Message ID | 20240320180502.1266135-1-mkp@redhat.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [ovs-dev,v2] ovs-monitor-ipsec: LibreSwan autodetect paths. | expand |
Context | Check | Description |
---|---|---|
ovsrobot/apply-robot | success | apply and check: success |
ovsrobot/github-robot-_Build_and_Test | fail | github build: failed |
ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
ovsrobot/intel-ovs-compilation | success | test: success |
On Wed, Mar 20, 2024 at 2:05 PM Mike Pattrick <mkp@redhat.com> wrote: > > In v4.0, LibreSwan changed a default paths that had been hardcoded in > ovs-monitor-ipsec, breaking some uses of this script. This patch adds > support for both old and newer versions by auto detecting the version > of LibreSwan and then choosing the correct path. > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039 > Reported-by: Qijun Ding <qding@redhat.com> > Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.") > Signed-off-by: Mike Pattrick <mkp@redhat.com> > --- > v2: Don't extract variables from ipsec script > --- Failed with 503 Service Unavailable Recheck-request: github-robot
On 3/20/24 19:48, Mike Pattrick wrote: > On Wed, Mar 20, 2024 at 2:05 PM Mike Pattrick <mkp@redhat.com> wrote: >> >> In v4.0, LibreSwan changed a default paths that had been hardcoded in >> ovs-monitor-ipsec, breaking some uses of this script. This patch adds >> support for both old and newer versions by auto detecting the version >> of LibreSwan and then choosing the correct path. >> >> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039 >> Reported-by: Qijun Ding <qding@redhat.com> >> Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.") >> Signed-off-by: Mike Pattrick <mkp@redhat.com> >> --- >> v2: Don't extract variables from ipsec script >> --- > > Failed with 503 Service Unavailable > > Recheck-request: github-robot It is not going to work until the incident is resolved: https://status.canonical.com/ Best regards, Ilya Maximets.
On 3/20/24 19:05, Mike Pattrick wrote: > In v4.0, LibreSwan changed a default paths that had been hardcoded in > ovs-monitor-ipsec, breaking some uses of this script. This patch adds > support for both old and newer versions by auto detecting the version > of LibreSwan and then choosing the correct path. > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039 > Reported-by: Qijun Ding <qding@redhat.com> > Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.") > Signed-off-by: Mike Pattrick <mkp@redhat.com> > --- > v2: Don't extract variables from ipsec script > --- > ipsec/ovs-monitor-ipsec.in | 16 ++++++++++++++-- > 1 file changed, 14 insertions(+), 2 deletions(-) > > diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in > index 7945162f9..6a71d4f2f 100755 > --- a/ipsec/ovs-monitor-ipsec.in > +++ b/ipsec/ovs-monitor-ipsec.in > @@ -21,6 +21,7 @@ import re > import subprocess > import sys > from string import Template > +from packaging.version import parse Hmm. This is not part of a standard library, it's a new dependency for the script. We either need to add python3-packaging as a new dependency or find a different way of checking. The latter is likely a better option. Just parsing out the first number before the dot and converting to integer might be an easier solution. Best regards, Ilya Maximets.
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 7945162f9..6a71d4f2f 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -21,6 +21,7 @@ import re import subprocess import sys from string import Template +from packaging.version import parse import ovs.daemon import ovs.db.idl @@ -457,14 +458,25 @@ conn prevent_unencrypted_vxlan CERTKEY_PREFIX = "ovs_certkey_" def __init__(self, libreswan_root_prefix, args): + # Collect version infromation + self.IPSEC = libreswan_root_prefix + "/usr/sbin/ipsec" + proc = subprocess.Popen([self.IPSEC, "--version"], + stdout=subprocess.PIPE, + encoding="latin1") + pout, perr = proc.communicate() + + v = re.match("^Libreswan (.*)$", pout) + if v and parse(v.group(1)) >= parse("4.0"): + ipsec_d = args.ipsec_d if args.ipsec_d else "/var/lib/ipsec/nss" + else: + ipsec_d = args.ipsec_d if args.ipsec_d else "/etc/ipsec.d" + ipsec_conf = args.ipsec_conf if args.ipsec_conf else "/etc/ipsec.conf" - ipsec_d = args.ipsec_d if args.ipsec_d else "/etc/ipsec.d" ipsec_secrets = (args.ipsec_secrets if args.ipsec_secrets else "/etc/ipsec.secrets") ipsec_ctl = (args.ipsec_ctl if args.ipsec_ctl else "/run/pluto/pluto.ctl") - self.IPSEC = libreswan_root_prefix + "/usr/sbin/ipsec" self.IPSEC_CONF = libreswan_root_prefix + ipsec_conf self.IPSEC_SECRETS = libreswan_root_prefix + ipsec_secrets self.IPSEC_D = "sql:" + libreswan_root_prefix + ipsec_d
In v4.0, LibreSwan changed a default paths that had been hardcoded in ovs-monitor-ipsec, breaking some uses of this script. This patch adds support for both old and newer versions by auto detecting the version of LibreSwan and then choosing the correct path. Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039 Reported-by: Qijun Ding <qding@redhat.com> Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.") Signed-off-by: Mike Pattrick <mkp@redhat.com> --- v2: Don't extract variables from ipsec script --- ipsec/ovs-monitor-ipsec.in | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-)