[openstack-dev] How to implement and configure a new Neutron vpnaas driver from scratch?
Julio Carlos Barrera Juez
juliocarlos.barrera at i2cat.net
Thu Apr 10 17:51:40 UTC 2014
Hi.
After 8 months of the patch creation and being abandoned weeks ago (
https://review.openstack.org/#/c/41827/) I still don't how can we develop a
VPNaaS plugin following Bo Lin instructions. Is there any other patch
trying to solve the problem? Is there any way to workaround the issue to
get a VPNaaS plugin working?
Thank you!
Julio C. Barrera Juez
Office phone: +34 93 357 99 27
Distributed Applications and Networks Area (DANA)
i2CAT Foundation, Barcelona, Spain
http://dana.i2cat.net
On 27 February 2014 10:51, Bo Lin <linb at vmware.com> wrote:
> Hi Julio,
> You can take https://review.openstack.org/#/c/74156/ and
> https://review.openstack.org/#/c/74144/ as examples to write your own
> vpnaas driver. More info about service type framework, you can also refer
> to neutron/services/loadbalancer codes.
>
> ------------------------------
> *From: *"Julio Carlos Barrera Juez" <juliocarlos.barrera at i2cat.net>
> *To: *"OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev at lists.openstack.org>
> *Sent: *Thursday, February 27, 2014 5:26:32 PM
> *Subject: *Re: [openstack-dev] How to implement and configure a new
> Neutron vpnaas driver from scratch?
>
>
> I'm following the change you pointed a week ago. It seems that it is
> working now, and will be eventually approved soon. I will be happy when it
> is approved.
>
> Anyway, I need more information about how to develop a service driver and
> a device driver for VPN plugin. I realize doing reverse-engineering that I
> need and RPC agent and and RPC between them to communicate and use a kind
> of callbacks to answer. Where I can find documentation about it and some
> examples? Is there any best practise guide of the use of this architecture?
>
> Thank you again!
>
> [image: i2cat]
> Julio C. Barrera Juez
> Office phone: +34 93 357 99 27
> Distributed Applications and Networks Area (DANA)
> i2CAT Foundation, Barcelona, Spain
> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=c98b2d74b41b9c8efe74e5f89d418dc5b64cd5b5003dc82b3d794c290d876d04>
>
>
> On 19 February 2014 09:13, Julio Carlos Barrera Juez <
> juliocarlos.barrera at i2cat.net> wrote:
>
>> Thank you very much Bo. I will try all your advices and check if it works!
>>
>> [image: i2cat]
>> Julio C. Barrera Juez
>> Office phone: +34 93 357 99 27
>> Distributed Applications and Networks Area (DANA)
>> i2CAT Foundation, Barcelona, Spain
>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=c98b2d74b41b9c8efe74e5f89d418dc5b64cd5b5003dc82b3d794c290d876d04>
>>
>>
>> On 18 February 2014 09:18, Bo Lin <linb at vmware.com> wrote:
>>
>>> I wonder whether your neutron server codes have added the " VPNaaS
>>> integration with service type framework" change on
>>> https://review.openstack.org/#/c/41827/21<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/41827/21&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=4a935821d551bb10de76c121ea8f83f57c00bf3a88ac0c73b51d87f96be1524f> ,
>>> if not, the service_provider option is useless. You need to include the
>>> change before developing your own driver.
>>>
>>> QA (In my opinion and sth may be missing):
>>> - What is the difference between service drivers and device drivers?
>>> service drivers are driven by vpn service plugin and are responsible
>>> for casting rpc request (CRUD of vpnservices) to and do callbacks from vpn
>>> agent.
>>> device drivers are driven by vpn agent and are responsible for
>>> implementing specific vpn operations and report vpn running status.
>>>
>>> - Could I implement only one of them?
>>> device driver must be implemented based on your own device. Unless
>>> the default ipsec service driver is definitely appropriate, suggest you
>>> implement both of them. After including "VPNaaS integration with service
>>> type framework", the service driver work is simple.
>>>
>>> - Where I need to put my Python implementation in my OpenStack instance?
>>> Do you mean let your instance runs your new codes? The default source
>>> codes dir is /opt/stack/neutron, you need to put your new changes into the
>>> dir and restart the neutron server.
>>>
>>> - How could I configure my OpenStack instance to use this implementation?
>>> 1. Add your new codes into source dir
>>> 2. Add appropriate vpnaas service_provider into neutron.conf and add
>>> appropriate "vpn_device_driver" option into vpn_agent.ini
>>> 3. restart n-svc and q-vpn
>>>
>>> Hope help you.
>>>
>>> ------------------------------
>>> *From: *"Julio Carlos Barrera Juez" <juliocarlos.barrera at i2cat.net>
>>> *To: *"OpenStack Development Mailing List" <
>>> openstack-dev at lists.openstack.org>
>>> *Sent: *Monday, February 17, 2014 7:18:44 PM
>>> *Subject: *[openstack-dev] How to implement and configure a new Neutron
>>> vpnaas driver from scratch?
>>>
>>>
>>> Hi.
>>>
>>> I have asked in the Q&A website without success (
>>> https://ask.openstack.org/en/question/12072/how-to-implement-and-configure-a-new-vpnaas-driver-from-scratch/<https://urldefense.proofpoint.com/v1/url?u=https://ask.openstack.org/en/question/12072/how-to-implement-and-configure-a-new-vpnaas-driver-from-scratch/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=9uhm%2F59JRfiZ3CXzuhBOpqcTqWk8APswRGJFZ8H2Tos%3D%0A&s=73a239e478da9a7d12255611481016295433378154fb612bd567c30d77788648>
>>> ).
>>>
>>> I want to develop a vpnaas implementation. It seems that since Havana,
>>> there are plugins, services and device implementations. I like the plugin
>>> and his current API, then I don't need to reimplement it. Now I want yo
>>> implement a vpnaas driver, and I see I have two main parts to take into
>>> account: the service_drivers and the device_drivers. IPsec/OpenSwan
>>> implementation is the unique sample I've found.
>>>
>>> I'm using devstack to test my experiments.
>>>
>>> I tried to implement VpnDriver Python class extending the main API
>>> methods like IPsecVPNDriver does. I placed basic implementation files at
>>> the same level of IPsec/OpenSwan does and configured Neutron adding this
>>> line to /etc/neutron/neutron.conf file:
>>>
>>> service_provider =
>>> VPN:VPNaaS:neutron.services.vpn.service_drivers.our_python_filename.OurClassName:default
>>>
>>> I restarted Neutron related services in my devstack instance, but it
>>> seemed it didn't work.
>>>
>>>
>>>
>>> - What is the difference between service drivers and device drivers?
>>> - Could I implement only one of them?
>>> - Where I need to put my Python implementation in my OpenStack instance?
>>> - How could I configure my OpenStack instance to use this implementation?
>>>
>>>
>>>
>>> I didn't find almost any documentation about these topics.
>>>
>>> Thank you very much.
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>>
>>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=9uhm%2F59JRfiZ3CXzuhBOpqcTqWk8APswRGJFZ8H2Tos%3D%0A&s=46fe06049efb1d29a85b63f7ce101cd69695a368c3da6ea3a91bcd7d2b71ce59
>>>
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=638a7f219d00817d3d17746251a9b5090cce130fed11727be8a4cabd09754657>
>>>
>>>
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
>
> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=638a7f219d00817d3d17746251a9b5090cce130fed11727be8a4cabd09754657
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140410/9bbd44f8/attachment.html>
More information about the OpenStack-dev
mailing list