Browse Source

Adapt vpnaas attributes and recipe to use StrongSwan instead of OpenSwan

* use StrongSwan driver instead of OpenSwan since xenial does not even provide
  openswan packages anymore
* start and enable strongswan service (needs to be verified for centos)
* do not include ::l3_agent recipe in vpnaas recipe, since neutron-vpn-agent
  fully replaces neutron-l3-agent

Change-Id: I81cd2e05273402e8db57f3ca5029fb4938bbfe29
Jan Klare 2 years ago
parent
commit
29e771a9f3
4 changed files with 16 additions and 15 deletions
  1. 8
    6
      attributes/default.rb
  2. 1
    2
      recipes/vpnaas.rb
  3. 1
    1
      spec/vpnaas-redhat_spec.rb
  4. 6
    6
      spec/vpnaas_spec.rb

+ 8
- 6
attributes/default.rb View File

@@ -139,16 +139,18 @@ default['openstack']['network_metering']['conf'].tap do |conf|
139 139
 end
140 140
 
141 141
 # ============================= VPN Agent Configuration ====================
142
-# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is openswan
143
-# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is ipsec
142
+# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is strongswan
143
+# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is strongswan
144 144
 # Set to true to enable vpnaas
145 145
 default['openstack']['network_vpnaas']['enabled'] = false
146 146
 # Custom the vpnaas config file path
147 147
 default['openstack']['network_vpnaas']['config_file'] = '/etc/neutron/vpn_agent.ini'
148 148
 default['openstack']['network_vpnaas']['conf'].tap do |conf|
149 149
   # VPN device drivers which vpn agent will use
150
-  conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
151
-  conf['vpnagent']['vpn_device_driver'] = 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver'
150
+  conf['DEFAULT']['interface_driver'] =
151
+    'neutron.agent.linux.interface.OVSInterfaceDriver'
152
+  conf['vpnagent']['vpn_device_driver'] =
153
+    'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver'
152 154
   # Status check interval for ipsec vpn
153 155
   conf['ipsec']['ipsec_status_check_interval'] = 60
154 156
   # default_config_area settings is used to set the area where default StrongSwan configuration files are located
@@ -193,7 +195,7 @@ default['openstack']['network']['platform'].tap do |platform|
193 195
   platform['user'] = 'neutron'
194 196
   platform['group'] = 'neutron'
195 197
   platform['vpn_device_driver_packages'] =
196
-    %w(openswan)
198
+    %w(strongswan)
197 199
   platform['neutron_dhcp_agent_service'] =
198 200
     'neutron-dhcp-agent'
199 201
   platform['neutron_l3_agent_service'] =
@@ -201,7 +203,7 @@ default['openstack']['network']['platform'].tap do |platform|
201 203
   platform['neutron_vpn_agent_service'] =
202 204
     'neutron-vpn-agent'
203 205
   platform['vpn_device_driver_services'] =
204
-    %w(ipsec)
206
+    %w(strongswan)
205 207
   platform['neutron_lb_agent_service'] =
206 208
     'neutron-lbaas-agent'
207 209
   platform['neutron_metadata_agent_service'] =

+ 1
- 2
recipes/vpnaas.rb View File

@@ -18,8 +18,7 @@
18 18
 # limitations under the License.
19 19
 #
20 20
 
21
-# VPN agent is based on L3 agent
22
-include_recipe 'openstack-network::l3_agent'
21
+include_recipe 'openstack-network'
23 22
 
24 23
 # Make Openstack object available in Chef::Recipe
25 24
 class ::Chef::Recipe

+ 1
- 1
spec/vpnaas-redhat_spec.rb View File

@@ -15,7 +15,7 @@ describe 'openstack-network::vpnaas' do
15 15
     include_context 'neutron-stubs'
16 16
 
17 17
     it 'upgrades neutron vpn packages' do
18
-      %w(iproute openstack-neutron-vpnaas openswan).each do |pkg|
18
+      %w(iproute openstack-neutron-vpnaas strongswan).each do |pkg|
19 19
         expect(chef_run).to upgrade_package(pkg)
20 20
       end
21 21
     end

+ 6
- 6
spec/vpnaas_spec.rb View File

@@ -11,12 +11,12 @@ describe 'openstack-network::vpnaas' do
11 11
     end
12 12
 
13 13
     include_context 'neutron-stubs'
14
-    it 'include the recipe openstack-network::l3_agent' do
15
-      expect(chef_run).to include_recipe('openstack-network::l3_agent')
14
+    it 'include the recipe openstack-network::default' do
15
+      expect(chef_run).to include_recipe('openstack-network::default')
16 16
     end
17 17
 
18 18
     it 'upgrades vpn device driver packages' do
19
-      expect(chef_run).to upgrade_package('openswan')
19
+      expect(chef_run).to upgrade_package('strongswan')
20 20
     end
21 21
 
22 22
     it 'upgrades neutron vpn packages' do
@@ -24,8 +24,8 @@ describe 'openstack-network::vpnaas' do
24 24
       expect(chef_run).to upgrade_package('python-neutron-vpnaas')
25 25
     end
26 26
 
27
-    it 'starts ipsec on boot' do
28
-      expect(chef_run).to enable_service('ipsec')
27
+    it 'starts strongswan on boot' do
28
+      expect(chef_run).to enable_service('strongswan')
29 29
     end
30 30
 
31 31
     it 'starts the vpn agent on boot' do
@@ -49,7 +49,7 @@ describe 'openstack-network::vpnaas' do
49 49
 
50 50
       describe 'vpn_device_driver' do
51 51
         it 'renders one vpn_device_driver entry in vpn_agent.ini for default vpn_device_driver' do
52
-          [/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver$/].each do |line|
52
+          [/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver$/].each do |line|
53 53
             expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', line)
54 54
           end
55 55
         end

Loading…
Cancel
Save