Adds VPNaaS support for OVN.
Add a new stand-alone VPN agent to support OVN+VPN. Add OVN-specific
service and device drivers that support this new VPN agent. This will
have no impact on the existing VPN solution for ML2/OVS, the existing
L3 agent and its VPN extension will still work.
Add a new VPN agent scheduler that will schedule VPN services to VPN
agents on a per-router basis.
Add two new database tables: vpn_ext_gws (to store extra port IDs)
and routervpnagentbindings (to store VPN agent ID per router).
More details see spec (neutron-specs/specs/xena/vpnaas-ovn.rst).
This work is based on work of MingShuan Xian (xianms@cn.ibm.com),
see https://bugs.launchpad.net/networking-ovn/+bug/1586253
Depends-On: https://review.opendev.org/c/openstack/neutron/+/847005
Depends-On: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/847007
Closes-Bug: #1905391
Change-Id: I632f86762d63edbfe225727db11ea21bbb1ffc25
neutron_vpnaas_generate_config_files() in devstack/plugin.sh
uses sudo unnecessarily. It creates pyc files with root owner and
when we run stack.sh again stack.sh will fail.
Change-Id: I611ded0a60383f183f053c7a5ff5ccb3f0639e75
If we wants VPN works on CentOS, we can set IPSEC_PACKAGE
to libreswan, but vpn service_providers still related
to strongswan.
This patch set the value of NEUTRON_VPNAAS_SERVICE_PROVIDER
according to IPSEC_PACKAGE in devstack/settings.
Change-Id: I893a191a8a1aa5a5beb8a73a9df4d1df2fb0c2f8
After the announcement on mailing list [1] but there is no response.
This patch intends to remove the following drivers that are unmaintained:
- CiscoCsrIPsecDriver
- FedoraStrongSwanDriver
- VyattaIPsecDriver
[1] http://lists.openstack.org/pipermail/openstack-dev/2017-July/120264.html
Change-Id: I984a41b9a9b5c154c4be7f5bcef621fe8c5677ac
This patch adds doc for how to test VPNaaS with devstack
in order to help developers, operators and users easy to
understand VPNaaS as fast as possible.
This patch addresses the gap and improves docs as
discussed in Boston summit.
The content of this patch is basic inheritted from wiki page [1]
[1] https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall
Change-Id: I8465cb90645af0fc3ea8cda554b0477b15f01fbe
Related-bug: 1692131
This is the iteration of the VPNaaS Agent with some basic
functionality to enable integration of Plugin - Agent - Driver.
Co-Authored-By: Van Hung Pham <hungpv@vn.fujitsu.com>
Change-Id: I0b86c432e4b2210e5f2a73a7e3ba16d10467f0f2
Closes-Bug: 1692128
When specifying a service plugin, we can use entrypoint names
instead of full class paths.
It shorten the line length of service_plugins in neutron.conf
and improves the readability :)
Change-Id: I51eb5960039683305feb7a8b8367b13b39ad4a1e
Right now if the FWaaS configuration file does not exist, a devstack
trying to start VPNaaS may fail[1]. This is unnecessary; since FWaaS is
now using the L3 agent extension code, it plugs in that way. It should
not interfere at all with VPNaaS. This change removes the FWaaS
dependency in the devstack plugin.
[1] http://paste.openstack.org/show/584360/
Change-Id: I28e48ab161e7991a24fec181e4ec7378888f9149
Adds settings file is necessary to register the service.
Fixes undefined reference in shutdown by copy-paste. :/
Change-Id: I1c2129d581c00719766f80b802031f04b4a07a2a
Closes-Bug: #1579235
This adds grenade upgrade hooks so the agent can actually
be stopped during an upgrade.
This is necessary now that vpnaas runs in a devstack plugin
because its agent will now no longer be stopped by the neutron
plugin inside of grenade.
Change-Id: I5271f0ef4f857eb5650612829d352a821416487a
Partial-Bug: #1579235
The variable NEUTRON_CONF_DIR is no longer available to the
script for functional setup. This defaults it to the correct
location if it's not already set.
Closes-Bug: #1579946
Change-Id: I060aea1de70d7939a8ea68771702f74a00d88fe9
Recent changes to the gate base images [1] removed a package
neutron-vpnaas requires (apparmor).
This patch updates the plugin.sh to install apparmor.
Change-Id: Ic569c43e014ef11f8121db7dd5047a39579a4633
Closes-Bug: #1558355
Modify devstack plugin to support multi-node confgurations
(i.e. where the network node is split from the controller node).
DocImpact: Migrate HowTo wiki page to additional devref text
Change-Id: Iac5756ffe75b2125faace54b74b296036905a9b0
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
This adds a new tox environment, genconfig, which generates sample
neutron VPNaaS configuration file using oslo-config-generator.
Updates to some configuration option help messages to reflect useful
details that were missing in the code but were present in config files.
DocImpact: Update the docs that VPNaaS no longer includes static example
configuration files. Instead, use tools/generate_config_file_samples.sh
to generate them and the files generated now end with .sample extension.
Partially-Implements: blueprint autogen-neutron-conf-file
Change-Id: I4a6094b8218dfd320d05bfb1e3bc121e8930c551
Partial-bug: #1199963
(Finally) move away from the old quantum naming for services, and move to
the ultra-modern, but bland, neutron-vpnaas naming.
On a practical note, coupled with I2bb7ac01e619c8a9b22bd517a4ff60d67035dfed
this commit prevents two VPN agent processes from being started. Note: This
cannot be tested/upstreamed, until the devstack repo commit is upstreamed.
With this commit, the Devstack plugin for VPN is completed.
Closes-Bug: 1473475
Closes-Bug: 1484141
Change-Id: I267c300ef5a577823dddec08e0a93e098413198a
Depends-On: I2bb7ac01e619c8a9b22bd517a4ff60d67035dfed
Use FedoraStrongSwanDriver instead of StrongSwanDriver on Fedora.
This also make setting the default_config_area option unnecessary
as FedoraStrongSwanDriver overrides it itself.
Change-Id: I2fa2f41dcbebe456c46980cfd11b1221288fed66
With the new DevStack plugin for neutron-vpnaas, the method names for
various stacking actions were renamed. One is used by the functional
test setup script tools/configure_for_vpn_func_testing.sh.
The change wasn't noticed, because the neutron-vpnaas repo still was
using DevStack's existing VPN setup, where the old method name is still
in use. But, when removing the VPN setup in DevStack, then the function
tests will fail.
This commit renames the method to match the name of the DevStack
plugin method, instead of the older DevStack repo method. It'll be
needed, before upstreaming Iffa9901e24adbacb581425c4b38c7e8cff0da9e8.
In addition, it makes sure that VPN environment variables are available
for use by the configuration script, and reuses more plugin.sh code,
to remove duplication.
Change-Id: Ib22a4b9abdc82c2b14d933b02329c6483c075ea8
Adding plugin support for the neutron-vpnaas repo. Later, will
remove the setup from the DevStack repo.
One note: Since the VPN agent is a subclass of the L3 agent,
which in turn is a subclass of the FW agent, the startup for
the VPN agent process must check to see if the FW service is
enabled, and if so, include that configuration file (AFAICT).
Change-Id: I6c32165a544223ccf02228c953766b5211426ed0
Partial-Bug: 1473475
Bodo Petermann