diff --git a/defaults/main.yml b/defaults/main.yml
index dafa0685..8501be19 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -195,6 +195,16 @@ neutron_services:
config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/lbaas_agent.ini
config_overrides: "{{ neutron_lbaas_agent_ini_overrides }}"
config_type: "ini"
+ neutron-vpnaas-agent:
+ group: neutron_l3_agent
+ service_name: neutron-vpnaas-agent
+ service_en: "{{ neutron_vpnaas }}"
+ service_conf: vpnaas_agent.ini
+ service_group: neutron_agent
+ service_rootwrap: rootwrap.d/vpnaas.filters
+ config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/vpnaas_agent.ini
+ config_overrides: "{{ neutron_vpnaas_agent_ini_overrides }}"
+ config_type: "ini"
neutron-server:
group: neutron_server
service_name: neutron-server
@@ -226,6 +236,10 @@ neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services.
# Please add the 'firewall' to the neutron_plugin_base list
neutron_fwaas: "{% if 'firewall' in neutron_plugin_base %}True{% else %}False{% endif %}"
+## Neutron VPNaaS
+# Please add the 'vpnaas' to the neutron_plugin_base list
+neutron_vpnaas: "{% if 'vpnaas' in neutron_plugin_base %}True{% else %}False{% endif %}"
+
## Drivers
neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
@@ -235,6 +249,7 @@ neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_dri
neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq
neutron_driver_quota: neutron.db.quota.driver.DbQuotaDriver
neutron_driver_firewall: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+neutron_driver_vpnaas: neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver
## Quotas
neutron_default_quota: -1
@@ -382,6 +397,9 @@ neutron_apt_packages:
neutron_lbaas_apt_packages:
- haproxy
+neutron_vpnaas_apt_packages:
+ - openswan
+
neutron_apt_remove_packages:
- conntrackd
@@ -400,6 +418,7 @@ neutron_pip_packages:
- neutron
- neutron_fwaas
- neutron_lbaas
+ - neutron_vpnaas
- pycrypto
- python-glanceclient
- python-keystoneclient
@@ -432,3 +451,4 @@ neutron_metadata_agent_ini_overrides: {}
neutron_metering_agent_ini_overrides: {}
neutron_linuxbridge_agent_ini_overrides: {}
neutron_lbaas_agent_ini_overrides: {}
+neutron_vpnaas_agent_ini_overrides: {}
diff --git a/releasenotes/notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml b/releasenotes/notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml
new file mode 100644
index 00000000..2fe9709e
--- /dev/null
+++ b/releasenotes/notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml
@@ -0,0 +1,8 @@
+---
+features:
+ - Neutron VPN as a Service (VPNaaS) can now optionally be deployed and
+ configured. Please see the `OpenStack Networking Guide
+ `_ for details
+ about the what the service is and what it provides. See the
+ `VPNaaS Install Guide `_
+ for implementation details.
diff --git a/tasks/neutron_install.yml b/tasks/neutron_install.yml
index 4dc87018..c6b590d3 100644
--- a/tasks/neutron_install.yml
+++ b/tasks/neutron_install.yml
@@ -59,6 +59,22 @@
- neutron-install
- neutron-apt-packages
+- name: Install apt packages for VPNaaS
+ apt:
+ pkg: "{{ item }}"
+ state: latest
+ register: install_packages
+ until: install_packages|success
+ retries: 5
+ delay: 2
+ with_items: neutron_vpnaas_apt_packages
+ when:
+ - inventory_hostname in groups[neutron_services['neutron-vpnaas-agent']['group']]
+ - neutron_vpnaas | bool
+ tags:
+ - neutron-install
+ - neutron-apt-packages
+
- name: remove specific apt packages
apt:
pkg: "{{ item }}"
diff --git a/templates/neutron.conf.j2 b/templates/neutron.conf.j2
index 901121d4..303b3c3e 100644
--- a/templates/neutron.conf.j2
+++ b/templates/neutron.conf.j2
@@ -163,7 +163,9 @@ service_provider = LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.driv
{% elif neutron_lbaasv2 | bool %}
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
{% endif %}
-#service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+{% if neutron_vpnaas| bool %}
+service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+{% endif %}
{% endif %}
diff --git a/templates/vpnaas_agent.ini.j2 b/templates/vpnaas_agent.ini.j2
new file mode 100644
index 00000000..cb5862c3
--- /dev/null
+++ b/templates/vpnaas_agent.ini.j2
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+[vpnagent]
+vpn_device_driver = {{ neutron_driver_vpnaas }}