| Message ID | 20241101012321.3346333-7-i.maximets@ovn.org |
|---|---|
| State | Accepted |
| Commit | e2a7853ec1787aadacf3911ad92bf1dea2620571 |
| Headers | show |
| Series | ipsec: Resiliency to Libreswan failures. | expand |
| Context | Check | Description |
|---|---|---|
| ovsrobot/apply-robot | success | apply and check: success |
| ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
On 1 Nov 2024, at 2:23, Ilya Maximets wrote: > Add a new command line option --command-timeout that controls the > command timeout. It is important to have this configurable, because > the retransmit-timeout is configurable in Libreswan. Also, users > may prefer the monitor to be more responsive. > > ovs-monitor-ipsec options are not documented anywhere, so not > trying to address that here. > > Signed-off-by: Ilya Maximets <i.maximets@ovn.org> After some upstream discussion, this looks fine to me. Acked-by: Eelco Chaudron <echaudro@redhat.com>
On 01/11/2024 3:23, Ilya Maximets wrote: > Add a new command line option --command-timeout that controls the > command timeout. It is important to have this configurable, because > the retransmit-timeout is configurable in Libreswan. Also, users > may prefer the monitor to be more responsive. > > ovs-monitor-ipsec options are not documented anywhere, so not > trying to address that here. > > Signed-off-by: Ilya Maximets <i.maximets@ovn.org> > --- > ipsec/ovs-monitor-ipsec.in | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in > index 05c1965df..89d1fa3cc 100755 > --- a/ipsec/ovs-monitor-ipsec.in > +++ b/ipsec/ovs-monitor-ipsec.in > @@ -83,6 +83,7 @@ vlog = ovs.vlog.Vlog("ovs-monitor-ipsec") > exiting = False > monitor = None > xfrm = None > +command_timeout = None > RECONCILIATION_INTERVAL = 15 # seconds > TIMEOUT_EXPIRED = 137 # Exit code for a SIGKILL (128 + 9). > > @@ -98,10 +99,11 @@ def run_command(args, description=None): > proc = subprocess.Popen(args, stdout=subprocess.PIPE, > stderr=subprocess.PIPE) > try: > - pout, perr = proc.communicate(timeout=120) > + pout, perr = proc.communicate(timeout=command_timeout) > ret = proc.returncode > except subprocess.TimeoutExpired: > - vlog.warn("Timed out after 120 seconds trying to %s." % description) > + vlog.warn("Timed out after %s seconds trying to %s." > + % (command_timeout, description)) > pout, perr = b'', b'' > # Just kill the process here. We can't afford waiting for it, > # as it may be stuck and may not actually be terminated. > @@ -1387,6 +1389,10 @@ def main(): > parser.add_argument("--ipsec-ctl", metavar="IPSEC-CTL", > help="Use DIR/IPSEC-CTL as location for " > " pluto ctl socket (libreswan only).") > + parser.add_argument("--command-timeout", metavar="TIMEOUT", > + type=int, default=120, > + help="Timeout for external commands called by the " > + "ovs-monitor-ipsec daemon, e.g. ipsec --start.") > > ovs.vlog.add_args(parser) > ovs.daemon.add_args(parser) > @@ -1396,11 +1402,13 @@ def main(): > > global monitor > global xfrm > + global command_timeout > > root_prefix = args.root_prefix if args.root_prefix else "" > xfrm = XFRM(root_prefix) > monitor = IPsecMonitor(root_prefix, args.ike_daemon, > not args.no_restart_ike_daemon, args) > + command_timeout = args.command_timeout > > remote = args.database > schema_helper = ovs.db.idl.SchemaHelper() Acked-by: Roi Dayan <roid@nvidia.com>
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 05c1965df..89d1fa3cc 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -83,6 +83,7 @@ vlog = ovs.vlog.Vlog("ovs-monitor-ipsec") exiting = False monitor = None xfrm = None +command_timeout = None RECONCILIATION_INTERVAL = 15 # seconds TIMEOUT_EXPIRED = 137 # Exit code for a SIGKILL (128 + 9). @@ -98,10 +99,11 @@ def run_command(args, description=None): proc = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE) try: - pout, perr = proc.communicate(timeout=120) + pout, perr = proc.communicate(timeout=command_timeout) ret = proc.returncode except subprocess.TimeoutExpired: - vlog.warn("Timed out after 120 seconds trying to %s." % description) + vlog.warn("Timed out after %s seconds trying to %s." + % (command_timeout, description)) pout, perr = b'', b'' # Just kill the process here. We can't afford waiting for it, # as it may be stuck and may not actually be terminated. @@ -1387,6 +1389,10 @@ def main(): parser.add_argument("--ipsec-ctl", metavar="IPSEC-CTL", help="Use DIR/IPSEC-CTL as location for " " pluto ctl socket (libreswan only).") + parser.add_argument("--command-timeout", metavar="TIMEOUT", + type=int, default=120, + help="Timeout for external commands called by the " + "ovs-monitor-ipsec daemon, e.g. ipsec --start.") ovs.vlog.add_args(parser) ovs.daemon.add_args(parser) @@ -1396,11 +1402,13 @@ def main(): global monitor global xfrm + global command_timeout root_prefix = args.root_prefix if args.root_prefix else "" xfrm = XFRM(root_prefix) monitor = IPsecMonitor(root_prefix, args.ike_daemon, not args.no_restart_ike_daemon, args) + command_timeout = args.command_timeout remote = args.database schema_helper = ovs.db.idl.SchemaHelper()
Add a new command line option --command-timeout that controls the command timeout. It is important to have this configurable, because the retransmit-timeout is configurable in Libreswan. Also, users may prefer the monitor to be more responsive. ovs-monitor-ipsec options are not documented anywhere, so not trying to address that here. Signed-off-by: Ilya Maximets <i.maximets@ovn.org> --- ipsec/ovs-monitor-ipsec.in | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)