Multi driver support to VPN agent
Add multi driver support to the recipe of vpn_agent, by changing vpn_device_driver option from string to list. And add a new option named vpn_device_driver_packages to install package dependencies according vpn_device_driver. DocImpact Closes-Bug: #1386067 Closes-Bug: #1386070 Change-Id: If84827e421a2d94b5ae802a65b3d906670e28e90
This commit is contained in:
parent
b7229e1601
commit
de6ca4a702
|
@ -14,6 +14,7 @@ This file is used to list changes made in each version of cookbook-openstack-net
|
|||
* Make auth_version to be v2.0 in configuration file
|
||||
* Added directory resource for neutron_ha_cmd
|
||||
* Add cacert,insecure arguments for get nova_admin_tenant_id call
|
||||
* Add multi driver support and package dependencies to vpn_agent recipe
|
||||
|
||||
## 10.0.1
|
||||
* Add tunnel_types item in ovs_neutron_plugin.ini.erb
|
||||
|
|
|
@ -140,8 +140,8 @@ L3 Agent Configuration
|
|||
|
||||
VPN Agent Configuration
|
||||
----------------------
|
||||
* `openstack['openstack']['network']['enable_vpn'] - (BoolOpt) Enable VPN agent. (default false)
|
||||
* `openstack['openstack']['network']['vpn']['vpn_device_driver'] - (StrOpt) VPN device drivers which VPN agent will use
|
||||
* `openstack['openstack']['network']['enable_vpn'] - (BoolOpt) Used to enable VPN agent, if true, namespaces must be enabled. (default false)
|
||||
* `openstack['openstack']['network']['vpn']['vpn_device_driver'] - (ListOpt) Comma-separated list of VPN device drivers which VPN agent will use
|
||||
* `openstack['openstack']['network']['vpn']['ipsec_status_check_interval'] - (IntOpt) Status check interval for ipsec VPN
|
||||
|
||||
The following attributes are defined in attributes/default.rb of the common cookbook, but are documented here due to their relevance:
|
||||
|
|
|
@ -209,7 +209,8 @@ default['openstack']['network']['dhcp_driver'] = 'neutron.agent.linux.dhcp.Dnsma
|
|||
default['openstack']['network']['use_namespaces'] = 'True'
|
||||
default['openstack']['network']['allow_overlapping_ips'] = 'False'
|
||||
|
||||
# vpn agent configuration, default is false
|
||||
# VPN agent configuration, default is false
|
||||
# Must enable namespaces to set enable_vpn true
|
||||
default['openstack']['network']['enable_vpn'] = false
|
||||
|
||||
# use neutron root wrap
|
||||
|
@ -393,7 +394,11 @@ default['openstack']['network']['l3']['router_delete_namespaces'] = 'False'
|
|||
|
||||
# ============================= VPN Agent Configuration ====================
|
||||
|
||||
default['openstack']['network']['vpn']['vpn_device_driver'] = 'neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver'
|
||||
# VPN device drivers which vpn agent will use
|
||||
# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is openswan
|
||||
default['openstack']['network']['vpn']['vpn_device_driver'] = ['neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver']
|
||||
|
||||
# Status check interval for ipsec vpn
|
||||
default['openstack']['network']['vpn']['ipsec_status_check_interval'] = 60
|
||||
|
||||
# ============================= Metadata Agent Configuration ===============
|
||||
|
@ -1040,6 +1045,7 @@ when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
|
|||
'neutron_dhcp_build_packages' => [],
|
||||
'neutron_l3_packages' => ['openstack-neutron'],
|
||||
'neutron_vpn_packages' => ['openstack-neutron'],
|
||||
'vpn_device_driver_packages' => ['openswan'],
|
||||
'neutron_lb_packages' => ['openstack-neutron', 'haproxy'],
|
||||
'neutron_openvswitch_packages' => ['openvswitch'],
|
||||
'neutron_openvswitch_agent_packages' => ['openstack-neutron-openvswitch'],
|
||||
|
@ -1069,6 +1075,7 @@ when 'suse'
|
|||
'neutron_dhcp_build_packages' => [],
|
||||
'neutron_l3_packages' => ['openstack-neutron-l3-agent'],
|
||||
'neutron_vpn_packages' => ['openstack-neutron-vpn-agent'],
|
||||
'vpn_device_driver_packages' => ['openswan'],
|
||||
'neutron_lb_packages' => ['openstack-neutron-lbaas-agent'],
|
||||
# plugins are installed by the main openstack-neutron package on SUSE
|
||||
'neutron_plugin_package' => '',
|
||||
|
@ -1100,6 +1107,7 @@ when 'debian'
|
|||
'neutron_dhcp_build_packages' => %w(build-essential pkg-config libidn11-dev libdbus-1-dev libnetfilter-conntrack-dev gettext),
|
||||
'neutron_l3_packages' => ['neutron-l3-agent'],
|
||||
'neutron_vpn_packages' => ['neutron-vpn-agent'],
|
||||
'vpn_device_driver_packages' => ['openswan'],
|
||||
'neutron_lb_packages' => ['neutron-lbaas-agent', 'haproxy'],
|
||||
'neutron_openvswitch_packages' => ['openvswitch-switch', 'openvswitch-datapath-dkms', 'bridge-utils'],
|
||||
'neutron_openvswitch_build_packages' => %w(build-essential pkg-config fakeroot libssl-dev openssl debhelper autoconf dkms python-all python-qt4 python-zopeinterface python-twisted-conch),
|
||||
|
|
|
@ -21,6 +21,11 @@
|
|||
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
|
||||
return unless node['openstack']['network']['enable_vpn']
|
||||
|
||||
use_namespaces = node['openstack']['network']['use_namespaces']
|
||||
unless use_namespaces.downcase == 'true'
|
||||
fail "use_namespaces is #{use_namespaces}, and it must be True when using vpn agent"
|
||||
end
|
||||
|
||||
# VPN agent is based on L3 agent
|
||||
include_recipe 'openstack-network::l3_agent'
|
||||
|
||||
|
@ -28,11 +33,20 @@ platform_options = node['openstack']['network']['platform']
|
|||
core_plugin = node['openstack']['network']['core_plugin']
|
||||
main_plugin = node['openstack']['network']['core_plugin_map'][core_plugin.split('.').last.downcase]
|
||||
|
||||
# Install package dependencies according node's vpn_device_driver.
|
||||
platform_options['vpn_device_driver_packages'].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
only_if { node['openstack']['network']['vpn']['vpn_device_driver'].any? }
|
||||
end
|
||||
end
|
||||
|
||||
platform_options['neutron_vpn_packages'].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
# The vpn agent is depends on l3_agent and the providers below do not use the generic L3 agent...
|
||||
# The vpn agent is depends on l3_agent and the providers below do not use the generic L3 agent.
|
||||
not_if { ['nicira', 'plumgrid', 'bigswitch'].include?(main_plugin) }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -23,6 +23,10 @@ describe 'openstack-network::vpn_agent' do
|
|||
expect(chef_run).to disable_service('neutron-l3-agent')
|
||||
end
|
||||
|
||||
it 'upgrades vpn device driver packages' do
|
||||
expect(chef_run).to upgrade_package('openswan')
|
||||
end
|
||||
|
||||
it 'upgrades neutron vpn package' do
|
||||
expect(chef_run).to upgrade_package('neutron-vpn-agent')
|
||||
end
|
||||
|
@ -46,6 +50,30 @@ describe 'openstack-network::vpn_agent' do
|
|||
)
|
||||
end
|
||||
|
||||
describe 'vpn_device_driver' do
|
||||
it 'renders one vpn_device_driver entry in vpn_agent.ini for default vpn_device_driver' do
|
||||
[/^vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver$/].each do |line|
|
||||
expect(chef_run).to render_file(file.name).with_content(line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'renders multi vpn_device_driver entries in vpn_agent.ini, when multi vpn_device_driver set' do
|
||||
chef_run.node.set['openstack']['network']['vpn']['vpn_device_driver'] = ['neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver',
|
||||
'neutron.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver']
|
||||
chef_run.converge(described_recipe)
|
||||
[/^vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver$/,
|
||||
/^vpn_device_driver=neutron.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver$/].each do |line|
|
||||
expect(chef_run).to render_file(file.name).with_content(line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'renders no setted vpn_device_driver entry in vpn_agent.ini, when no vpn_device_driver set' do
|
||||
chef_run.node.set['openstack']['network']['vpn']['vpn_device_driver'] = []
|
||||
chef_run.converge(described_recipe)
|
||||
expect(chef_run).to render_file(file.name).with_content(/^(?!vpn_device_driver)(.*)$/)
|
||||
end
|
||||
end
|
||||
|
||||
it 'notifies the vpn agent service' do
|
||||
expect(file).to notify('service[neutron-vpn-agent]').to(:restart).immediately
|
||||
end
|
||||
|
|
|
@ -12,8 +12,12 @@ interface_driver = <%= node["openstack"]["network"]["interface_driver"] %>
|
|||
# vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver
|
||||
# vpn_device_driver=neutron.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver
|
||||
# vpn_device_driver=another_driver
|
||||
vpn_device_driver = <%= node['openstack']['network']['vpn']['vpn_device_driver'] %>
|
||||
<% if node['openstack']['network']['vpn']['vpn_device_driver'].any? %>
|
||||
<% node['openstack']['network']['vpn']['vpn_device_driver'].each do |driver| %>
|
||||
vpn_device_driver=<%= driver %>
|
||||
<% end %>
|
||||
<% end %>
|
||||
|
||||
[ipsec]
|
||||
# Status check interval
|
||||
ipsec_status_check_interval = <%= node['openstack']['network']['vpn']['ipsec_status_check_interval'] %>
|
||||
ipsec_status_check_interval = <%= node['openstack']['network']['vpn']['ipsec_status_check_interval'] %>
|
||||
|
|
Loading…
Reference in New Issue