T3663: use inotify-based watching for the IPsec process restart.

1 files changed, 11 insertions, 12 deletions

diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index 0599bf101..221b38baf 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -22,7 +22,7 @@ from sys import exit
 
 from vyos.config import Config
 from vyos import ConfigError
-from vyos.util import call
+from vyos.util import call, wait_for_file_write_complete
 from vyos.template import render
 
 from vyos import airbag
@@ -197,17 +197,16 @@ def generate(data):
         remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_file)
 
 def restart_ipsec():
-    call('ipsec restart >&/dev/null')
-    # counter for apply swanctl config
-    counter = 10
-    while counter <= 10:
-        if os.path.exists(charon_pidfile):
-            call('swanctl -q >&/dev/null')
-            break
-        counter -=1
-        sleep(1)
-        if counter == 0:
-            raise ConfigError('VPN configuration error: IPSec is not running.')
+    try:
+        wait_for_file_write_complete(charon_pidfile,
+          pre_hook=(lambda: call('ipsec restart >&/dev/null')),
+          timeout=10)
+
+        # Force configuration load
+        call('swanctl -q >&/dev/null')
+
+    except OSError:
+        raise ConfigError('VPN configuration error: IPSec process did not start.')
 
 def apply(data):
     # Restart IPSec daemon