diff mbox series

[ovs-dev,v2,3/4] ovs-monitor-ipsec: Allow exit of ipsec daemon maintaining state

Message ID 20201224093858.1455190-4-mark.d.gray@redhat.com
State Changes Requested
Headers show
Series ipsec: Various fixes for ovs-monitor-ipsec | expand

Commit Message

Mark Gray Dec. 24, 2020, 9:38 a.m. UTC 
When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e.
active ipsec connections, /etc/ipsec.conf, certs/keys). In some
use-cases, we may want to exit and maintain state so that ipsec
connectivity is maintained. One example of this is during an
upgrade. This will require the caller to clear this persistent
state when appropriate (e.g. before 'ovs-monitor-ipsec') is restarted.

Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
---
v2:  Changed command syntax

 ipsec/ovs-monitor-ipsec.in | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

Comments

Flavio Leitner Dec. 24, 2020, 4:55 p.m. UTC | #1 
On Thu, Dec 24, 2020 at 04:38:57AM -0500, Mark Gray wrote:
> When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e.
> active ipsec connections, /etc/ipsec.conf, certs/keys). In some
> use-cases, we may want to exit and maintain state so that ipsec
> connectivity is maintained. One example of this is during an
> upgrade. This will require the caller to clear this persistent
> state when appropriate (e.g. before 'ovs-monitor-ipsec') is restarted.
> 
> Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
> Acked-by: Eelco Chaudron <echaudro@redhat.com>
> ---

Thanks Mark!

Acked-by: Flavio Leitner <fbl@sysclose.org>

fbl
diff mbox series

Patch

diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index 1793088d9be1..9b71c5185ffe 100755
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -1147,19 +1147,30 @@  def unixctl_refresh(conn, unused_argv, unused_aux):
     conn.reply(None)
 
 
-def unixctl_exit(conn, unused_argv, unused_aux):
+def unixctl_exit(conn, argv, unused_aux):
     global monitor
     global exiting
+    ret = None
     exiting = True
+    cleanup = True
 
-    # Make sure persistent global states are cleared
-    monitor.update_conf([None, None, None, None], None)
-    # Make sure persistent tunnel states are cleared
-    for tunnel in monitor.tunnels.keys():
-        monitor.del_tunnel(tunnel)
-    monitor.run()
+    for arg in argv:
+        if arg == "--no-cleanup":
+            cleanup = False
+        else:
+            cleanup = False
+            exiting = False
+            ret = str("unrecognized parameter: %s" % arg)
+
+    if cleanup:
+        # Make sure persistent global states are cleared
+        monitor.update_conf([None, None, None, None], None)
+        # Make sure persistent tunnel states are cleared
+        for tunnel in monitor.tunnels.keys():
+            monitor.del_tunnel(tunnel)
+        monitor.run()
 
-    conn.reply(None)
+    conn.reply(ret)
 
 
 def main():
@@ -1205,7 +1216,8 @@  def main():
     ovs.unixctl.command_register("tunnels/show", "", 0, 0,
                                  unixctl_show, None)
     ovs.unixctl.command_register("refresh", "", 0, 0, unixctl_refresh, None)
-    ovs.unixctl.command_register("exit", "", 0, 0, unixctl_exit, None)
+    ovs.unixctl.command_register("exit", "[--no-cleanup]", 0, 1,
+                                 unixctl_exit, None)
 
     error, unixctl_server = ovs.unixctl.server.UnixctlServer.create(None)
     if error: