From 7780b134d05f2db163601d4e6a1a9437bd3cbd99 Mon Sep 17 00:00:00 2001 From: lijianlj Date: Mon, 10 Nov 2014 10:13:59 +0800 Subject: [PATCH] Enable services required by vpn drivers According different vpn drivers, we should make sure different prerequisite services are enabled, for example, neutron-vpn-agent is based on ipsec now, so we should enable ipsec service in our recipe. DocImpact Closes-Bug: #1390378 Change-Id: I6f55cc992badc97426578a232f9a5c0eda6e81bb --- CHANGELOG.md | 1 + attributes/default.rb | 4 ++++ recipes/vpn_agent.rb | 8 ++++++++ spec/vpn_agent_spec.rb | 4 ++++ 4 files changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a3da5deb..f11676de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ This file is used to list changes made in each version of cookbook-openstack-net * Added directory resource for neutron_ha_cmd * Add cacert,insecure arguments for get nova_admin_tenant_id call * Add multi driver support and package dependencies to vpn_agent recipe +* Enable services required by vpn drivers ## 10.0.1 * Add tunnel_types item in ovs_neutron_plugin.ini.erb diff --git a/attributes/default.rb b/attributes/default.rb index c21c8fcd..4a3ba872 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -396,6 +396,7 @@ default['openstack']['network']['l3']['router_delete_namespaces'] = 'False' # VPN device drivers which vpn agent will use # vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is openswan +# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is ipsec default['openstack']['network']['vpn']['vpn_device_driver'] = ['neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver'] # Status check interval for ipsec vpn @@ -1056,6 +1057,7 @@ when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this 'neutron_dhcp_agent_service' => 'neutron-dhcp-agent', 'neutron_l3_agent_service' => 'neutron-l3-agent', 'neutron_vpn_agent_service' => 'neutron-vpn-agent', + 'vpn_device_driver_services' => ['ipsec'], 'neutron_lb_agent_service' => 'neutron-lbaas-agent', 'neutron_metadata_agent_service' => 'neutron-metadata-agent', 'neutron_openvswitch_service' => 'openvswitch', @@ -1088,6 +1090,7 @@ when 'suse' 'neutron_dhcp_agent_service' => 'openstack-neutron-dhcp-agent', 'neutron_l3_agent_service' => 'openstack-neutron-l3-agent', 'neutron_vpn_agent_service' => 'openstack-neutron-vpn-agent', + 'vpn_device_driver_services' => ['ipsec'], 'neutron_lb_agent_service' => 'openstack-neutron-lbaas-agent', 'neutron_metadata_agent_service' => 'openstack-neutron-metadata-agent', 'neutron_openvswitch_service' => 'openvswitch-switch', @@ -1119,6 +1122,7 @@ when 'debian' 'neutron_dhcp_agent_service' => 'neutron-dhcp-agent', 'neutron_l3_agent_service' => 'neutron-l3-agent', 'neutron_vpn_agent_service' => 'neutron-vpn-agent', + 'vpn_device_driver_services' => ['ipsec'], 'neutron_lb_agent_service' => 'neutron-lbaas-agent', 'neutron_metadata_agent_service' => 'neutron-metadata-agent', 'neutron_openvswitch_service' => 'openvswitch-switch', diff --git a/recipes/vpn_agent.rb b/recipes/vpn_agent.rb index 8a436084..7752626c 100644 --- a/recipes/vpn_agent.rb +++ b/recipes/vpn_agent.rb @@ -51,6 +51,14 @@ platform_options['neutron_vpn_packages'].each do |pkg| end end +platform_options['vpn_device_driver_services'].each do |svc| + service 'vpn-device-driver-service' do + service_name svc + supports status: true, restart: true + action :enable + end +end + service 'neutron-vpn-agent' do service_name platform_options['neutron_vpn_agent_service'] supports status: true, restart: true diff --git a/spec/vpn_agent_spec.rb b/spec/vpn_agent_spec.rb index 2d795d8f..502ed1c1 100644 --- a/spec/vpn_agent_spec.rb +++ b/spec/vpn_agent_spec.rb @@ -31,6 +31,10 @@ describe 'openstack-network::vpn_agent' do expect(chef_run).to upgrade_package('neutron-vpn-agent') end + it 'starts ipsec on boot' do + expect(chef_run).to enable_service('ipsec') + end + it 'starts the vpn agent on boot' do expect(chef_run).to enable_service('neutron-vpn-agent') end