ovs-monitor-ipsec: Add option to not restart IKE daemon.

Signed-off-by: Mark Gray <mark.d.gray@redhat.com> Acked-by: Eelco Chaudron <echaudro@redhat.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
2025-09-05 00:35:33 +00:00 · 2021-01-05 17:53:41 -05:00
parent aa8bed0986
commit fe5ff26a49
3 changed files with 18 additions and 3 deletions
--- a/2
+++ b/2
@@ -41,6 +41,8 @@ Post-v2.14.0
   - IPsec:
     * Add option '--no-cleanup' to allow ovs-monitor-ipsec to stop without
       tearing down IPsec tunnels.
+     * Add option '--no-restart-ike-daemon' to allow ovs-monitor-ipsec to start
+       without restarting ipsec daemon.


 v2.14.0 - 17 Aug 2020
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -925,7 +925,7 @@ class IPsecTunnel(object):
 class IPsecMonitor(object):
    """This class monitors and configures IPsec tunnels"""

-    def __init__(self, root_prefix, ike_daemon):
+    def __init__(self, root_prefix, ike_daemon, restart):
        self.IPSEC = root_prefix + "/usr/sbin/ipsec"
        self.tunnels = {}

@@ -955,7 +955,9 @@ class IPsecMonitor(object):
                not os.access(self.IPSEC, os.X_OK):
            vlog.err("IKE daemon is not installed in the system.")

-        self.ike_helper.restart_ike_daemon()
+        if restart:
+            vlog.info("Restarting IKE daemon")
+            self.ike_helper.restart_ike_daemon()

    def is_tunneling_type_supported(self, tunnel_type):
        """Returns True if we know how to configure IPsec for these
@@ -1186,6 +1188,8 @@ def main():
    parser.add_argument("--ike-daemon", metavar="IKE-DAEMON",
                        help="The IKE daemon used for IPsec tunnels"
                        " (either libreswan or strongswan).")
+    parser.add_argument("--no-restart-ike-daemon", action='store_true',
+                        help="Don't restart the IKE daemon on startup.")

    ovs.vlog.add_args(parser)
    ovs.daemon.add_args(parser)
@@ -1198,7 +1202,8 @@ def main():

    root_prefix = args.root_prefix if args.root_prefix else ""
    xfrm = XFRM(root_prefix)
-    monitor = IPsecMonitor(root_prefix, args.ike_daemon)
+    monitor = IPsecMonitor(root_prefix, args.ike_daemon,
+                           not args.no_restart_ike_daemon)

    remote = args.database
    schema_helper = ovs.db.idl.SchemaHelper()
--- a/utilities/ovs-ctl.in
+++ b/utilities/ovs-ctl.in
@@ -231,9 +231,14 @@ start_forwarding () {
 }

 start_ovs_ipsec () {
+    if test X$RESTART_IKE_DAEMON = Xno; then
+        no_restart="--no-restart-ike-daemon"
+    fi
+
    ${datadir}/scripts/ovs-monitor-ipsec \
        --pidfile=${rundir}/ovs-monitor-ipsec.pid \
        --ike-daemon=$IKE_DAEMON \
+        $no_restart \
        --log-file --detach --monitor unix:${rundir}/db.sock || return 1
    return 0
 }
@@ -341,6 +346,7 @@ set_defaults () {
    SPORT=

    IKE_DAEMON=
+    RESTART_IKE_DAEMON=yes

    type_file=$etcdir/system-type.conf
    version_file=$etcdir/system-version.conf
@@ -424,6 +430,8 @@ Options for "enable-protocol":
 Option for "start-ovs-ipsec":
  --ike-daemon=IKE_DAEMON
      the IKE daemon for ipsec tunnels (either libreswan or strongswan)
+  --no-restart-ike-daemon
+      do not restart the IKE daemon on startup

 Other options:
  -h, --help                  display this help message