Adapt vpnaas attributes and recipe to use StrongSwan instead of OpenSwan
* use StrongSwan driver instead of OpenSwan since xenial does not even provide openswan packages anymore * start and enable strongswan service (needs to be verified for centos) * do not include ::l3_agent recipe in vpnaas recipe, since neutron-vpn-agent fully replaces neutron-l3-agent Change-Id: I81cd2e05273402e8db57f3ca5029fb4938bbfe29
This commit is contained in:
parent
77060a6212
commit
29e771a9f3
|
@ -139,16 +139,18 @@ default['openstack']['network_metering']['conf'].tap do |conf|
|
||||||
end
|
end
|
||||||
|
|
||||||
# ============================= VPN Agent Configuration ====================
|
# ============================= VPN Agent Configuration ====================
|
||||||
# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is openswan
|
# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is strongswan
|
||||||
# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is ipsec
|
# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is strongswan
|
||||||
# Set to true to enable vpnaas
|
# Set to true to enable vpnaas
|
||||||
default['openstack']['network_vpnaas']['enabled'] = false
|
default['openstack']['network_vpnaas']['enabled'] = false
|
||||||
# Custom the vpnaas config file path
|
# Custom the vpnaas config file path
|
||||||
default['openstack']['network_vpnaas']['config_file'] = '/etc/neutron/vpn_agent.ini'
|
default['openstack']['network_vpnaas']['config_file'] = '/etc/neutron/vpn_agent.ini'
|
||||||
default['openstack']['network_vpnaas']['conf'].tap do |conf|
|
default['openstack']['network_vpnaas']['conf'].tap do |conf|
|
||||||
# VPN device drivers which vpn agent will use
|
# VPN device drivers which vpn agent will use
|
||||||
conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
|
conf['DEFAULT']['interface_driver'] =
|
||||||
conf['vpnagent']['vpn_device_driver'] = 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver'
|
'neutron.agent.linux.interface.OVSInterfaceDriver'
|
||||||
|
conf['vpnagent']['vpn_device_driver'] =
|
||||||
|
'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver'
|
||||||
# Status check interval for ipsec vpn
|
# Status check interval for ipsec vpn
|
||||||
conf['ipsec']['ipsec_status_check_interval'] = 60
|
conf['ipsec']['ipsec_status_check_interval'] = 60
|
||||||
# default_config_area settings is used to set the area where default StrongSwan configuration files are located
|
# default_config_area settings is used to set the area where default StrongSwan configuration files are located
|
||||||
|
@ -193,7 +195,7 @@ default['openstack']['network']['platform'].tap do |platform|
|
||||||
platform['user'] = 'neutron'
|
platform['user'] = 'neutron'
|
||||||
platform['group'] = 'neutron'
|
platform['group'] = 'neutron'
|
||||||
platform['vpn_device_driver_packages'] =
|
platform['vpn_device_driver_packages'] =
|
||||||
%w(openswan)
|
%w(strongswan)
|
||||||
platform['neutron_dhcp_agent_service'] =
|
platform['neutron_dhcp_agent_service'] =
|
||||||
'neutron-dhcp-agent'
|
'neutron-dhcp-agent'
|
||||||
platform['neutron_l3_agent_service'] =
|
platform['neutron_l3_agent_service'] =
|
||||||
|
@ -201,7 +203,7 @@ default['openstack']['network']['platform'].tap do |platform|
|
||||||
platform['neutron_vpn_agent_service'] =
|
platform['neutron_vpn_agent_service'] =
|
||||||
'neutron-vpn-agent'
|
'neutron-vpn-agent'
|
||||||
platform['vpn_device_driver_services'] =
|
platform['vpn_device_driver_services'] =
|
||||||
%w(ipsec)
|
%w(strongswan)
|
||||||
platform['neutron_lb_agent_service'] =
|
platform['neutron_lb_agent_service'] =
|
||||||
'neutron-lbaas-agent'
|
'neutron-lbaas-agent'
|
||||||
platform['neutron_metadata_agent_service'] =
|
platform['neutron_metadata_agent_service'] =
|
||||||
|
|
|
@ -18,8 +18,7 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
# VPN agent is based on L3 agent
|
include_recipe 'openstack-network'
|
||||||
include_recipe 'openstack-network::l3_agent'
|
|
||||||
|
|
||||||
# Make Openstack object available in Chef::Recipe
|
# Make Openstack object available in Chef::Recipe
|
||||||
class ::Chef::Recipe
|
class ::Chef::Recipe
|
||||||
|
|
|
@ -15,7 +15,7 @@ describe 'openstack-network::vpnaas' do
|
||||||
include_context 'neutron-stubs'
|
include_context 'neutron-stubs'
|
||||||
|
|
||||||
it 'upgrades neutron vpn packages' do
|
it 'upgrades neutron vpn packages' do
|
||||||
%w(iproute openstack-neutron-vpnaas openswan).each do |pkg|
|
%w(iproute openstack-neutron-vpnaas strongswan).each do |pkg|
|
||||||
expect(chef_run).to upgrade_package(pkg)
|
expect(chef_run).to upgrade_package(pkg)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -11,12 +11,12 @@ describe 'openstack-network::vpnaas' do
|
||||||
end
|
end
|
||||||
|
|
||||||
include_context 'neutron-stubs'
|
include_context 'neutron-stubs'
|
||||||
it 'include the recipe openstack-network::l3_agent' do
|
it 'include the recipe openstack-network::default' do
|
||||||
expect(chef_run).to include_recipe('openstack-network::l3_agent')
|
expect(chef_run).to include_recipe('openstack-network::default')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'upgrades vpn device driver packages' do
|
it 'upgrades vpn device driver packages' do
|
||||||
expect(chef_run).to upgrade_package('openswan')
|
expect(chef_run).to upgrade_package('strongswan')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'upgrades neutron vpn packages' do
|
it 'upgrades neutron vpn packages' do
|
||||||
|
@ -24,8 +24,8 @@ describe 'openstack-network::vpnaas' do
|
||||||
expect(chef_run).to upgrade_package('python-neutron-vpnaas')
|
expect(chef_run).to upgrade_package('python-neutron-vpnaas')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'starts ipsec on boot' do
|
it 'starts strongswan on boot' do
|
||||||
expect(chef_run).to enable_service('ipsec')
|
expect(chef_run).to enable_service('strongswan')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'starts the vpn agent on boot' do
|
it 'starts the vpn agent on boot' do
|
||||||
|
@ -49,7 +49,7 @@ describe 'openstack-network::vpnaas' do
|
||||||
|
|
||||||
describe 'vpn_device_driver' do
|
describe 'vpn_device_driver' do
|
||||||
it 'renders one vpn_device_driver entry in vpn_agent.ini for default vpn_device_driver' do
|
it 'renders one vpn_device_driver entry in vpn_agent.ini for default vpn_device_driver' do
|
||||||
[/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver$/].each do |line|
|
[/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver$/].each do |line|
|
||||||
expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', line)
|
expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', line)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue