Open Stack

Hello,

I didn't check Rocky or Stream for differences, but if I recap the problem correctly:
- Neither Victoria nor Wallaby VPNaaS worked in Stream.
- Victoria worked in Rocky

There are no relevant differences in the VPNaaS plugin between Victoria and Wallaby.
Maybe there actually is a difference between Rocky and Stream: the pid directory expected by pluto. At least your error message (no "/run/pluto/pluto.ctl") suggests that.
The libreswan driver in the VPNaaS plugin works under the assumption that the run-files reside in /var/run.
ipsec commands are run via a wrapper to call the actual command inside a namespace, with /etc/ and /var/run/ bind-mounted.

The real paths are /var/lib/neutron/ipsec/{router-id}/... and in there .../etc and ..,/var/run.
In a working setup you should find /var/lib/neutron/ipsec/{router-id}/var/run/pluto/pluto.ctl

So it may be a problem if pluto wants to use /run (not bind-mounted), but the plugin only provides for /var/run (bind-mounted).

Bodo Petermann
SysEleven GmbH

> Am 26.07.2021 um 15:12 schrieb Radosław Piliszek <radoslaw.piliszek at gmail.com>:
> 
> On Mon, Jul 26, 2021 at 10:39 AM Franck VEDEL
> <franck.vedel at univ-grenoble-alpes.fr <mailto:franck.vedel at univ-grenoble-alpes.fr>> wrote:
>> 
>> Hello.
>> unfortunately, despite the good functioning of Victoria, the VPNAAS service is not working.
>> Same error as for wallaby:
>> 
>> Command: ['ipsec', 'whack', '--status'] Exit code: 33 Stdout: Stderr: whack: Pluto is not running (no "/run/pluto/pluto.ctl")
>> ; Stderr:
>> 
>> I think it's my fault. I didn't want to install CentOS Stream (not knowing what happened with this distribution), I put Rocky. This is a big mistake.
>> I will start all over again, put CentOS Stream (VPNaas worked with Victoria and CentOS Stream in my tests).
>> Thanks again.
>> I'm still disgusted with all this wasted time.
> 
> Hello Franck,
> 
> Before you go wrecking your infra - I am pretty sure that Rocky vs
> Stream does not make a difference here.
> I thought Victoria worked because you said so but it seems it has
> always broken in Kolla Ansible and we have a bug to fix:
> https://bugs.launchpad.net/kolla-ansible/+bug/1869491 <https://bugs.launchpad.net/kolla-ansible/+bug/1869491>
> VPNaaS is not the most popular enabled option to be honest.
> 
> Do you remember how you got it working back then?
> That could help here.
> 
> -yoctozepto
> 
>> 
>> Franck
>> 
>> Le 25 juil. 2021 à 21:25, Radosław Piliszek <radoslaw.piliszek at gmail.com> a écrit :
>> 
>> On Sun, Jul 25, 2021 at 9:18 PM Franck VEDEL
>> <franck.vedel at univ-grenoble-alpes.fr> wrote:
>> 
>> 
>> Oh !! Thanks a lot, really.
>> 
>> Indeed, I installed kolla-ansible 12.0, install wallaby (it works perfectly… expect Vpnaas), then I changed "wallaby" to « victoria » in globals.yml.
>> 
>> And in Wallaby's notes, there is the sentence:
>> The Karbor project is no longer maintained and retired since the Wallaby cycle. Its support and roles are also removed since Wallaby cycle.
>> So, it's not normal that it doesn't work. I understand…. There is a lot of things, it’s not easy to do the right thing the first time.
>> 
>> On the other hand ... and I hope not to abuse, I am not sure I understand "clone https://opendev.org/openstack/kolla-ansible".
>> Do you have to uninstall kolla-ansible 12 before putting 11?
>> How do you do "pip install that directory then"? Really sorry for these stupid questions, but I'm afraid to mess things up.
>> 
>> 
>> Sure thing.
>> I meant to use Git.
>> Try these commands:
>> 
>> git clone --branch stable/victoria \
>>   https://opendev.org/openstack/kolla-ansible
>> pip install ./kolla-ansible
>> 
>> -yoctozepto
>> 
>> Franck
>> 
>> 
>> Le 25 juil. 2021 à 18:00, Radosław Piliszek <radoslaw.piliszek at gmail.com> a écrit :
>> 
>> On Sun, Jul 25, 2021 at 2:52 PM Franck VEDEL
>> <franck.vedel at univ-grenoble-alpes.fr> wrote:
>> 
>> 
>> Hello
>> 
>> 
>> Hello Franck,
>> 
>> Having had no help with my Vpnaas (centos wallaby) problem, I came back to Victoria because I know from having tested that Vpnaas works as it should under Victoria.
>> A few weeks ago, I had the opportunity to use 3 test servers, I had set up Victoria (with Centos and kolla-ansible). No problem, everything was working as I wanted it to.
>> I have since set up 3 new servers to set up an Openstack for my students.
>> if i install Wallaby, no Vpnaas, and I need VPNaaS…. So Victoria.
>> 
>> if I install Victoria, and this is the 1st time that this happens to me, horizon does not work. The horizon docker does not start.
>> The "docker logs horizon" command ends with the following 3 lines:
>> ++ config_karbor_dashboard
>> ++ for file in $ {SITE_PACKAGES} / karbor_dashboard / enabled / _ * [^ __]. py
>> / usr / local / bin / kolla_extend_start: line 121: ENABLE_KARBOR: unbound variable
>> 
>> 
>> This error suggests you are using Kolla Ansible Wallaby or later to
>> deploy Victoria.
>> You probably just set "openstack_release" to "Victoria" without
>> downgrading Kolla Ansible to a supported version.
>> There is a reason why "openstack_release" is commented with "Do not
>> override this unless you know what you are doing.". ;-)
>> It is only really meant to be used for very specific tasks, not really
>> meant for regular users.
>> Please have a look at
>> https://docs.openstack.org/releasenotes/kolla-ansible/victoria.html
>> The latest release for Victoria is 11.0.0 but there are lots of
>> unreleased fixes so I advise you to just clone
>> https://opendev.org/openstack/kolla-ansible
>> checkout stable/victoria
>> and pip install that directory then.
>> It will fix your current issue.
>> 
>> -yoctozepto

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210726/6fd3858c/attachment-0001.html>