[ovs-dev] [PATCH 4/4] ovs-monitor-ipsec: Add option to not restart IKE daemon
Eelco Chaudron
echaudro at redhat.com
Wed Dec 23 15:25:53 UTC 2020
On 16 Dec 2020, at 13:04, Mark Gray wrote:
> Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
> ---
> ipsec/ovs-monitor-ipsec.in | 10 +++++++---
> utilities/ovs-ctl.in | 8 ++++++++
> 2 files changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
> index cac42d7b2b31..7bdf9d56030d 100755
> --- a/ipsec/ovs-monitor-ipsec.in
> +++ b/ipsec/ovs-monitor-ipsec.in
> @@ -922,7 +922,7 @@ class IPsecTunnel(object):
> class IPsecMonitor(object):
> """This class monitors and configures IPsec tunnels"""
>
> - def __init__(self, root_prefix, ike_daemon):
> + def __init__(self, root_prefix, ike_daemon, restart):
> self.IPSEC = root_prefix + "/usr/sbin/ipsec"
> self.tunnels = {}
>
> @@ -952,7 +952,9 @@ class IPsecMonitor(object):
> not os.access(self.IPSEC, os.X_OK):
> vlog.err("IKE daemon is not installed in the system.")
>
> - self.ike_helper.restart_ike_daemon()
> + if restart:
> + vlog.info("Restarting IKE daemon")
> + self.ike_helper.restart_ike_daemon()
>
> def is_tunneling_type_supported(self, tunnel_type):
> """Returns True if we know how to configure IPsec for these
> @@ -1177,6 +1179,8 @@ def main():
> parser.add_argument("--ike-daemon", metavar="IKE-DAEMON",
> help="The IKE daemon used for IPsec tunnels"
> " (either libreswan or strongswan).")
> + parser.add_argument("--no-restart-ike-daemon",
> action='store_true',
> + help="Don't restart the IKE daemon on
> startup.")
>
> ovs.vlog.add_args(parser)
> ovs.daemon.add_args(parser)
> @@ -1189,7 +1193,7 @@ def main():
>
> root_prefix = args.root_prefix if args.root_prefix else ""
> xfrm = XFRM(root_prefix)
> - monitor = IPsecMonitor(root_prefix, args.ike_daemon)
> + monitor = IPsecMonitor(root_prefix, args.ike_daemon, not
> args.no_restart_ike_daemon)
ipsec/ovs-monitor-ipsec.in:1196:80: E501 line too long (88 > 79
characters)
> remote = args.database
> schema_helper = ovs.db.idl.SchemaHelper()
> diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
> index 0441c0aee2c1..5177497f6c2f 100644
> --- a/utilities/ovs-ctl.in
> +++ b/utilities/ovs-ctl.in
> @@ -230,9 +230,14 @@ start_forwarding () {
> }
>
> start_ovs_ipsec () {
> + if test X$RESTART_IKE_DAEMON = Xno; then
> + no_restart="--no-restart-ike-daemon"
> + fi
> +
> ${datadir}/scripts/ovs-monitor-ipsec \
> --pidfile=${rundir}/ovs-monitor-ipsec.pid \
> --ike-daemon=$IKE_DAEMON \
> + $no_restart \
> --log-file --detach --monitor unix:${rundir}/db.sock ||
> return 1
> return 0
> }
> @@ -345,6 +350,7 @@ set_defaults () {
> SPORT=
>
> IKE_DAEMON=
> + RESTART_IKE_DAEMON=yes
>
> type_file=$etcdir/system-type.conf
> version_file=$etcdir/system-version.conf
> @@ -428,6 +434,8 @@ Options for "enable-protocol":
> Option for "start-ovs-ipsec":
> --ike-daemon=IKE_DAEMON
> the IKE daemon for ipsec tunnels (either libreswan or
> strongswan)
> + --no-restart-ike-daemon
> + do not restart the IKE daemon on startup
>
> Other options:
> -h, --help display this help message
> --
The patch itself looks and tested fine, so you can add my ack to a v2 if
you fix the style issue.
More information about the dev
mailing list