From fe1d48dba258df846a700e92ff1e8e7378bb60e4 Mon Sep 17 00:00:00 2001
From: Ilya Maximets <i.maximets@ovn.org>
Date: Wed, 15 Jan 2025 15:00:14 +0100
Subject: [PATCH] rhel, debian: Add missing restart policy to ipsec service.

Currently, if openvswitch-ipsec service will die for any reason it
will not be restarted. At the same time, that will prevent updating
tunnel configuration and prohibit adding new nodes in OVN clusters,
for example.

Add the 'on-failure' restart policy, so it behaves the same as all
other OVS daemons.

Acked-by: Frode Nordahl <fnordahl@ubuntu.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
 debian/openvswitch-ipsec.service                      | 1 +
 rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 1 +
 2 files changed, 2 insertions(+)

diff --git a/debian/openvswitch-ipsec.service b/debian/openvswitch-ipsec.service
index dfb1e50d9..51b9b315a 100644
--- a/debian/openvswitch-ipsec.service
+++ b/debian/openvswitch-ipsec.service
@@ -6,6 +6,7 @@ After=openvswitch-switch.service
 [Service]
 Type=forking
 PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid
+Restart=on-failure
 ExecStart=/usr/share/openvswitch/scripts/ovs-ctl --no-monitor \
                     --ike-daemon=strongswan start-ovs-ipsec
 ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
index 88a509662..a4bf475d0 100644
--- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
+++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
@@ -6,6 +6,7 @@ After=openvswitch.service
 [Service]
 Type=forking
 PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid
+Restart=on-failure
 ExecStart=/usr/share/openvswitch/scripts/ovs-ctl --no-monitor \
                     --ike-daemon=libreswan start-ovs-ipsec
 ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec