Add options to auto enable VPNaaS

This change makes it possible for the neutron role to enable VPNaaS using the reference OpenSwan driver by simply setting the `vpnaas` option within the **neutron_plugin_base** list. This capability has been within the role for some time however never specifically configured. The change will bind the vpnaas agent to any location that is within the neutron_l3_agent group. The agnet brings with it a new ini file and a new entry point for config_template overrides. The vpnaas packages will be installed when the agent is enabled within the target location of the running agent services. Change-Id: Ie9f89f7d2a942df40841d72c82f3a34315c6bed9 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-04-13 13:14:24 -05:00 · 2016-04-13 13:14:24 -05:00 · 94994ef2e7
commit 94994ef2e7
parent 9e234fcf55
5 changed files with 51 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -191,6 +191,16 @@ neutron_services:
   config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/lbaas_agent.ini
   config_overrides: "{{ neutron_lbaas_agent_ini_overrides }}"
   config_type: "ini"
+ neutron-vpnaas-agent:
+   group: neutron_l3_agent
+   service_name: neutron-vpnaas-agent
+   service_en: "{{ neutron_vpnaas }}"
+   service_conf: vpnaas_agent.ini
+   service_group: neutron_agent
+   service_rootwrap: rootwrap.d/vpnaas.filters
+   config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/vpnaas_agent.ini
+   config_overrides: "{{ neutron_vpnaas_agent_ini_overrides }}"
+   config_type: "ini"
 neutron-server:
   group: neutron_server
   service_name: neutron-server
@ -222,6 +232,10 @@ neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.
 # Please add the 'firewall' to the neutron_plugin_base list
 neutron_fwaas: "{% if 'firewall' in neutron_plugin_base %}True{% else %}False{% endif %}"

+## Neutron VPNaaS
+# Please add the 'vpnaas' to the neutron_plugin_base list
+neutron_vpnaas: "{% if 'vpnaas' in neutron_plugin_base %}True{% else %}False{% endif %}"
+
 ## Drivers
 neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
 neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
@ -231,6 +245,7 @@ neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_dri
 neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq
 neutron_driver_quota: neutron.db.quota.driver.DbQuotaDriver
 neutron_driver_firewall: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+neutron_driver_vpnaas: neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver

 ## Quotas
 neutron_default_quota: -1
@ -378,6 +393,9 @@ neutron_apt_packages:
 neutron_lbaas_apt_packages:
  - haproxy

+neutron_vpnaas_apt_packages:
+  - openswan
+
 neutron_apt_remove_packages:
  - conntrackd

@ -396,6 +414,7 @@ neutron_pip_packages:
  - neutron
  - neutron_fwaas
  - neutron_lbaas
+  - neutron_vpnaas
  - pycrypto
  - python-glanceclient
  - python-keystoneclient
@ -422,3 +441,4 @@ neutron_metadata_agent_ini_overrides: {}
 neutron_metering_agent_ini_overrides: {}
 neutron_linuxbridge_agent_ini_overrides: {}
 neutron_lbaas_agent_ini_overrides: {}
+neutron_vpnaas_agent_ini_overrides: {}
--- a/releasenotes/notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml
+++ b/releasenotes/notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml
@ -0,0 +1,8 @@
+---
+features:
+  - Neutron VPN as a Service (VPNaaS) can now optionally be deployed and
+    configured. Please see the `OpenStack Networking Guide
+    <http://docs.openstack.org/mitaka/networking-guide/>`_ for details
+    about the what the service is and what it provides. See the
+    `VPNaaS Install Guide <http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-network-services.html#virtual-private-network-service-optional>`_
+    for implementation details.
--- a/tasks/neutron_install.yml
+++ b/tasks/neutron_install.yml
@ -59,6 +59,22 @@
    - neutron-install
    - neutron-apt-packages

+- name: Install apt packages for VPNaaS
+  apt:
+    pkg: "{{ item }}"
+    state: latest
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items: neutron_vpnaas_apt_packages
+  when:
+    - inventory_hostname in groups[neutron_services['neutron-vpnaas-agent']['group']]
+    - neutron_vpnaas | bool
+  tags:
+    - neutron-install
+    - neutron-apt-packages
+
 - name: remove specific apt packages
  apt:
    pkg: "{{ item }}"
--- a/templates/neutron.conf.j2
+++ b/templates/neutron.conf.j2
@ -163,7 +163,9 @@ service_provider = LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.driv
 {% elif neutron_lbaasv2 | bool %}
 service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
 {% endif %}
-#service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+{% if neutron_vpnaas| bool %}
+service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+{% endif %}

 {% endif %}

--- a/templates/vpnaas_agent.ini.j2
+++ b/templates/vpnaas_agent.ini.j2
@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+[vpnagent]
+vpn_device_driver = {{ neutron_driver_vpnaas }}