On Wed, Jan 15, 2025 at 12:30 AM Ilya Maximets <[email protected]> wrote: > > Other services are running without monitors, so systemd can properly > track the pid. But ovs-monitor-ipsec is running with a monitor, so > there is one more fork and systemd complains about the pid file: > > systemd[1]: openvswitch-ipsec.service: Supervising process 1037185 > which is not our child. We'll most likely not notice > when it exits. > > This is also causing some spurious kills sent to the child on service > stop. > > Fix by running ovs-monitor-ipsec without a monitor as all other OVS > services. > > We can't use start_daemon, that would take care of this, because the > script is not on the PATH and we don't want to accidentally change > permissions for OVS directories (ipsec runs as root), but we can mimic > the behavior. > > Fixes: f385abded520 ("rhel: Use PIDFile on forking systemd service files") > Fixes: 9990322610f6 ("debian: Update packaging source from Debian/Ubuntu.") > Signed-off-by: Ilya Maximets <[email protected]> > ---
Acked-by: Frode Nordahl <[email protected]> > debian/openvswitch-ipsec.service | 2 +- > rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 2 +- > utilities/ovs-ctl.in | 7 +++++-- > 3 files changed, 7 insertions(+), 4 deletions(-) > > diff --git a/debian/openvswitch-ipsec.service > b/debian/openvswitch-ipsec.service > index 608a6a618..dfb1e50d9 100644 > --- a/debian/openvswitch-ipsec.service > +++ b/debian/openvswitch-ipsec.service > @@ -6,7 +6,7 @@ After=openvswitch-switch.service > [Service] > Type=forking > PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid > -ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > +ExecStart=/usr/share/openvswitch/scripts/ovs-ctl --no-monitor \ > --ike-daemon=strongswan start-ovs-ipsec > ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec > > diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service > b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service > index 92dad44f9..88a509662 100644 > --- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service > +++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service > @@ -6,7 +6,7 @@ After=openvswitch.service > [Service] > Type=forking > PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid > -ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > +ExecStart=/usr/share/openvswitch/scripts/ovs-ctl --no-monitor \ > --ike-daemon=libreswan start-ovs-ipsec > ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec > > diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in > index 57abd3a5b..1f9ce1e6e 100644 > --- a/utilities/ovs-ctl.in > +++ b/utilities/ovs-ctl.in > @@ -245,12 +245,15 @@ start_ovs_ipsec () { > if test X$RESTART_IKE_DAEMON = Xno; then > no_restart="--no-restart-ike-daemon" > fi > + if test X"$MONITOR" != Xno; then > + monitor_arg="--monitor" > + fi > > ${datadir}/scripts/ovs-monitor-ipsec \ > --pidfile=${rundir}/ovs-monitor-ipsec.pid \ > --ike-daemon=$IKE_DAEMON \ > - $no_restart \ > - --log-file --detach --monitor unix:${rundir}/db.sock || return 1 > + $no_restart $monitor_arg \ > + --log-file --detach unix:${rundir}/db.sock || return 1 > return 0 > } > > -- > 2.47.0 > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
