Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-1051

Allow passing options to ovs-monitor-ipsec running as a systemd service

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • None
    • rhel-9
    • openvswitch3.5
    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      Given a host system with OVS and ovs-monitor-ipsec configured,

      When the host reboots or ovs-monitor-ipsec service is started or restarted manually,

      Then the ovs-monitor-ipsec service should allow configurable options (e.g., --no-restart-ike-daemon and custom ipsec.conf) via a configuration file or command-line arguments passed by systemd.

      Show
      Given a host system with OVS and ovs-monitor-ipsec configured, When the host reboots or ovs-monitor-ipsec service is started or restarted manually, Then the ovs-monitor-ipsec service should allow configurable options (e.g., --no-restart-ike-daemon and custom ipsec.conf) via a configuration file or command-line arguments passed by systemd.
    • rhel-9
    • rhel-sst-network-fastdatapath
    • ssg_networking

      What's the feature?

      We need to make ovs-monitor-ipsec script as a systemd service on the host. This would help to get the service started so early at the time node reboots which would get IPsec connections established (if configured) with peers.
      ovs-monitor-ipsec can run as a systemd service today, but it is not configurable, e.g. it's not possible to pass --no-restart-ike-daemon or run with a non-root ipsec.conf, both of which are required to run this daemon in OCP. So, ability to pass these options to a system-managed daemon should be added.

      Why is it needed?

      Running as a systemd sevice on the host would allow to get rid of pod workloads packet drop issue which happens for intermediate period during node reboot at the time of OCP upgrade. This also helps in stabilizing IPsec CI lanes and make those as mandatory jobs.

      Who will benefit? 

      OCP

              imaximet@redhat.com Ilya Maximets
              pepalani@redhat.com Periyasamy Palanisamy
              Minxi Hou Minxi Hou
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: