Message ID | 20240321131649.1307798-1-mkp@redhat.com |
---|---|
State | Accepted |
Commit | 3ddb31f60487c9e26102372b56dec4b705368602 |
Headers | show |
Series | [ovs-dev,v3] ovs-monitor-ipsec: LibreSwan autodetect paths. | expand |
Context | Check | Description |
---|---|---|
ovsrobot/apply-robot | success | apply and check: success |
ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
ovsrobot/intel-ovs-compilation | success | test: success |
On 3/21/24 14:16, Mike Pattrick wrote: > In v4.0, LibreSwan changed a default paths that had been hardcoded in > ovs-monitor-ipsec, breaking some uses of this script. This patch adds > support for both old and newer versions by auto detecting the version > of LibreSwan and then choosing the correct path. > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039 > Reported-by: Qijun Ding <qding@redhat.com> > Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.") > Signed-off-by: Mike Pattrick <mkp@redhat.com> > --- > v2: Don't extract variables from ipsec script > v3: Removed use of packaging > --- > ipsec/ovs-monitor-ipsec.in | 20 ++++++++++++++++++-- > 1 file changed, 18 insertions(+), 2 deletions(-) Thanks! Applied and backported down to 2.17. Best regards, Ilya Maximets.
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 7945162f9..bc7ac5523 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -457,14 +457,30 @@ conn prevent_unencrypted_vxlan CERTKEY_PREFIX = "ovs_certkey_" def __init__(self, libreswan_root_prefix, args): + # Collect version infromation + self.IPSEC = libreswan_root_prefix + "/usr/sbin/ipsec" + proc = subprocess.Popen([self.IPSEC, "--version"], + stdout=subprocess.PIPE, + encoding="latin1") + pout, perr = proc.communicate() + + v = re.match("^Libreswan (.*)$", pout) + try: + version = int(v.group(1).split(".")[0]) + except: + version = 0 + + if version >= 4: + ipsec_d = args.ipsec_d if args.ipsec_d else "/var/lib/ipsec/nss" + else: + ipsec_d = args.ipsec_d if args.ipsec_d else "/etc/ipsec.d" + ipsec_conf = args.ipsec_conf if args.ipsec_conf else "/etc/ipsec.conf" - ipsec_d = args.ipsec_d if args.ipsec_d else "/etc/ipsec.d" ipsec_secrets = (args.ipsec_secrets if args.ipsec_secrets else "/etc/ipsec.secrets") ipsec_ctl = (args.ipsec_ctl if args.ipsec_ctl else "/run/pluto/pluto.ctl") - self.IPSEC = libreswan_root_prefix + "/usr/sbin/ipsec" self.IPSEC_CONF = libreswan_root_prefix + ipsec_conf self.IPSEC_SECRETS = libreswan_root_prefix + ipsec_secrets self.IPSEC_D = "sql:" + libreswan_root_prefix + ipsec_d
In v4.0, LibreSwan changed a default paths that had been hardcoded in ovs-monitor-ipsec, breaking some uses of this script. This patch adds support for both old and newer versions by auto detecting the version of LibreSwan and then choosing the correct path. Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039 Reported-by: Qijun Ding <qding@redhat.com> Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.") Signed-off-by: Mike Pattrick <mkp@redhat.com> --- v2: Don't extract variables from ipsec script v3: Removed use of packaging --- ipsec/ovs-monitor-ipsec.in | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-)