From bc0c0bbf52a13855481e82a958cba833de45d310 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 13 Jul 2021 08:07:58 -0500 Subject: T3663: use inotify-based watching for the IPsec process restart. --- src/conf_mode/ipsec-settings.py | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py index a65e8b567..b59063fcd 100755 --- a/src/conf_mode/ipsec-settings.py +++ b/src/conf_mode/ipsec-settings.py @@ -22,7 +22,7 @@ from sys import exit from vyos.config import Config from vyos import ConfigError -from vyos.util import call +from vyos.util import call, wait_for_file_write_complete from vyos.template import render from vyos import airbag @@ -203,17 +203,16 @@ def generate(data): remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_file) def restart_ipsec(): - call('ipsec restart >&/dev/null') - # counter for apply swanctl config - counter = 10 - while counter <= 10: - if os.path.exists(charon_pidfile): - call('swanctl -q >&/dev/null') - break - counter -=1 - sleep(1) - if counter == 0: - raise ConfigError('VPN configuration error: IPSec is not running.') + try: + wait_for_file_write_complete(charon_pidfile, + pre_hook=(lambda: call('ipsec restart >&/dev/null')), + timeout=10) + + # Force configuration load + call('swanctl -q >&/dev/null') + + except OSError: + raise ConfigError('VPN configuration error: IPSec process did not start.') def apply(data): # Restart IPSec daemon -- cgit v1.2.3