git://git.onelab.eu / sliver-openvswitch.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
vswitch: Use "ipsec_gre" vport instead of "gre" with "other_config"
[sliver-openvswitch.git] / debian / ovs-monitor-ipsec
diff --git a/debian/ovs-monitor-ipsec b/debian/ovs-monitor-ipsec
index 1caece3..27c15e8 100755 (executable)
--- a/debian/ovs-monitor-ipsec
+++ b/debian/ovs-monitor-ipsec
@@ -66,6 +66,7 @@ path certificate "/etc/racoon/certs";
 
 remote anonymous {
         exchange_mode main;
+        nat_traversal on;
         proposal {
                 encryption_algorithm aes;
                 hash_algorithm sha1;
@@ -254,8 +255,7 @@ def monitor_uuid_schema_cb(schema):
     new_tables["Interface"] = keep_table_columns(
         schema, "Interface", {"name": string_type,
                               "type": string_type,
-                              "options": string_map_type,
-                              "other_config": string_map_type})
+                              "options": string_map_type})
     schema.tables = new_tables
 
 def usage():
@@ -307,35 +307,42 @@ def main(argv):
         new_interfaces = {}
         for rec in idl.data["Interface"].itervalues():
             name = rec.name.as_scalar()
-            local_ip = rec.other_config.get("ipsec_local_ip")
-            if rec.type.as_scalar() == "gre" and local_ip:
-                new_interfaces[name] = {
+            ipsec_cert = rec.options.get("ipsec_cert")
+            ipsec_psk = rec.options.get("ipsec_psk")
+            is_ipsec = ipsec_cert or ipsec_psk
+
+            if rec.type.as_scalar() == "ipsec_gre":
+                if ipsec_cert or ipsec_psk:
+                    new_interfaces[name] = {
                         "remote_ip": rec.options.get("remote_ip"),
-                        "local_ip": local_ip,
-                        "ipsec_cert": rec.other_config.get("ipsec_cert"),
-                        "ipsec_psk": rec.other_config.get("ipsec_psk") }
+                        "local_ip": rec.options.get("local_ip", "0.0.0.0/0"),
+                        "ipsec_cert": ipsec_cert,
+                        "ipsec_psk": ipsec_psk }
+                else:
+                    s_log.warning(
+                        "no ipsec_cert or ipsec_psk defined for %s" % name)
  
         if interfaces != new_interfaces:
             for name, vals in interfaces.items():
                 if name not in new_interfaces.keys():
                     ipsec.ipsec_cert_del(vals["local_ip"], vals["remote_ip"])
             for name, vals in new_interfaces.items():
-                if vals == interfaces.get(name):
-                    s_log.warning(
-                        "configuration changed for %s, need to delete "
-                        "interface first" % name)
+                orig_vals = interfaces.get(name):
+                if orig_vals:
+                    # Configuration for this host already exists.  If
+                    # it has changed, this is an error.
+                    if vals != orig_vals:
+                        s_log.warning(
+                            "configuration changed for %s, need to delete "
+                            "interface first" % name)
                     continue
 
                 if vals["ipsec_cert"]:
                     ipsec.ipsec_cert_update(vals["local_ip"],
                             vals["remote_ip"], vals["ipsec_cert"])
-                elif vals["ipsec_psk"]:
+                else:
                     ipsec.ipsec_psk_update(vals["local_ip"], 
                             vals["remote_ip"], vals["ipsec_psk"])
-                else:
-                    s_log.warning(
-                        "no ipsec_cert or ipsec_psk defined for %s" % name)
-                    continue
 
             interfaces = new_interfaces
  
@@ -347,3 +354,4 @@ if __name__ == '__main__':
         raise
     except:
         s_log.exception("traceback")
+        sys.exit(ovs.daemon.RESTART_EXIT_CODE)
sliver-openvswitch