diff options
| author | Mohammad Heib <mheib@redhat.com> | 2022-02-07 21:15:00 +0200 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2022-03-04 20:11:04 +0100 |
| commit | 10b55282a08334d72e63f799a2f661f3bc240171 (patch) | |
| tree | e119a0422e3c2897f63d080485eaf08e114248db /ipsec | |
| parent | 7bd08b6c16e7b8d4c2aa1c34f57178a7e09982ff (diff) | |
| download | openvswitch-10b55282a08334d72e63f799a2f661f3bc240171.tar.gz | |
ipsec: StrongSwan report connection update failures to ovs logs.
Currently when the user adds an IPsec tunnel port to the
ovs bridge the ovs-monitor-ipsec script will add this tunnel
IPsec-related configuration to the appropriate file and
submit a request to start the IPsec connection for this port
and ignores the request output which can contain an error message.
This patch captures the request output and prints
the error message to the ovs logs.
Acked-by: Mike Pattrick <mkp@redhat.com>
Signed-off-by: Mohammad Heib <mheib@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'ipsec')
| -rwxr-xr-x | ipsec/ovs-monitor-ipsec.in | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index aa0135b86..631a8fca8 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -337,7 +337,14 @@ conn prevent_unencrypted_vxlan Once strongSwan vici bindings will be distributed with major Linux distributions this function could be simplified.""" vlog.info("Refreshing StrongSwan configuration") - subprocess.call([self.IPSEC, "update"]) + proc = subprocess.Popen([self.IPSEC, "update"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + outs, errs = proc.communicate() + if proc.returncode != 0: + vlog.err("StrongSwan failed to update configuration:\n" + "%s \n %s" % (str(outs), str(errs))) + subprocess.call([self.IPSEC, "rereadsecrets"]) # "ipsec update" command does not remove those tunnels that were # updated or that disappeared from the ipsec.conf file. So, we have |