autotest: Always restart ipsec daemon and have it write logs
Prior to this change, if any error would occur during a IPsec VPN
test, the fact that teardown (vpn_server_kill) does not occur
meant that the ipsec pluto daemon would continue running on the rspro.
Upon rerunning the test, vpn_server_config would write the config
files, but would not restart the daemon if it was already started.
Since we now support two IPsec configurations (PSK and cert auth)
we have to be sure that pluto is restarted.
Also, to help diagnose problems like this in future, we write out
/var/log/pluto.log with the pluto logs from the run. The file is
truncated whenever pluto is restarted and it currently grows to
about 62K during the test (with full debugging output enabled).
BUG=none
TEST=050 test
Change-Id: I17f2fc20bf23e422bce2eabf3f7391f6602c5b92
Reviewed-on: http://gerrit.chromium.org/gerrit/6619
Reviewed-by: Paul Stewart <pstew@chromium.org>
Reviewed-by: Ken Mixter <kmixter@chromium.org>
Tested-by: Ken Mixter <kmixter@chromium.org>
diff --git a/server/site_linux_server.py b/server/site_linux_server.py
index d2fb371..732aeb1 100644
--- a/server/site_linux_server.py
+++ b/server/site_linux_server.py
@@ -105,6 +105,7 @@
" charonstart=no\n"
" plutostart=yes\n"
" plutodebug=%(@plutodebug@)s\n"
+ " plutostderrlog=/var/log/pluto.log\n"
"conn L2TP\n"
" keyexchange=ikev1\n"
" authby=psk\n"
@@ -125,6 +126,7 @@
" charonstart=no\n"
" plutostart=yes\n"
" plutodebug=%(@plutodebug@)s\n"
+ " plutostderrlog=/var/log/pluto.log\n"
"conn L2TP\n"
" keyexchange=ikev1\n"
" left=%(@local-listen-ip@)s\n"
@@ -154,7 +156,7 @@
contents = template % (replacements)
self.server.run("cat <<EOF >%s\n%s\nEOF\n" % (cfg, contents))
- self.server.run("/usr/sbin/ipsec start")
+ self.server.run("/usr/sbin/ipsec restart")
# Restart xl2tpd to ensure use of newly-created config files.
self.server.run("sh /etc/init.d/xl2tpd restart")