rhel, debian: Fix systemd monitoring wrong pid for ovs-monitor-ipsec.

Other services are running without monitors, so systemd can properly track the pid. But ovs-monitor-ipsec is running with a monitor, so there is one more fork and systemd complains about the pid file: systemd[1]: openvswitch-ipsec.service: Supervising process 1037185 which is not our child. We'll most likely not notice when it exits. This is also causing some spurious kills sent to the child on service stop. Fix by running ovs-monitor-ipsec without a monitor as all other OVS services. We can't use start_daemon, that would take care of this, because the script is not on the PATH and we don't want to accidentally change permissions for OVS directories (ipsec runs as root), but we can mimic the behavior. Debian package had a custom patch for this issue, removing now. Fixes: f385abd ("rhel: Use PIDFile on forking systemd service files") Fixes: 9990322 ("debian: Update packaging source from Debian/Ubuntu.") Acked-by: Frode Nordahl <[email protected]> Signed-off-by: Ilya Maximets <[email protected]>
ovsrobot · Jan 16, 2025 · 656c95e · 656c95e
1 parent 8670936
commit 656c95e
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 25 deletions.
diff --git a/debian/automake.mk b/debian/automake.mk
@@ -56,8 +56,6 @@ EXTRA_DIST += \
 	debian/openvswitch-vtep.init \
 	debian/openvswitch-vtep.install \
 	debian/ovs-systemd-reload \
-	debian/patches/ovs-ctl-ipsec.patch \
-	debian/patches/series \
 	debian/python3-openvswitch.install \
 	debian/rules \
 	debian/source/format \

diff --git a/debian/openvswitch-ipsec.service b/debian/openvswitch-ipsec.service
@@ -6,7 +6,7 @@ After=openvswitch-switch.service
 [Service]
 Type=forking
 PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid
-ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
+ExecStart=/usr/share/openvswitch/scripts/ovs-ctl --no-monitor \
                     --ike-daemon=strongswan start-ovs-ipsec
 ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
 

diff --git a/debian/patches/ovs-ctl-ipsec.patch b/debian/patches/ovs-ctl-ipsec.patch
diff --git a/debian/patches/series b/debian/patches/series
diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
@@ -6,7 +6,7 @@ After=openvswitch.service
 [Service]
 Type=forking
 PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid
-ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
+ExecStart=/usr/share/openvswitch/scripts/ovs-ctl --no-monitor \
                     --ike-daemon=libreswan start-ovs-ipsec
 ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
 

diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
@@ -245,12 +245,15 @@ start_ovs_ipsec () {
     if test X$RESTART_IKE_DAEMON = Xno; then
         no_restart="--no-restart-ike-daemon"
     fi
+    if test X"$MONITOR" != Xno; then
+        monitor_arg="--monitor"
+    fi
 
     ${datadir}/scripts/ovs-monitor-ipsec \
         --pidfile=${rundir}/ovs-monitor-ipsec.pid \
         --ike-daemon=$IKE_DAEMON \
-        $no_restart \
-        --log-file --detach --monitor unix:${rundir}/db.sock || return 1
+        $no_restart $monitor_arg \
+        --log-file --detach unix:${rundir}/db.sock || return 1
     return 0
 }