 @@
 /opt/platform/config/%%RELEASE%%/kubernetes/pki/
 /opt/platform/config/%%RELEASE%%/registry.central/registry-cert.crt
 /opt/platform/config/%%RELEASE%%/ca-cert.pem
+
+# 9. IPSec certificates
+/etc/swanctl/x509/
+/etc/swanctl/x509ca/
--- a/tools/collector/debian-scripts/collect_ipsec.sh
+++ b/tools/collector/debian-scripts/collect_ipsec.sh
@ -18,8 +18,9 @@ echo    "${hostname}: IPSec Info ........: ${LOGFILE}"
 ###############################################################################
 # All nodes
 ###############################################################################
-declare -a CMDS=("swanctl --list-conn"
-"swanctl --list-sa"
+declare -a CMDS=("swanctl --list-certs"
+"swanctl --list-conns"
+"swanctl --list-sas"
 "ip -s xfrm policy"
 "ip -s xfrm state"
 )