ipsec: Make command timeout configurable.

Add a new command line option --command-timeout that controls the command timeout. It is important to have this configurable, because the retransmit-timeout is configurable in Libreswan. Also, users may prefer the monitor to be more responsive. ovs-monitor-ipsec options are not documented anywhere, so not trying to address that here. Signed-off-by: Ilya Maximets <[email protected]>
igsilya · Oct 29, 2024 · eb3e6a0 · eb3e6a0
1 parent 0d60587
commit eb3e6a0
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
@@ -83,6 +83,7 @@ vlog = ovs.vlog.Vlog("ovs-monitor-ipsec")
 exiting = False
 monitor = None
 xfrm = None
+command_timeout = None
 RECONCILIATION_INTERVAL = 15  # seconds
 TIEMOUT_EXPIRED = 37
 
@@ -98,7 +99,7 @@ def run_command(args, description=None):
     proc = subprocess.Popen(args, stdout=subprocess.PIPE,
                             stderr=subprocess.PIPE)
     try:
-        pout, perr = proc.communicate(timeout=120)
+        pout, perr = proc.communicate(timeout=command_timeout)
         ret = proc.returncode
     except subprocess.TimeoutExpired:
         vlog.warn("Command timed out trying to %s." % description)
@@ -1387,6 +1388,10 @@ def main():
     parser.add_argument("--ipsec-ctl", metavar="IPSEC-CTL",
                         help="Use DIR/IPSEC-CTL as location for "
                         " pluto ctl socket (libreswan only).")
+    parser.add_argument("--command-timeout", metavar="TIMEOUT",
+                        type=int, default=120,
+                        help="Timeout for external commands called by the "
+                        "ovs-monitor-ipsec daemon, e.g. ipsec --start.")
 
     ovs.vlog.add_args(parser)
     ovs.daemon.add_args(parser)
@@ -1396,11 +1401,13 @@ def main():
 
     global monitor
     global xfrm
+    global command_timeout
 
     root_prefix = args.root_prefix if args.root_prefix else ""
     xfrm = XFRM(root_prefix)
     monitor = IPsecMonitor(root_prefix, args.ike_daemon,
                            not args.no_restart_ike_daemon, args)
+    command_timeout = args.command_timeout
 
     remote = args.database
     schema_helper = ovs.db.idl.SchemaHelper()