remove unmaintained vpnaas from all recipes and attributes
The vpnaas agent has been removed for the OpenStack Queens release. Virtual Private Network-as-a-Service (VPNaaS) scenario (for Rocky, no vpnaas docs found for Queens) https://docs.openstack.org/neutron/rocky/admin/vpnaas-scenario.html missing release note (or doc) on vpn-agent change in queens https://bugs.launchpad.net/neutron/+bug/1751069 vpnaas agent is removed since Queens and configuration changed https://bugs.launchpad.net/openstack-ansible/+bug/1781148 Change-Id: Idf74445445683058cd992e95df87724579e70433
This commit is contained in:
parent
c874aec833
commit
f03e5c65fa
16
README.md
16
README.md
|
@ -169,14 +169,14 @@ this attributes.
|
|||
- Installs the openstack-network API server (currently aka neutron-server)
|
||||
|
||||
## openstack-network::vpnaas
|
||||
- Installs the VPN as a Service
|
||||
|
||||
The configuration for neutron-vpn-agent is generated from the attributes in
|
||||
using the same template as for the neutron.conf
|
||||
|
||||
```
|
||||
node['openstack']['network_vpnaas']['conf']
|
||||
```
|
||||
This recipe has been removed since it was unmaintained since the pike release
|
||||
and the vpnaas module got completely removed/refactored during the queens
|
||||
release. For rocky there seems to be some kind of vpnaas implementation
|
||||
directly in the l3 agent
|
||||
(https://docs.openstack.org/neutron/rocky/admin/vpnaas-scenario.html), but
|
||||
since the documentation about it is quite sparse right now, there is no recipe
|
||||
for that. If you want to add vpnaas back to this cookbook, please feel free to
|
||||
push a pull request.
|
||||
|
||||
License and Author
|
||||
==================
|
||||
|
|
|
@ -135,32 +135,6 @@ default['openstack']['network_metering']['conf'].tap do |conf|
|
|||
'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver'
|
||||
end
|
||||
|
||||
# ============================= VPN Agent Configuration ====================
|
||||
# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is strongswan
|
||||
# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is strongswan
|
||||
# To enable 'vpnaas' as service_plugin, you need to add it to neutron.conf
|
||||
# ['Default']['service_plugins']
|
||||
# Set to true to enable vpnaas
|
||||
default['openstack']['network_vpnaas']['enabled'] = false
|
||||
# Custom the vpnaas config file path
|
||||
default['openstack']['network_vpnaas']['config_file'] = '/etc/neutron/vpn_agent.ini'
|
||||
default['openstack']['network_vpnaas']['conf'].tap do |conf|
|
||||
# VPN device drivers which vpn agent will use
|
||||
conf['DEFAULT']['interface_driver'] =
|
||||
'neutron.agent.linux.interface.OVSInterfaceDriver'
|
||||
conf['vpnagent']['vpn_device_driver'] =
|
||||
'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver'
|
||||
# Status check interval for ipsec vpn
|
||||
conf['ipsec']['ipsec_status_check_interval'] = 60
|
||||
# default_config_area settings is used to set the area where default StrongSwan configuration files are located
|
||||
case node['platform_family']
|
||||
when 'fedora', 'rhel'
|
||||
conf['strongswan']['default_config_area'] = '/usr/share/strongswan/templates/config/strongswan.d'
|
||||
when 'debian'
|
||||
conf['strongswan']['default_config_area'] = '/etc/strongswan.d'
|
||||
end
|
||||
end
|
||||
|
||||
# ============================= LBaaS Agent Configuration ==================
|
||||
# To enable 'lbaas' as service_plugin, you need to add it to neutron.conf
|
||||
# ['Default']['service_plugins']
|
||||
|
@ -197,16 +171,10 @@ default['openstack']['network_fwaas']['config_file'] = '/etc/neutron/fwaas_drive
|
|||
default['openstack']['network']['platform'].tap do |platform|
|
||||
platform['user'] = 'neutron'
|
||||
platform['group'] = 'neutron'
|
||||
platform['vpn_device_driver_packages'] =
|
||||
%w(strongswan)
|
||||
platform['neutron_dhcp_agent_service'] =
|
||||
'neutron-dhcp-agent'
|
||||
platform['neutron_l3_agent_service'] =
|
||||
'neutron-l3-agent'
|
||||
platform['neutron_vpn_agent_service'] =
|
||||
'neutron-vpn-agent'
|
||||
platform['vpn_device_driver_services'] =
|
||||
%w(strongswan)
|
||||
platform['neutron_lb_agent_service'] =
|
||||
'neutron-lbaasv2-agent'
|
||||
platform['neutron_metadata_agent_service'] =
|
||||
|
@ -217,8 +185,6 @@ default['openstack']['network']['platform'].tap do |platform|
|
|||
'neutron-server'
|
||||
platform['neutron_lbaas_python_dependencies'] =
|
||||
%w(python-neutron-lbaas)
|
||||
platform['neutron_vpnaas_python_dependencies'] =
|
||||
%w(python-neutron-vpnaas)
|
||||
case node['platform_family']
|
||||
when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
|
||||
platform['neutron_packages'] =
|
||||
|
@ -230,8 +196,6 @@ default['openstack']['network']['platform'].tap do |platform|
|
|||
platform['neutron_plugin_package'] =
|
||||
'neutron-plugin-ml2'
|
||||
# openstack-neutron-fwaas
|
||||
platform['neutron_vpnaas_packages'] =
|
||||
%w(openstack-neutron-vpnaas iproute)
|
||||
platform['neutron_lbaas_packages'] =
|
||||
%w(openstack-neutron-lbaas haproxy iproute)
|
||||
platform['neutron_openvswitch_packages'] =
|
||||
|
@ -262,8 +226,6 @@ default['openstack']['network']['platform'].tap do |platform|
|
|||
platform['neutron_l3_packages'] =
|
||||
%w(neutron-l3-agent radvd keepalived)
|
||||
# python-neutron-fwaas
|
||||
platform['neutron_vpnaas_packages'] =
|
||||
%w(python-neutron-vpnaas neutron-vpn-agent)
|
||||
platform['neutron_lbaas_packages'] =
|
||||
%w(python-neutron-lbaas neutron-lbaas-common neutron-lbaasv2-agent haproxy)
|
||||
platform['neutron_openvswitch_packages'] =
|
||||
|
|
|
@ -29,16 +29,6 @@ bash 'migrate network database' do
|
|||
EOF
|
||||
end
|
||||
|
||||
# Only if the vpnaas is enabled, migrate the database.
|
||||
bash 'migrate vpnaas database' do
|
||||
only_if { node['openstack']['network_vpnaas']['enabled'] }
|
||||
timeout timeout
|
||||
migrate_command = "neutron-db-manage --subproject neutron-vpnaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
|
||||
code <<-EOF
|
||||
#{migrate_command} upgrade head
|
||||
EOF
|
||||
end
|
||||
|
||||
# Only if the fwaas is enabled, migrate the database.
|
||||
bash 'migrate fwaas database' do
|
||||
only_if { node['openstack']['network_fwaas']['enabled'] }
|
||||
|
|
|
@ -44,27 +44,15 @@ template node['openstack']['network_l3']['config_file'] do
|
|||
variables(
|
||||
service_config: service_config
|
||||
)
|
||||
# Not restart l3 agent to avoid synchronization problem, when vpn agent is enabled.
|
||||
unless node['openstack']['network_vpnaas']['enabled']
|
||||
notifies :restart, 'service[neutron-l3-agent]'
|
||||
end
|
||||
notifies :restart, 'service[neutron-l3-agent]'
|
||||
end
|
||||
|
||||
# See http://docs.openstack.org/admin-guide-cloud/content/section_adv_cfg_l3_agent.html
|
||||
|
||||
service 'neutron-l3-agent' do
|
||||
service_name platform_options['neutron_l3_agent_service']
|
||||
supports status: true, restart: true
|
||||
# As l3 and vpn agents are both working based on l3 bisic strategy, and there will be
|
||||
# potential synchronization problems when vpn and l3 agents both running in network node.
|
||||
# So if the vpn agent is enabled, we should stop and disable the l3 agent.
|
||||
if node['openstack']['network_vpnaas']['enabled']
|
||||
action [:stop, :disable]
|
||||
else
|
||||
action [:enable, :start]
|
||||
subscribes :restart, [
|
||||
'template[/etc/neutron/neutron.conf]',
|
||||
"template[#{node['openstack']['network_fwaas']['config_file']}]",
|
||||
]
|
||||
end
|
||||
action [:enable, :start]
|
||||
subscribes :restart, [
|
||||
'template[/etc/neutron/neutron.conf]',
|
||||
"template[#{node['openstack']['network_fwaas']['config_file']}]",
|
||||
]
|
||||
end
|
||||
|
|
|
@ -76,19 +76,6 @@ if node['openstack']['network_lbaas']['enabled']
|
|||
end
|
||||
end
|
||||
|
||||
if node['openstack']['network_vpnaas']['enabled']
|
||||
# neutron-vpnaas-agent may not running on network node, but on network node, neutron-server still need neutron_vpnaas module
|
||||
# when loading plugin if vpnaas is list in service_plugins. In this case, we don't need include vpn_agent recipe for network node, but
|
||||
# we need make sure neutron vpnaas python packages get installed on network node before neutron-server start/restart, when vpnaas is enabled.
|
||||
# Otherwise neutron-server will crash for couldn't find vpnaas plugin when invoking plugins from service_plugins.
|
||||
platform_options['neutron_vpnaas_python_dependencies'].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# Migrate network database to latest version
|
||||
include_recipe 'openstack-network::db_migration'
|
||||
plugin_templates = []
|
||||
|
|
|
@ -1,74 +0,0 @@
|
|||
# Encoding: utf-8
|
||||
#
|
||||
# Cookbook Name:: openstack-network
|
||||
# Recipe:: vpn_agent
|
||||
#
|
||||
# Copyright 2013, AT&T
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
include_recipe 'openstack-network'
|
||||
|
||||
# Make Openstack object available in Chef::Recipe
|
||||
class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
platform_options = node['openstack']['network']['platform']
|
||||
|
||||
# Install package dependencies according node's vpn_device_driver.
|
||||
platform_options['vpn_device_driver_packages'].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
platform_options['neutron_vpnaas_packages'].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
end
|
||||
end
|
||||
|
||||
platform_options['vpn_device_driver_services'].each do |svc|
|
||||
service 'vpn-device-driver-service' do
|
||||
service_name svc
|
||||
supports status: true, restart: true
|
||||
action :enable
|
||||
end
|
||||
end
|
||||
|
||||
service_conf = merge_config_options 'network_vpnaas'
|
||||
template node['openstack']['network_vpnaas']['config_file'] do
|
||||
source 'openstack-service.conf.erb'
|
||||
cookbook 'openstack-common'
|
||||
owner node['openstack']['network']['platform']['user']
|
||||
group node['openstack']['network']['platform']['group']
|
||||
mode 0o0640
|
||||
variables(
|
||||
service_config: service_conf
|
||||
)
|
||||
end
|
||||
|
||||
service 'neutron-vpn-agent' do
|
||||
service_name platform_options['neutron_vpn_agent_service']
|
||||
supports status: true, restart: true
|
||||
action [:enable, :start]
|
||||
subscribes :restart, [
|
||||
'template[/etc/neutron/neutron.conf]',
|
||||
"template[#{node['openstack']['network_vpnaas']['config_file']}]",
|
||||
"template[#{node['openstack']['network_fwaas']['config_file']}]",
|
||||
]
|
||||
end
|
|
@ -26,19 +26,10 @@ describe 'openstack-network::db_migration' do
|
|||
end
|
||||
describe 'run db-migration when services are enabled' do
|
||||
before do
|
||||
node.override['openstack']['network_vpnaas']['enabled'] = true
|
||||
node.override['openstack']['network_fwaas']['enabled'] = true
|
||||
node.override['openstack']['network_lbaas']['enabled'] = true
|
||||
node.override['openstack']['network']['core_plugin_config_file'] = '/etc/neutron/plugins/ml2/ml2_conf.ini'
|
||||
end
|
||||
it 'uses db upgrade head when vpnaas is enabled' do
|
||||
migrate_cmd = %r{neutron-db-manage --subproject neutron-vpnaas --config-file /etc/neutron/neutron.conf|
|
||||
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
|
||||
expect(chef_run).to run_bash('migrate vpnaas database').with(
|
||||
code: migrate_cmd,
|
||||
timeout: 3600
|
||||
)
|
||||
end
|
||||
it 'uses db upgrade head when lbaas is enabled' do
|
||||
migrate_cmd = %r{neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf|
|
||||
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
|
||||
|
@ -61,15 +52,6 @@ describe 'openstack-network::db_migration' do
|
|||
node.override['openstack']['network']['core_plugin_config_file'] = '/etc/neutron/plugins/ml2/ml2_conf.ini'
|
||||
end
|
||||
|
||||
it 'does not use db upgrade head when vpnaas is not enabled' do
|
||||
migrate_cmd = %r{neutron-db-manage --subproject neutron-vpnaas --config-file /etc/neutron/neutron.conf|
|
||||
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
|
||||
expect(chef_run).not_to run_bash('migrate vpnaas database').with(
|
||||
code: migrate_cmd,
|
||||
timeout: 3600
|
||||
)
|
||||
end
|
||||
|
||||
it 'does not use db upgrade head when fwaas is not enabled' do
|
||||
migrate_cmd = %r{neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf|
|
||||
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
# Encoding: utf-8
|
||||
require_relative 'spec_helper'
|
||||
|
||||
describe 'openstack-network::vpnaas' do
|
||||
describe 'redhat' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
let(:chef_run) do
|
||||
node.override['openstack']['compute']['network']['service_type'] = 'neutron'
|
||||
node.override['openstack']['network']['enable_vpn'] = true
|
||||
stub_command('ovs-vsctl br-exists br-ex').and_return(false)
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
include_context 'neutron-stubs'
|
||||
|
||||
it 'upgrades neutron vpn packages' do
|
||||
%w(iproute openstack-neutron-vpnaas strongswan).each do |pkg|
|
||||
expect(chef_run).to upgrade_package(pkg)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,77 +0,0 @@
|
|||
# Encoding: utf-8
|
||||
require_relative 'spec_helper'
|
||||
|
||||
describe 'openstack-network::vpnaas' do
|
||||
describe 'ubuntu' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
let(:chef_run) do
|
||||
node.override['openstack']['compute']['network']['service_type'] = 'neutron'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
include_context 'neutron-stubs'
|
||||
it 'include the recipe openstack-network::default' do
|
||||
expect(chef_run).to include_recipe('openstack-network::default')
|
||||
end
|
||||
|
||||
it 'upgrades vpn device driver packages' do
|
||||
expect(chef_run).to upgrade_package('strongswan')
|
||||
end
|
||||
|
||||
it 'upgrades neutron vpn packages' do
|
||||
expect(chef_run).to upgrade_package('neutron-vpn-agent')
|
||||
expect(chef_run).to upgrade_package('python-neutron-vpnaas')
|
||||
end
|
||||
|
||||
it 'starts strongswan on boot' do
|
||||
expect(chef_run).to enable_service('strongswan')
|
||||
end
|
||||
|
||||
it 'starts the vpn agent on boot' do
|
||||
expect(chef_run).to enable_service('neutron-vpn-agent')
|
||||
end
|
||||
|
||||
it 'subscribes the vpn agent service to neutron.conf' do
|
||||
expect(chef_run.service('neutron-vpn-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
|
||||
end
|
||||
|
||||
it 'subscribes the vpn agent service to vpn_agent.ini' do
|
||||
expect(chef_run.service('neutron-vpn-agent')).to subscribe_to('template[/etc/neutron/vpn_agent.ini]').delayed
|
||||
end
|
||||
|
||||
describe 'vpn_agent.ini' do
|
||||
let(:file) { chef_run.template('/etc/neutron/vpn_agent.ini') }
|
||||
|
||||
it 'creates vpn_agent.ini' do
|
||||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'neutron',
|
||||
group: 'neutron',
|
||||
mode: 0o640
|
||||
)
|
||||
end
|
||||
|
||||
describe 'vpn_device_driver' do
|
||||
it 'renders one vpn_device_driver entry in vpn_agent.ini for default vpn_device_driver' do
|
||||
[/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver$/].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'renders no setted vpn_device_driver entry in vpn_agent.ini, when no vpn_device_driver set' do
|
||||
chef_run.node.override['openstack']['network_vpnaas']['conf']['vpnagent']['vpn_device_driver'] = ''
|
||||
chef_run.converge(described_recipe)
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', /^vpn_device_driver = $/)
|
||||
end
|
||||
end
|
||||
|
||||
it 'renders default_config_area for strongswan driver' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('strongswan', %r{^default_config_area = /etc/strongswan.d$})
|
||||
end
|
||||
|
||||
it 'notifies the vpn agent service' do
|
||||
expect(file).to notify('service[neutron-vpn-agent]').to(:restart).delayed
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue