b6c8ea8a3c
LibreSwan 3.19 introduces a new commandline argument '--nssdir' for pluto which defaults to '/etc/ipsec.d'. As older versions don't understand such an option, we cannot just add it to the commandline. The commandline arguments of LibreSwan are not stable enough to rely on. For example, in 3.19, 'ipsec initnss' has the new argument '--nssdir', and in 3.20, 'ipsec pluto' also gets this new argument '--nssdir', then in 3.22, the argument '--ctlbase' is phased out. In this commit, instead of trying new options and then fallback to old ones for older versions, the bind-mount method used in StrongSwan driver is adopted. With /etc and /var/run bind mounted, all the commandline arguments related to configuration file places can be removed. This ensures that changes of such arguments between different versions won't bother as the default places are always used. This commit also replaces 'auth=' by 'phase2=' in the configuration template as the former is for a long time an alias of the latter and removed in LibreSwan 3.19. The virtual-private argument of 'ipsec pluto' has been put into the configuration file to avoid commas(,) in the commandline so that the netns_wrapper can work well. A new tempest job for running LibreSwan as the device driver on CentOS 7 is also added to avoid regression. This commit has been simply tested on CentOS 7.4 with the following versions of LibreSwan provided by the CentOS repo: - libreswan-3.12-5.el7.x86_64.rpm - libreswan-3.12-10.1.el7_1.x86_64.rpm - libreswan-3.15-5.el7_1.x86_64.rpm - libreswan-3.15-8.el7.x86_64.rpm - libreswan-3.20-3.el7.x86_64.rpm - libreswan-3.20-5.el7_4.x86_64.rpm and different versions of LibreSwan provided by libreswan.org[1]: [1] https://download.libreswan.org/binaries/rhel/7/x86_64/ Change-Id: Iacb6f13187b49cf771f0c24662d6af9217c211b8 Closes-Bug: #1711456 |
||
---|---|---|
.. | ||
neutron/rootwrap.d | ||
oslo-config-generator | ||
README.txt |
To generate the sample neutron VPNaaS configuration files, run the following command from the top level of the neutron VPNaaS directory: tox -e genconfig If a 'tox' environment is unavailable, then you can run the following script instead to generate the configuration files: ./tools/generate_config_file_samples.sh