256464aea6
Adds VPNaaS support for OVN. Add a new stand-alone VPN agent to support OVN+VPN. Add OVN-specific service and device drivers that support this new VPN agent. This will have no impact on the existing VPN solution for ML2/OVS, the existing L3 agent and its VPN extension will still work. Add a new VPN agent scheduler that will schedule VPN services to VPN agents on a per-router basis. Add two new database tables: vpn_ext_gws (to store extra port IDs) and routervpnagentbindings (to store VPN agent ID per router). More details see spec (neutron-specs/specs/xena/vpnaas-ovn.rst). This work is based on work of MingShuan Xian (xianms@cn.ibm.com), see https://bugs.launchpad.net/networking-ovn/+bug/1586253 Depends-On: https://review.opendev.org/c/openstack/neutron/+/847005 Depends-On: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/847007 Closes-Bug: #1905391 Change-Id: I632f86762d63edbfe225727db11ea21bbb1ffc25
49 lines
1.5 KiB
Plaintext
49 lines
1.5 KiB
Plaintext
# Settings for the VPNaaS devstack plugin
|
|
|
|
# Plugin
|
|
if [[ $Q_AGENT == "ovn" ]]; then
|
|
VPN_PLUGIN=${VPN_PLUGIN:-"ovn-vpnaas"}
|
|
else
|
|
VPN_PLUGIN=${VPN_PLUGIN:-"vpnaas"}
|
|
fi
|
|
|
|
# Device driver
|
|
IPSEC_PACKAGE=${IPSEC_PACKAGE:-"strongswan"}
|
|
if [[ $Q_AGENT == "ovn" ]]; then
|
|
NEUTRON_VPNAAS_DEVICE_DRIVER=${NEUTRON_VPNAAS_DEVICE_DRIVER:-"neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver"}
|
|
else
|
|
NEUTRON_VPNAAS_DEVICE_DRIVER=${NEUTRON_VPNAAS_DEVICE_DRIVER:-"neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec:StrongSwanDriver"}
|
|
fi
|
|
|
|
function _get_service_provider {
|
|
local ipsec_package=$1
|
|
local name driver
|
|
|
|
if [[ $Q_AGENT == "ovn" ]]; then
|
|
driver="neutron_vpnaas.services.vpn.service_drivers.ovn_ipsec.IPsecOvnVPNDriver"
|
|
else
|
|
driver="neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver"
|
|
fi
|
|
|
|
if [ "$ipsec_package" = "libreswan" ]; then
|
|
name="openswan"
|
|
else
|
|
name="strongswan"
|
|
fi
|
|
echo "VPN:${name}:${driver}:default"
|
|
}
|
|
|
|
# Service Driver, default value depends on IPSEC_PACKAGE.
|
|
if [ -z "$NEUTRON_VPNAAS_SERVICE_PROVIDER" ]; then
|
|
NEUTRON_VPNAAS_SERVICE_PROVIDER=$(_get_service_provider $IPSEC_PACKAGE)
|
|
fi
|
|
|
|
# Config files
|
|
NEUTRON_CONF_DIR=${NEUTRON_CONF_DIR:-"/etc/neutron"}
|
|
NEUTRON_VPNAAS_DIR=$DEST/neutron-vpnaas
|
|
|
|
NEUTRON_VPNAAS_CONF_FILE=neutron_vpnaas.conf
|
|
NEUTRON_VPNAAS_CONF=$NEUTRON_CONF_DIR/$NEUTRON_VPNAAS_CONF_FILE
|
|
|
|
OVN_VPNAGENT_CONF=$NEUTRON_CONF_DIR/neutron_ovn_vpn_agent.ini
|