diff options
| author | Ansis Atteka <aatteka@nicira.com> | 2012-03-08 18:58:09 -0800 |
|---|---|---|
| committer | Ansis Atteka <aatteka@nicira.com> | 2012-03-08 22:43:10 -0800 |
| commit | 12bb621f563c2644ce20922e641848c35ede98c0 (patch) | |
| tree | 49751d1fc2f69fbd40d300eb66ca26349d34d57a | |
| parent | cf80480c63de67232d31816f03bd0187304e0a43 (diff) | |
ovs-monitor-ipsec: Detect correctly IPSEC configuration changes
If Open vSwitch has IPSEC tunnel (with certificates) and Interface
table was updated, then ovs-monitor-ipsec daemon would incorrectly
remove and readd all existing IPSEC tunnels.
The root cause for this issue was that "peer_cert_file" key was present in
interfaces dictionary, but it was missing in new_interfaces dictionary.
v2: Do not fail buildtests
Issue#10096
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Reported-by: Niklas Andersson <nandersson@nicira.com>
| -rwxr-xr-x | debian/ovs-monitor-ipsec | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec index 97070826..981f0a2c 100755 --- a/debian/ovs-monitor-ipsec +++ b/debian/ovs-monitor-ipsec @@ -216,13 +216,10 @@ path certificate "%s"; # The peer's certificate comes to us in PEM format as a string. # Write that string to a file for Racoon to use. - peer_cert_file = "%s/ovs-%s.pem" % (self.cert_dir, host) - f = open(root_prefix + peer_cert_file, "w") + f = open(root_prefix + vals["peer_cert_file"], "w") f.write(vals["peer_cert"]) f.close() - vals["peer_cert_file"] = peer_cert_file - self.cert_hosts[host] = vals self.commit() @@ -467,6 +464,7 @@ def main(): if rec.type == "ipsec_gre": name = rec.name options = rec.options + peer_cert_name = "ovs-%s.pem" % (options.get("remote_ip")) entry = { "remote_ip": options.get("remote_ip"), "local_ip": options.get("local_ip", "0.0.0.0/0"), @@ -474,6 +472,7 @@ def main(): "private_key": options.get("private_key"), "use_ssl_cert": options.get("use_ssl_cert"), "peer_cert": options.get("peer_cert"), + "peer_cert_file": Racoon.cert_dir + "/" + peer_cert_name, "psk": options.get("psk")} if entry["peer_cert"] and entry["psk"]: |