Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strongswan install silently fails #7

Closed
AbrohamLincoln opened this issue Apr 19, 2021 · 7 comments
Closed

Strongswan install silently fails #7

AbrohamLincoln opened this issue Apr 19, 2021 · 7 comments
Labels
internal

Comments

@AbrohamLincoln
Copy link

The Strongswan package is not installed. This prevents the use of the IPSEC flannel backend.

% docker run --rm -it docker.io/rancher/hardened-flannel:v0.13.0-rancher1-build20210223 /bin/bash
bash-4.2# yum list installed strongswan
ubi-7                                                                                                                                                                                                                | 3.8 kB  00:00:00
ubi-7-rhah                                                                                                                                                                                                           | 3.7 kB  00:00:00
ubi-7-server-extras-rpms                                                                                                                                                                                             | 3.7 kB  00:00:00
ubi-7-server-optional-rpms                                                                                                                                                                                           | 3.8 kB  00:00:00
ubi-server-rhscl-7-rpms                                                                                                                                                                                              | 3.8 kB  00:00:00
(1/15): ubi-7/x86_64/updateinfo                                                                                                                                                                                      |   92 B  00:00:00
(2/15): ubi-7/x86_64/primary_db                                                                                                                                                                                      | 798 kB  00:00:00
(3/15): ubi-7-rhah/x86_64/updateinfo                                                                                                                                                                                 |   92 B  00:00:00
(4/15): ubi-7/x86_64/group                                                                                                                                                                                           |  124 B  00:00:00
(5/15): ubi-7-rhah/x86_64/primary_db                                                                                                                                                                                 | 2.5 kB  00:00:00
(6/15): ubi-7-rhah/x86_64/group                                                                                                                                                                                      |  124 B  00:00:00
(7/15): ubi-7-server-extras-rpms/x86_64/updateinfo                                                                                                                                                                   |   92 B  00:00:00
(8/15): ubi-7-server-extras-rpms/x86_64/primary_db                                                                                                                                                                   | 6.8 kB  00:00:00
(9/15): ubi-7-server-extras-rpms/x86_64/group                                                                                                                                                                        |  124 B  00:00:02
(10/15): ubi-7-server-optional-rpms/x86_64/updateinfo                                                                                                                                                                |   92 B  00:00:02
(11/15): ubi-7-server-optional-rpms/x86_64/primary_db                                                                                                                                                                |  14 kB  00:00:00
(12/15): ubi-7-server-optional-rpms/x86_64/group                                                                                                                                                                     |  124 B  00:00:02
(13/15): ubi-server-rhscl-7-rpms/x86_64/updateinfo                                                                                                                                                                   |   92 B  00:00:00
(14/15): ubi-server-rhscl-7-rpms/x86_64/primary_db                                                                                                                                                                   | 383 kB  00:00:00
(15/15): ubi-server-rhscl-7-rpms/x86_64/group                                                                                                                                                                        |  124 B  00:00:00
Error: No matching Packages to list

If I build the image, the build succeeds but strongswan is not installed:

#6 [stage-2 1/3] RUN microdnf update -y          &&     microdnf install -y yum     &&     yum install -y ca-certificates     strongswan net-tools which  &&     rm -rf /var/cache/yum
#6 sha256:44bb389a1c4749e5a7aaffb27ad2a66ff591f634866a91c6c181973773b86574
#6 19.07 --------------------------------------------------------------------------------
#6 19.07 Total                                              7.0 MB/s |  24 MB  00:03
#6 19.07 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
#6 19.08 Importing GPG key 0xFD431D51:
#6 19.08  Userid     : "Red Hat, Inc. (release key 2) <[email protected]>"
#6 19.08  Fingerprint: 567e 347a d004 4ade 55ba 8a5f 199e 2f91 fd43 1d51
#6 19.08  Package    : redhat-release-server-7.9-6.el7_9.x86_64 (installed)
#6 19.08  From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
#6 19.08 Importing GPG key 0x2FA658E0:
#6 19.08  Userid     : "Red Hat, Inc. (auxiliary key) <[email protected]>"
#6 19.08  Fingerprint: 43a6 e49c 4a38 f4be 9abf 2a53 4568 9c88 2fa6 58e0
#6 19.08  Package    : redhat-release-server-7.9-6.el7_9.x86_64 (installed)
#6 19.08  From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
#6 19.12 Running transaction check
#6 19.15 Running transaction test
#6 19.19 Transaction test succeeded
#6 19.19 Running transaction
#6 19.26   Installing : gzip-1.5-10.el7.x86_64                                      1/33
#6 19.41   Installing : cracklib-2.9.0-11.el7.x86_64                                2/33
#6 20.17   Installing : cracklib-dicts-2.9.0-11.el7.x86_64                          3/33
#6 20.39   Installing : pam-1.1.8-23.el7.x86_64                                     4/33
#6 20.63   Installing : libpwquality-1.2.3-5.el7.x86_64                             5/33
#6 20.87   Installing : xz-5.2.2-1.el7.x86_64                                       6/33
#6 20.97   Installing : libuser-0.60-9.el7.x86_64                                   7/33
#6 21.19   Installing : ustr-1.0.4-16.el7.x86_64                                    8/33
#6 21.40   Installing : libsemanage-2.5-14.el7.x86_64                               9/33
#6 21.89   Installing : 2:shadow-utils-4.6-5.el7.x86_64                            10/33
#6 22.09   Installing : libutempter-1.1.6-4.el7.x86_64                             11/33
#6 22.42   Installing : 1:hardlink-1.0-19.el7.x86_64                               12/33
#6 22.59   Installing : 2:tar-1.26-35.el7.x86_64                                   13/33
#6 22.81   Installing : kmod-libs-20-28.el7.x86_64                                 14/33
#6 24.22   Installing : binutils-2.27-44.base.el7.x86_64                           15/33
#6 24.49   Installing : qrencode-libs-3.4.1-3.el7.x86_64                           16/33
#6 24.80   Installing : acl-2.2.51-15.el7.x86_64                                   17/33
#6 25.23   Installing : util-linux-2.23.2-65.el7_9.1.x86_64                        18/33
#6 25.52   Installing : procps-ng-3.3.10-28.el7.x86_64                             19/33
#6 25.71   Installing : kpartx-0.4.9-134.el7_9.x86_64                              20/33
#6 25.75   Installing : 7:device-mapper-1.02.170-6.el7_9.4.x86_64                  21/33
#6 26.07   Installing : dracut-033-572.el7.x86_64                                  22/33
#6 26.12   Installing : kmod-20-28.el7.x86_64                                      23/33
#6 26.17   Installing : 7:device-mapper-libs-1.02.170-6.el7_9.4.x86_64             24/33
#6 26.47   Installing : cryptsetup-libs-2.0.3-6.el7.x86_64                         25/33
#6 26.74   Installing : elfutils-libs-0.176-5.el7.x86_64                           26/33
#6 27.07   Installing : systemd-libs-219-78.el7_9.3.x86_64                         27/33
#6 27.30   Installing : 1:dbus-libs-1.10.24-15.el7.x86_64                          28/33
#6 28.42   Installing : systemd-219-78.el7_9.3.x86_64                              29/33
#6 28.84 Failed to get D-Bus connection: Operation not permitted
#6 28.85   Installing : elfutils-default-yama-scope-0.176-5.el7.noarch             30/33
#6 29.20   Installing : 1:dbus-1.10.24-15.el7.x86_64                               31/33
#6 29.25   Installing : net-tools-2.0-0.25.20131004git.el7.x86_64                  32/33
#6 29.40   Installing : which-2.20-7.el7.x86_64                                    33/33
#6 29.72   Verifying  : acl-2.2.51-15.el7.x86_64                                    1/33
#6 29.73   Verifying  : gzip-1.5-10.el7.x86_64                                      2/33
#6 29.73   Verifying  : 2:shadow-utils-4.6-5.el7.x86_64                             3/33
#6 29.74   Verifying  : kpartx-0.4.9-134.el7_9.x86_64                               4/33
#6 29.75   Verifying  : pam-1.1.8-23.el7.x86_64                                     5/33
#6 29.75   Verifying  : elfutils-default-yama-scope-0.176-5.el7.noarch              6/33
#6 29.76   Verifying  : dracut-033-572.el7.x86_64                                   7/33
#6 29.77   Verifying  : 1:dbus-libs-1.10.24-15.el7.x86_64                           8/33
#6 29.78   Verifying  : cryptsetup-libs-2.0.3-6.el7.x86_64                          9/33
#6 29.78   Verifying  : systemd-libs-219-78.el7_9.3.x86_64                         10/33
#6 29.79   Verifying  : which-2.20-7.el7.x86_64                                    11/33
#6 29.79   Verifying  : qrencode-libs-3.4.1-3.el7.x86_64                           12/33
#6 29.80   Verifying  : net-tools-2.0-0.25.20131004git.el7.x86_64                  13/33
#6 29.81   Verifying  : systemd-219-78.el7_9.3.x86_64                              14/33
#6 29.81   Verifying  : util-linux-2.23.2-65.el7_9.1.x86_64                        15/33
#6 29.82   Verifying  : kmod-20-28.el7.x86_64                                      16/33
#6 29.83   Verifying  : 7:device-mapper-1.02.170-6.el7_9.4.x86_64                  17/33
#6 29.83   Verifying  : 1:dbus-1.10.24-15.el7.x86_64                               18/33
#6 29.84   Verifying  : binutils-2.27-44.base.el7.x86_64                           19/33
#6 29.84   Verifying  : xz-5.2.2-1.el7.x86_64                                      20/33
#6 29.85   Verifying  : libsemanage-2.5-14.el7.x86_64                              21/33
#6 29.86   Verifying  : kmod-libs-20-28.el7.x86_64                                 22/33
#6 29.86   Verifying  : 2:tar-1.26-35.el7.x86_64                                   23/33
#6 29.87   Verifying  : procps-ng-3.3.10-28.el7.x86_64                             24/33
#6 29.88   Verifying  : 7:device-mapper-libs-1.02.170-6.el7_9.4.x86_64             25/33
#6 29.88   Verifying  : cracklib-dicts-2.9.0-11.el7.x86_64                         26/33
#6 29.89   Verifying  : libuser-0.60-9.el7.x86_64                                  27/33
#6 29.89   Verifying  : 1:hardlink-1.0-19.el7.x86_64                               28/33
#6 29.90   Verifying  : cracklib-2.9.0-11.el7.x86_64                               29/33
#6 29.91   Verifying  : libpwquality-1.2.3-5.el7.x86_64                            30/33
#6 29.91   Verifying  : ustr-1.0.4-16.el7.x86_64                                   31/33
#6 29.92   Verifying  : libutempter-1.1.6-4.el7.x86_64                             32/33
#6 29.92   Verifying  : elfutils-libs-0.176-5.el7.x86_64                           33/33
#6 29.96
#6 29.96 Installed:
#6 29.96   net-tools.x86_64 0:2.0-0.25.20131004git.el7     which.x86_64 0:2.20-7.el7
#6 29.96
#6 29.96 Dependency Installed:
#6 29.96   acl.x86_64 0:2.2.51-15.el7
#6 29.96   binutils.x86_64 0:2.27-44.base.el7
#6 29.96   cracklib.x86_64 0:2.9.0-11.el7
#6 29.96   cracklib-dicts.x86_64 0:2.9.0-11.el7
#6 29.96   cryptsetup-libs.x86_64 0:2.0.3-6.el7
#6 29.96   dbus.x86_64 1:1.10.24-15.el7
#6 29.96   dbus-libs.x86_64 1:1.10.24-15.el7
#6 29.96   device-mapper.x86_64 7:1.02.170-6.el7_9.4
#6 29.96   device-mapper-libs.x86_64 7:1.02.170-6.el7_9.4
#6 29.96   dracut.x86_64 0:033-572.el7
#6 29.96   elfutils-default-yama-scope.noarch 0:0.176-5.el7
#6 29.96   elfutils-libs.x86_64 0:0.176-5.el7
#6 29.96   gzip.x86_64 0:1.5-10.el7
#6 29.96   hardlink.x86_64 1:1.0-19.el7
#6 29.96   kmod.x86_64 0:20-28.el7
#6 29.96   kmod-libs.x86_64 0:20-28.el7
#6 29.96   kpartx.x86_64 0:0.4.9-134.el7_9
#6 29.96   libpwquality.x86_64 0:1.2.3-5.el7
#6 29.96   libsemanage.x86_64 0:2.5-14.el7
#6 29.96   libuser.x86_64 0:0.60-9.el7
#6 29.96   libutempter.x86_64 0:1.1.6-4.el7
#6 29.96   pam.x86_64 0:1.1.8-23.el7
#6 29.96   procps-ng.x86_64 0:3.3.10-28.el7
#6 29.96   qrencode-libs.x86_64 0:3.4.1-3.el7
#6 29.96   shadow-utils.x86_64 2:4.6-5.el7
#6 29.96   systemd.x86_64 0:219-78.el7_9.3
#6 29.96   systemd-libs.x86_64 0:219-78.el7_9.3
#6 29.96   tar.x86_64 2:1.26-35.el7
#6 29.96   ustr.x86_64 0:1.0.4-16.el7
#6 29.96   util-linux.x86_64 0:2.23.2-65.el7_9.1
#6 29.96   xz.x86_64 0:5.2.2-1.el7
#6 29.96
#6 29.96 Complete!
#6 DONE 30.1s

It appears as though two things need to happen for the strongswan package to be linstalled:

  1. Install/enable the EPEL repo.
  2. Install the trousers package (which requires a RHEL subscription to install from RH repos)

image-build-flannel/Dockerfile

Line 37 in f3f2087

strongswan net-tools which && \

@mddamato
Copy link

mddamato commented Jun 1, 2021

#8 might solve

@dweomer
Copy link
Contributor

dweomer commented Oct 27, 2021

@mddamato should we consider using strongswan from k3s-root? see https://github.com/k3s-io/k3s-root/tree/v0.9.1/package/strongswan

@dgiebert
Copy link
Contributor

@dweomer I think using the binary from k3os-root is the better approach, I can create a PR in the next days.

Is there a way to get the executables in a similar manner to this line?

@dweomer
Copy link
Contributor

dweomer commented Dec 10, 2021

@dweomer I think using the binary from k3os-root is the better approach, I can create a PR in the next days.

Is there a way to get the executables in a similar manner to this line?

$ curl -fsSL https://github.com/k3s-io/k3s-root/releases/download/v0.10.1/k3s-root-amd64.tar | tar tv | grep swan
-rwxr-xr-x root/root    934304 2021-11-15 09:10 ./bin/swanctl
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/strongswan.d/
-rw-r--r-- root/root      2105 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon-logging.conf
-rw-r--r-- root/root        65 2021-11-15 09:10 ./etc/strongswan/strongswan.d/pki.conf
-rw-r--r-- root/root       151 2021-11-15 09:10 ./etc/strongswan/strongswan.d/swanctl.conf
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/
-rw-r--r-- root/root       270 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/drbg.conf
-rw-r--r-- root/root       383 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-tls.conf
-rw-r--r-- root/root       131 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/sha1.conf
-rw-r--r-- root/root       147 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-simaka-pseudonym.conf
-rw-r--r-- root/root       346 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-tnc.conf
-rw-r--r-- root/root       131 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/sha2.conf
-rw-r--r-- root/root       879 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-ttls.conf
-rw-r--r-- root/root       139 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-mschapv2.conf
-rw-r--r-- root/root       297 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/updown.conf
-rw-r--r-- root/root      3093 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-radius.conf
-rw-r--r-- root/root       133 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/pkcs12.conf
-rw-r--r-- root/root       131 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/mgf1.conf
-rw-r--r-- root/root       131 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/x509.conf
-rw-r--r-- root/root       130 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/pem.conf
-rw-r--r-- root/root       131 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/hmac.conf
-rw-r--r-- root/root       133 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/pubkey.conf
-rw-r--r-- root/root       144 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-simaka-reauth.conf
-rw-r--r-- root/root       130 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/aes.conf
-rw-r--r-- root/root       269 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-dynamic.conf
-rw-r--r-- root/root       139 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-identity.conf
-rw-r--r-- root/root       130 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/rc2.conf
-rw-r--r-- root/root       132 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/pkcs7.conf
-rw-r--r-- root/root       986 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/stroke.conf
-rw-r--r-- root/root       136 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/tnc-tnccs.conf
-rw-r--r-- root/root       615 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/tnccs-20.conf
-rw-r--r-- root/root       138 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/constraints.conf
-rw-r--r-- root/root       340 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/resolve.conf
-rw-r--r-- root/root       131 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/xcbc.conf
-rw-r--r-- root/root       130 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/md5.conf
-rw-r--r-- root/root       140 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/tnccs-dynamic.conf
-rw-r--r-- root/root       491 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/socket-default.conf
-rw-r--r-- root/root       135 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/counters.conf
-rw-r--r-- root/root       425 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/random.conf
-rw-r--r-- root/root       140 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/xauth-generic.conf
-rw-r--r-- root/root       131 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/cmac.conf
-rw-r--r-- root/root       132 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/pkcs8.conf
-rw-r--r-- root/root      2449 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/kernel-netlink.conf
-rw-r--r-- root/root       132 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/nonce.conf
-rw-r--r-- root/root       133 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/af-alg.conf
-rw-r--r-- root/root       183 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-simaka-sql.conf
-rw-r--r-- root/root       133 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/dnskey.conf
-rw-r--r-- root/root       132 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/pkcs1.conf
-rw-r--r-- root/root       134 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-md5.conf
-rw-r--r-- root/root       283 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/revocation.conf
-rw-r--r-- root/root       164 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-aka.conf
-rw-r--r-- root/root       362 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/attr.conf
-rw-r--r-- root/root       133 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/sshkey.conf
-rw-r--r-- root/root       777 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-peap.conf
-rw-r--r-- root/root       130 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/des.conf
-rw-r--r-- root/root       130 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/pgp.conf
-rw-r--r-- root/root       164 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-sim.conf
-rw-r--r-- root/root       215 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-gtc.conf
-rw-r--r-- root/root       137 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/curve25519.conf
-rw-r--r-- root/root       130 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/gmp.conf
-rw-r--r-- root/root       221 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/vici.conf
-rw-r--r-- root/root       231 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/tnccs-11.conf
-rw-r--r-- root/root       139 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-sim-file.conf
-rw-r--r-- root/root       262 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/eap-aka-3gpp2.conf
-rw-r--r-- root/root       135 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon/fips-prf.conf
-rw-r--r-- root/root       173 2021-11-15 09:10 ./etc/strongswan/strongswan.d/starter.conf
-rw-r--r-- root/root     11396 2021-11-15 09:10 ./etc/strongswan/strongswan.d/charon.conf
-rw-r--r-- root/root       113 2021-11-15 09:10 ./etc/strongswan/strongswan.d/tnc.conf
-rw-r--r-- root/root       281 2021-11-15 09:10 ./etc/strongswan/strongswan.conf
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/pubkey/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/x509crl/
drwxr-x--- root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/private/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/x509ocsp/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/conf.d/
drwxr-x--- root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/pkcs8/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/x509ca/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/x509aa/
-rw-r----- root/root     16058 2021-11-15 09:10 ./etc/strongswan/swanctl/swanctl.conf
drwxr-x--- root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/ecdsa/
drwxr-x--- root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/rsa/
drwxr-x--- root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/pkcs12/
drwxr-x--- root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/bliss/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/x509ac/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/swanctl/x509/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/ipsec.d/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/ipsec.d/crls/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/ipsec.d/reqs/
drwxr-x--- root/root         0 2021-11-15 09:10 ./etc/strongswan/ipsec.d/private/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/ipsec.d/cacerts/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/ipsec.d/certs/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/ipsec.d/acerts/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/ipsec.d/ocspcerts/
drwxr-xr-x root/root         0 2021-11-15 09:10 ./etc/strongswan/ipsec.d/aacerts/
-rw------- root/root        48 2021-11-15 09:10 ./etc/strongswan/ipsec.secrets
-rw-r--r-- root/root       608 2021-11-15 09:10 ./etc/strongswan/ipsec.conf

@dgiebert
Copy link
Contributor

Thanks you for the pointer to the files @dweomer

The k3s version especially the needed charon daemon seems out of the box not compatible with flannel

00[LIB] no files found matching '/var/lib/rancher/k3s/agent/strongswan/strongswan.conf'
00[LIB] abort initialization due to invalid configuration

I also tested the PR #8 which in the end did not find the needed binary (charon)

I assume changing the image to alpine is not an option, as this snippet e.g. works and establishes a connection?

FROM alpine:3.15
RUN  apk add --no-cache ca-certificates strongswan net-tools
COPY --from=builder /opt/xtables/bin/ /usr/sbin/
COPY --from=builder /usr/local/bin/ /opt/bin/

@dgiebert dgiebert mentioned this issue Dec 13, 2021
Open
@dgiebert dgiebert mentioned this issue Jan 18, 2022
Merged
@manuelbuil
Copy link
Contributor

Sorry, I missed this issue! Are you running k3s or rke2?

@dgiebert
Copy link
Contributor

Currently running an rke2 cluster, but for the sake of simplicity in terms of flannel switched to wireguard, so probably not going to pursue this any further.

@cwayne18 cwayne18 closed this as not planned Won't fix, can't repro, duplicate, stale Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
internal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@dweomer @cwayne18 @dgiebert @mddamato @manuelbuil @davidnuzik @AbrohamLincoln