From 77a63b5c51a4c7798b3cdc702d7e94e85bb0ba1f Mon Sep 17 00:00:00 2001
From: Ilya Maximets <i.maximets@ovn.org>
Date: Wed, 15 Jan 2025 15:00:14 +0100
Subject: [PATCH] rhel, debian: Add missing restart policy to ipsec service.

Currently, if openvswitch-ipsec service will die for any reason it
will not be restarted. At the same time, that will prevent updating
tunnel configuration and prohibit adding new nodes in OVN clusters,
for example.

Add the 'on-failure' restart policy, so it behaves the same as all
other OVS daemons.

Acked-by: Frode Nordahl <fnordahl@ubuntu.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
 debian/openvswitch-ipsec.service                      | 1 +
 rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 1 +
 2 files changed, 2 insertions(+)

diff --git a/debian/openvswitch-ipsec.service b/debian/openvswitch-ipsec.service
index dfb1e50d937..51b9b315a0a 100644
--- a/debian/openvswitch-ipsec.service
+++ b/debian/openvswitch-ipsec.service
@@ -6,6 +6,7 @@ After=openvswitch-switch.service
 [Service]
 Type=forking
 PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid
+Restart=on-failure
 ExecStart=/usr/share/openvswitch/scripts/ovs-ctl --no-monitor \
                     --ike-daemon=strongswan start-ovs-ipsec
 ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
index 88a50966240..a4bf475d0c9 100644
--- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
+++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
@@ -6,6 +6,7 @@ After=openvswitch.service
 [Service]
 Type=forking
 PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid
+Restart=on-failure
 ExecStart=/usr/share/openvswitch/scripts/ovs-ctl --no-monitor \
                     --ike-daemon=libreswan start-ovs-ipsec
 ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec