1.7 KiB
Configuring VPNaaS for DevStack
Multinode vs All-In-One
Devstack typically runs in single or "All-In-One" (AIO) mode. However, it can also be deployed to run on multiple nodes. For VPNaaS, running on an AIO setup is simple, as everything happens on the same node. However, to deploy to a multinode setup requires the following things to happen:
- Each controller node requires database migrations in support of running VPNaaS.
- Each network node that would run VPNaaS L3 agent extension.
Therefore, the devstack plugin script needs some extra logic.
How to Configure
To configure VPNaaS, it is only necessary to enable the
neutron-vpnaas devstack plugin by adding the following line to the
[[local|localrc]] section of devstack's local.conf
file:
enable_plugin neutron-vpnaas <GITURL> [BRANCH]<GITURL> is the URL of a neutron-vpnaas repository
[BRANCH] is an optional git ref (branch/ref/tag). The
default is master.
For example:
enable_plugin neutron-vpnaas https://opendev.org/openstack/neutron-vpnaas stable/kiloThe default implementation for IPSEC package under DevStack is 'strongswan'. However, depending upon the Linux distribution, you may need to override this value. Select 'libreswan' for Fedora/RHEL/CentOS.
For example, install libreswan for CentOS/RHEL 7:
IPSEC_PACKAGE=libreswanThis VPNaaS devstack plugin code will then
- Install the common VPNaaS configuration and code,
- Apply database migrations on nodes that are running the controller (as determined by enabling the q-svc service),