From 29e771a9f3a61f45b8462ab10bbf2dd53691081e Mon Sep 17 00:00:00 2001
From: Jan Klare <j.klare@cloudbau.de>
Date: Thu, 25 Aug 2016 16:25:42 +0200
Subject: [PATCH] Adapt vpnaas attributes and recipe to use StrongSwan instead
 of OpenSwan

* use StrongSwan driver instead of OpenSwan since xenial does not even provide
  openswan packages anymore
* start and enable strongswan service (needs to be verified for centos)
* do not include ::l3_agent recipe in vpnaas recipe, since neutron-vpn-agent
  fully replaces neutron-l3-agent

Change-Id: I81cd2e05273402e8db57f3ca5029fb4938bbfe29
---
 attributes/default.rb      | 14 ++++++++------
 recipes/vpnaas.rb          |  3 +--
 spec/vpnaas-redhat_spec.rb |  2 +-
 spec/vpnaas_spec.rb        | 12 ++++++------
 4 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/attributes/default.rb b/attributes/default.rb
index 2738c95c..649e83c4 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -139,16 +139,18 @@ default['openstack']['network_metering']['conf'].tap do |conf|
 end
 
 # ============================= VPN Agent Configuration ====================
-# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is openswan
-# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is ipsec
+# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is strongswan
+# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is strongswan
 # Set to true to enable vpnaas
 default['openstack']['network_vpnaas']['enabled'] = false
 # Custom the vpnaas config file path
 default['openstack']['network_vpnaas']['config_file'] = '/etc/neutron/vpn_agent.ini'
 default['openstack']['network_vpnaas']['conf'].tap do |conf|
   # VPN device drivers which vpn agent will use
-  conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
-  conf['vpnagent']['vpn_device_driver'] = 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver'
+  conf['DEFAULT']['interface_driver'] =
+    'neutron.agent.linux.interface.OVSInterfaceDriver'
+  conf['vpnagent']['vpn_device_driver'] =
+    'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver'
   # Status check interval for ipsec vpn
   conf['ipsec']['ipsec_status_check_interval'] = 60
   # default_config_area settings is used to set the area where default StrongSwan configuration files are located
@@ -193,7 +195,7 @@ default['openstack']['network']['platform'].tap do |platform|
   platform['user'] = 'neutron'
   platform['group'] = 'neutron'
   platform['vpn_device_driver_packages'] =
-    %w(openswan)
+    %w(strongswan)
   platform['neutron_dhcp_agent_service'] =
     'neutron-dhcp-agent'
   platform['neutron_l3_agent_service'] =
@@ -201,7 +203,7 @@ default['openstack']['network']['platform'].tap do |platform|
   platform['neutron_vpn_agent_service'] =
     'neutron-vpn-agent'
   platform['vpn_device_driver_services'] =
-    %w(ipsec)
+    %w(strongswan)
   platform['neutron_lb_agent_service'] =
     'neutron-lbaas-agent'
   platform['neutron_metadata_agent_service'] =
diff --git a/recipes/vpnaas.rb b/recipes/vpnaas.rb
index 7133d80e..52a94d5f 100644
--- a/recipes/vpnaas.rb
+++ b/recipes/vpnaas.rb
@@ -18,8 +18,7 @@
 # limitations under the License.
 #
 
-# VPN agent is based on L3 agent
-include_recipe 'openstack-network::l3_agent'
+include_recipe 'openstack-network'
 
 # Make Openstack object available in Chef::Recipe
 class ::Chef::Recipe
diff --git a/spec/vpnaas-redhat_spec.rb b/spec/vpnaas-redhat_spec.rb
index df4242ca..5c712fed 100644
--- a/spec/vpnaas-redhat_spec.rb
+++ b/spec/vpnaas-redhat_spec.rb
@@ -15,7 +15,7 @@ describe 'openstack-network::vpnaas' do
     include_context 'neutron-stubs'
 
     it 'upgrades neutron vpn packages' do
-      %w(iproute openstack-neutron-vpnaas openswan).each do |pkg|
+      %w(iproute openstack-neutron-vpnaas strongswan).each do |pkg|
         expect(chef_run).to upgrade_package(pkg)
       end
     end
diff --git a/spec/vpnaas_spec.rb b/spec/vpnaas_spec.rb
index 2ba5715d..5fd15974 100644
--- a/spec/vpnaas_spec.rb
+++ b/spec/vpnaas_spec.rb
@@ -11,12 +11,12 @@ describe 'openstack-network::vpnaas' do
     end
 
     include_context 'neutron-stubs'
-    it 'include the recipe openstack-network::l3_agent' do
-      expect(chef_run).to include_recipe('openstack-network::l3_agent')
+    it 'include the recipe openstack-network::default' do
+      expect(chef_run).to include_recipe('openstack-network::default')
     end
 
     it 'upgrades vpn device driver packages' do
-      expect(chef_run).to upgrade_package('openswan')
+      expect(chef_run).to upgrade_package('strongswan')
     end
 
     it 'upgrades neutron vpn packages' do
@@ -24,8 +24,8 @@ describe 'openstack-network::vpnaas' do
       expect(chef_run).to upgrade_package('python-neutron-vpnaas')
     end
 
-    it 'starts ipsec on boot' do
-      expect(chef_run).to enable_service('ipsec')
+    it 'starts strongswan on boot' do
+      expect(chef_run).to enable_service('strongswan')
     end
 
     it 'starts the vpn agent on boot' do
@@ -49,7 +49,7 @@ describe 'openstack-network::vpnaas' do
 
       describe 'vpn_device_driver' do
         it 'renders one vpn_device_driver entry in vpn_agent.ini for default vpn_device_driver' do
-          [/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver$/].each do |line|
+          [/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver$/].each do |line|
             expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', line)
           end
         end