Adapt vpnaas attributes and recipe to use StrongSwan instead of OpenSwan

* use StrongSwan driver instead of OpenSwan since xenial does not even provide openswan packages anymore * start and enable strongswan service (needs to be verified for centos) * do not include ::l3_agent recipe in vpnaas recipe, since neutron-vpn-agent fully replaces neutron-l3-agent Change-Id: I81cd2e05273402e8db57f3ca5029fb4938bbfe29
2016-08-25 16:25:42 +02:00 · 2016-08-25 16:25:42 +02:00 · 29e771a9f3
parent 77060a6212
commit 29e771a9f3
4 changed files with 16 additions and 15 deletions
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -139,16 +139,18 @@ default['openstack']['network_metering']['conf'].tap do |conf|
 end

 # ============================= VPN Agent Configuration ====================
-# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is openswan
-# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is ipsec
+# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is strongswan
+# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is strongswan
 # Set to true to enable vpnaas
 default['openstack']['network_vpnaas']['enabled'] = false
 # Custom the vpnaas config file path
 default['openstack']['network_vpnaas']['config_file'] = '/etc/neutron/vpn_agent.ini'
 default['openstack']['network_vpnaas']['conf'].tap do |conf|
  # VPN device drivers which vpn agent will use
-  conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
-  conf['vpnagent']['vpn_device_driver'] = 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver'
+  conf['DEFAULT']['interface_driver'] =
+    'neutron.agent.linux.interface.OVSInterfaceDriver'
+  conf['vpnagent']['vpn_device_driver'] =
+    'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver'
  # Status check interval for ipsec vpn
  conf['ipsec']['ipsec_status_check_interval'] = 60
  # default_config_area settings is used to set the area where default StrongSwan configuration files are located
@ -193,7 +195,7 @@ default['openstack']['network']['platform'].tap do |platform|
  platform['user'] = 'neutron'
  platform['group'] = 'neutron'
  platform['vpn_device_driver_packages'] =
-    %w(openswan)
+    %w(strongswan)
  platform['neutron_dhcp_agent_service'] =
    'neutron-dhcp-agent'
  platform['neutron_l3_agent_service'] =
@ -201,7 +203,7 @@ default['openstack']['network']['platform'].tap do |platform|
  platform['neutron_vpn_agent_service'] =
    'neutron-vpn-agent'
  platform['vpn_device_driver_services'] =
-    %w(ipsec)
+    %w(strongswan)
  platform['neutron_lb_agent_service'] =
    'neutron-lbaas-agent'
  platform['neutron_metadata_agent_service'] =
--- a/recipes/vpnaas.rb
+++ b/recipes/vpnaas.rb
@ -18,8 +18,7 @@
 # limitations under the License.
 #

-# VPN agent is based on L3 agent
-include_recipe 'openstack-network::l3_agent'
+include_recipe 'openstack-network'

 # Make Openstack object available in Chef::Recipe
 class ::Chef::Recipe
--- a/spec/vpnaas-redhat_spec.rb
+++ b/spec/vpnaas-redhat_spec.rb
@ -15,7 +15,7 @@ describe 'openstack-network::vpnaas' do
    include_context 'neutron-stubs'

    it 'upgrades neutron vpn packages' do
-      %w(iproute openstack-neutron-vpnaas openswan).each do |pkg|
+      %w(iproute openstack-neutron-vpnaas strongswan).each do |pkg|
        expect(chef_run).to upgrade_package(pkg)
      end
    end
--- a/spec/vpnaas_spec.rb
+++ b/spec/vpnaas_spec.rb
@ -11,12 +11,12 @@ describe 'openstack-network::vpnaas' do
    end

    include_context 'neutron-stubs'
-    it 'include the recipe openstack-network::l3_agent' do
-      expect(chef_run).to include_recipe('openstack-network::l3_agent')
+    it 'include the recipe openstack-network::default' do
+      expect(chef_run).to include_recipe('openstack-network::default')
    end

    it 'upgrades vpn device driver packages' do
-      expect(chef_run).to upgrade_package('openswan')
+      expect(chef_run).to upgrade_package('strongswan')
    end

    it 'upgrades neutron vpn packages' do
@ -24,8 +24,8 @@ describe 'openstack-network::vpnaas' do
      expect(chef_run).to upgrade_package('python-neutron-vpnaas')
    end

-    it 'starts ipsec on boot' do
-      expect(chef_run).to enable_service('ipsec')
+    it 'starts strongswan on boot' do
+      expect(chef_run).to enable_service('strongswan')
    end

    it 'starts the vpn agent on boot' do
@ -49,7 +49,7 @@ describe 'openstack-network::vpnaas' do

      describe 'vpn_device_driver' do
        it 'renders one vpn_device_driver entry in vpn_agent.ini for default vpn_device_driver' do
-          [/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver$/].each do |line|
+          [/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver$/].each do |line|
            expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', line)
          end
        end