ovs-monitor-ipsec: Allow exit of ipsec daemon maintaining state.

When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e. active ipsec connections, /etc/ipsec.conf, certs/keys). In some use-cases, we may want to exit and maintain state so that ipsec connectivity is maintained. One example of this is during an upgrade. This will require the caller to clear this persistent state when appropriate (e.g. before 'ovs-monitor-ipsec') is restarted. Signed-off-by: Mark Gray <mark.d.gray@redhat.com> Acked-by: Eelco Chaudron <echaudro@redhat.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
openvswitch · Jan 6, 2021 · 0b4b042 · 0b4b042
1 parent a433b31
commit 0b4b042
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 10 deletions.
diff --git a/NEWS b/NEWS
@@ -1,7 +1,9 @@
 v2.14.1 - xx xxx xxxx
 ---------------------
    - IPsec:
-     * Fixed support of strongswan 5.7+ in ovs-ipsec-monitor.
+     * Fixed support of strongswan 5.7+ in ovs-monitor-ipsec.
+     * Add option '--no-cleanup' to allow ovs-monitor-ipsec to stop without
+       tearing down IPsec tunnels.
    - OVSDB:
      * New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'.
        If turned on, ovsdb-server will try to reclaim all the unused memory

diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
@@ -1150,19 +1150,30 @@ def unixctl_refresh(conn, unused_argv, unused_aux):
     conn.reply(None)
 
 
-def unixctl_exit(conn, unused_argv, unused_aux):
+def unixctl_exit(conn, argv, unused_aux):
     global monitor
     global exiting
+    ret = None
     exiting = True
+    cleanup = True
 
-    # Make sure persistent global states are cleared
-    monitor.update_conf([None, None, None, None], None)
-    # Make sure persistent tunnel states are cleared
-    for tunnel in monitor.tunnels.keys():
-        monitor.del_tunnel(tunnel)
-    monitor.run()
+    for arg in argv:
+        if arg == "--no-cleanup":
+            cleanup = False
+        else:
+            cleanup = False
+            exiting = False
+            ret = str("unrecognized parameter: %s" % arg)
+
+    if cleanup:
+        # Make sure persistent global states are cleared
+        monitor.update_conf([None, None, None, None], None)
+        # Make sure persistent tunnel states are cleared
+        for tunnel in monitor.tunnels.keys():
+            monitor.del_tunnel(tunnel)
+        monitor.run()
 
-    conn.reply(None)
+    conn.reply(ret)
 
 
 def main():
@@ -1208,7 +1219,8 @@ def main():
     ovs.unixctl.command_register("tunnels/show", "", 0, 0,
                                  unixctl_show, None)
     ovs.unixctl.command_register("refresh", "", 0, 0, unixctl_refresh, None)
-    ovs.unixctl.command_register("exit", "", 0, 0, unixctl_exit, None)
+    ovs.unixctl.command_register("exit", "[--no-cleanup]", 0, 1,
+                                 unixctl_exit, None)
 
     error, unixctl_server = ovs.unixctl.server.UnixctlServer.create(None)
     if error: