[ovs-dev] [PATCH v4 1/2] ovs-monitor-ipsec: Allow exit of ipsec daemon maintaining state

Mark Gray mark.d.gray at redhat.com
Tue Jan 5 22:53:40 UTC 2021 

When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e.
active ipsec connections, /etc/ipsec.conf, certs/keys). In some
use-cases, we may want to exit and maintain state so that ipsec
connectivity is maintained. One example of this is during an
upgrade. This will require the caller to clear this persistent
state when appropriate (e.g. before 'ovs-monitor-ipsec') is restarted.

Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
Acked-by: Eelco Chaudron <echaudro at redhat.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
---
v2:  Changed command syntax
v3:  Added Flavio's ack
v4:  Rebased and added NEWS section

 NEWS                       |  3 +++
 ipsec/ovs-monitor-ipsec.in | 30 +++++++++++++++++++++---------
 2 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/NEWS b/NEWS
index 402b4c6646c3..b847c6a995bd 100644
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,9 @@ Post-v2.14.0
    - ovs-dpctl and 'ovs-appctl dpctl/':
      * New commands '{add,mod,del}-flows' where added, which allow adding,
        deleting, or modifying flows based on information read from a file.
+   - IPsec:
+     * Add option to allow ovs-monitor-ipsec to stop without tearing down
+       IPsec tunnels.
 
 
 v2.14.0 - 17 Aug 2020
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index f9451e53cd40..6d12cd8d2b03 100755
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -1150,19 +1150,30 @@ def unixctl_refresh(conn, unused_argv, unused_aux):
     conn.reply(None)
 
 
-def unixctl_exit(conn, unused_argv, unused_aux):
+def unixctl_exit(conn, argv, unused_aux):
     global monitor
     global exiting
+    ret = None
     exiting = True
+    cleanup = True
 
-    # Make sure persistent global states are cleared
-    monitor.update_conf([None, None, None, None], None)
-    # Make sure persistent tunnel states are cleared
-    for tunnel in monitor.tunnels.keys():
-        monitor.del_tunnel(tunnel)
-    monitor.run()
+    for arg in argv:
+        if arg == "--no-cleanup":
+            cleanup = False
+        else:
+            cleanup = False
+            exiting = False
+            ret = str("unrecognized parameter: %s" % arg)
+
+    if cleanup:
+        # Make sure persistent global states are cleared
+        monitor.update_conf([None, None, None, None], None)
+        # Make sure persistent tunnel states are cleared
+        for tunnel in monitor.tunnels.keys():
+            monitor.del_tunnel(tunnel)
+        monitor.run()
 
-    conn.reply(None)
+    conn.reply(ret)
 
 
 def main():
@@ -1208,7 +1219,8 @@ def main():
     ovs.unixctl.command_register("tunnels/show", "", 0, 0,
                                  unixctl_show, None)
     ovs.unixctl.command_register("refresh", "", 0, 0, unixctl_refresh, None)
-    ovs.unixctl.command_register("exit", "", 0, 0, unixctl_exit, None)
+    ovs.unixctl.command_register("exit", "[--no-cleanup]", 0, 1,
+                                 unixctl_exit, None)
 
     error, unixctl_server = ovs.unixctl.server.UnixctlServer.create(None)
     if error:
-- 
2.26.2

More information about the dev mailing list