Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F28085834
D4098.id10735.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D4098.id10735.diff
View Options
diff --git a/roles/salt-primary/reactor/files/create-tunnels.sh b/roles/salt-primary/reactor/files/create-tunnels.sh
--- a/roles/salt-primary/reactor/files/create-tunnels.sh
+++ b/roles/salt-primary/reactor/files/create-tunnels.sh
@@ -35,18 +35,6 @@
# Helper functions
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-reload_ipsec() {
- IKE_NAME="$1"
- CHILD_NAME="$2"
-
- log "Reloading IPsec for IKE=$IKE_NAME CHILD=$CHILD_NAME"
-
- swanctl --terminate --ike "$IKE_NAME" || true
- swanctl --load-all
- swanctl --initiate --child "$CHILD_NAME"
-
- log "IPsec reload completed for IKE=$IKE_NAME CHILD=$CHILD_NAME"
-}
# will be updated later
log() {
@@ -112,6 +100,31 @@
}
+# -----------------------------------------------------------------------------
+# Function: reload_ipsec
+# Description: Reload and re-initiate an IPsec connection
+#
+# Parameters:
+# IKE_NAME IKE connection name
+# CHILD_NAME CHILD SA name
+#
+# Returns:
+# 0 on success, exits on error
+# -----------------------------------------------------------------------------
+reload_ipsec() {
+ IKE_NAME="$1"
+ CHILD_NAME="$2"
+
+ log "Reloading IPsec for IKE=$IKE_NAME CHILD=$CHILD_NAME"
+
+ swanctl --terminate --ike "$IKE_NAME" || true
+ swanctl --load-all
+ swanctl --initiate --child "$CHILD_NAME"
+
+ log "IPsec reload completed for IKE=$IKE_NAME CHILD=$CHILD_NAME"
+}
+
+
# -------------------------------------------------------------
# Entry point
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -119,7 +132,6 @@
log "CARP PRIMARY ROUTER detected: $PRIMARY_ROUTER"
-
HOST="$(hostname -s)"
case "$HOST" in
@@ -129,6 +141,7 @@
destroy_tunnels gre1
create_tunnels gre1 ysul_to_primary_router 163.172.49.16 "$VIP" 172.27.27.31 172.27.27.241
+ reload_ipsec "IPsec_drake_to_ysul" "tunnel-drake_to_ysul"
;;
windriver)
@@ -137,12 +150,11 @@
destroy_tunnels gre1
create_tunnels gre1 windriver_to_primary_router 195.154.30.15 "$VIP" 172.27.27.36 172.27.27.243
+ reload_ipsec "IPsec_drake_to_windriver" "tunnel-drake_to_windriver"
;;
router-002|router-003)
-
destroy_tunnels gre1
-
destroy_tunnels gre2
if [ "$HOST" != "$PRIMARY_ROUTER" ]; then
@@ -153,8 +165,10 @@
log "Configuring tunnels on primary router: $HOST"
create_tunnels gre1 primary_router_to_windriver "$VIP" 195.154.30.15 172.27.27.243 172.27.27.36
+ reload_ipsec "IPsec_drake_to_windriver" "tunnel-drake_to_windriver"
create_tunnels gre2 primary_router_to_ysul "$VIP" 163.172.49.16 172.27.27.241 172.27.27.31
+ reload_ipsec "IPsec_drake_to_ysul" "tunnel-drake_to_ysul"
;;
*)
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, May 10, 23:14 (18 h, 54 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3706411
Default Alt Text
D4098.id10735.diff (2 KB)
Attached To
Mode
D4098: Add Salt reactor for GRE tunnel creation on CARP failover
Attached
Detach File
Event Timeline
Log In to Comment