Automatically generate neutron VPNaaS configuration files

This adds a new tox environment, genconfig, which generates sample
neutron VPNaaS configuration file using oslo-config-generator.

Updates to some configuration option help messages to reflect useful
details that were missing in the code but were present in config files.

DocImpact: Update the docs that VPNaaS no longer includes static example
configuration files. Instead, use tools/generate_config_file_samples.sh
to generate them and the files generated now end with .sample extension.

Partially-Implements: blueprint autogen-neutron-conf-file

Change-Id: I4a6094b8218dfd320d05bfb1e3bc121e8930c551
Partial-bug: #1199963

.gitignore

@@ -6,6 +6,7 @@ cover/
 covhtml/
 dist/
 doc/build
+etc/*.sample
 *.DS_Store
 *.pyc
 neutron.egg-info/

devstack/plugin.sh

@@ -20,7 +20,7 @@ function neutron_agent_vpnaas_install_agent_packages {
 }
 
 function neutron_vpnaas_configure_common {
-    cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf $NEUTRON_VPNAAS_CONF
+    cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf.sample $NEUTRON_VPNAAS_CONF
     _neutron_service_plugin_class_add $VPN_PLUGIN
     _neutron_deploy_rootwrap_filters $NEUTRON_VPNAAS_DIR
     inicomment $NEUTRON_VPNAAS_CONF service_providers service_provider
@@ -31,7 +31,7 @@ function neutron_vpnaas_configure_common {
 
 function neutron_vpnaas_configure_agent {
     local conf_file=${1:-$Q_VPN_CONF_FILE}
-    cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini $conf_file
+    cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini.sample $conf_file
     if [[ "$IPSEC_PACKAGE" == "strongswan" ]]; then
         if is_fedora; then
             iniset_multiline $conf_file vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.fedora_strongswan_ipsec.FedoraStrongSwanDriver
@@ -69,6 +69,11 @@ function neutron_vpnaas_stop {
     stop_process neutron-vpnaas
 }
 
+function neutron_vpnaas_generate_config_files {
+    # Uses oslo config generator to generate VPNaaS sample configuration files
+    (cd $NEUTRON_VPNAAS_DIR && exec sudo ./tools/generate_config_file_samples.sh)
+}
+
 # Main plugin processing
 
 # NOP for pre-install step
@@ -79,6 +84,7 @@ if [[ "$1" == "stack" && "$2" == "install" ]]; then
 
 elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
     echo_summary "Configuring neutron-vpnaas"
+    neutron_vpnaas_generate_config_files
     neutron_vpnaas_configure_common
     neutron_vpnaas_configure_agent
 

etc/README.txt

@@ -0,0 +1,9 @@
+To generate the sample neutron VPNaaS configuration files, run the following
+command from the top level of the neutron VPNaaS directory:
+
+tox -e genconfig
+
+If a 'tox' environment is unavailable, then you can run the following script
+instead to generate the configuration files:
+
+./tools/generate_config_file_samples.sh

etc/oslo-config-generator/neutron_vpnaas.conf

@@ -0,0 +1,5 @@
+[DEFAULT]
+output_file = etc/neutron_vpnaas.conf.sample
+wrap_width = 79
+
+namespace = neutron.vpnaas

etc/oslo-config-generator/vpn_agent.ini

@@ -0,0 +1,5 @@
+[DEFAULT]
+output_file = etc/vpn_agent.ini.sample
+wrap_width = 79
+
+namespace = neutron.vpnaas.agent

neutron_vpnaas/opts.py

@@ -0,0 +1,38 @@
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
+#  not use this file except in compliance with the License. You may obtain
+#  a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+
+import neutron.services.provider_configuration
+
+import neutron_vpnaas.services.vpn.agent
+import neutron_vpnaas.services.vpn.device_drivers.ipsec
+import neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec
+
+
+def list_agent_opts():
+    return [
+        ('vpnagent',
+         neutron_vpnaas.services.vpn.agent.vpn_agent_opts),
+        ('ipsec',
+         neutron_vpnaas.services.vpn.device_drivers.ipsec.ipsec_opts),
+        ('strongswan',
+         neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.
+         strongswan_opts),
+        ('pluto',
+         neutron_vpnaas.services.vpn.device_drivers.ipsec.pluto_opts)
+    ]
+
+
+def list_opts():
+    return [
+        ('service_providers',
+         neutron.services.provider_configuration.serviceprovider_opts)
+    ]

neutron_vpnaas/services/vpn/agent.py

@@ -25,6 +25,18 @@ vpn_agent_opts = [
         'vpn_device_driver',
         default=['neutron_vpnaas.services.vpn.device_drivers.'
                  'ipsec.OpenSwanDriver'],
+        sample_default=['neutron_vpnaas.services.vpn.device_drivers.ipsec.'
+                       'OpenSwanDriver, '
+                       'neutron_vpnaas.services.vpn.device_drivers.'
+                       'cisco_ipsec.CiscoCsrIPsecDriver, '
+                       'neutron_vpnaas.services.vpn.device_drivers.'
+                       'vyatta_ipsec.VyattaIPSecDriver, '
+                       'neutron_vpnaas.services.vpn.device_drivers.'
+                       'strongswan_ipsec.StrongSwanDriver, '
+                       'neutron_vpnaas.services.vpn.device_drivers.'
+                       'fedora_strongswan_ipsec.FedoraStrongSwanDriver, '
+                       'neutron_vpnaas.services.vpn.device_drivers.'
+                       'libreswan_ipsec.LibreSwanDriver'],
         help=_("The vpn device drivers Neutron will use")),
 ]
 cfg.CONF.register_opts(vpn_agent_opts, 'vpnagent')

neutron_vpnaas/services/vpn/device_drivers/ipsec.py

@@ -56,7 +56,9 @@ ipsec_opts = [
                 default=False,
                 help=_("Enable detail logging for ipsec pluto process. "
                        "If the flag set to True, the detailed logging will "
-                       "be written into config_base_dir/<pid>/log.")),
+                       "be written into config_base_dir/<pid>/log. "
+                       "Note: This setting applies to OpenSwan and LibreSwan "
+                       "only. StrongSwan logs to syslog.")),
 ]
 cfg.CONF.register_opts(ipsec_opts, 'ipsec')
 

releasenotes/notes/config-file-generation-0dcf19f5d8baaf5d.yaml

@@ -0,0 +1,7 @@
+---
+prelude: >
+    Generation of sample Neutron VPNaaS configuration files.
+features:
+  - Neutron VPNaaS no longer includes static example configuration files.
+    Instead, use tools/generate_config_file_samples.sh to generate them.
+    The files are generated with a .sample extension.

setup.cfg

@@ -40,6 +40,9 @@ device_drivers =
     neutron.services.vpn.device_drivers.vyatta_ipsec.VyattaIPsecDriver = neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec:VyattaIPsecDriver
 neutron.db.alembic_migrations =
     neutron-vpnaas = neutron_vpnaas.db.migration:alembic_migrations
+oslo.config.opts =
+    neutron.vpnaas = neutron_vpnaas.opts:list_opts
+    neutron.vpnaas.agent = neutron_vpnaas.opts:list_agent_opts
 
 [build_sphinx]
 all_files = 1

tools/configure_for_vpn_func_testing.sh

@@ -41,6 +41,7 @@ function _install_vpn_package {
 function _configure_vpn_ini_file {
     echo_summary "Configuring VPN ini file"
     local temp_ini=$(mktemp)
+    neutron_vpnaas_generate_config_files
     neutron_vpnaas_configure_agent $temp_ini
     sudo install -d -o $STACK_USER /etc/neutron/
     sudo install -m 644 -o $STACK_USER $temp_ini $Q_VPN_CONF_FILE
@@ -52,6 +53,7 @@ function configure_host_for_vpn_func_testing {
     if [ "$IS_GATE" == "True" ]; then
         configure_host_for_func_testing
     fi
+    sudo pip install --force oslo.config==3.0.0 # req for oslo-config-generator
     _install_vpn_package
     _configure_vpn_ini_file
 }

tools/generate_config_file_samples.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -e
+
+GEN_CMD=oslo-config-generator
+
+if ! type "$GEN_CMD" > /dev/null; then
+    echo "ERROR: $GEN_CMD not installed on the system."
+    exit 1
+fi
+
+for file in etc/oslo-config-generator/*; do
+    $GEN_CMD --config-file=$file
+done
+
+set -x

tox.ini

@@ -72,6 +72,7 @@ commands =
   pylint --rcfile=.pylintrc --output-format=colorized {posargs:neutron_vpnaas}
   {toxinidir}/tools/check_unit_test_structure.sh
   neutron-db-manage --subproject neutron-vpnaas --database-connection sqlite:// check_migration
+  {[testenv:genconfig]commands}
 whitelist_externals = sh
 
 [testenv:pep8-constraints]
@@ -136,3 +137,6 @@ exclude = .venv,.git,.tox,dist,doc,*openstack/common*,*lib/python*,*egg,build,to
 [hacking]
 import_exceptions = neutron_vpnaas._i18n
 local-check-factory = neutron.hacking.checks.factory
+
+[testenv:genconfig]
+commands = {toxinidir}/tools/generate_config_file_samples.sh