diff options
author | Mark Gray <mark.d.gray@redhat.com> | 2021-01-05 17:53:40 -0500 |
---|---|---|
committer | Ilya Maximets <i.maximets@ovn.org> | 2021-01-06 12:02:00 +0100 |
commit | 0b4b042086713eccd9765191ab48947826624015 (patch) | |
tree | a8d1ff331c00fbd7e5b03ad60fa4cc65484daf8c | |
parent | a433b31f706f8d79b66f00668af507ac70fe206e (diff) | |
download | openvswitch-0b4b042086713eccd9765191ab48947826624015.tar.gz |
ovs-monitor-ipsec: Allow exit of ipsec daemon maintaining state.
When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e.
active ipsec connections, /etc/ipsec.conf, certs/keys). In some
use-cases, we may want to exit and maintain state so that ipsec
connectivity is maintained. One example of this is during an
upgrade. This will require the caller to clear this persistent
state when appropriate (e.g. before 'ovs-monitor-ipsec') is restarted.
Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
-rw-r--r-- | NEWS | 4 | ||||
-rwxr-xr-x | ipsec/ovs-monitor-ipsec.in | 30 |
2 files changed, 24 insertions, 10 deletions
@@ -1,7 +1,9 @@ v2.14.1 - xx xxx xxxx --------------------- - IPsec: - * Fixed support of strongswan 5.7+ in ovs-ipsec-monitor. + * Fixed support of strongswan 5.7+ in ovs-monitor-ipsec. + * Add option '--no-cleanup' to allow ovs-monitor-ipsec to stop without + tearing down IPsec tunnels. - OVSDB: * New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'. If turned on, ovsdb-server will try to reclaim all the unused memory diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index f9451e53c..6d12cd8d2 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -1150,19 +1150,30 @@ def unixctl_refresh(conn, unused_argv, unused_aux): conn.reply(None) -def unixctl_exit(conn, unused_argv, unused_aux): +def unixctl_exit(conn, argv, unused_aux): global monitor global exiting + ret = None exiting = True + cleanup = True - # Make sure persistent global states are cleared - monitor.update_conf([None, None, None, None], None) - # Make sure persistent tunnel states are cleared - for tunnel in monitor.tunnels.keys(): - monitor.del_tunnel(tunnel) - monitor.run() + for arg in argv: + if arg == "--no-cleanup": + cleanup = False + else: + cleanup = False + exiting = False + ret = str("unrecognized parameter: %s" % arg) + + if cleanup: + # Make sure persistent global states are cleared + monitor.update_conf([None, None, None, None], None) + # Make sure persistent tunnel states are cleared + for tunnel in monitor.tunnels.keys(): + monitor.del_tunnel(tunnel) + monitor.run() - conn.reply(None) + conn.reply(ret) def main(): @@ -1208,7 +1219,8 @@ def main(): ovs.unixctl.command_register("tunnels/show", "", 0, 0, unixctl_show, None) ovs.unixctl.command_register("refresh", "", 0, 0, unixctl_refresh, None) - ovs.unixctl.command_register("exit", "", 0, 0, unixctl_exit, None) + ovs.unixctl.command_register("exit", "[--no-cleanup]", 0, 1, + unixctl_exit, None) error, unixctl_server = ovs.unixctl.server.UnixctlServer.create(None) if error: |