On 16 Dec 2020, at 13:04, Mark Gray wrote:
Signed-off-by: Mark Gray <mark.d.g...@redhat.com>
---
ipsec/ovs-monitor-ipsec.in | 10 +++++++---
utilities/ovs-ctl.in | 8 ++++++++
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index cac42d7b2b31..7bdf9d56030d 100755
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -922,7 +922,7 @@ class IPsecTunnel(object):
class IPsecMonitor(object):
"""This class monitors and configures IPsec tunnels"""
- def __init__(self, root_prefix, ike_daemon):
+ def __init__(self, root_prefix, ike_daemon, restart):
self.IPSEC = root_prefix + "/usr/sbin/ipsec"
self.tunnels = {}
@@ -952,7 +952,9 @@ class IPsecMonitor(object):
not os.access(self.IPSEC, os.X_OK):
vlog.err("IKE daemon is not installed in the system.")
- self.ike_helper.restart_ike_daemon()
+ if restart:
+ vlog.info("Restarting IKE daemon")
+ self.ike_helper.restart_ike_daemon()
def is_tunneling_type_supported(self, tunnel_type):
"""Returns True if we know how to configure IPsec for these
@@ -1177,6 +1179,8 @@ def main():
parser.add_argument("--ike-daemon", metavar="IKE-DAEMON",
help="The IKE daemon used for IPsec tunnels"
" (either libreswan or strongswan).")
+ parser.add_argument("--no-restart-ike-daemon",
action='store_true',
+ help="Don't restart the IKE daemon on
startup.")
ovs.vlog.add_args(parser)
ovs.daemon.add_args(parser)
@@ -1189,7 +1193,7 @@ def main():
root_prefix = args.root_prefix if args.root_prefix else ""
xfrm = XFRM(root_prefix)
- monitor = IPsecMonitor(root_prefix, args.ike_daemon)
+ monitor = IPsecMonitor(root_prefix, args.ike_daemon, not
args.no_restart_ike_daemon)
ipsec/ovs-monitor-ipsec.in:1196:80: E501 line too long (88 > 79
characters)
remote = args.database
schema_helper = ovs.db.idl.SchemaHelper()
diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
index 0441c0aee2c1..5177497f6c2f 100644
--- a/utilities/ovs-ctl.in
+++ b/utilities/ovs-ctl.in
@@ -230,9 +230,14 @@ start_forwarding () {
}
start_ovs_ipsec () {
+ if test X$RESTART_IKE_DAEMON = Xno; then
+ no_restart="--no-restart-ike-daemon"
+ fi
+
${datadir}/scripts/ovs-monitor-ipsec \
--pidfile=${rundir}/ovs-monitor-ipsec.pid \
--ike-daemon=$IKE_DAEMON \
+ $no_restart \
--log-file --detach --monitor unix:${rundir}/db.sock ||
return 1
return 0
}
@@ -345,6 +350,7 @@ set_defaults () {
SPORT=
IKE_DAEMON=
+ RESTART_IKE_DAEMON=yes
type_file=$etcdir/system-type.conf
version_file=$etcdir/system-version.conf
@@ -428,6 +434,8 @@ Options for "enable-protocol":
Option for "start-ovs-ipsec":
--ike-daemon=IKE_DAEMON
the IKE daemon for ipsec tunnels (either libreswan or
strongswan)
+ --no-restart-ike-daemon
+ do not restart the IKE daemon on startup
Other options:
-h, --help display this help message
--
The patch itself looks and tested fine, so you can add my ack to a v2 if
you fix the style issue.
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
