ba18f8a9f8
Now that VPNaaS is running under L3 agent extension. There is no need extra steps. Change-Id: I0f6a6dfe83f81da9d98b7ba1bd1b594eed4152e8 Related-bug: 1692131
1.7 KiB
Configuring VPNaaS for DevStack
Multinode vs All-In-One
Devstack typically runs in single or "All-In-One" (AIO) mode. However, it can also be deployed to run on multiple nodes. For VPNaaS, running on an AIO setup is simple, as everything happens on the same node. However, to deploy to a multinode setup requires the following things to happen:
- Each controller node requires database migrations in support of running VPNaaS.
- Each network node that would run VPNaaS L3 agent extension.
Therefore, the devstack plugin script needs some extra logic.
How to Configure
To configure VPNaaS, it is only necessary to enable the neutron-vpnaas devstack plugin by adding the following line to the local section of devstack's local.conf file:
enable_plugin neutron-vpnaas <GITURL> [BRANCH]
<GITURL> is the URL of a neutron-vpnaas repository
[BRANCH] is an optional git ref (branch/ref/tag). The default is master.
For example::
enable_plugin neutron-vpnaas https://git.openstack.org/openstack/neutron-vpnaas stable/kiloThe default implementation for IPSEC package under DevStack is 'strongswan'. However, depending upon the Linux distribution, you may need to override this value. Select 'libreswan' for Fedora/RHEL/CentOS:
For example, install libreswan for CentOS/RHEL 7::
IPSEC_PACKAGE=libreswanThis VPNaaS devstack plugin code will then
- Install the common VPNaaS configuration and code,
- Apply database migrations on nodes that are running the controller (as determined by enabling the q-svc service),