diff mbox series

[ovs-dev,v4,1/2] ovs-monitor-ipsec: Allow exit of ipsec daemon maintaining state

Message ID 20210105225341.1751305-2-mark.d.gray@redhat.com
State Accepted
Headers show
Series ipsec: Various fixes for ovs-monitor-ipsec | expand

Commit Message

Mark Gray Jan. 5, 2021, 10:53 p.m. UTC 
When 'ovs-monitor-ipsec' exits, it clears all persistent state (i.e.
active ipsec connections, /etc/ipsec.conf, certs/keys). In some
use-cases, we may want to exit and maintain state so that ipsec
connectivity is maintained. One example of this is during an
upgrade. This will require the caller to clear this persistent
state when appropriate (e.g. before 'ovs-monitor-ipsec') is restarted.

Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
---
v2:  Changed command syntax
v3:  Added Flavio's ack
v4:  Rebased and added NEWS section

 NEWS                       |  3 +++
 ipsec/ovs-monitor-ipsec.in | 30 +++++++++++++++++++++---------
 2 files changed, 24 insertions(+), 9 deletions(-)
diff mbox series

Patch

diff --git a/NEWS b/NEWS
index 402b4c6646c3..b847c6a995bd 100644
--- a/NEWS
+++ b/NEWS
@@ -38,6 +38,9 @@  Post-v2.14.0
    - ovs-dpctl and 'ovs-appctl dpctl/':
      * New commands '{add,mod,del}-flows' where added, which allow adding,
        deleting, or modifying flows based on information read from a file.
+   - IPsec:
+     * Add option to allow ovs-monitor-ipsec to stop without tearing down
+       IPsec tunnels.
 
 
 v2.14.0 - 17 Aug 2020
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index f9451e53cd40..6d12cd8d2b03 100755
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -1150,19 +1150,30 @@  def unixctl_refresh(conn, unused_argv, unused_aux):
     conn.reply(None)
 
 
-def unixctl_exit(conn, unused_argv, unused_aux):
+def unixctl_exit(conn, argv, unused_aux):
     global monitor
     global exiting
+    ret = None
     exiting = True
+    cleanup = True
 
-    # Make sure persistent global states are cleared
-    monitor.update_conf([None, None, None, None], None)
-    # Make sure persistent tunnel states are cleared
-    for tunnel in monitor.tunnels.keys():
-        monitor.del_tunnel(tunnel)
-    monitor.run()
+    for arg in argv:
+        if arg == "--no-cleanup":
+            cleanup = False
+        else:
+            cleanup = False
+            exiting = False
+            ret = str("unrecognized parameter: %s" % arg)
+
+    if cleanup:
+        # Make sure persistent global states are cleared
+        monitor.update_conf([None, None, None, None], None)
+        # Make sure persistent tunnel states are cleared
+        for tunnel in monitor.tunnels.keys():
+            monitor.del_tunnel(tunnel)
+        monitor.run()
 
-    conn.reply(None)
+    conn.reply(ret)
 
 
 def main():
@@ -1208,7 +1219,8 @@  def main():
     ovs.unixctl.command_register("tunnels/show", "", 0, 0,
                                  unixctl_show, None)
     ovs.unixctl.command_register("refresh", "", 0, 0, unixctl_refresh, None)
-    ovs.unixctl.command_register("exit", "", 0, 0, unixctl_exit, None)
+    ovs.unixctl.command_register("exit", "[--no-cleanup]", 0, 1,
+                                 unixctl_exit, None)
 
     error, unixctl_server = ovs.unixctl.server.UnixctlServer.create(None)
     if error: