Strongswan daemon puts its .pid and .ctl files in /var/run to detect if it is already running.
I want to run multiple of these daemons on the same machine within different network namespaces. I am trying to achieve this by bind mounting different directories (say /etc/namespace1 to namespace1's /var/run and /etc/namespace2 to namespace2's /var/run). /var/run is a symlink to /run, so I bind mount to /run like below.
I can almost achieve this like this:
""In default namespace""
$:~ sudo echo "red" >> /etc/red/run/pidfile
$:~ sudo echo "blue" >> /etc/blue/run/pidfile
$:~ sudo ip netns exec red
""In red namespace""
$:~ mount --bind /etc/red/run/ /run/
$:~ cat /var/run/pidfile
red
""In blue namespace""
$:~ mount --bind /etc/blue/run/ /run/
$:~ cat /var/run/pidfile
blue
So this works fine. This way the daemon when it creates /var/run/charon.pid while inside red will not confuse with blue namespace's /var/run/charon.pid and two instances may start.
However, here's the issue: if I "exit" from red namespace and then re-enter via "ip netns exec red bash", then the mount is no longer present. That is there is no /var/run/redfile at all.
So, the question is how can I make this sticky? Do I need /etc/fstab changes? But it doesn't work. If asked, I can provide details of "it doesn't work".
I am lost. Will appreciate some help.
Thanks!
Best Answer
The simple solution would be to instruct each instance of strongswan to use a different directory to store the PID file by means of setting the correct value of the
IPSEC_PIDDIRenvironment variable in your start and stop script.