diff --git a/defaults/main.yml b/defaults/main.yml index dafa0685..8501be19 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -195,6 +195,16 @@ neutron_services: config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/lbaas_agent.ini config_overrides: "{{ neutron_lbaas_agent_ini_overrides }}" config_type: "ini" + neutron-vpnaas-agent: + group: neutron_l3_agent + service_name: neutron-vpnaas-agent + service_en: "{{ neutron_vpnaas }}" + service_conf: vpnaas_agent.ini + service_group: neutron_agent + service_rootwrap: rootwrap.d/vpnaas.filters + config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/vpnaas_agent.ini + config_overrides: "{{ neutron_vpnaas_agent_ini_overrides }}" + config_type: "ini" neutron-server: group: neutron_server service_name: neutron-server @@ -226,6 +236,10 @@ neutron_metering: "{% if 'metering' in neutron_plugin_base or 'neutron.services. # Please add the 'firewall' to the neutron_plugin_base list neutron_fwaas: "{% if 'firewall' in neutron_plugin_base %}True{% else %}False{% endif %}" +## Neutron VPNaaS +# Please add the 'vpnaas' to the neutron_plugin_base list +neutron_vpnaas: "{% if 'vpnaas' in neutron_plugin_base %}True{% else %}False{% endif %}" + ## Drivers neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler @@ -235,6 +249,7 @@ neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_dri neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq neutron_driver_quota: neutron.db.quota.driver.DbQuotaDriver neutron_driver_firewall: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver +neutron_driver_vpnaas: neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver ## Quotas neutron_default_quota: -1 @@ -382,6 +397,9 @@ neutron_apt_packages: neutron_lbaas_apt_packages: - haproxy +neutron_vpnaas_apt_packages: + - openswan + neutron_apt_remove_packages: - conntrackd @@ -400,6 +418,7 @@ neutron_pip_packages: - neutron - neutron_fwaas - neutron_lbaas + - neutron_vpnaas - pycrypto - python-glanceclient - python-keystoneclient @@ -432,3 +451,4 @@ neutron_metadata_agent_ini_overrides: {} neutron_metering_agent_ini_overrides: {} neutron_linuxbridge_agent_ini_overrides: {} neutron_lbaas_agent_ini_overrides: {} +neutron_vpnaas_agent_ini_overrides: {} diff --git a/releasenotes/notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml b/releasenotes/notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml new file mode 100644 index 00000000..2fe9709e --- /dev/null +++ b/releasenotes/notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml @@ -0,0 +1,8 @@ +--- +features: + - Neutron VPN as a Service (VPNaaS) can now optionally be deployed and + configured. Please see the `OpenStack Networking Guide + `_ for details + about the what the service is and what it provides. See the + `VPNaaS Install Guide `_ + for implementation details. diff --git a/tasks/neutron_install.yml b/tasks/neutron_install.yml index 4dc87018..c6b590d3 100644 --- a/tasks/neutron_install.yml +++ b/tasks/neutron_install.yml @@ -59,6 +59,22 @@ - neutron-install - neutron-apt-packages +- name: Install apt packages for VPNaaS + apt: + pkg: "{{ item }}" + state: latest + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: neutron_vpnaas_apt_packages + when: + - inventory_hostname in groups[neutron_services['neutron-vpnaas-agent']['group']] + - neutron_vpnaas | bool + tags: + - neutron-install + - neutron-apt-packages + - name: remove specific apt packages apt: pkg: "{{ item }}" diff --git a/templates/neutron.conf.j2 b/templates/neutron.conf.j2 index 901121d4..303b3c3e 100644 --- a/templates/neutron.conf.j2 +++ b/templates/neutron.conf.j2 @@ -163,7 +163,9 @@ service_provider = LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.driv {% elif neutron_lbaasv2 | bool %} service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default {% endif %} -#service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +{% if neutron_vpnaas| bool %} +service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +{% endif %} {% endif %} diff --git a/templates/vpnaas_agent.ini.j2 b/templates/vpnaas_agent.ini.j2 new file mode 100644 index 00000000..cb5862c3 --- /dev/null +++ b/templates/vpnaas_agent.ini.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +[vpnagent] +vpn_device_driver = {{ neutron_driver_vpnaas }}