From 4e4dacee281059fdbca6531ace53f22817a62650 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 22 Jul 2021 19:56:19 +0200
Subject: ipsec: T2816: remove "auto-update" CLI option

Update/refresh of DNS records is now handled internally by Strongswan.
---
 interface-definitions/vpn_ipsec.xml.in    | 12 ------------
 smoketest/configs/bgp-azure-ipsec-gateway |  1 +
 src/conf_mode/vpn_ipsec.py                |  5 +----
 src/migration-scripts/ipsec/5-to-6        |  5 +++++
 4 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 3d142ccee..4cd1936a2 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -11,18 +11,6 @@
           <priority>901</priority>
         </properties>
         <children>
-          <leafNode name="auto-update">
-            <properties>
-              <help>Set auto-update interval for IPsec daemon</help>
-              <valueHelp>
-                <format>u32:30-65535</format>
-                <description>Auto-update interval (s)</description>
-              </valueHelp>
-              <constraint>
-                <validator name="numeric" argument="--range 30-65535"/>
-              </constraint>
-            </properties>
-          </leafNode>
           <leafNode name="disable-uniqreqids">
             <properties>
               <help>Option to disable requirement for unique IDs in the Security Database</help>
diff --git a/smoketest/configs/bgp-azure-ipsec-gateway b/smoketest/configs/bgp-azure-ipsec-gateway
index 0862531fd..0580f4ddc 100644
--- a/smoketest/configs/bgp-azure-ipsec-gateway
+++ b/smoketest/configs/bgp-azure-ipsec-gateway
@@ -307,6 +307,7 @@ system {
 }
 vpn {
     ipsec {
+        auto-update 120
         esp-group ESP-AZURE {
             compression disable
             lifetime 27000
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index c50724592..f1c6b216b 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -544,10 +544,7 @@ def apply(ipsec):
     if not ipsec:
         call('sudo ipsec stop')
     else:
-        args = ''
-        if 'auto_update' in ipsec:
-            args = '--auto-update ' + ipsec['auto_update']
-        call(f'sudo ipsec restart {args}')
+        call('sudo ipsec restart')
         call('sudo ipsec rereadall')
         call('sudo ipsec reload')
 
diff --git a/src/migration-scripts/ipsec/5-to-6 b/src/migration-scripts/ipsec/5-to-6
index 76ee9ecba..e9adee01b 100755
--- a/src/migration-scripts/ipsec/5-to-6
+++ b/src/migration-scripts/ipsec/5-to-6
@@ -80,6 +80,11 @@ if config.exists(base_interfaces):
     config.copy(base_interfaces, base + ['interface'])
     config.delete(base_interfaces)
 
+# Remove deprecated "auto-update" option
+tmp = base + ['auto-update']
+if config.exists(tmp):
+    config.delete(tmp)
+
 try:
     with open(file_name, 'w') as f:
         f.write(config.to_string())
-- 
cgit v1.2.3