VPNaaS DevStack Plugin support

Adding plugin support for the neutron-vpnaas repo. Later, will
remove the setup from the DevStack repo.

One note: Since the VPN agent is a subclass of the L3 agent,
which in turn is a subclass of the FW agent, the startup for
the VPN agent process must check to see if the FW service is
enabled, and if so, include that configuration file (AFAICT).

Change-Id: I6c32165a544223ccf02228c953766b5211426ed0
Partial-Bug: 1473475

devstack/README.md

@@ -0,0 +1,26 @@
+This directory contains the neutron-vpnaas devstack plugin.  To
+configure VPNaaS, in the [[local|localrc]] section, you will need
+to enable the neutron-vpnaas devstack plugin.
+
+Add a line of the form:
+
+    enable_plugin neutron-vpnaas <GITURL> [GITREF]
+
+where
+
+    <GITURL> is the URL of a neutron-vpnaas repository
+    [GITREF] is an optional git ref (branch/ref/tag).  The default is
+             master.
+
+For example
+
+    enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/kilo
+
+Note: Since the VPN agent process, is a subclass of the L3 agent,
+which is a subclass of the FW agent, the DevStack plugin will
+check for the FW service being enabled, and if so, will include
+the config file specified in Q_FWAAS_CONF_FILE (default is
+fwaas_driver.ini).
+
+For more information, see the "Externally Hosted Plugins" section of
+http://docs.openstack.org/developer/devstack/plugins.html.

devstack/plugin.sh

@@ -0,0 +1,92 @@
+# plugin.sh - DevStack plugin.sh dispatch script template
+
+VPNAAS_XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+function neutron_vpnaas_install {
+    setup_develop $NEUTRON_VPNAAS_DIR
+    neutron_agent_vpnaas_install_agent_packages
+}
+
+function neutron_agent_vpnaas_install_agent_packages {
+    install_package $IPSEC_PACKAGE
+    if is_ubuntu && [[ "$IPSEC_PACKAGE" == "strongswan" ]]; then
+        sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.charon /etc/apparmor.d/disable/
+        sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.stroke /etc/apparmor.d/disable/
+        # NOTE: Due to https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1387220
+        # one must use 'sudo start apparmor ACTION=reload' for Ubuntu 14.10
+        restart_service apparmor
+    fi
+}
+
+function neutron_vpnaas_configure_common {
+    cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf $NEUTRON_VPNAAS_CONF
+    _neutron_service_plugin_class_add $VPN_PLUGIN
+    _neutron_deploy_rootwrap_filters $NEUTRON_VPNAAS_DIR
+    inicomment $NEUTRON_VPNAAS_CONF service_providers service_provider
+    iniadd $NEUTRON_VPNAAS_CONF service_providers service_provider $NEUTRON_VPNAAS_SERVICE_PROVIDER
+    iniset $NEUTRON_CONF DEFAULT service_plugins $Q_SERVICE_PLUGIN_CLASSES
+    $NEUTRON_BIN_DIR/neutron-db-manage --service vpnaas --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
+}
+
+function neutron_vpnaas_configure_agent {
+    cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE
+    if [[ "$IPSEC_PACKAGE" == "strongswan" ]]; then
+        iniset_multiline $Q_VPN_CONF_FILE vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
+        if is_fedora; then
+            iniset $Q_VPN_CONF_FILE strongswan default_config_area /usr/share/strongswan/templates/config/strongswan.d
+        fi
+    else
+        iniset_multiline $Q_VPN_CONF_FILE vpnagent vpn_device_driver $NEUTRON_VPNAAS_DEVICE_DRIVER
+    fi
+}
+
+function neutron_vpnaas_start {
+    local cfg_file
+    local opts="--config-file $NEUTRON_CONF --config-file=$Q_L3_CONF_FILE --config-file=$Q_VPN_CONF_FILE"
+    if is_service_enabled q-fwaas; then
+        opts+=" --config-file $Q_FWAAS_CONF_FILE"
+    fi
+    for cfg_file in ${Q_VPN_EXTRA_CONF_FILES[@]}; do
+        opts+=" --config-file $cfg_file"
+    done
+    run_process q-vpn "$AGENT_VPN_BINARY $opts"
+}
+
+function neutron_vpnaas_stop {
+    local ipsec_data_dir=$DATA_DIR/neutron/ipsec
+    local pids
+    if [ -d $ipsec_data_dir ]; then
+        pids=$(find $ipsec_data_dir -name 'pluto.pid' -exec cat {} \;)
+    fi
+    if [ -n "$pids" ]; then
+        sudo kill $pids
+    fi
+    stop_process q-vpn
+}
+
+# Main plugin processing
+
+# NOP for pre-install step
+
+if [[ "$1" == "stack" && "$2" == "install" ]]; then
+    echo_summary "Installing neutron-vpnaas"
+    neutron_vpnaas_install
+
+elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
+    echo_summary "Configuring neutron-vpnaas"
+    neutron_vpnaas_configure_common
+    neutron_vpnaas_configure_agent
+
+elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
+    echo_summary "Initializing neutron-vpnaas"
+    neutron_vpnaas_start
+
+elif [[ "$1" == "unstack" ]]; then
+    neutron_vpnaas_stop
+
+# NOP for clean step
+
+fi
+
+$VPNAAS_XTRACE

devstack/settings

@@ -0,0 +1,26 @@
+# Settings for the VPNaaS devstack plugin
+
+enable_service q-vpn
+
+AGENT_VPN_BINARY="$NEUTRON_BIN_DIR/neutron-vpn-agent"
+
+# Plugin
+VPN_PLUGIN=${VPN_PLUGIN:-"neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin"}
+
+# Service Driver
+NEUTRON_VPNAAS_SERVICE_PROVIDER=${NEUTRON_VPNAAS_SERVICE_PROVIDER:-"VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default"}
+
+# Device driver
+IPSEC_PACKAGE=${IPSEC_PACKAGE:-"openswan"}
+NEUTRON_VPNAAS_DEVICE_DRIVER=${NEUTRON_VPNAAS_DEVICE_DRIVER:-"neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver"}
+
+# Config files
+NEUTRON_VPNAAS_DIR=$DEST/neutron-vpnaas
+Q_VPN_CONF_FILE=$NEUTRON_CONF_DIR/vpn_agent.ini
+NEUTRON_VPNAAS_CONF=$NEUTRON_CONF_DIR/neutron_vpnaas.conf
+
+declare -a Q_VPN_EXTRA_CONF_FILES
+
+# Need this because if FW and VPN enabled, the FW config must be included,
+# when starting the agent. VPN-agent is a L3-agent is a FW-agent.
+Q_FWAAS_CONF_FILE=$NEUTRON_CONF_DIR/fwaas_driver.ini