From patchwork Tue Jan 5 22:53:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Gray X-Patchwork-Id: 1422739 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=iBMu5cC7; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4D9STz54FWz9sTv for ; Wed, 6 Jan 2021 09:53:59 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 07F4487263; Tue, 5 Jan 2021 22:53:56 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id esCESpe+hCa1; Tue, 5 Jan 2021 22:53:53 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by hemlock.osuosl.org (Postfix) with ESMTP id 421DE871FE; Tue, 5 Jan 2021 22:53:52 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1ED5CC0FA8; Tue, 5 Jan 2021 22:53:52 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 7AA30C013A for ; Tue, 5 Jan 2021 22:53:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 7282C86BD4 for ; Tue, 5 Jan 2021 22:53:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TO+5NUpWrz+K for ; Tue, 5 Jan 2021 22:53:50 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by whitealder.osuosl.org (Postfix) with ESMTPS id 3811886A24 for ; Tue, 5 Jan 2021 22:53:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1609887228; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=M3fKOQKGgAxw0NxU3q5MKqevsQWG7LQd/iKZvcuqmlE=; b=iBMu5cC7uj8ms6SnQPkjyioS4f2gVj3/BEJ6bAm1OF58nt6z45nOp2AoN/lfMulHujFZsQ Ln5waow5Pqd9LTKCxqBVbZ1IyW+20ZYuFdZPuzVo3/MOVUpsMrZ0hL1pzMnpBzRUVKCR3t YTea5R1hPHAFshM6uKyFuDus/IeTeWA= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-38-4kZ_MrGUPZKGzPtxtUh7Sw-1; Tue, 05 Jan 2021 17:53:47 -0500 X-MC-Unique: 4kZ_MrGUPZKGzPtxtUh7Sw-1 Received: by mail-wm1-f72.google.com with SMTP id a205so94843wme.9 for ; Tue, 05 Jan 2021 14:53:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=M3fKOQKGgAxw0NxU3q5MKqevsQWG7LQd/iKZvcuqmlE=; b=ad2wG2r10ZuRlD9SFtkgKGmbP1aRbBNRcQhI7uVH8sUyilIlu6VXOZ1YKsx1d7nqlN iTnLDGjD2jAMWkKN0k5ensnapMfZDtKDfX+Kl+h2u2ANtt1OdRid6zWCif8St3+Tis+f oiND++GW5AoiKc9L83uQmu3viIv/2PtJ9a+z99cjhtwvvB+mqic4wCgn2j4ky7zI/nzw +1YD/5OTHswBMn3QvVm3M6KqmZ+Q42+LlJ+zblgU29R3pIpp02I4oS612aepuLqMcnXR yrFo8L1XcahMRpu6hEwX6tzIT0XAAxKdiVu5TlwebdayE3Potwr21uIL9fLkTqUTvIgB t3Og== X-Gm-Message-State: AOAM533j6mBfD1KH0D9giWWVxB+Iqwm2/C/QKphKnPipSsC5T0PLWdN1 q2iYR7NvjKGYVZ2z/Lz5Vud7Irbyy71FVQ3CZ702+zGV0hpNyF9arcJKNPL/Q148MWd3jCNhStf MaGaNM2FvyBgI X-Received: by 2002:a1c:4407:: with SMTP id r7mr1118452wma.104.1609887226034; Tue, 05 Jan 2021 14:53:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJy52UaEsUK/h1R/O5GgVcDPJZziNqpjphW9w/+tUJO8BFPQJblKgVU/QrMjx2PvQlReeWWWVQ== X-Received: by 2002:a1c:4407:: with SMTP id r7mr1118447wma.104.1609887225910; Tue, 05 Jan 2021 14:53:45 -0800 (PST) Received: from wsfd-netdev77.ntdv.lab.eng.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id v1sm691932wmj.31.2021.01.05.14.53.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Jan 2021 14:53:45 -0800 (PST) From: Mark Gray To: mark.d.gray@redhat.com, dev@openvswitch.org Date: Tue, 5 Jan 2021 17:53:40 -0500 Message-Id: <20210105225341.1751305-2-mark.d.gray@redhat.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20210105225341.1751305-1-mark.d.gray@redhat.com> References: <20210105225341.1751305-1-mark.d.gray@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mark.d.gray@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Cc: Flavio Leitner Subject: [ovs-dev] [PATCH v4 1/2] ovs-monitor-ipsec: Allow exit of ipsec daemon maintaining state X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e. active ipsec connections, /etc/ipsec.conf, certs/keys). In some use-cases, we may want to exit and maintain state so that ipsec connectivity is maintained. One example of this is during an upgrade. This will require the caller to clear this persistent state when appropriate (e.g. before 'ovs-monitor-ipsec') is restarted. Signed-off-by: Mark Gray Acked-by: Eelco Chaudron Acked-by: Flavio Leitner --- v2: Changed command syntax v3: Added Flavio's ack v4: Rebased and added NEWS section NEWS | 3 +++ ipsec/ovs-monitor-ipsec.in | 30 +++++++++++++++++++++--------- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index 402b4c6646c3..b847c6a995bd 100644 --- a/NEWS +++ b/NEWS @@ -38,6 +38,9 @@ Post-v2.14.0 - ovs-dpctl and 'ovs-appctl dpctl/': * New commands '{add,mod,del}-flows' where added, which allow adding, deleting, or modifying flows based on information read from a file. + - IPsec: + * Add option to allow ovs-monitor-ipsec to stop without tearing down + IPsec tunnels. v2.14.0 - 17 Aug 2020 diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index f9451e53cd40..6d12cd8d2b03 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -1150,19 +1150,30 @@ def unixctl_refresh(conn, unused_argv, unused_aux): conn.reply(None) -def unixctl_exit(conn, unused_argv, unused_aux): +def unixctl_exit(conn, argv, unused_aux): global monitor global exiting + ret = None exiting = True + cleanup = True - # Make sure persistent global states are cleared - monitor.update_conf([None, None, None, None], None) - # Make sure persistent tunnel states are cleared - for tunnel in monitor.tunnels.keys(): - monitor.del_tunnel(tunnel) - monitor.run() + for arg in argv: + if arg == "--no-cleanup": + cleanup = False + else: + cleanup = False + exiting = False + ret = str("unrecognized parameter: %s" % arg) + + if cleanup: + # Make sure persistent global states are cleared + monitor.update_conf([None, None, None, None], None) + # Make sure persistent tunnel states are cleared + for tunnel in monitor.tunnels.keys(): + monitor.del_tunnel(tunnel) + monitor.run() - conn.reply(None) + conn.reply(ret) def main(): @@ -1208,7 +1219,8 @@ def main(): ovs.unixctl.command_register("tunnels/show", "", 0, 0, unixctl_show, None) ovs.unixctl.command_register("refresh", "", 0, 0, unixctl_refresh, None) - ovs.unixctl.command_register("exit", "", 0, 0, unixctl_exit, None) + ovs.unixctl.command_register("exit", "[--no-cleanup]", 0, 1, + unixctl_exit, None) error, unixctl_server = ovs.unixctl.server.UnixctlServer.create(None) if error: