diff mbox series

[ovs-dev] ovs/ipsec: StrongSwan report connection update failures to ovs logs

Message ID 20220207191500.797659-1-mheib@redhat.com
State Accepted
Headers show
Series [ovs-dev] ovs/ipsec: StrongSwan report connection update failures to ovs logs | expand

Checks

Context Check Description
ovsrobot/apply-robot success apply and check: success
ovsrobot/github-robot-_Build_and_Test success github build: passed
ovsrobot/intel-ovs-compilation success test: success

Commit Message

Mohammad Heib Feb. 7, 2022, 7:15 p.m. UTC 
Currently when the user adds an IPsec tunnel port to the
ovs bridge the ovs-monitor-ipsec script will add this tunnel
IPsec-related configuration to the appropriate file and
submit a request to start the IPsec connection for this port
and ignores the request output which can contain an error message.

This patch captures the request output and prints
the error message to the ovs logs.

Signed-off-by: Mohammad Heib <mheib@redhat.com>
---
 ipsec/ovs-monitor-ipsec.in | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Comments

Mike Pattrick Feb. 25, 2022, 8:45 p.m. UTC | #1 
On Mon, Feb 7, 2022 at 2:15 PM Mohammad Heib <mheib@redhat.com> wrote:
>
> Currently when the user adds an IPsec tunnel port to the
> ovs bridge the ovs-monitor-ipsec script will add this tunnel
> IPsec-related configuration to the appropriate file and
> submit a request to start the IPsec connection for this port
> and ignores the request output which can contain an error message.
>
> This patch captures the request output and prints
> the error message to the ovs logs.
>
> Signed-off-by: Mohammad Heib <mheib@redhat.com>

Acked-by: Mike Pattrick <mkp@redhat.com>
Ilya Maximets March 4, 2022, 11:11 p.m. UTC | #2 
On 2/25/22 21:45, Mike Pattrick wrote:
> On Mon, Feb 7, 2022 at 2:15 PM Mohammad Heib <mheib@redhat.com> wrote:
>>
>> Currently when the user adds an IPsec tunnel port to the
>> ovs bridge the ovs-monitor-ipsec script will add this tunnel
>> IPsec-related configuration to the appropriate file and
>> submit a request to start the IPsec connection for this port
>> and ignores the request output which can contain an error message.
>>
>> This patch captures the request output and prints
>> the error message to the ovs logs.
>>
>> Signed-off-by: Mohammad Heib <mheib@redhat.com>
> 
> Acked-by: Mike Pattrick <mkp@redhat.com>

Thanks!  Applied to master and 2.17.

Best regards, Ilya Maximets.
diff mbox series

Patch

diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index a8b0705d9..c8dfa06fd 100755
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -337,7 +337,14 @@  conn prevent_unencrypted_vxlan
         Once strongSwan vici bindings will be distributed with major
         Linux distributions this function could be simplified."""
         vlog.info("Refreshing StrongSwan configuration")
-        subprocess.call([self.IPSEC, "update"])
+        proc = subprocess.Popen([self.IPSEC, "update"],
+                        stdout=subprocess.PIPE,
+                        stderr=subprocess.PIPE)
+        outs, errs = proc.communicate()
+        if proc.returncode != 0:
+            vlog.err("StrongSwan failed to update configuration:\n"
+                           "%s \n %s" % (str(outs), str(errs)))
+
         subprocess.call([self.IPSEC, "rereadsecrets"])
         # "ipsec update" command does not remove those tunnels that were
         # updated or that disappeared from the ipsec.conf file.  So, we have