I'm trying to configure any VPNaaS plugin in single-provider mode. I'm not able to achieve this goal. I'm using a devstack installation and I'm editing */etc/neutron/neutron.conf* file, modifying this line:
... service_provider=VPN:cisco_csr:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default ... and */etc/neutron/vpn_agent.ini* modifyin gthis line: *...* *vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.IPsecDriver* *...* I'm not sure if this configuration is OK. I have some doubts: - Is this configuration a valid one taking into account that plugin are available in Python modules path? - Where are the log files located to check valid neutron configuration? - What services should I restart each time I change this configuration? Thank you very much. Julio C. Barrera Juez Office phone: +34 93 357 99 27 Distributed Applications and Networks Area (DANA) i2CAT Foundation, Barcelona, Spain http://dana.i2cat.net On 24 April 2014 16:14, Paul Michali (pcm) <p...@cisco.com> wrote: > Not sure I quite understand the question, but to configuring VPNaaS in > single provider mode, from a user's perspective is the same (see > api.openstack.org). > > To bring up a cloud that uses a different vendor's service and device > driver, you need to modify neutron.conf to select the vendor's service > driver (as the default driver), instead of the reference driver, and in > vpn_agent.ini you select the vendor's device driver (instead of or in > addition to the reference implementation, doesn't matter, as it pairs with > the service driver). > > HTHs, > > > PCM (Paul Michali) > > MAIL ......... p...@cisco.com > IRC ........... pcm_ (irc.freenode.com) > TW ............ @pmichali > GPG Key ... 4525ECC253E31A83 > Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 > > > > On Apr 24, 2014, at 3:13 AM, Julio Carlos Barrera Juez < > juliocarlos.barr...@i2cat.net> wrote: > > OK, thank you guys, I understood that it was not possible to configure > and make work any VPNaaS plugin. I don't care, by now, because it works in > single-provider mode. I knew about the Cisco implementation, but I don't > know how to configure it, because I didn't find enough documentation about > that topic. I need some help on the basics configuring a VPNaaS plugin in > single provider mode, because I only found information about it in 3rd > party blog posts, etc. > > What are the basic steps? > > Thank you again. > > > Julio C. Barrera Juez > Office phone: +34 93 357 99 27 > Distributed Applications and Networks Area (DANA) > i2CAT Foundation, Barcelona, Spain > http://dana.i2cat.net > > > On 18 April 2014 10:50, Bo Lin <l...@vmware.com> wrote: > >> Hi Julio, >> +1 for Paul's response. Multiple-provider VPNaaS support is delayed. But >> you can take >> https://review.openstack.org/#/c/74156/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74156/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=3436530b865ab50e305340302d741b5f023419bebc45ec144caa57e4c51b0452> >> and >> https://review.openstack.org/#/c/74144/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74144/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=08ac89d9f0424a7f6bb462accc106a9edc6df8e41b6b7fe568ea287db47abe30> >> as >> examples to write your own vpnaas driver without multi-provider support. If >> any questions or problems in your codes leading to not work, just upload >> your codes onto the review board, we can find how to solve it :). >> >> Thanks! >> ---Bo >> >> >> ------------------------------ >> *From: *"Paul Michali (pcm)" <p...@cisco.com> >> >> *To: *"OpenStack Development Mailing List (not for usage questions)" < >> openstack-dev@lists.openstack.org> >> *Sent: *Friday, April 11, 2014 2:15:18 AM >> >> *Subject: *Re: [openstack-dev] How to implement and configure a new >> Neutron vpnaas driver from scratch? >> >> By not "working" do you mean you cannot get the plugin to work in a >> multi-provider environment? Multi-provider solutions have been tabled until >> Juno, where more discussion is occurring on what is the best way to support >> different service providers. >> >> However, you should be able to get the plugin to work as the "sole" VPN >> service provider, which is what the Cisco solution does currently. You can >> look at how I've done that in the cisco_ipsec.py modules in the >> service_drivers and device_drivers directories, under neutron/services/vpn/. >> >> >> Regards, >> >> PCM (Paul Michali) >> >> MAIL ......... p...@cisco.com >> IRC ........... pcm_ >> (irc.freenode.com<https://urldefense.proofpoint.com/v1/url?u=http://irc.freenode.com&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=3f732defa72f3a816af1d5b52eefd459e2939807789cbc29c963da082ce8c010> >> ) >> TW ............ @pmichali >> GPG Key ... 4525ECC253E31A83 >> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83 >> >> >> >> On Apr 10, 2014, at 1:51 PM, Julio Carlos Barrera Juez < >> juliocarlos.barr...@i2cat.net> wrote: >> >> Hi. >> >> After 8 months of the patch creation and being abandoned weeks ago ( >> https://review.openstack.org/#/c/41827/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/41827/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=35c7a80127726543da2ed25bdde79e07b28ce936aa8a1ca7afa4fc20bcbefb65>) >> I still don't how can we develop a VPNaaS plugin following Bo Lin >> instructions. Is there any other patch trying to solve the problem? Is >> there any way to workaround the issue to get a VPNaaS plugin working? >> >> Thank you! >> >> >> Julio C. Barrera Juez >> Office phone: +34 93 357 99 27 >> Distributed Applications and Networks Area (DANA) >> i2CAT Foundation, Barcelona, Spain >> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=86728c6db62dee1a59132a2b11c5651432e714ee782ead0c4790189d29195b5d> >> >> >> On 27 February 2014 10:51, Bo Lin <l...@vmware.com> wrote: >> >>> Hi Julio, >>> You can take >>> https://review.openstack.org/#/c/74156/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74156/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=3436530b865ab50e305340302d741b5f023419bebc45ec144caa57e4c51b0452> >>> and >>> https://review.openstack.org/#/c/74144/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74144/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=08ac89d9f0424a7f6bb462accc106a9edc6df8e41b6b7fe568ea287db47abe30> >>> as >>> examples to write your own vpnaas driver. More info about service type >>> framework, you can also refer to neutron/services/loadbalancer codes. >>> >>> ------------------------------ >>> *From: *"Julio Carlos Barrera Juez" <juliocarlos.barr...@i2cat.net> >>> *To: *"OpenStack Development Mailing List (not for usage questions)" < >>> openstack-dev@lists.openstack.org> >>> *Sent: *Thursday, February 27, 2014 5:26:32 PM >>> *Subject: *Re: [openstack-dev] How to implement and configure a new >>> Neutron vpnaas driver from scratch? >>> >>> >>> I'm following the change you pointed a week ago. It seems that it is >>> working now, and will be eventually approved soon. I will be happy when it >>> is approved. >>> >>> Anyway, I need more information about how to develop a service driver >>> and a device driver for VPN plugin. I realize doing reverse-engineering >>> that I need and RPC agent and and RPC between them to communicate and use a >>> kind of callbacks to answer. Where I can find documentation about it and >>> some examples? Is there any best practise guide of the use of this >>> architecture? >>> >>> Thank you again! >>> >>> [image: i2cat] >>> Julio C. Barrera Juez >>> Office phone: +34 93 357 99 27 >>> Distributed Applications and Networks Area (DANA) >>> i2CAT Foundation, Barcelona, Spain >>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=c98b2d74b41b9c8efe74e5f89d418dc5b64cd5b5003dc82b3d794c290d876d04> >>> >>> >>> On 19 February 2014 09:13, Julio Carlos Barrera Juez < >>> juliocarlos.barr...@i2cat.net> wrote: >>> >>>> Thank you very much Bo. I will try all your advices and check if it >>>> works! >>>> >>>> [image: i2cat] >>>> Julio C. Barrera Juez >>>> Office phone: +34 93 357 99 27 >>>> Distributed Applications and Networks Area (DANA) >>>> i2CAT Foundation, Barcelona, Spain >>>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=c98b2d74b41b9c8efe74e5f89d418dc5b64cd5b5003dc82b3d794c290d876d04> >>>> >>>> >>>> On 18 February 2014 09:18, Bo Lin <l...@vmware.com> wrote: >>>> >>>>> I wonder whether your neutron server codes have added the " VPNaaS >>>>> integration with service type framework" change on >>>>> https://review.openstack.org/#/c/41827/21<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/41827/21&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=4a935821d551bb10de76c121ea8f83f57c00bf3a88ac0c73b51d87f96be1524f> >>>>> , >>>>> if not, the service_provider option is useless. You need to include the >>>>> change before developing your own driver. >>>>> >>>>> QA (In my opinion and sth may be missing): >>>>> - What is the difference between service drivers and device drivers? >>>>> service drivers are driven by vpn service plugin and are >>>>> responsible for casting rpc request (CRUD of vpnservices) to and do >>>>> callbacks from vpn agent. >>>>> device drivers are driven by vpn agent and are responsible for >>>>> implementing specific vpn operations and report vpn running status. >>>>> >>>>> - Could I implement only one of them? >>>>> device driver must be implemented based on your own device. >>>>> Unless the default ipsec service driver is definitely appropriate, suggest >>>>> you implement both of them. After including "VPNaaS integration with >>>>> service type framework", the service driver work is simple. >>>>> >>>>> - Where I need to put my Python implementation in my OpenStack >>>>> instance? >>>>> Do you mean let your instance runs your new codes? The default >>>>> source codes dir is /opt/stack/neutron, you need to put your new changes >>>>> into the dir and restart the neutron server. >>>>> >>>>> - How could I configure my OpenStack instance to use this >>>>> implementation? >>>>> 1. Add your new codes into source dir >>>>> 2. Add appropriate vpnaas service_provider into neutron.conf and >>>>> add appropriate "vpn_device_driver" option into vpn_agent.ini >>>>> 3. restart n-svc and q-vpn >>>>> >>>>> Hope help you. >>>>> >>>>> ------------------------------ >>>>> *From: *"Julio Carlos Barrera Juez" <juliocarlos.barr...@i2cat.net> >>>>> *To: *"OpenStack Development Mailing List" < >>>>> openstack-dev@lists.openstack.org> >>>>> *Sent: *Monday, February 17, 2014 7:18:44 PM >>>>> *Subject: *[openstack-dev] How to implement and configure a new >>>>> Neutron vpnaas driver from scratch? >>>>> >>>>> >>>>> Hi. >>>>> >>>>> I have asked in the Q&A website without success ( >>>>> https://ask.openstack.org/en/question/12072/how-to-implement-and-configure-a-new-vpnaas-driver-from-scratch/<https://urldefense.proofpoint.com/v1/url?u=https://ask.openstack.org/en/question/12072/how-to-implement-and-configure-a-new-vpnaas-driver-from-scratch/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=9uhm%2F59JRfiZ3CXzuhBOpqcTqWk8APswRGJFZ8H2Tos%3D%0A&s=73a239e478da9a7d12255611481016295433378154fb612bd567c30d77788648> >>>>> ). >>>>> >>>>> I want to develop a vpnaas implementation. It seems that since >>>>> Havana, there are plugins, services and device implementations. I like the >>>>> plugin and his current API, then I don't need to reimplement it. Now I >>>>> want >>>>> yo implement a vpnaas driver, and I see I have two main parts to take into >>>>> account: the service_drivers and the device_drivers. IPsec/OpenSwan >>>>> implementation is the unique sample I've found. >>>>> >>>>> I'm using devstack to test my experiments. >>>>> >>>>> I tried to implement VpnDriver Python class extending the main API >>>>> methods like IPsecVPNDriver does. I placed basic implementation files at >>>>> the same level of IPsec/OpenSwan does and configured Neutron adding this >>>>> line to /etc/neutron/neutron.conf file: >>>>> >>>>> service_provider = >>>>> VPN:VPNaaS:neutron.services.vpn.service_drivers.our_python_filename.OurClassName:default >>>>> >>>>> I restarted Neutron related services in my devstack instance, but it >>>>> seemed it didn't work. >>>>> >>>>> >>>>> >>>>> - What is the difference between service drivers and device drivers? >>>>> - Could I implement only one of them? >>>>> - Where I need to put my Python implementation in my OpenStack >>>>> instance? >>>>> - How could I configure my OpenStack instance to use this >>>>> implementation? >>>>> >>>>> >>>>> >>>>> I didn't find almost any documentation about these topics. >>>>> >>>>> Thank you very much. >>>>> >>>>> _______________________________________________ >>>>> OpenStack-dev mailing list >>>>> OpenStack-dev@lists.openstack.org >>>>> >>>>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=9uhm%2F59JRfiZ3CXzuhBOpqcTqWk8APswRGJFZ8H2Tos%3D%0A&s=46fe06049efb1d29a85b63f7ce101cd69695a368c3da6ea3a91bcd7d2b71ce59 >>>>> >>>>> >>>>> _______________________________________________ >>>>> OpenStack-dev mailing list >>>>> OpenStack-dev@lists.openstack.org >>>>> >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=638a7f219d00817d3d17746251a9b5090cce130fed11727be8a4cabd09754657> >>>>> >>>>> >>>> >>> >>> _______________________________________________ >>> OpenStack-dev mailing list >>> OpenStack-dev@lists.openstack.org >>> >>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=638a7f219d00817d3d17746251a9b5090cce130fed11727be8a4cabd09754657 >>> >>> >>> _______________________________________________ >>> OpenStack-dev mailing list >>> OpenStack-dev@lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=d81bebe644cccedf66fedc084cf34c54e82b5a62712e12d1b5e2c6c1c6ee2c81> >>> >>> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> >> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=d81bebe644cccedf66fedc084cf34c54e82b5a62712e12d1b5e2c6c1c6ee2c81 >> >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
