openvpn: T3995: implement systemd reload support

(cherry picked from commit eceaa3a787929f5a514b9c45da52936c0d4d4a54)

2 files changed, 3 insertions, 2 deletions

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 4e3c19be2..ae35ed3c4 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -493,10 +493,10 @@ def generate(openvpn):
 
 def apply(openvpn):
     interface = openvpn['ifname']
-    call(f'systemctl stop openvpn@{interface}.service')
 
     # Do some cleanup when OpenVPN is disabled/deleted
     if 'deleted' in openvpn or 'disable' in openvpn:
+        call(f'systemctl stop openvpn@{interface}.service')
         for cleanup_file in glob(f'/run/openvpn/{interface}.*'):
             if os.path.isfile(cleanup_file):
                 os.unlink(cleanup_file)
@@ -508,7 +508,7 @@ def apply(openvpn):
 
     # No matching OpenVPN process running - maybe it got killed or none
     # existed - nevertheless, spawn new OpenVPN process
-    call(f'systemctl start openvpn@{interface}.service')
+    call(f'systemctl reload-or-restart openvpn@{interface}.service')
 
     conf = VTunIf.get_config()
     conf['device_type'] = openvpn['device_type']
diff --git a/src/etc/systemd/system/openvpn@.service.d/10-override.conf b/src/etc/systemd/system/openvpn@.service.d/10-override.conf
index 03fe6b587..775a2d7ba 100644
--- a/src/etc/systemd/system/openvpn@.service.d/10-override.conf
+++ b/src/etc/systemd/system/openvpn@.service.d/10-override.conf
@@ -7,6 +7,7 @@ WorkingDirectory=
 WorkingDirectory=/run/openvpn
 ExecStart=
 ExecStart=/usr/sbin/openvpn --daemon openvpn-%i --config %i.conf --status %i.status 30 --writepid %i.pid
+ExecReload=/bin/kill -HUP $MAINPID
 User=openvpn
 Group=openvpn
 AmbientCapabilities=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE