Virtual private network services for OpenStack Neutron.

Go to file

Zhang Hua 0cf7671b0a vpn namespace wrapper strongSwan doesn't support namespace natively, this wrapper will use "mount --bind" to simulate the ns like this: sudo neutron-rootwrap /etc/neutron/rootwrap.conf ip netns \ exec <namespace-id> neutron-netns-wrapper --mount_paths \ =/etc:/var/lib/neutron/vpnaas/<xxxx-id>/etc, \ /var/run:/var/lib/neutron/vpnaas/<xxxx-id>/var/run \ --cmd=ipsec,status Both sudoers and rootwrap.conf will not exist in the directory /etc after bind-mount, thus we can't use utils.execute(cmd, conf.root_helper) in neutron/agent/linux/utils.py. so implement a function execte(cmd) in this wrapper as an alternative. then we can use root_helper to invoke this wrapper to make sure all commands are still running as root as below code shows. Finally, also need to check in wrapper if cmd matches CommandFilter based on the same reason. ip_wrapper = ip_lib.IPWrapper(root_helper, namespace) ip_wrapper.netns.execute( [NS_WRAPPER, '--mount_paths=/etc:%s/etc,/var/run:%s/var/run' % ( self.config_dir, self.config_dir), '--cmd=%s' % ','.join(cmd)], check_exit_code=check_exit_code) We are using check of net namespace (since linux 3.0), instead of mount namespace (since Linux 3.8), as older kernels do not support mount namespace. In addition, mount --bind has been available since Linux 2.4. so we don't need to worry kilo's minumum kernel requirement. This patch is based on patchset67 of nachi's initial vpnaas implementation, many thanks to nachi. submit this wrapper as a separate review from [1]. [1] https://review.openstack.org/#/c/144391/ Partially-implements: blueprint ipsec-strongswan-driver Change-Id: Icc80b9102acb87170f2d1cda06c848fa71bb1634		2015-01-23 09:55:53 +08:00
doc/source	After the services split, get neutron-vpnaas Jenkins jobs passing	2014-12-09 00:00:04 -07:00
etc	vpn namespace wrapper	2015-01-23 09:55:53 +08:00
neutron_vpnaas	vpn namespace wrapper	2015-01-23 09:55:53 +08:00
tools	Migrate to oslo.concurrency	2015-01-14 17:58:09 +01:00
.coveragerc	fix some missing change from quantum to neutron	2013-07-08 12:11:04 +08:00
.gitignore	Fix gitignore of egg files properly	2014-12-19 14:51:52 -07:00
.gitreview	Point gitreview at correct repo	2014-12-08 14:49:55 -07:00
.mailmap	Add mailmap entry	2014-05-16 13:40:04 -04:00
.pylintrc	Merge "Enable undefined-loop-variable pylint check"	2014-11-30 17:04:58 +00:00
.testr.conf	After the services split, get neutron-vpnaas Jenkins jobs passing	2014-12-09 00:00:04 -07:00
CONTRIBUTING.rst	Update documentation files for VPNaaS	2014-12-15 14:15:46 +00:00
HACKING.rst	Update documentation files for VPNaaS	2014-12-15 14:15:46 +00:00
LICENSE	Adding Apache Version 2.0 license file. This is the official license agreement under which Quantum code is available to	2011-08-08 12:31:04 -07:00
MANIFEST.in	Rename Quantum to Neutron	2013-07-06 15:02:43 -04:00
README.rst	Update documentation files for VPNaaS	2014-12-15 14:15:46 +00:00
TESTING.rst	Update documentation files for VPNaaS	2014-12-15 14:15:46 +00:00
babel.cfg	Use babel to generate translation file	2013-01-24 00:20:32 +08:00
requirements.txt	Updated from global requirements	2015-01-20 17:07:39 +00:00
setup.cfg	vpn namespace wrapper	2015-01-23 09:55:53 +08:00
setup.py	Updated from global requirements	2014-04-30 02:41:29 +00:00
test-requirements.txt	Update hacking to 0.10	2015-01-12 17:44:00 +01:00
tox.ini	Migrate to oslo.concurrency	2015-01-14 17:58:09 +01:00

README.rst

Welcome!

This package contains the code for the Neutron VPN as a Service (VPNaaS) service. This includes third-party drivers. This package requires Neutron to run.

External Resources:

The homepage for Neutron is: http://launchpad.net/neutron. Use this site for asking for help, and filing bugs. We use a single Launchpad page for all Neutron projects.

Code is available on git.openstack.org at: <http://git.openstack.org/cgit/openstack/neutron-vpnaas.

Please refer to Neutron documentation for more information: Neutron README.rst