class IPsecMonitor(object):
"""This class monitors and configures IPsec tunnels"""
- def __init__(self, root_prefix, ike_daemon):
+ def __init__(self, root_prefix, ike_daemon, restart):
self.IPSEC = root_prefix + "/usr/sbin/ipsec"
self.tunnels = {}
not os.access(self.IPSEC, os.X_OK):
vlog.err("IKE daemon is not installed in the system.")
- self.ike_helper.restart_ike_daemon()
+ if restart:
+ vlog.info("Restarting IKE daemon")
+ self.ike_helper.restart_ike_daemon()
def is_tunneling_type_supported(self, tunnel_type):
"""Returns True if we know how to configure IPsec for these
parser.add_argument("--ike-daemon", metavar="IKE-DAEMON",
help="The IKE daemon used for IPsec tunnels"
" (either libreswan or strongswan).")
+ parser.add_argument("--no-restart-ike-daemon", action='store_true',
+ help="Don't restart the IKE daemon on startup.")
ovs.vlog.add_args(parser)
ovs.daemon.add_args(parser)
root_prefix = args.root_prefix if args.root_prefix else ""
xfrm = XFRM(root_prefix)
- monitor = IPsecMonitor(root_prefix, args.ike_daemon)
+ monitor = IPsecMonitor(root_prefix, args.ike_daemon,
+ not args.no_restart_ike_daemon)
remote = args.database
schema_helper = ovs.db.idl.SchemaHelper()
}
start_ovs_ipsec () {
+ if test X$RESTART_IKE_DAEMON = Xno; then
+ no_restart="--no-restart-ike-daemon"
+ fi
+
${datadir}/scripts/ovs-monitor-ipsec \
--pidfile=${rundir}/ovs-monitor-ipsec.pid \
--ike-daemon=$IKE_DAEMON \
+ $no_restart \
--log-file --detach --monitor unix:${rundir}/db.sock || return 1
return 0
}
SPORT=
IKE_DAEMON=
+ RESTART_IKE_DAEMON=yes
type_file=$etcdir/system-type.conf
version_file=$etcdir/system-version.conf
Option for "start-ovs-ipsec":
--ike-daemon=IKE_DAEMON
the IKE daemon for ipsec tunnels (either libreswan or strongswan)
+ --no-restart-ike-daemon
+ do not restart the IKE daemon on startup
Other options:
-h, --help display this help message