Add options to auto enable VPNaaS

This change makes it possible for the neutron role to enable VPNaaS using
the reference OpenSwan driver by simply setting the `vpnaas` option within
the **neutron_plugin_base** list. This capability has been within the role
for some time however never specifically configured.

The change will bind the vpnaas agent to any location that is within the
neutron_l3_agent group. The agnet brings with it a new ini file and a new
entry point for config_template overrides. The vpnaas packages will be
installed when the agent is enabled within the target location of the
running agent services.

Change-Id: Ie9f89f7d2a942df40841d72c82f3a34315c6bed9
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>

defaults/main.yml

@@ -191,6 +191,16 @@ neutron_services:
    config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/lbaas_agent.ini
    config_overrides: "{{ neutron_lbaas_agent_ini_overrides }}"
    config_type: "ini"
+ neutron-vpnaas-agent:
+   group: neutron_l3_agent
+   service_name: neutron-vpnaas-agent
+   service_en: "{{ neutron_vpnaas }}"
+   service_conf: vpnaas_agent.ini
+   service_group: neutron_agent
+   service_rootwrap: rootwrap.d/vpnaas.filters
+   config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/vpnaas_agent.ini
+   config_overrides: "{{ neutron_vpnaas_agent_ini_overrides }}"
+   config_type: "ini"
  neutron-server:
    group: neutron_server
    service_name: neutron-server
@@ -222,6 +232,10 @@ neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.
 # Please add the 'firewall' to the neutron_plugin_base list
 neutron_fwaas: "{% if 'firewall' in neutron_plugin_base %}True{% else %}False{% endif %}"
 
+## Neutron VPNaaS
+# Please add the 'vpnaas' to the neutron_plugin_base list
+neutron_vpnaas: "{% if 'vpnaas' in neutron_plugin_base %}True{% else %}False{% endif %}"
+
 ## Drivers
 neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
 neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
@@ -231,6 +245,7 @@ neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_dri
 neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq
 neutron_driver_quota: neutron.db.quota.driver.DbQuotaDriver
 neutron_driver_firewall: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+neutron_driver_vpnaas: neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver
 
 ## Quotas
 neutron_default_quota: -1
@@ -378,6 +393,9 @@ neutron_apt_packages:
 neutron_lbaas_apt_packages:
   - haproxy
 
+neutron_vpnaas_apt_packages:
+  - openswan
+
 neutron_apt_remove_packages:
   - conntrackd
 
@@ -396,6 +414,7 @@ neutron_pip_packages:
   - neutron
   - neutron_fwaas
   - neutron_lbaas
+  - neutron_vpnaas
   - pycrypto
   - python-glanceclient
   - python-keystoneclient
@@ -422,3 +441,4 @@ neutron_metadata_agent_ini_overrides: {}
 neutron_metering_agent_ini_overrides: {}
 neutron_linuxbridge_agent_ini_overrides: {}
 neutron_lbaas_agent_ini_overrides: {}
+neutron_vpnaas_agent_ini_overrides: {}

releasenotes/notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - Neutron VPN as a Service (VPNaaS) can now optionally be deployed and
+    configured. Please see the `OpenStack Networking Guide
+    <http://docs.openstack.org/mitaka/networking-guide/>`_ for details
+    about the what the service is and what it provides. See the
+    `VPNaaS Install Guide <http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-network-services.html#virtual-private-network-service-optional>`_
+    for implementation details.

tasks/neutron_install.yml

@@ -59,6 +59,22 @@
     - neutron-install
     - neutron-apt-packages
 
+- name: Install apt packages for VPNaaS
+  apt:
+    pkg: "{{ item }}"
+    state: latest
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items: neutron_vpnaas_apt_packages
+  when:
+    - inventory_hostname in groups[neutron_services['neutron-vpnaas-agent']['group']]
+    - neutron_vpnaas | bool
+  tags:
+    - neutron-install
+    - neutron-apt-packages
+
 - name: remove specific apt packages
   apt:
     pkg: "{{ item }}"

templates/neutron.conf.j2

@@ -163,7 +163,9 @@ service_provider = LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.driv
 {% elif neutron_lbaasv2 | bool %}
 service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
 {% endif %}
-#service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+{% if neutron_vpnaas| bool %}
+service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+{% endif %}
 
 {% endif %}
 

templates/vpnaas_agent.ini.j2

@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+[vpnagent]
+vpn_device_driver = {{ neutron_driver_vpnaas }}