Allow enabling detailed logging for OpenSwan
Add log for IPSec pluto process. This log will be useful to developers for debug IPSec site connection and IPSec connectivity. This applies to OpenSwan and Libraswan, and that StrongSwan has logging that logs to syslog. DocImpact Closes-Bug: #1484410 Change-Id: Id150416a179ae4ddeed5bd13d6c50793e6183f55
This commit is contained in:
parent
3118268e58
commit
b003d9a424
|
@ -20,6 +20,13 @@
|
|||
# Status check interval
|
||||
# ipsec_status_check_interval=60
|
||||
|
||||
# Enable detail logging for ipsec pluto process.
|
||||
# If the flag set to True, the detailed logging will
|
||||
# be written into config_base_dir/<pid>/logs."
|
||||
# NOTE: this applies to OpenSwan and Libraswan, and
|
||||
# that StrongSwan has logging that logs to syslog.
|
||||
# enable_detailed_logging=False
|
||||
|
||||
[strongswan]
|
||||
# For fedora use:
|
||||
# default_config_area=/usr/share/strongswan/templates/config/strongswan.d
|
||||
|
|
|
@ -51,7 +51,12 @@ ipsec_opts = [
|
|||
help=_('Location to store ipsec server config files')),
|
||||
cfg.IntOpt('ipsec_status_check_interval',
|
||||
default=60,
|
||||
help=_("Interval for checking ipsec status"))
|
||||
help=_("Interval for checking ipsec status")),
|
||||
cfg.BoolOpt('enable_detailed_logging',
|
||||
default=False,
|
||||
help=_("Enable detail logging for ipsec pluto process. "
|
||||
"If the flag set to True, the detailed logging will "
|
||||
"be written into config_base_dir/<pid>/logs.")),
|
||||
]
|
||||
cfg.CONF.register_opts(ipsec_opts, 'ipsec')
|
||||
|
||||
|
@ -141,6 +146,7 @@ class BaseSwanProcess(object):
|
|||
self.config_dir = os.path.join(
|
||||
cfg.CONF.ipsec.config_base_dir, self.id)
|
||||
self.etc_dir = os.path.join(self.config_dir, 'etc')
|
||||
self.log_dir = os.path.join(self.config_dir, 'logs')
|
||||
self.update_vpnservice(vpnservice)
|
||||
self.STATUS_PATTERN = re.compile(self.STATUS_RE)
|
||||
self.STATUS_NOT_RUNNING_PATTERN = re.compile(
|
||||
|
@ -411,16 +417,19 @@ class OpenSwanProcess(BaseSwanProcess):
|
|||
return
|
||||
virtual_private = self._virtual_privates()
|
||||
#start pluto IKE keying daemon
|
||||
self._execute([self.binary,
|
||||
'pluto',
|
||||
'--ctlbase', self.pid_path,
|
||||
'--ipsecdir', self.etc_dir,
|
||||
'--use-netkey',
|
||||
'--uniqueids',
|
||||
'--nat_traversal',
|
||||
'--secretsfile', self.secrets_file,
|
||||
'--virtual_private', virtual_private
|
||||
])
|
||||
cmd = [self.binary,
|
||||
'pluto',
|
||||
'--ctlbase', self.pid_path,
|
||||
'--ipsecdir', self.etc_dir,
|
||||
'--use-netkey',
|
||||
'--uniqueids',
|
||||
'--nat_traversal',
|
||||
'--secretsfile', self.secrets_file,
|
||||
'--virtual_private', virtual_private]
|
||||
|
||||
if self.conf.ipsec.enable_detailed_logging:
|
||||
cmd += ['--perpeerlogbase', self.log_dir]
|
||||
self._execute(cmd)
|
||||
#add connections
|
||||
for ipsec_site_conn in self.vpnservice['ipsec_site_connections']:
|
||||
nexthop = self._get_nexthop(ipsec_site_conn['peer_address'],
|
||||
|
|
Loading…
Reference in New Issue