Re: [ovs-dev] [PATCH v2] ovs-monitor-ipsec: LibreSwan autodetect paths.
On 3/20/24 19:05, Mike Pattrick wrote: > In v4.0, LibreSwan changed a default paths that had been hardcoded in > ovs-monitor-ipsec, breaking some uses of this script. This patch adds > support for both old and newer versions by auto detecting the version > of LibreSwan and then choosing the correct path. > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039 > Reported-by: Qijun Ding > Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.") > Signed-off-by: Mike Pattrick > --- > v2: Don't extract variables from ipsec script > --- > ipsec/ovs-monitor-ipsec.in | 16 ++-- > 1 file changed, 14 insertions(+), 2 deletions(-) > > diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in > index 7945162f9..6a71d4f2f 100755 > --- a/ipsec/ovs-monitor-ipsec.in > +++ b/ipsec/ovs-monitor-ipsec.in > @@ -21,6 +21,7 @@ import re > import subprocess > import sys > from string import Template > +from packaging.version import parse Hmm. This is not part of a standard library, it's a new dependency for the script. We either need to add python3-packaging as a new dependency or find a different way of checking. The latter is likely a better option. Just parsing out the first number before the dot and converting to integer might be an easier solution. Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ovs-monitor-ipsec: LibreSwan autodetect paths.
On 3/20/24 19:48, Mike Pattrick wrote: > On Wed, Mar 20, 2024 at 2:05 PM Mike Pattrick wrote: >> >> In v4.0, LibreSwan changed a default paths that had been hardcoded in >> ovs-monitor-ipsec, breaking some uses of this script. This patch adds >> support for both old and newer versions by auto detecting the version >> of LibreSwan and then choosing the correct path. >> >> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039 >> Reported-by: Qijun Ding >> Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.") >> Signed-off-by: Mike Pattrick >> --- >> v2: Don't extract variables from ipsec script >> --- > > Failed with 503 Service Unavailable > > Recheck-request: github-robot It is not going to work until the incident is resolved: https://status.canonical.com/ Best regards, Ilya Maximets. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v2] ovs-monitor-ipsec: LibreSwan autodetect paths.
On Wed, Mar 20, 2024 at 2:05 PM Mike Pattrick wrote: > > In v4.0, LibreSwan changed a default paths that had been hardcoded in > ovs-monitor-ipsec, breaking some uses of this script. This patch adds > support for both old and newer versions by auto detecting the version > of LibreSwan and then choosing the correct path. > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039 > Reported-by: Qijun Ding > Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.") > Signed-off-by: Mike Pattrick > --- > v2: Don't extract variables from ipsec script > --- Failed with 503 Service Unavailable Recheck-request: github-robot ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCH v2] ovs-monitor-ipsec: LibreSwan autodetect paths.
In v4.0, LibreSwan changed a default paths that had been hardcoded in ovs-monitor-ipsec, breaking some uses of this script. This patch adds support for both old and newer versions by auto detecting the version of LibreSwan and then choosing the correct path. Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1975039 Reported-by: Qijun Ding Fixes: d6afbc00d5b3 ("ipsec: Allow custom file locations.") Signed-off-by: Mike Pattrick --- v2: Don't extract variables from ipsec script --- ipsec/ovs-monitor-ipsec.in | 16 ++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 7945162f9..6a71d4f2f 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -21,6 +21,7 @@ import re import subprocess import sys from string import Template +from packaging.version import parse import ovs.daemon import ovs.db.idl @@ -457,14 +458,25 @@ conn prevent_unencrypted_vxlan CERTKEY_PREFIX = "ovs_certkey_" def __init__(self, libreswan_root_prefix, args): +# Collect version infromation +self.IPSEC = libreswan_root_prefix + "/usr/sbin/ipsec" +proc = subprocess.Popen([self.IPSEC, "--version"], +stdout=subprocess.PIPE, +encoding="latin1") +pout, perr = proc.communicate() + +v = re.match("^Libreswan (.*)$", pout) +if v and parse(v.group(1)) >= parse("4.0"): +ipsec_d = args.ipsec_d if args.ipsec_d else "/var/lib/ipsec/nss" +else: +ipsec_d = args.ipsec_d if args.ipsec_d else "/etc/ipsec.d" + ipsec_conf = args.ipsec_conf if args.ipsec_conf else "/etc/ipsec.conf" -ipsec_d = args.ipsec_d if args.ipsec_d else "/etc/ipsec.d" ipsec_secrets = (args.ipsec_secrets if args.ipsec_secrets else "/etc/ipsec.secrets") ipsec_ctl = (args.ipsec_ctl if args.ipsec_ctl else "/run/pluto/pluto.ctl") -self.IPSEC = libreswan_root_prefix + "/usr/sbin/ipsec" self.IPSEC_CONF = libreswan_root_prefix + ipsec_conf self.IPSEC_SECRETS = libreswan_root_prefix + ipsec_secrets self.IPSEC_D = "sql:" + libreswan_root_prefix + ipsec_d -- 2.39.3 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev