openstack/neutron-vpnaas
Code Issues Proposed changes
master
neutron-vpnaas/doc/source/contributor/vpnaas-for-ovn.rst
Takashi Kajinami 0b0aafa062 Remove redundant neutron prefix from ovn vpn agent config 
Most of the agent config files, except for the one used by OVN metadata
agent, does not contain the neutron_ prefix (metadata_agent.ini or
metering_atent.ini for example). The prefix is redundant because
the config files are usually created in the /etc/neutron directory.

Change-Id: Ibff6ab20e7309873cb7dd241264b4694646c52c1
2024-08-29 00:04:37 +09:00

2.6 KiB
Raw Permalink Blame History

Configuring VPNaaS for OVN

A general instruction to enable neutron VPNaaS is described in the Networking Guide.

For an OVN-based setup some details are different though. The following instructions adapt the general ones accordingly.

Enabling VPNaaS for OVN

  1. Enable the VPNaaS plug-in in the /etc/neutron/neutron.conf file by appending ovn-vpnaas to service_plugins in [DEFAULT]:

    [DEFAULT]
# ...
service_plugins = ovn-vpnaas

    Note

    ovn-vpnaas is the plugin variant of the reference implementation that supports OVN.

  2. Configure the VPNaaS service provider by creating the /etc/neutron/neutron_vpnaas.conf file as follows, strongswan used in Ubuntu distribution:

    [service_providers]
service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ovn_ipsec.IPsecOvnVPNDriver

  3. With OVN there is no L3 agent. Instead a stand-alone VPN agent is installed. There is a new "binary" called neutron-ovn-vpn-agent. Create its configuration file /etc/neutron/ovn_vpn_agent.ini with the following contents:

    [DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@CONTROLLER_IP
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

[AGENT]
extensions = vpnaas

[vpnagent]
vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver

[ovs]
ovsdb_connection="unix:/var/run/openvswitch/db.sock"

[ovn]
ovn_sb_connection = tcp:OVSDB_SERVER_IP:6642

    Note

    Replace OVSDB_SERVER_IP with the IP address of the controller node that runs the ovsdb-server service. Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ and CONTROLLER_IP with the IP address of the controller node that runs the RabbitMQ server.

  4. Create the required tables in the database:

    # neutron-db-manage --subproject neutron-vpnaas upgrade head

  5. Restart the neutron-server in controller node to apply the settings.

  6. Start the neutron-ovn-vpn-agent in network node to apply the settings.

Specifics of the OVN variant of the plugin

Details about the architecture are described in the feature spec.