summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2021-07-13 08:07:58 -0500
committerDaniil Baturin <daniil@vyos.io>2021-07-13 08:22:10 -0500
commite41a4ebbb11f0b41c071074664e22b318c5f2917 (patch)
tree205de1f337a0b62dde1b43f7feaf59419d24e1a8
parentcb4ace6468aa298394b57d6e4c37ff9193ee8ed1 (diff)
downloadvyos-1x-e41a4ebbb11f0b41c071074664e22b318c5f2917.tar.gz
vyos-1x-e41a4ebbb11f0b41c071074664e22b318c5f2917.zip
T3663: use inotify-based watching for the IPsec process restart.
-rwxr-xr-xsrc/conf_mode/ipsec-settings.py23
1 files changed, 11 insertions, 12 deletions
diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index 0599bf101..221b38baf 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -22,7 +22,7 @@ from sys import exit
from vyos.config import Config
from vyos import ConfigError
-from vyos.util import call
+from vyos.util import call, wait_for_file_write_complete
from vyos.template import render
from vyos import airbag
@@ -197,17 +197,16 @@ def generate(data):
remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_file)
def restart_ipsec():
- call('ipsec restart >&/dev/null')
- # counter for apply swanctl config
- counter = 10
- while counter <= 10:
- if os.path.exists(charon_pidfile):
- call('swanctl -q >&/dev/null')
- break
- counter -=1
- sleep(1)
- if counter == 0:
- raise ConfigError('VPN configuration error: IPSec is not running.')
+ try:
+ wait_for_file_write_complete(charon_pidfile,
+ pre_hook=(lambda: call('ipsec restart >&/dev/null')),
+ timeout=10)
+
+ # Force configuration load
+ call('swanctl -q >&/dev/null')
+
+ except OSError:
+ raise ConfigError('VPN configuration error: IPSec process did not start.')
def apply(data):
# Restart IPSec daemon