Support strongswan driver on neutron-vpnaas

Closes-Bug:1433955 Change-Id: Idfe122e19f2e3766a34b94f4caa88d6a90d61b12
2015-03-19 16:32:03 +08:00 · 2015-03-19 16:32:03 +08:00 · 25b72df852
parent 99cdcb65fd
commit 25b72df852
3 changed files with 22 additions and 2 deletions
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -403,6 +403,7 @@ default['openstack']['network']['l3']['ha']['ha_vrrp_advert_int'] = 2
 # VPN device drivers which vpn agent will use
 # vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is openswan
 # vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is ipsec
+# default_config_area in platform-specific settings is used to set the area where default StrongSwan configuration files are located
 default['openstack']['network']['vpn']['vpn_device_driver'] = ['neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver']

 # Status check interval for ipsec vpn
@ -1057,6 +1058,7 @@ when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
    'neutron_l3_packages' => ['openstack-neutron', 'iproute', 'radvd'],
    'neutron_vpn_packages' => ['python-neutron-vpnaas', 'iproute'],
    'vpn_device_driver_packages' => ['openswan'],
+    'default_config_area' => '/usr/share/strongswan/templates/config/strongswan.d',
    'neutron_lb_packages' => ['python-neutron-lbaas', 'haproxy', 'iproute'],
    'neutron_openvswitch_packages' => ['openvswitch'],
    'neutron_openvswitch_agent_packages' => ['openstack-neutron-openvswitch', 'iproute'],
@ -1087,6 +1089,7 @@ when 'suse'
    'neutron_l3_packages' => ['openstack-neutron-l3-agent', 'radvd'],
    'neutron_vpn_packages' => ['openstack-neutron-vpn-agent'],
    'vpn_device_driver_packages' => ['openswan'],
+    'default_config_area' => '/etc/strongswan.d',
    'neutron_lb_packages' => ['openstack-neutron-lbaas-agent'],
    # plugins are installed by the main openstack-neutron package on SUSE
    'neutron_plugin_package' => '',
@ -1119,6 +1122,7 @@ when 'debian'
    'neutron_l3_packages' => ['neutron-l3-agent', 'radvd'],
    'neutron_vpn_packages' => ['python-neutron-vpnaas', 'neutron-vpn-agent'],
    'vpn_device_driver_packages' => ['openswan'],
+    'default_config_area' => '/etc/strongswan.d',
    'neutron_lb_packages' => ['python-neutron-lbaas', 'neutron-lbaas-agent', 'haproxy'],
    'neutron_openvswitch_packages' => ['openvswitch-switch', 'openvswitch-datapath-dkms', 'bridge-utils'],
    'neutron_openvswitch_build_packages' => %w(build-essential pkg-config fakeroot libssl-dev openssl debhelper autoconf dkms python-all python-qt4 python-zopeinterface python-twisted-conch),
--- a/spec/vpn_agent_spec.rb
+++ b/spec/vpn_agent_spec.rb
@ -84,6 +84,10 @@ describe 'openstack-network::vpn_agent' do
        end
      end

+      it 'renders default_config_area for strongswan driver' do
+        expect(chef_run).to render_config_file(file.name).with_section_content('strongswan', %r(^default_config_area=/etc/strongswan.d$))
+      end
+
      it 'notifies the vpn agent service' do
        expect(file).to notify('service[neutron-vpn-agent]').to(:restart).immediately
      end
--- a/templates/default/services/neutron-vpnaas/vpn_agent.ini.erb
+++ b/templates/default/services/neutron-vpnaas/vpn_agent.ini.erb
@ -9,8 +9,13 @@ interface_driver = <%= node["openstack"]["network"]["interface_driver"] %>
 [vpnagent]
 # vpn device drivers which vpn agent will use
 # If we want to use multiple drivers,  we need to define this option multiple times.
-# vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver
-# vpn_device_driver=neutron.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver
+# NOTE: StrongSwan and openSwan cannot be installed at the same time. Thus, both cannot
+#       be enabled for use. In the future when flavors/STF support is available,
+#       this will still constrain the flavors which can be used together.
+# vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver
+# vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver
+# vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver
+# vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
 # vpn_device_driver=another_driver
 <% if node['openstack']['network']['vpn']['vpn_device_driver'].any? %>
  <% node['openstack']['network']['vpn']['vpn_device_driver'].each do |driver| %>
@ -21,3 +26,10 @@ vpn_device_driver=<%= driver %>
 [ipsec]
 # Status check interval
 ipsec_status_check_interval = <%= node['openstack']['network']['vpn']['ipsec_status_check_interval'] %>
+
+[strongswan]
+# For fedora use:
+# default_config_area=/usr/share/strongswan/templates/config/strongswan.d
+# Default is for ubuntu use, /etc/strongswan.d
+# default_config_area=/etc/strongswan.d
+default_config_area=<%= node['openstack']['network']['platform']['default_config_area'] %>