[openstack-dev] Implementing VPNaas in Openstack Grizzly release

Paul Michali pcm at cisco.com
Thu Jan 9 12:31:09 UTC 2014

Just some ideas to look into…

You could look at the q-vpn process log. With devstack, there is a screen-q-vpn.log that might give more info on the failure.

The commands that are working, are ones that strictly deal with the database. The IPSec site connection command is the first one that actually does messaging from the service driver to the device driver.  Once at the device driver, it will do an RPC back to the service driver to get the all the information on the services/connections on that host.

Maybe some things are to check that the IPSEC_AGENT_TOPIC is defined (IPSEC_AGENT_TOPIC = 'ipsec_agent'), and that the code is there in the service driver (service_dirvers/ipsec.py) to handle the callback (IPsecVpnDriverCallBack get_vpn_services_on_host). This will call the plugin (VPNPluginRpcDbMixin _get_agent_hosting_vpn_services).

It seems like the RPC from the device driver back to the service driver is timing out, so making sure they are all set up OK, would be useful.


PCM (Paul Michali)

MAIL          pcm at cisco.com
IRC            pcm_  (irc.freenode.net)
TW            @pmichali
GPG key    4525ECC253E31A83
Fingerprint 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83

On Jan 9, 2014, at 5:12 AM, Ashwini Babureddy <AB0078468 at TechMahindra.com> wrote:

> Hi,
> I am trying to implement VPNaas in openstack grizzly release 2013.1 by taking Havana release as a reference. This is basically a single node set up by following the below link :
> https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/master/OpenStack_Grizzly_Install_Guide.rst
> Currently all the vpn related files from Havana moved to Grizzly as follows:
> ·         /quantum/services/vpn/*
> ·         /quantum/db/vpn/*
> ·         /quantum/extensions/vpnaas.py
> ·         /etc/quantum/vpn_agent.ini
> ·         /etc/quantum/quantum.conf -> service_plugins = quantum.services.vpn.plugin.VPNPlugin
> ·         /quantumclient/quantum/v2_0/vpn/*
> ·         Installed Openswan
> ·         Made changes in /quantumclient/shell.py
> ·         /usr/bin/quantum-vpn-agent
> ·         /etc/init.d/quantum-plugin-vpn-agent
> ·         /etc/init/quantum-plugin-vpn-agent.conf
> Current status:
> ·         Commands running successfully
> o   Vpn-ikepolicy-create/list/delete
> o   Vpn-ipsecpolicy-create/list/delete
> o   Vpn-service-create/list/delete
> ·         Ipsec-site-connection-create command is failing with an HTTP Error. [Request Failed: internal server error while processing your request.]
> ·         /var/log/quantum/vpn-agent.log has logs as follows:
> 2014-01-09 23:32:30    ERROR [quantum.agent.l3_agent] Failed synchronizing routers : _sync_routers_task
> Traceback (most recent call last):
>   File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 694, in _sync_routers_task
>     self._process_routers(routers, all_routers=True)
>   File "/usr/lib/python2.7/dist-packages/quantum/services/vpn/agent.py", line 150, in _process_routers
>     device.sync(self.context, routers)
>   File "/usr/lib/python2.7/dist-packages/quantum/openstack/common/lockutils.py", line 242, in inner
>     retval = f(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/quantum/services/vpn/device_drivers/ipsec.py", line 652, in sync
>     context, self.host)
>   File "/usr/lib/python2.7/dist-packages/quantum/services/vpn/device_drivers/ipsec.py", line 453, in get_vpn_services_on_host
>     topic=self.topic)
>   File "/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/proxy.py", line 80, in call
>     return rpc.call(context, self._get_topic(topic), msg, timeout)
>   File "/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/__init__.py", line 140, in call
>     return _get_impl().call(CONF, context, topic, msg, timeout)
>   File "/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/impl_kombu.py", line 798, in call
>     rpc_amqp.get_connection_pool(conf, Connection))
>   File "/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/amqp.py", line 613, in call
>     rv = list(rv)
>   File "/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/amqp.py", line 555, in __iter__
>     self.done()
>   File "/usr/lib/python2.7/contextlib.py", line 24, in __exit__
>     self.gen.next()
>   File "/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/amqp.py", line 552, in __iter__
>     self._iterator.next()
>   File "/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/impl_kombu.py", line 648, in iterconsume
>     yield self.ensure(_error_callback, _consume)
> File "/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/impl_kombu.py", line 566, in ensure
>     error_callback(e)
>   File "/usr/lib/python2.7/dist-packages/quantum/openstack/common/rpc/impl_kombu.py", line 629, in _error_callback
>     raise rpc_common.Timeout()
> Timeout: Timeout while waiting on RPC response.
> 2014-01-09 23:32:30  WARNING [quantum.openstack.common.loopingcall] task run outlasted interval by 21.531911 sec
> Can anyone please help on this issue. Could this issue be due to an incomplete quantum-plugin-vpn-agent [as we have no such standard package].
> What else can be done further to make this work?
> Thanks,
> Ashwini
> ============================================================================================================================
> Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally http://tim.techmahindra.com/tim/disclaimer.html internally within TechMahindra.
> ============================================================================================================================
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140109/44aa6000/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140109/44aa6000/attachment.pgp>

More information about the OpenStack-dev mailing list