ovs-monitor-ipsec: Add option to not restart IKE daemon.

Signed-off-by: Mark Gray <mark.d.gray@redhat.com> Acked-by: Eelco Chaudron <echaudro@redhat.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
openvswitch · Jan 6, 2021 · fe5ff26 · fe5ff26
1 parent aa8bed0
commit fe5ff26
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/NEWS b/NEWS
@@ -41,6 +41,8 @@ Post-v2.14.0
    - IPsec:
      * Add option '--no-cleanup' to allow ovs-monitor-ipsec to stop without
        tearing down IPsec tunnels.
+     * Add option '--no-restart-ike-daemon' to allow ovs-monitor-ipsec to start
+       without restarting ipsec daemon.
 
 
 v2.14.0 - 17 Aug 2020

diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
@@ -925,7 +925,7 @@ class IPsecTunnel(object):
 class IPsecMonitor(object):
     """This class monitors and configures IPsec tunnels"""
 
-    def __init__(self, root_prefix, ike_daemon):
+    def __init__(self, root_prefix, ike_daemon, restart):
         self.IPSEC = root_prefix + "/usr/sbin/ipsec"
         self.tunnels = {}
 
@@ -955,7 +955,9 @@ class IPsecMonitor(object):
                 not os.access(self.IPSEC, os.X_OK):
             vlog.err("IKE daemon is not installed in the system.")
 
-        self.ike_helper.restart_ike_daemon()
+        if restart:
+            vlog.info("Restarting IKE daemon")
+            self.ike_helper.restart_ike_daemon()
 
     def is_tunneling_type_supported(self, tunnel_type):
         """Returns True if we know how to configure IPsec for these
@@ -1186,6 +1188,8 @@ def main():
     parser.add_argument("--ike-daemon", metavar="IKE-DAEMON",
                         help="The IKE daemon used for IPsec tunnels"
                         " (either libreswan or strongswan).")
+    parser.add_argument("--no-restart-ike-daemon", action='store_true',
+                        help="Don't restart the IKE daemon on startup.")
 
     ovs.vlog.add_args(parser)
     ovs.daemon.add_args(parser)
@@ -1198,7 +1202,8 @@ def main():
 
     root_prefix = args.root_prefix if args.root_prefix else ""
     xfrm = XFRM(root_prefix)
-    monitor = IPsecMonitor(root_prefix, args.ike_daemon)
+    monitor = IPsecMonitor(root_prefix, args.ike_daemon,
+                           not args.no_restart_ike_daemon)
 
     remote = args.database
     schema_helper = ovs.db.idl.SchemaHelper()

diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
@@ -231,9 +231,14 @@ start_forwarding () {
 }
 
 start_ovs_ipsec () {
+    if test X$RESTART_IKE_DAEMON = Xno; then
+        no_restart="--no-restart-ike-daemon"
+    fi
+
     ${datadir}/scripts/ovs-monitor-ipsec \
         --pidfile=${rundir}/ovs-monitor-ipsec.pid \
         --ike-daemon=$IKE_DAEMON \
+        $no_restart \
         --log-file --detach --monitor unix:${rundir}/db.sock || return 1
     return 0
 }
@@ -341,6 +346,7 @@ set_defaults () {
     SPORT=
 
     IKE_DAEMON=
+    RESTART_IKE_DAEMON=yes
 
     type_file=$etcdir/system-type.conf
     version_file=$etcdir/system-version.conf
@@ -424,6 +430,8 @@ Options for "enable-protocol":
 Option for "start-ovs-ipsec":
   --ike-daemon=IKE_DAEMON
       the IKE daemon for ipsec tunnels (either libreswan or strongswan)
+  --no-restart-ike-daemon
+      do not restart the IKE daemon on startup
 
 Other options:
   -h, --help                  display this help message