Browse Source

remove unmaintained vpnaas from all recipes and attributes

The vpnaas agent has been removed for the OpenStack Queens release.

Virtual Private Network-as-a-Service (VPNaaS) scenario
(for Rocky, no vpnaas docs found for Queens)
https://docs.openstack.org/neutron/rocky/admin/vpnaas-scenario.html

missing release note (or doc) on vpn-agent change in queens
https://bugs.launchpad.net/neutron/+bug/1751069

vpnaas agent is removed since Queens and configuration changed
https://bugs.launchpad.net/openstack-ansible/+bug/1781148

Change-Id: Idf74445445683058cd992e95df87724579e70433
Roger Luethi 6 months ago
parent
commit
f03e5c65fa
No account linked to committer's email address
9 changed files with 14 additions and 279 deletions
  1. 8
    8
      README.md
  2. 0
    38
      attributes/default.rb
  3. 0
    10
      recipes/db_migration.rb
  4. 6
    18
      recipes/l3_agent.rb
  5. 0
    13
      recipes/server.rb
  6. 0
    74
      recipes/vpnaas.rb
  7. 0
    18
      spec/db_migration_spec.rb
  8. 0
    23
      spec/vpnaas-redhat_spec.rb
  9. 0
    77
      spec/vpnaas_spec.rb

+ 8
- 8
README.md View File

@@ -169,14 +169,14 @@ this attributes.
169 169
 - Installs the openstack-network API server (currently aka neutron-server)
170 170
 
171 171
 ## openstack-network::vpnaas
172
-- Installs the VPN as a Service
173
-
174
-The configuration for neutron-vpn-agent is generated from the attributes in
175
-using the same template as for the neutron.conf
176
-
177
-```
178
-node['openstack']['network_vpnaas']['conf']
179
-```
172
+This recipe has been removed since it was unmaintained since the pike release
173
+and the vpnaas module got completely removed/refactored during the queens
174
+release. For rocky there seems to be some kind of vpnaas implementation
175
+directly in the l3 agent
176
+(https://docs.openstack.org/neutron/rocky/admin/vpnaas-scenario.html), but
177
+since the documentation about it is quite sparse right now, there is no recipe
178
+for that. If you want to add vpnaas back to this cookbook, please feel free to
179
+push a pull request.
180 180
 
181 181
 License and Author
182 182
 ==================

+ 0
- 38
attributes/default.rb View File

@@ -135,32 +135,6 @@ default['openstack']['network_metering']['conf'].tap do |conf|
135 135
     'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver'
136 136
 end
137 137
 
138
-# ============================= VPN Agent Configuration ====================
139
-# vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is strongswan
140
-# vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is strongswan
141
-# To enable 'vpnaas' as service_plugin, you need to add it to neutron.conf
142
-# ['Default']['service_plugins']
143
-# Set to true to enable vpnaas
144
-default['openstack']['network_vpnaas']['enabled'] = false
145
-# Custom the vpnaas config file path
146
-default['openstack']['network_vpnaas']['config_file'] = '/etc/neutron/vpn_agent.ini'
147
-default['openstack']['network_vpnaas']['conf'].tap do |conf|
148
-  # VPN device drivers which vpn agent will use
149
-  conf['DEFAULT']['interface_driver'] =
150
-    'neutron.agent.linux.interface.OVSInterfaceDriver'
151
-  conf['vpnagent']['vpn_device_driver'] =
152
-    'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver'
153
-  # Status check interval for ipsec vpn
154
-  conf['ipsec']['ipsec_status_check_interval'] = 60
155
-  # default_config_area settings is used to set the area where default StrongSwan configuration files are located
156
-  case node['platform_family']
157
-  when 'fedora', 'rhel'
158
-    conf['strongswan']['default_config_area'] = '/usr/share/strongswan/templates/config/strongswan.d'
159
-  when 'debian'
160
-    conf['strongswan']['default_config_area'] = '/etc/strongswan.d'
161
-  end
162
-end
163
-
164 138
 # ============================= LBaaS Agent Configuration ==================
165 139
 # To enable 'lbaas' as service_plugin, you need to add it to neutron.conf
166 140
 # ['Default']['service_plugins']
@@ -197,16 +171,10 @@ default['openstack']['network_fwaas']['config_file'] = '/etc/neutron/fwaas_drive
197 171
 default['openstack']['network']['platform'].tap do |platform|
198 172
   platform['user'] = 'neutron'
199 173
   platform['group'] = 'neutron'
200
-  platform['vpn_device_driver_packages'] =
201
-    %w(strongswan)
202 174
   platform['neutron_dhcp_agent_service'] =
203 175
     'neutron-dhcp-agent'
204 176
   platform['neutron_l3_agent_service'] =
205 177
     'neutron-l3-agent'
206
-  platform['neutron_vpn_agent_service'] =
207
-    'neutron-vpn-agent'
208
-  platform['vpn_device_driver_services'] =
209
-    %w(strongswan)
210 178
   platform['neutron_lb_agent_service'] =
211 179
     'neutron-lbaasv2-agent'
212 180
   platform['neutron_metadata_agent_service'] =
@@ -217,8 +185,6 @@ default['openstack']['network']['platform'].tap do |platform|
217 185
     'neutron-server'
218 186
   platform['neutron_lbaas_python_dependencies'] =
219 187
     %w(python-neutron-lbaas)
220
-  platform['neutron_vpnaas_python_dependencies'] =
221
-    %w(python-neutron-vpnaas)
222 188
   case node['platform_family']
223 189
   when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
224 190
     platform['neutron_packages'] =
@@ -230,8 +196,6 @@ default['openstack']['network']['platform'].tap do |platform|
230 196
     platform['neutron_plugin_package'] =
231 197
       'neutron-plugin-ml2'
232 198
     # openstack-neutron-fwaas
233
-    platform['neutron_vpnaas_packages'] =
234
-      %w(openstack-neutron-vpnaas iproute)
235 199
     platform['neutron_lbaas_packages'] =
236 200
       %w(openstack-neutron-lbaas haproxy iproute)
237 201
     platform['neutron_openvswitch_packages'] =
@@ -262,8 +226,6 @@ default['openstack']['network']['platform'].tap do |platform|
262 226
     platform['neutron_l3_packages'] =
263 227
       %w(neutron-l3-agent radvd keepalived)
264 228
     # python-neutron-fwaas
265
-    platform['neutron_vpnaas_packages'] =
266
-      %w(python-neutron-vpnaas neutron-vpn-agent)
267 229
     platform['neutron_lbaas_packages'] =
268 230
       %w(python-neutron-lbaas neutron-lbaas-common neutron-lbaasv2-agent haproxy)
269 231
     platform['neutron_openvswitch_packages'] =

+ 0
- 10
recipes/db_migration.rb View File

@@ -29,16 +29,6 @@ bash 'migrate network database' do
29 29
 EOF
30 30
 end
31 31
 
32
-# Only if the vpnaas is enabled, migrate the database.
33
-bash 'migrate vpnaas database' do
34
-  only_if { node['openstack']['network_vpnaas']['enabled'] }
35
-  timeout timeout
36
-  migrate_command = "neutron-db-manage --subproject neutron-vpnaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
37
-  code <<-EOF
38
-#{migrate_command} upgrade head
39
-EOF
40
-end
41
-
42 32
 # Only if the fwaas is enabled, migrate the database.
43 33
 bash 'migrate fwaas database' do
44 34
   only_if { node['openstack']['network_fwaas']['enabled'] }

+ 6
- 18
recipes/l3_agent.rb View File

@@ -44,27 +44,15 @@ template node['openstack']['network_l3']['config_file'] do
44 44
   variables(
45 45
     service_config: service_config
46 46
   )
47
-  # Not restart l3 agent to avoid synchronization problem, when vpn agent is enabled.
48
-  unless node['openstack']['network_vpnaas']['enabled']
49
-    notifies :restart, 'service[neutron-l3-agent]'
50
-  end
47
+  notifies :restart, 'service[neutron-l3-agent]'
51 48
 end
52 49
 
53
-# See http://docs.openstack.org/admin-guide-cloud/content/section_adv_cfg_l3_agent.html
54
-
55 50
 service 'neutron-l3-agent' do
56 51
   service_name platform_options['neutron_l3_agent_service']
57 52
   supports status: true, restart: true
58
-  # As l3 and vpn agents are both working based on l3 bisic strategy, and there will be
59
-  # potential synchronization problems when vpn and l3 agents both running in network node.
60
-  # So if the vpn agent is enabled, we should stop and disable the l3 agent.
61
-  if node['openstack']['network_vpnaas']['enabled']
62
-    action [:stop, :disable]
63
-  else
64
-    action [:enable, :start]
65
-    subscribes :restart, [
66
-      'template[/etc/neutron/neutron.conf]',
67
-      "template[#{node['openstack']['network_fwaas']['config_file']}]",
68
-    ]
69
-  end
53
+  action [:enable, :start]
54
+  subscribes :restart, [
55
+    'template[/etc/neutron/neutron.conf]',
56
+    "template[#{node['openstack']['network_fwaas']['config_file']}]",
57
+  ]
70 58
 end

+ 0
- 13
recipes/server.rb View File

@@ -76,19 +76,6 @@ if node['openstack']['network_lbaas']['enabled']
76 76
   end
77 77
 end
78 78
 
79
-if node['openstack']['network_vpnaas']['enabled']
80
-  # neutron-vpnaas-agent may not running on network node, but on network node, neutron-server still need neutron_vpnaas module
81
-  # when loading plugin if vpnaas is list in service_plugins. In this case, we don't need include vpn_agent recipe for network node, but
82
-  # we need make sure neutron vpnaas python packages get installed on network node before neutron-server start/restart, when vpnaas is enabled.
83
-  # Otherwise neutron-server will crash for couldn't find vpnaas plugin when invoking plugins from service_plugins.
84
-  platform_options['neutron_vpnaas_python_dependencies'].each do |pkg|
85
-    package pkg do
86
-      options platform_options['package_overrides']
87
-      action :upgrade
88
-    end
89
-  end
90
-end
91
-
92 79
 # Migrate network database to latest version
93 80
 include_recipe 'openstack-network::db_migration'
94 81
 plugin_templates = []

+ 0
- 74
recipes/vpnaas.rb View File

@@ -1,74 +0,0 @@
1
-# Encoding: utf-8
2
-#
3
-# Cookbook Name:: openstack-network
4
-# Recipe:: vpn_agent
5
-#
6
-# Copyright 2013, AT&T
7
-#
8
-# Licensed under the Apache License, Version 2.0 (the "License");
9
-# you may not use this file except in compliance with the License.
10
-# You may obtain a copy of the License at
11
-#
12
-#     http://www.apache.org/licenses/LICENSE-2.0
13
-#
14
-# Unless required by applicable law or agreed to in writing, software
15
-# distributed under the License is distributed on an "AS IS" BASIS,
16
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17
-# See the License for the specific language governing permissions and
18
-# limitations under the License.
19
-#
20
-
21
-include_recipe 'openstack-network'
22
-
23
-# Make Openstack object available in Chef::Recipe
24
-class ::Chef::Recipe
25
-  include ::Openstack
26
-end
27
-
28
-platform_options = node['openstack']['network']['platform']
29
-
30
-# Install package dependencies according node's vpn_device_driver.
31
-platform_options['vpn_device_driver_packages'].each do |pkg|
32
-  package pkg do
33
-    options platform_options['package_overrides']
34
-    action :upgrade
35
-  end
36
-end
37
-
38
-platform_options['neutron_vpnaas_packages'].each do |pkg|
39
-  package pkg do
40
-    options platform_options['package_overrides']
41
-    action :upgrade
42
-  end
43
-end
44
-
45
-platform_options['vpn_device_driver_services'].each do |svc|
46
-  service 'vpn-device-driver-service' do
47
-    service_name svc
48
-    supports status: true, restart: true
49
-    action :enable
50
-  end
51
-end
52
-
53
-service_conf = merge_config_options 'network_vpnaas'
54
-template node['openstack']['network_vpnaas']['config_file'] do
55
-  source 'openstack-service.conf.erb'
56
-  cookbook 'openstack-common'
57
-  owner node['openstack']['network']['platform']['user']
58
-  group node['openstack']['network']['platform']['group']
59
-  mode 0o0640
60
-  variables(
61
-    service_config: service_conf
62
-  )
63
-end
64
-
65
-service 'neutron-vpn-agent' do
66
-  service_name platform_options['neutron_vpn_agent_service']
67
-  supports status: true, restart: true
68
-  action [:enable, :start]
69
-  subscribes :restart, [
70
-    'template[/etc/neutron/neutron.conf]',
71
-    "template[#{node['openstack']['network_vpnaas']['config_file']}]",
72
-    "template[#{node['openstack']['network_fwaas']['config_file']}]",
73
-  ]
74
-end

+ 0
- 18
spec/db_migration_spec.rb View File

@@ -26,19 +26,10 @@ describe 'openstack-network::db_migration' do
26 26
     end
27 27
     describe 'run db-migration when services are enabled' do
28 28
       before do
29
-        node.override['openstack']['network_vpnaas']['enabled'] = true
30 29
         node.override['openstack']['network_fwaas']['enabled'] = true
31 30
         node.override['openstack']['network_lbaas']['enabled'] = true
32 31
         node.override['openstack']['network']['core_plugin_config_file'] = '/etc/neutron/plugins/ml2/ml2_conf.ini'
33 32
       end
34
-      it 'uses db upgrade head when vpnaas is enabled' do
35
-        migrate_cmd = %r{neutron-db-manage --subproject neutron-vpnaas --config-file /etc/neutron/neutron.conf|
36
-          --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
37
-        expect(chef_run).to run_bash('migrate vpnaas database').with(
38
-          code: migrate_cmd,
39
-          timeout: 3600
40
-        )
41
-      end
42 33
       it 'uses db upgrade head when lbaas is enabled' do
43 34
         migrate_cmd = %r{neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf|
44 35
         --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
@@ -61,15 +52,6 @@ describe 'openstack-network::db_migration' do
61 52
         node.override['openstack']['network']['core_plugin_config_file'] = '/etc/neutron/plugins/ml2/ml2_conf.ini'
62 53
       end
63 54
 
64
-      it 'does not use db upgrade head when vpnaas is not enabled' do
65
-        migrate_cmd = %r{neutron-db-manage --subproject neutron-vpnaas --config-file /etc/neutron/neutron.conf|
66
-          --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
67
-        expect(chef_run).not_to run_bash('migrate vpnaas database').with(
68
-          code: migrate_cmd,
69
-          timeout: 3600
70
-        )
71
-      end
72
-
73 55
       it 'does not use db upgrade head when fwaas is not enabled' do
74 56
         migrate_cmd = %r{neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf|
75 57
           --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}

+ 0
- 23
spec/vpnaas-redhat_spec.rb View File

@@ -1,23 +0,0 @@
1
-# Encoding: utf-8
2
-require_relative 'spec_helper'
3
-
4
-describe 'openstack-network::vpnaas' do
5
-  describe 'redhat' do
6
-    let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
7
-    let(:node) { runner.node }
8
-    let(:chef_run) do
9
-      node.override['openstack']['compute']['network']['service_type'] = 'neutron'
10
-      node.override['openstack']['network']['enable_vpn'] = true
11
-      stub_command('ovs-vsctl br-exists br-ex').and_return(false)
12
-      runner.converge(described_recipe)
13
-    end
14
-
15
-    include_context 'neutron-stubs'
16
-
17
-    it 'upgrades neutron vpn packages' do
18
-      %w(iproute openstack-neutron-vpnaas strongswan).each do |pkg|
19
-        expect(chef_run).to upgrade_package(pkg)
20
-      end
21
-    end
22
-  end
23
-end

+ 0
- 77
spec/vpnaas_spec.rb View File

@@ -1,77 +0,0 @@
1
-# Encoding: utf-8
2
-require_relative 'spec_helper'
3
-
4
-describe 'openstack-network::vpnaas' do
5
-  describe 'ubuntu' do
6
-    let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
7
-    let(:node) { runner.node }
8
-    let(:chef_run) do
9
-      node.override['openstack']['compute']['network']['service_type'] = 'neutron'
10
-      runner.converge(described_recipe)
11
-    end
12
-
13
-    include_context 'neutron-stubs'
14
-    it 'include the recipe openstack-network::default' do
15
-      expect(chef_run).to include_recipe('openstack-network::default')
16
-    end
17
-
18
-    it 'upgrades vpn device driver packages' do
19
-      expect(chef_run).to upgrade_package('strongswan')
20
-    end
21
-
22
-    it 'upgrades neutron vpn packages' do
23
-      expect(chef_run).to upgrade_package('neutron-vpn-agent')
24
-      expect(chef_run).to upgrade_package('python-neutron-vpnaas')
25
-    end
26
-
27
-    it 'starts strongswan on boot' do
28
-      expect(chef_run).to enable_service('strongswan')
29
-    end
30
-
31
-    it 'starts the vpn agent on boot' do
32
-      expect(chef_run).to enable_service('neutron-vpn-agent')
33
-    end
34
-
35
-    it 'subscribes the vpn agent service to neutron.conf' do
36
-      expect(chef_run.service('neutron-vpn-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
37
-    end
38
-
39
-    it 'subscribes the vpn agent service to vpn_agent.ini' do
40
-      expect(chef_run.service('neutron-vpn-agent')).to subscribe_to('template[/etc/neutron/vpn_agent.ini]').delayed
41
-    end
42
-
43
-    describe 'vpn_agent.ini' do
44
-      let(:file) { chef_run.template('/etc/neutron/vpn_agent.ini') }
45
-
46
-      it 'creates vpn_agent.ini' do
47
-        expect(chef_run).to create_template(file.name).with(
48
-          user: 'neutron',
49
-          group: 'neutron',
50
-          mode: 0o640
51
-        )
52
-      end
53
-
54
-      describe 'vpn_device_driver' do
55
-        it 'renders one vpn_device_driver entry in vpn_agent.ini for default vpn_device_driver' do
56
-          [/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver$/].each do |line|
57
-            expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', line)
58
-          end
59
-        end
60
-
61
-        it 'renders no setted vpn_device_driver entry in vpn_agent.ini, when no vpn_device_driver set' do
62
-          chef_run.node.override['openstack']['network_vpnaas']['conf']['vpnagent']['vpn_device_driver'] = ''
63
-          chef_run.converge(described_recipe)
64
-          expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', /^vpn_device_driver = $/)
65
-        end
66
-      end
67
-
68
-      it 'renders default_config_area for strongswan driver' do
69
-        expect(chef_run).to render_config_file(file.name).with_section_content('strongswan', %r{^default_config_area = /etc/strongswan.d$})
70
-      end
71
-
72
-      it 'notifies the vpn agent service' do
73
-        expect(file).to notify('service[neutron-vpn-agent]').to(:restart).delayed
74
-      end
75
-    end
76
-  end
77
-end

Loading…
Cancel
Save