diff options
author | Ansis Atteka <aatteka@nicira.com> | 2012-03-08 16:19:59 -0800 |
---|---|---|
committer | Ansis Atteka <aatteka@nicira.com> | 2012-03-08 17:15:19 -0800 |
commit | 5e2a9988bb7853cad67a36e869d532d9d2f4533a (patch) | |
tree | 71d070eac10c8e5448cbd22065109252bff5d298 /debian | |
parent | d67025e04b96ff26f22dd51167a9c44ed0e8871c (diff) |
ovs-monitor-ipsec: Detect correctly IPSEC configuration changes
If Open vSwitch has IPSEC tunnel (with certificates) and Interface
table was updated, then ovs-monitor-ipsec daemon would incorrectly
remove and readd all existing IPSEC tunnels.
The root cause for this issue was that "peer_cert_file" key was present in
interfaces dictionary, but it was missing in new_interfaces dictionary.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Reported-by: Niklas Andersson <nandersson@nicira.com>
Diffstat (limited to 'debian')
-rwxr-xr-x | debian/ovs-monitor-ipsec | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec index ac2cd7e1..fc69268f 100755 --- a/debian/ovs-monitor-ipsec +++ b/debian/ovs-monitor-ipsec @@ -216,12 +216,10 @@ path certificate "%s"; # The peer's certificate comes to us in PEM format as a string. # Write that string to a file for Racoon to use. - peer_cert_file = "%s/ovs-%s.pem" % (self.cert_dir, host) - f = open(root_prefix + peer_cert_file, "w") + f = open(root_prefix + vals["peer_cert_file"], "w") f.write(vals["peer_cert"]) f.close() - vals["peer_cert_file"] = peer_cert_file self.cert_hosts[host] = vals self.commit() @@ -489,8 +487,11 @@ def main(): vlog.warn("no valid SSL entry for %s" % name) continue + peer_cert_name = "ovs-%s.pem" % (options.get("remote_ip")) entry["certificate"] = ssl_cert[0] entry["private_key"] = ssl_cert[1] + entry["peer_cert_file"] = (Racoon.cert_dir + "/" + + peer_cert_name) new_interfaces[name] = entry |