8ce98ba6a2
Currently, the Cisco VPN drivers use two routers for the proof of concept
solution. A Neutron router provides access to the public and private
subnets, and a Cisco CSR (out-of-band) provides the VPN tunneling.
The end goal is to integrate the Cisco VPN drivers with the Cisco L3
routing plugin being developed (as a separate blueprint), allowing an
in-band CSR to be used as a Neutron router for VPN functionality.
This commit provides an incremental approach to that goal, by modifying
the Cisco VPN drivers to be able to dynamically obtain CSR info from
an INI file, instead of statically reading the INI file at start-up.
A CSR VM can be created out-of-band (or in-band using Nova) and the INI
file can be updated with the router info. Then, the Cisco VPN driver
can use that information (dynamically) to create IPSec connections.
Once the Cisco L3 router plugin is available, the INI file will be
removed, and two calls to the plugin will be used to obtain the needed
router information, for an integrated solution.
The main advantages are:
- Dynamically use the CSR for VPN.
- Less manual intervention and setup.
- Easy migration to final solution.
- No dependency on the Cisco L3 router plugin implementation.
Note 1: The INI unit tests are moved from device driver to service
driver and modified.
Note 2: I added a unit test for deleting IPSec site-to-site connection,
which was missing (pass).
Note 3: For more details on the change, you can view this Google Doc:
http://goo.gl/DXir8c
Change-Id: I307fc79952e3e12a0f77679ac1fc2b314fa63684
Partially-Implements: blueprint cisco-vpnaas-with-cisco-csr-router
112 lines
3.6 KiB
Python
112 lines
3.6 KiB
Python
# Copyright 2013, Nachi Ueno, NTT I3, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import abc
|
|
|
|
import six
|
|
|
|
from neutron.common import rpc as n_rpc
|
|
from neutron.db.vpn import vpn_validator
|
|
from neutron import manager
|
|
from neutron.openstack.common import log as logging
|
|
from neutron.plugins.common import constants
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
@six.add_metaclass(abc.ABCMeta)
|
|
class VpnDriver(object):
|
|
|
|
def __init__(self, service_plugin, validator=None):
|
|
self.service_plugin = service_plugin
|
|
if validator is None:
|
|
validator = vpn_validator.VpnReferenceValidator()
|
|
self.validator = validator
|
|
|
|
@property
|
|
def l3_plugin(self):
|
|
return manager.NeutronManager.get_service_plugins().get(
|
|
constants.L3_ROUTER_NAT)
|
|
|
|
@property
|
|
def service_type(self):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def create_vpnservice(self, context, vpnservice):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def update_vpnservice(
|
|
self, context, old_vpnservice, vpnservice):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def delete_vpnservice(self, context, vpnservice):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def create_ipsec_site_connection(self, context, ipsec_site_connection):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def update_ipsec_site_connection(self, context, old_ipsec_site_connection,
|
|
ipsec_site_connection):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def delete_ipsec_site_connection(self, context, ipsec_site_connection):
|
|
pass
|
|
|
|
|
|
class BaseIPsecVpnAgentApi(n_rpc.RpcProxy):
|
|
"""Base class for IPSec API to agent."""
|
|
|
|
def __init__(self, topic, default_version, driver):
|
|
self.topic = topic
|
|
self.driver = driver
|
|
super(BaseIPsecVpnAgentApi, self).__init__(topic, default_version)
|
|
|
|
def _agent_notification(self, context, method, router_id,
|
|
version=None, **kwargs):
|
|
"""Notify update for the agent.
|
|
|
|
This method will find where is the router, and
|
|
dispatch notification for the agent.
|
|
"""
|
|
admin_context = context.is_admin and context or context.elevated()
|
|
if not version:
|
|
version = self.RPC_API_VERSION
|
|
l3_agents = self.driver.l3_plugin.get_l3_agents_hosting_routers(
|
|
admin_context, [router_id],
|
|
admin_state_up=True,
|
|
active=True)
|
|
for l3_agent in l3_agents:
|
|
LOG.debug(_('Notify agent at %(topic)s.%(host)s the message '
|
|
'%(method)s %(args)s'),
|
|
{'topic': self.topic,
|
|
'host': l3_agent.host,
|
|
'method': method,
|
|
'args': kwargs})
|
|
self.cast(
|
|
context, self.make_msg(method, **kwargs),
|
|
version=version,
|
|
topic='%s.%s' % (self.topic, l3_agent.host))
|
|
|
|
def vpnservice_updated(self, context, router_id, **kwargs):
|
|
"""Send update event of vpnservices."""
|
|
self._agent_notification(context, 'vpnservice_updated', router_id,
|
|
**kwargs)
|