[openstack-dev] [Neutron] minimal device driver for VPN
Paul Michali (pcm)
pcm at cisco.com
Fri Jul 18 10:56:04 UTC 2014
No docs, it’s an internal API between service and device driver (so you can implement it however you desire. You can look at the reference and Cisco ones for examples (they are currently both the same, although the Cisco one will likely change in the future). You’ll need to define a “topic” for the RPC between the two drivers that is unique to your implementation. Again, look at the existing ones and look for “topic” variable to see what strings they map to.
From service driver to device driver, there is only one API, vpnservice_updated(), and in the other direction there are two, get_vpn_services_on_host() and udpate_status().
Regards,
PCM (Paul Michali)
MAIL …..…. pcm at cisco.com
IRC ……..… pcm_ (irc.freenode.com)
TW ………... @pmichali
GPG Key … 4525ECC253E31A83
Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
On Jul 18, 2014, at 2:30 AM, Julio Carlos Barrera Juez <juliocarlos.barrera at i2cat.net> wrote:
> Is there any documentation about these RPC messages? Or de we need to use examples as guide?
>
> Once again, thank you Paul.
>
>
> Julio C. Barrera Juez
> Office phone: (+34) 93 357 99 27 (ext. 527)
> Office mobile phone: (+34) 625 66 77 26
> Distributed Applications and Networks Area (DANA)
> i2CAT Foundation, Barcelona
>
>
> On 17 July 2014 20:37, Paul Michali (pcm) <pcm at cisco.com> wrote:
> So you have your driver loading… great!
>
> The service driver will log in screen-q-svc.log, provided you have the service driver called out in neutron.conf (as the only one for VPN).
>
> Later, you’ll need the supporting RPC classes to send messages from service driver to device driver…
>
>
> Regards,
>
>
> PCM (Paul Michali)
>
> MAIL …..…. pcm at cisco.com
> IRC ……..… pcm_ (irc.freenode.com)
> TW ………... @pmichali
> GPG Key … 4525ECC253E31A83
> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>
>
>
> On Jul 17, 2014, at 2:18 PM, Julio Carlos Barrera Juez <juliocarlos.barrera at i2cat.net> wrote:
>
>> We have followed your advices:
>>
>> - We created our fake device driver located in the same level as other device drivers (/opt/stack/neutron/neutron/services/vpn//device_drivers/fake_device_driver.py):
>>
>> import abc
>> import six
>>
>> from neutron.openstack.common import log
>> from neutron.services.vpn import device_drivers
>>
>>
>> LOG = log.getLogger(__name__)
>>
>> @six.add_metaclass(abc.ABCMeta)
>> class FakeDeviceDriver(device_drivers.DeviceDriver):
>> '''
>> classdocs
>> '''
>>
>> def __init__(self, agent, host):
>> pass
>>
>> def sync(self, context, processes):
>> pass
>>
>> def create_router(self, process_id):
>> pass
>>
>> def destroy_router(self, process_id):
>> pass
>>
>> - Our service driver located in /opt/stack/neutron/neutron/services/vpn/service_drivers/fake_service_driver.py:
>>
>> from neutron.openstack.common import log
>>
>> LOG = log.getLogger(__name__)
>>
>> class FakeServiceDriver():
>> '''
>> classdocs
>> '''
>>
>> def get_vpnservices(self, context, filters=None, fields=None):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def get_vpnservice(self, context, vpnservice_id, fields=None):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def create_vpnservice(self, context, vpnservice):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def update_vpnservice(self, context, vpnservice_id, vpnservice):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def delete_vpnservice(self, context, vpnservice_id):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def get_ipsec_site_connections(self, context, filters=None, fields=None):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def get_ipsec_site_connection(self, context,
>> ipsecsite_conn_id, fields=None):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def get_ikepolicy(self, context, ikepolicy_id, fields=None):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def get_ikepolicies(self, context, filters=None, fields=None):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def create_ikepolicy(self, context, ikepolicy):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def update_ikepolicy(self, context, ikepolicy_id, ikepolicy):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def delete_ikepolicy(self, context, ikepolicy_id):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def get_ipsecpolicies(self, context, filters=None, fields=None):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def get_ipsecpolicy(self, context, ipsecpolicy_id, fields=None):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def create_ipsecpolicy(self, context, ipsecpolicy):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def update_ipsecpolicy(self, context, ipsecpolicy_id, ipsecpolicy):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>> def delete_ipsecpolicy(self, context, ipsecpolicy_id):
>> LOG.info('XXXXXXXXXXXXXX Calling method: ' + __name__)
>> pass
>>
>>
>> - Our /etc/neutron/vpn_agent.ini:
>>
>> [DEFAULT]
>> # VPN-Agent configuration file
>> # Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also
>>
>> [vpnagent]
>> # vpn device drivers which vpn agent will use
>> # If we want to use multiple drivers, we need to define this option multiple times.
>> # vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver
>> # vpn_device_driver=neutron.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver
>> # vpn_device_driver=another_driver
>>
>> # custom config
>> # implementation location: /opt/stack/neutron/neutron/services/vpn//device_drivers/fake_device_driver.py
>> vpn_device_driver=neutron.services.vpn.device_drivers.fake_device_driver.FakeDeviceDriver
>>
>> [ipsec]
>> # Status check interval
>> # ipsec_status_check_interval=60
>>
>>
>> It seems now everything is working and q-vpn starts. In one line in his log we see:
>>
>> 2014-07-16 21:59:45.009 DEBUG neutron.openstack.common.service [req-fb6ed9ca-0e71-4783-804b-81ea34b16679 None None] service_providers.service_provider = ['VPN:fake_junos_vpnaas:neutron.services.vpn.service_drivers.fake_service_driver.FakeServiceDriver:default'] from (pid=14423) log_opt_values /usr/local/lib/python2.7/dist-packages/oslo/config/cfg.py:1988
>>
>> But now we don't know how to continue. We don't any of our logs in q-vpn when we execute commands like:
>>
>> neutron vpn-ipsecpolicy-create test-ike-policy
>> neutron vpn-ikepolicy-list
>> neutron vpn-service-list
>>
>> We don't see any error anyway.
>>
>> How we could proceed?
>>
>> Thank you.
>>
>>
>> Julio C. Barrera Juez
>> Office phone: (+34) 93 357 99 27 (ext. 527)
>> Office mobile phone: (+34) 625 66 77 26
>> Distributed Applications and Networks Area (DANA)
>> i2CAT Foundation, Barcelona
>>
>>
>> On 17 July 2014 14:18, Paul Michali (pcm) <pcm at cisco.com> wrote:
>> See line @PCM
>>
>>
>> PCM (Paul Michali)
>>
>> MAIL …..…. pcm at cisco.com
>> IRC ……..… pcm_ (irc.freenode.com)
>> TW ………... @pmichali
>> GPG Key … 4525ECC253E31A83
>> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>>
>>
>>
>> On Jul 17, 2014, at 6:32 AM, Julio Carlos Barrera Juez <juliocarlos.barrera at i2cat.net> wrote:
>>
>>> I have __init__.py in the directory. Sorry my code is not public, but I can show you some contents, anyway is an experiment with no functional code.
>>
>> @PCM Could you provide a patch with the files so we could patch it into a local repo and try things? I’m assuming since it is an experiment with no functional code that maybe there’s nothing proprietary? :)
>>
>>
>>
>>>
>>> My /etc/neutron/vpn_agent.ini:
>>>
>>>
>>>
>>>
>>>
>>>
>>> [DEFAULT]
>>>
>>> [vpnagent]
>>> # implementation location: /opt/stack/neutron/neutron/services/vpn/junos_vpnaas/device_drivers/fake_device_driver.py
>>> vpn_device_driver=neutron.services.vpn.junos_vpnaas.device_drivers.fake_device_driver.FakeDeviceDriver
>>>
>>>
>>>
>>>
>>
>> @PCM Hmmm… Just a wild guess... I’m wondering if this is the issue. You class would need to inherit from the base device driver class. Does your fake_device_driver.py have the correct import paths? I say that, because your hierarchy is different. For example, the layout currently is…
>>
>> neutron/services/vpn/ - plugin
>> neutron/services/vpn/device_drivers/ - reference and Cisco device drivers
>> neutron/services/vpn/service_drivers/ - reference and Cisco service drivers
>>
>> Your hierarchy has another level…
>>
>> neutron/services/vpn/junos_vpnaas/device_drivers/
>>
>> I’m wondering if there is some import wrong. For example, the reference device driver has:
>>
>> from neutron.services.vpn import device_drivers
>> …
>> @six.add_metaclass(abc.ABCMeta)
>> class IPsecDriver(device_drivers.DeviceDriver):
>> """VPN Device Driver for IPSec.
>>
>> Where the import is used to access the base class DeviceDriver. If you’re doing the same, that file may be failing to load.
>>
>> Regards,
>>
>> PCM
>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> FakeDeviceDriver is an empty class with a constructor located in file /opt/stack/neutron/neutron/services/vpn/junos_vpnaas/device_drivers/fake_device_driver.py.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> I don't have access to my devstask instance, but the error was produced in q-vpn service:
>>> DeviceDriverImportError: Can not load driver :neutron.services.vpn.junos_vpnaas.device_drivers.fake_device_driver.FakeDeviceDriver
>>>
>>>
>>>
>>>
>>>
>>>
>>> I can provide full stack this afternoon.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Thank you.
>>>
>>>
>>>
>>>
>>> Julio C. Barrera Juez
>>> Office phone: (+34) 93 357 99 27 (ext. 527)
>>> Office mobile phone: (+34) 625 66 77 26
>>> Distributed Applications and Networks Area (DANA)
>>> i2CAT Foundation, Barcelona
>>>
>>>
>>> On 16 July 2014 20:59, Paul Michali (pcm) <pcm at cisco.com> wrote:
>>> Do you have a repo with the code that is visible to the public?
>>>
>>> What does the /etc/neutron/vpn_agent.ini look like?
>>>
>>> Can you put the log output of the actual error messages seen?
>>>
>>> Regards,
>>>
>>> PCM (Paul Michali)
>>>
>>> MAIL …..…. pcm at cisco.com
>>> IRC ……..… pcm_ (irc.freenode.com)
>>> TW ………... @pmichali
>>> GPG Key … 4525ECC253E31A83
>>> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>>>
>>>
>>>
>>> On Jul 16, 2014, at 2:43 PM, Julio Carlos Barrera Juez <juliocarlos.barrera at i2cat.net> wrote:
>>>
>>>> I am fighting with this for months. I want to develop a VPN Neutron plugin, but it is almost impossible to realize how to achieve it. this is a thread I opened months ago and Paul Mchali helped me a lot: http://lists.openstack.org/pipermail/openstack-dev/2014-February/028389.html
>>>>
>>>> I want to know the minimum requirements to develop a device driver and a service driver for a VPN Neutron plugin. I tried adding an empty device driver and I got this error:
>>>>
>>>> DeviceDriverImportError: Can not load driver :neutron.services.vpn.junos_vpnaas.device_drivers.fake_device_driver.FakeDeviceDriver
>>>>
>>>> Both Python file and class exists, but the implementation is empty. What is the problem? What I need to include in this file/class to avoid this error?
>>>>
>>>> Thank you.
>>>>
>>>>
>>>> Julio C. Barrera Juez
>>>> Office phone: (+34) 93 357 99 27 (ext. 527)
>>>> Office mobile phone: (+34) 625 66 77 26
>>>> Distributed Applications and Networks Area (DANA)
>>>> i2CAT Foundation, Barcelona
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140718/d75bbd47/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140718/d75bbd47/attachment.pgp>
More information about the OpenStack-dev
mailing list