-#!/usr/bin/python
-# Copyright (c) 2009, 2010, 2011 Nicira Networks
+#! /usr/bin/env python
+# Copyright (c) 2009, 2010, 2011, 2012 Nicira, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
import ovs.dirs
from ovs.db import error
-from ovs.db import types
import ovs.util
import ovs.daemon
import ovs.db.idl
import ovs.unixctl
+import ovs.unixctl.server
import ovs.vlog
vlog = ovs.vlog.Vlog("ovs-monitor-ipsec")
root_prefix = '' # Prefix for absolute file names, for testing.
-setkey = "/usr/sbin/setkey"
+SETKEY = "/usr/sbin/setkey"
exiting = False
if host in self.psk_hosts:
raise error.Error("host %s already defined for psk" % host)
- if vals["certificate"] == None:
+ if vals["certificate"] is None:
raise error.Error("'certificate' not defined for %s" % host)
- elif vals["private_key"] == None:
+ elif vals["private_key"] is None:
# Assume the private key is stored in the same PEM file as
# the certificate. We make a copy of "vals" so that we don't
# modify the original "vals", which would cause the script
def call_setkey(self, cmds):
try:
- p = subprocess.Popen([root_prefix + setkey, "-c"],
+ p = subprocess.Popen([root_prefix + SETKEY, "-c"],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE)
except:
- vlog.err("could not call %s%s" % (root_prefix, setkey))
+ vlog.err("could not call %s%s" % (root_prefix, SETKEY))
sys.exit(1)
# xxx It is safer to pass the string into the communicate()
try:
ipsec.add_entry(vals["local_ip"], vals["remote_ip"], vals)
- except error.Error, msg:
+ except error.Error as msg:
vlog.warn("skipping ipsec config for %s: %s" % (name, msg))
ovs.daemon.daemonize()
ovs.unixctl.command_register("exit", "", 0, 0, unixctl_exit, None)
- error, unixctl_server = ovs.unixctl.UnixctlServer.create(None)
+ error, unixctl_server = ovs.unixctl.server.UnixctlServer.create(None)
if error:
ovs.util.ovs_fatal(error, "could not create unixctl server", vlog)
ipsec = IPsec()
interfaces = {}
+ seqno = idl.change_seqno # Sequence number when we last processed the db
while True:
unixctl_server.run()
if exiting:
break
- if not idl.run():
+ idl.run()
+ if seqno == idl.change_seqno:
poller = ovs.poller.Poller()
unixctl_server.wait(poller)
idl.wait(poller)
poller.block()
continue
+ seqno = idl.change_seqno
ssl_cert = get_ssl_cert(idl.tables)