From ca412b85c2fc607af8c869882ea0d8d81f8d1f36 Mon Sep 17 00:00:00 2001 From: Leonardo Mendes Date: Tue, 10 Dec 2024 16:30:38 -0300 Subject: [PATCH] Add more IPSec info to the collect tool This commit adds more IPSec info to the collect tool to help debugging/troubleshooting IPsec related issues. Now, the certificates loaded in the ipsec daemon and the content of the certificates are collected by the tool. At the moment, the following ipsec data are collected: - swanctl --list-certs - swanctl --list-conns - swanctl --list-sas - ip -s xfrm policy - ip -s xfrm state - The content of the certificates (var/extra/certs/etc/swanctl) Test Plan: PASS: Run 'collect --all', IPSec information collected correctly under var/extra. Story: 2010940 Task: 51472 Change-Id: Icd99e495153a52d78683544f5e7ac36f1544f85a Signed-off-by: Leonardo Mendes --- tools/collector/debian-scripts/certs.include | 4 ++++ tools/collector/debian-scripts/collect_ipsec.sh | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/tools/collector/debian-scripts/certs.include b/tools/collector/debian-scripts/certs.include index 9107f5aa..785bf617 100644 --- a/tools/collector/debian-scripts/certs.include +++ b/tools/collector/debian-scripts/certs.include @@ -40,3 +40,7 @@ /opt/platform/config/%%RELEASE%%/kubernetes/pki/ /opt/platform/config/%%RELEASE%%/registry.central/registry-cert.crt /opt/platform/config/%%RELEASE%%/ca-cert.pem + +# 9. IPSec certificates +/etc/swanctl/x509/ +/etc/swanctl/x509ca/ diff --git a/tools/collector/debian-scripts/collect_ipsec.sh b/tools/collector/debian-scripts/collect_ipsec.sh index 7901f550..755fb175 100644 --- a/tools/collector/debian-scripts/collect_ipsec.sh +++ b/tools/collector/debian-scripts/collect_ipsec.sh @@ -18,8 +18,9 @@ echo "${hostname}: IPSec Info ........: ${LOGFILE}" ############################################################################### # All nodes ############################################################################### -declare -a CMDS=("swanctl --list-conn" -"swanctl --list-sa" +declare -a CMDS=("swanctl --list-certs" +"swanctl --list-conns" +"swanctl --list-sas" "ip -s xfrm policy" "ip -s xfrm state" )