@@ -922,7 +922,7 @@ class IPsecTunnel(object):
class IPsecMonitor(object):
"""This class monitors and configures IPsec tunnels"""
- def __init__(self, root_prefix, ike_daemon):
+ def __init__(self, root_prefix, ike_daemon, restart):
self.IPSEC = root_prefix + "/usr/sbin/ipsec"
self.tunnels = {}
@@ -952,7 +952,9 @@ class IPsecMonitor(object):
not os.access(self.IPSEC, os.X_OK):
vlog.err("IKE daemon is not installed in the system.")
- self.ike_helper.restart_ike_daemon()
+ if restart:
+ vlog.info("Restarting IKE daemon")
+ self.ike_helper.restart_ike_daemon()
def is_tunneling_type_supported(self, tunnel_type):
"""Returns True if we know how to configure IPsec for these
@@ -1183,6 +1185,8 @@ def main():
parser.add_argument("--ike-daemon", metavar="IKE-DAEMON",
help="The IKE daemon used for IPsec tunnels"
" (either libreswan or strongswan).")
+ parser.add_argument("--no-restart-ike-daemon", action='store_true',
+ help="Don't restart the IKE daemon on startup.")
ovs.vlog.add_args(parser)
ovs.daemon.add_args(parser)
@@ -1195,7 +1199,8 @@ def main():
root_prefix = args.root_prefix if args.root_prefix else ""
xfrm = XFRM(root_prefix)
- monitor = IPsecMonitor(root_prefix, args.ike_daemon)
+ monitor = IPsecMonitor(root_prefix, args.ike_daemon,
+ not args.no_restart_ike_daemon)
remote = args.database
schema_helper = ovs.db.idl.SchemaHelper()
@@ -230,9 +230,14 @@ start_forwarding () {
}
start_ovs_ipsec () {
+ if test X$RESTART_IKE_DAEMON = Xno; then
+ no_restart="--no-restart-ike-daemon"
+ fi
+
${datadir}/scripts/ovs-monitor-ipsec \
--pidfile=${rundir}/ovs-monitor-ipsec.pid \
--ike-daemon=$IKE_DAEMON \
+ $no_restart \
--log-file --detach --monitor unix:${rundir}/db.sock || return 1
return 0
}
@@ -340,6 +345,7 @@ set_defaults () {
SPORT=
IKE_DAEMON=
+ RESTART_IKE_DAEMON=yes
type_file=$etcdir/system-type.conf
version_file=$etcdir/system-version.conf
@@ -423,6 +429,8 @@ Options for "enable-protocol":
Option for "start-ovs-ipsec":
--ike-daemon=IKE_DAEMON
the IKE daemon for ipsec tunnels (either libreswan or strongswan)
+ --no-restart-ike-daemon
+ do not restart the IKE daemon on startup
Other options:
-h, --help display this help message