[openstack-dev] How to implement and configure a new Neutron vpnaas driver from scratch?

Julio Carlos Barrera Juez juliocarlos.barrera at i2cat.net
Wed May 21 15:43:58 UTC 2014


First of all, excuse me for the silent days. I have made some changes in my
devstack instance. I took current master branch of devstack repository and
applied your patch to it with my plugin files defined (see it in GitHub
https://github.com/logoff/devstack/tree/junos-vpnaas). I used a localrc
file like this: http://pastebin.com/dE5bYkTE and when I execute this
command, it works:

neutron subnet-list
+--------------------------------------+----------------+---------------+------------------------------------------------+
| id                                   | name           | cidr          |
allocation_pools                               |
+--------------------------------------+----------------+---------------+------------------------------------------------+
| 7f8e23ef-be53-423e-8fb9-ea6b4f2b5d6b | private-subnet | 10.254.1.0/24 |
{"start": "10.254.1.2", "end": "10.254.1.254"} |
| f3b85fcc-1c01-4ac8-9950-1f45157c6887 | public-subnet  | 172.24.4.0/24 |
{"start": "172.24.4.2", "end": "172.24.4.254"} |
+--------------------------------------+----------------+---------------+------------------------------------------------+


but when I execute this command, it fails:

neutron vpn-service-list
404 Not Found

The resource could not be found.



Here you can find my q-svc log file (it is big, only 10 minutes of
execution: http://pastebin.com/raw.php?i=hqBzg8ED
I can not see my plugin anywhere. What do I need to do to achieve adding my
single provider VPNaaS plugin to a devstack instance?


Julio C. Barrera Juez
Office phone: +34 93 357 99 27
Distributed Applications and Networks Area (DANA)
i2CAT Foundation, Barcelona, Spain
http://dana.i2cat.net


On 9 May 2014 14:33, Paul Michali (pcm) <pcm at cisco.com> wrote:

>  Not really sure from the log snippet. Can you make available the full log
> (not sure where you can post it)?
>
>  The q-svc log should indicate that your service driver was found and
> loaded.
>
>
>  PCM (Paul Michali)
>
>  MAIL …..…. pcm at cisco.com
> IRC ……..… pcm_ (irc.freenode.com)
> TW ………... @pmichali
> GPG Key … 4525ECC253E31A83
> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>
>
>
>  On May 6, 2014, at 3:13 PM, Julio Carlos Barrera Juez <
> juliocarlos.barrera at i2cat.net> wrote:
>
>  Hi!
>
>  First of all thnak you for your guidance.
>
>  I have followed your instructions with Cisco CSR VPN plugin and my not
> finished plugin. I got same results on both cases
> I invoked this command on CLI:
>
>  neutron vpn-service-list
>
>
>  and the result was:
>
>  404 Not Found
>
>  The resource could not be found.
>
>
>  Looking in the log of q-svc I see:
>
>
>   02014-05-06 12:05:04.119 INFO neutron.wsgi
> [req-8e9b50d1-4f6a-4f32-aa3d-db792ba744d5 admin
> 1798cd11ee304907aa463e6fea7a09bb] (3743) accepted ('10.0.1.10', 52672)
>
>  2014-05-06 12:05:04.119 DEBUG keystoneclient.middleware.auth_token [-]
> Authenticating user token from (pid=3743) __call__
> /opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:603
>  2014-05-06 12:05:04.120 DEBUG keystoneclient.middleware.auth_token [-]
> Removing headers from request environment:
> X-Identity-Status,X-Domain-Id,X-Domain-Name,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-User-Id,X-User-Name,X-User-Domain-Id,X-User-Domain-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant-Id,X-Tenant-Name,X-Tenant,X-Role
> from (pid=3743) _remove_auth_headers
> /opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:662
>  2014-05-06 12:05:04.138 DEBUG keystoneclient.middleware.auth_token [-]
> Storing token in cache from (pid=3743) _cache_put
> /opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:1121
>  2014-05-06 12:05:04.139 DEBUG keystoneclient.middleware.auth_token [-]
> Received request from user: cbf59516f8c64a10966b0df843a58608 with
> project_id : 1798cd11ee304907aa463e6fea7a09bb and roles: admin  from
> (pid=3743) _build_user_headers
> /opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:910
>  2014-05-06 12:05:04.140 DEBUG routes.middleware [-] No route matched for
> GET /vpn/vpnservices.json from (pid=3743) __call__
> /usr/lib/python2.7/dist-packages/routes/middleware.py:97
>  2014-05-06 12:05:04.140 DEBUG routes.middleware [-] No route matched for
> GET /vpn/vpnservices.json from (pid=3743) __call__
> /usr/lib/python2.7/dist-packages/routes/middleware.py:97
>  2014-05-06 12:05:04.148 INFO neutron.wsgi
> [req-481d6f8b-c0f4-4862-965f-a0468c37a582 admin
> 1798cd11ee304907aa463e6fea7a09bb] 10.0.1.10 - - [06/May/2014 12:05:04] "GET
> /v2.0/vpn/vpnservices.json HTTP/1.1" 404 176 0.028534
>
>  I don't know why the service was "Not found".
>
>  May you give me some help to solve this problem?
>
>  Thank you.
>
>
>
>  Julio C. Barrera Juez
> Office phone: +34 93 357 99 27
> Distributed Applications and Networks Area (DANA)
> i2CAT Foundation, Barcelona, Spain
> http://dana.i2cat.net
>
>
> On 28 April 2014 14:10, Paul Michali (pcm) <pcm at cisco.com> wrote:
>
>>
>>  On Apr 26, 2014, at 7:39 AM, Julio Carlos Barrera Juez <
>> juliocarlos.barrera at i2cat.net> wrote:
>>
>>   I'm trying to configure any VPNaaS plugin in single-provider mode. I'm
>> not able to achieve this goal. I'm using a devstack installation and I'm
>> editing */etc/neutron/neutron.conf* file, modifying this line:
>>
>>  ...
>>
>> service_provider=VPN:cisco_csr:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
>>  ...
>>
>>  and */etc/neutron/vpn_agent.ini* modifyin gthis line:
>>
>>  *...*
>>
>> *vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.IPsecDriver…*
>>
>>
>>  PCM: So what are you modifying these lines to? Are they pointing to
>> valid modules?
>>
>>
>>
>>  I'm not sure if this configuration is OK. I have some doubts:
>>
>>  - Is this configuration a valid one taking into account that plugin are
>> available in Python modules path?
>>
>>
>>  PCM: Sorry, I don’t understand what you’re asking here.
>>
>>
>>  - Where are the log files located to check valid neutron configuration?
>>
>>
>>  PCM: There is a variable in DevStacks localrc to set where the logs are
>> placed. For example:
>>
>>  SCREEN_LOGDIR=/opt/stack/screen-logs
>>
>>  I don’t know what the default is (disabled?).
>>
>>
>>  - What services should I restart each time I change this configuration?
>>
>>
>>  PCM: q-svc for the service_driver, and q-vpn for the device_driver (and
>> maybe q-aft?).
>>
>>
>>  What I do, is modify vpn_agent.ini in /opt/stack/neutron/etc/ and then,
>> using a newer DevStack that has my commit for VPN (
>> https://review.openstack.org/#/c/86567/), /etc/neutron/vpn_agent.ini
>> will be set with the desired device driver and that will be loaded at start
>> up.
>>
>>  Also, I do a patch to DevStack’s lib/neutron and
>> lib/neutron_plugins/services/vpn to setup neutron.conf as well, so that,
>> again, /etc/neutron/neutron.conf is set up and stack.sh will do the right
>> thing. The patch is:
>>
>>  patch -p 1 << EOT
>> diff --git a/lib/neutron b/lib/neutron
>> index 02dcaf6..452281b 100644
>> --- a/lib/neutron
>> +++ b/lib/neutron
>> @@ -728,6 +728,7 @@ function _configure_neutron_fwaas {
>>  function _configure_neutron_vpn {
>>      neutron_vpn_install_agent_packages
>>      neutron_vpn_configure_common
>> +    neutron_vpnaas_configure_driver
>>  }
>>
>>   # _configure_neutron_plugin_agent() - Set config files for neutron
>> plugin agent
>> diff --git a/lib/neutron_plugins/services/vpn
>> b/lib/neutron_plugins/services/vpn
>> index d920ba6..a676fdc 100644
>> --- a/lib/neutron_plugins/services/vpn
>> +++ b/lib/neutron_plugins/services/vpn
>> @@ -18,6 +18,10 @@ function neutron_vpn_configure_common {
>>      _neutron_service_plugin_class_add $VPN_PLUGIN
>>  }
>>
>>  +function neutron_vpnaas_configure_driver() {
>> +    iniset_multiline $NEUTRON_CONF service_providers service_provider
>> "VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default"
>> +}
>> +
>>  function neutron_vpn_stop {
>>      local ipsec_data_dir=$DATA_DIR/neutron/ipsec
>>      local pids
>> EOT
>>
>>
>>  Regards,
>>
>>
>>   PCM (Paul Michali)
>>
>>  MAIL …..…. pcm at cisco.com
>> IRC ……..… pcm_ (irc.freenode.com)
>> TW ………... @pmichali
>> GPG Key … 4525ECC253E31A83
>> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>>
>>
>>
>>  Thank you very much.
>>
>>
>>  Julio C. Barrera Juez
>> Office phone: +34 93 357 99 27
>> Distributed Applications and Networks Area (DANA)
>> i2CAT Foundation, Barcelona, Spain
>> http://dana.i2cat.net
>>
>>
>> On 24 April 2014 16:14, Paul Michali (pcm) <pcm at cisco.com> wrote:
>>
>>> Not sure I quite understand the question, but to configuring VPNaaS in
>>> single provider mode, from a user’s perspective is the same (see
>>> api.openstack.org).
>>>
>>>  To bring up a cloud that uses a different vendor’s service and device
>>> driver, you need to modify neutron.conf to select the vendor’s service
>>> driver (as the default driver), instead of the reference driver, and in
>>> vpn_agent.ini you select the vendor’s device driver (instead of or in
>>> addition to the reference implementation, doesn’t matter, as it pairs with
>>> the service driver).
>>>
>>>  HTHs,
>>>
>>>
>>>  PCM (Paul Michali)
>>>
>>>  MAIL …..…. pcm at cisco.com
>>> IRC ……..… pcm_ (irc.freenode.com)
>>> TW ………... @pmichali
>>> GPG Key … 4525ECC253E31A83
>>> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>>>
>>>
>>>
>>>   On Apr 24, 2014, at 3:13 AM, Julio Carlos Barrera Juez <
>>> juliocarlos.barrera at i2cat.net> wrote:
>>>
>>>  OK, thank you guys, I understood that it was not possible to configure
>>> and make work any VPNaaS plugin. I don't care, by now, because it works in
>>> single-provider mode. I knew about the Cisco implementation, but I don't
>>> know how to configure it, because I didn't find enough documentation about
>>> that topic. I need some help on the basics configuring a VPNaaS plugin in
>>> single provider mode, because I only found information about it in 3rd
>>> party blog posts, etc.
>>>
>>>  What are the basic steps?
>>>
>>>  Thank you again.
>>>
>>>
>>>  Julio C. Barrera Juez
>>> Office phone: +34 93 357 99 27
>>> Distributed Applications and Networks Area (DANA)
>>> i2CAT Foundation, Barcelona, Spain
>>> http://dana.i2cat.net
>>>
>>>
>>> On 18 April 2014 10:50, Bo Lin <linb at vmware.com> wrote:
>>>
>>>>  Hi Julio,
>>>> +1 for Paul's response. Multiple-provider VPNaaS support is delayed.
>>>> But you can take https://review.openstack.org/#/c/74156/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74156/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=3436530b865ab50e305340302d741b5f023419bebc45ec144caa57e4c51b0452>
>>>>  and https://review.openstack.org/#/c/74144/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74144/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=08ac89d9f0424a7f6bb462accc106a9edc6df8e41b6b7fe568ea287db47abe30> as
>>>> examples to write your own vpnaas driver without multi-provider support. If
>>>> any questions or problems in your codes leading to not work, just upload
>>>> your codes onto the review board, we can find how to solve it :).
>>>>
>>>>  Thanks!
>>>> ---Bo
>>>>
>>>>
>>>>  ------------------------------
>>>>  *From: *"Paul Michali (pcm)" <pcm at cisco.com>
>>>>
>>>> *To: *"OpenStack Development Mailing List (not for usage questions)" <
>>>> openstack-dev at lists.openstack.org>
>>>>  *Sent: *Friday, April 11, 2014 2:15:18 AM
>>>>
>>>> *Subject: *Re: [openstack-dev] How to implement and configure a new
>>>> Neutron vpnaas driver from scratch?
>>>>
>>>>  By not “working” do you mean you cannot get the plugin to work in a
>>>> multi-provider environment? Multi-provider solutions have been tabled until
>>>> Juno, where more discussion is occurring on what is the best way to support
>>>> different service providers.
>>>>
>>>>  However, you should be able to get the plugin to work as the “sole”
>>>> VPN service provider, which is what the Cisco solution does currently. You
>>>> can look at how I’ve done that in the cisco_ipsec.py modules in the
>>>> service_drivers and device_drivers directories, under neutron/services/vpn/.
>>>>
>>>>
>>>>  Regards,
>>>>
>>>>   PCM (Paul Michali)
>>>>
>>>>  MAIL …..…. pcm at cisco.com
>>>> IRC ……..… pcm_ (irc.freenode.com<https://urldefense.proofpoint.com/v1/url?u=http://irc.freenode.com&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=3f732defa72f3a816af1d5b52eefd459e2939807789cbc29c963da082ce8c010>
>>>> )
>>>> TW ………... @pmichali
>>>> GPG Key … 4525ECC253E31A83
>>>> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>>>>
>>>>
>>>>
>>>>  On Apr 10, 2014, at 1:51 PM, Julio Carlos Barrera Juez <
>>>> juliocarlos.barrera at i2cat.net> wrote:
>>>>
>>>>  Hi.
>>>>
>>>>  After 8 months of the patch creation and being abandoned weeks ago (
>>>> https://review.openstack.org/#/c/41827/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/41827/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=35c7a80127726543da2ed25bdde79e07b28ce936aa8a1ca7afa4fc20bcbefb65>)
>>>> I still don't how can we develop a VPNaaS plugin following Bo Lin
>>>> instructions. Is there any other patch trying to solve the problem? Is
>>>> there any way to workaround the issue to get a VPNaaS plugin working?
>>>>
>>>>  Thank you!
>>>>
>>>>
>>>>  Julio C. Barrera Juez
>>>> Office phone: +34 93 357 99 27
>>>> Distributed Applications and Networks Area (DANA)
>>>> i2CAT Foundation, Barcelona, Spain
>>>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=86728c6db62dee1a59132a2b11c5651432e714ee782ead0c4790189d29195b5d>
>>>>
>>>>
>>>> On 27 February 2014 10:51, Bo Lin <linb at vmware.com> wrote:
>>>>
>>>>>  Hi Julio,
>>>>>  You can take https://review.openstack.org/#/c/74156/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74156/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=3436530b865ab50e305340302d741b5f023419bebc45ec144caa57e4c51b0452>
>>>>>  and https://review.openstack.org/#/c/74144/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74144/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=08ac89d9f0424a7f6bb462accc106a9edc6df8e41b6b7fe568ea287db47abe30> as
>>>>> examples to write your own vpnaas driver. More info about service type
>>>>> framework, you can also refer to neutron/services/loadbalancer codes.
>>>>>
>>>>>  ------------------------------
>>>>>  *From: *"Julio Carlos Barrera Juez" <juliocarlos.barrera at i2cat.net>
>>>>>  *To: *"OpenStack Development Mailing List (not for usage questions)"
>>>>> <openstack-dev at lists.openstack.org>
>>>>> *Sent: *Thursday, February 27, 2014 5:26:32 PM
>>>>> *Subject: *Re: [openstack-dev] How to implement and configure a new
>>>>> Neutron vpnaas driver from scratch?
>>>>>
>>>>>
>>>>>  I'm following the change you pointed a week ago. It seems that it is
>>>>> working now, and will be eventually approved soon. I will be happy when it
>>>>> is approved.
>>>>>
>>>>>  Anyway, I need more information about how to develop a service
>>>>> driver and a device driver for VPN plugin. I realize doing
>>>>> reverse-engineering that I need and RPC agent and and RPC between them to
>>>>> communicate and use a kind of callbacks to answer. Where I can find
>>>>> documentation about it and some examples? Is there any best practise guide
>>>>> of the use of this architecture?
>>>>>
>>>>>  Thank you again!
>>>>>
>>>>>  [image: i2cat]
>>>>>  Julio C. Barrera Juez
>>>>> Office phone: +34 93 357 99 27
>>>>> Distributed Applications and Networks Area (DANA)
>>>>> i2CAT Foundation, Barcelona, Spain
>>>>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=c98b2d74b41b9c8efe74e5f89d418dc5b64cd5b5003dc82b3d794c290d876d04>
>>>>>
>>>>>
>>>>>  On 19 February 2014 09:13, Julio Carlos Barrera Juez <
>>>>> juliocarlos.barrera at i2cat.net> wrote:
>>>>>
>>>>>> Thank you very much Bo. I will try all your advices and check if it
>>>>>> works!
>>>>>>
>>>>>>  [image: i2cat]
>>>>>>  Julio C. Barrera Juez
>>>>>> Office phone: +34 93 357 99 27
>>>>>> Distributed Applications and Networks Area (DANA)
>>>>>> i2CAT Foundation, Barcelona, Spain
>>>>>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=c98b2d74b41b9c8efe74e5f89d418dc5b64cd5b5003dc82b3d794c290d876d04>
>>>>>>
>>>>>>
>>>>>>   On 18 February 2014 09:18, Bo Lin <linb at vmware.com> wrote:
>>>>>>
>>>>>>>   I wonder whether your neutron server codes have added the " VPNaaS
>>>>>>> integration with service type framework" change on
>>>>>>> https://review.openstack.org/#/c/41827/21<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/41827/21&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=4a935821d551bb10de76c121ea8f83f57c00bf3a88ac0c73b51d87f96be1524f> ,
>>>>>>> if not, the service_provider option is useless. You need to include the
>>>>>>> change before developing your own driver.
>>>>>>>
>>>>>>>  QA (In my opinion and sth may be missing):
>>>>>>>  - What is the difference between service drivers and device
>>>>>>> drivers?
>>>>>>>      service drivers are driven by vpn service plugin and are
>>>>>>> responsible for casting rpc request (CRUD of vpnservices) to and do
>>>>>>> callbacks from vpn agent.
>>>>>>>     device drivers are driven by vpn agent and are responsible for
>>>>>>> implementing specific vpn operations and report vpn running status.
>>>>>>>
>>>>>>>  - Could I implement only one of them?
>>>>>>>      device driver must be implemented based on your own device.
>>>>>>> Unless the default ipsec service driver is definitely appropriate, suggest
>>>>>>> you implement both of them. After including "VPNaaS integration with
>>>>>>> service type framework", the service driver work is simple.
>>>>>>>
>>>>>>>  - Where I need to put my Python implementation in my OpenStack
>>>>>>> instance?
>>>>>>>     Do you mean let your instance runs your new codes? The default
>>>>>>> source codes dir is /opt/stack/neutron, you need to put your new changes
>>>>>>> into the dir and restart the neutron server.
>>>>>>>
>>>>>>>  - How could I configure my OpenStack instance to use this
>>>>>>> implementation?
>>>>>>>     1.  Add your new codes into source dir
>>>>>>>    2. Add appropriate vpnaas service_provider into neutron.conf and
>>>>>>> add appropriate "vpn_device_driver" option into vpn_agent.ini
>>>>>>>    3. restart n-svc and q-vpn
>>>>>>>
>>>>>>>  Hope help you.
>>>>>>>
>>>>>>>  ------------------------------
>>>>>>>  *From: *"Julio Carlos Barrera Juez" <juliocarlos.barrera at i2cat.net>
>>>>>>> *To: *"OpenStack Development Mailing List" <
>>>>>>> openstack-dev at lists.openstack.org>
>>>>>>> *Sent: *Monday, February 17, 2014 7:18:44 PM
>>>>>>> *Subject: *[openstack-dev] How to implement and configure a new
>>>>>>> Neutron vpnaas        driver from scratch?
>>>>>>>
>>>>>>>
>>>>>>>  Hi.
>>>>>>>
>>>>>>>  I have asked in the Q&A website without success (
>>>>>>> https://ask.openstack.org/en/question/12072/how-to-implement-and-configure-a-new-vpnaas-driver-from-scratch/<https://urldefense.proofpoint.com/v1/url?u=https://ask.openstack.org/en/question/12072/how-to-implement-and-configure-a-new-vpnaas-driver-from-scratch/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=9uhm%2F59JRfiZ3CXzuhBOpqcTqWk8APswRGJFZ8H2Tos%3D%0A&s=73a239e478da9a7d12255611481016295433378154fb612bd567c30d77788648>
>>>>>>> ).
>>>>>>>
>>>>>>>  I want to develop a vpnaas implementation. It seems that since
>>>>>>> Havana, there are plugins, services and device implementations. I like the
>>>>>>> plugin and his current API, then I don't need to reimplement it. Now I want
>>>>>>> yo implement a vpnaas driver, and I see I have two main parts to take into
>>>>>>> account: the service_drivers and the device_drivers. IPsec/OpenSwan
>>>>>>> implementation is the unique sample I've found.
>>>>>>>
>>>>>>>  I'm using devstack to test my experiments.
>>>>>>>
>>>>>>>  I tried to implement VpnDriver Python class extending the main API
>>>>>>> methods like IPsecVPNDriver does. I placed basic implementation files at
>>>>>>> the same level of IPsec/OpenSwan does and configured Neutron adding this
>>>>>>> line to /etc/neutron/neutron.conf file:
>>>>>>>
>>>>>>>  service_provider =
>>>>>>> VPN:VPNaaS:neutron.services.vpn.service_drivers.our_python_filename.OurClassName:default
>>>>>>>
>>>>>>>  I restarted Neutron related services in my devstack instance, but
>>>>>>> it seemed it didn't work.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>  - What is the difference between service drivers and device
>>>>>>> drivers?
>>>>>>> - Could I implement only one of them?
>>>>>>> - Where I need to put my Python implementation in my OpenStack
>>>>>>> instance?
>>>>>>> - How could I configure my OpenStack instance to use this
>>>>>>> implementation?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>  I didn't find almost any documentation about these topics.
>>>>>>>
>>>>>>>  Thank you very much.
>>>>>>>
>>>>>>>  _______________________________________________
>>>>>>> OpenStack-dev mailing list
>>>>>>> OpenStack-dev at lists.openstack.org
>>>>>>>
>>>>>>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=9uhm%2F59JRfiZ3CXzuhBOpqcTqWk8APswRGJFZ8H2Tos%3D%0A&s=46fe06049efb1d29a85b63f7ce101cd69695a368c3da6ea3a91bcd7d2b71ce59
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OpenStack-dev mailing list
>>>>>>> OpenStack-dev at lists.openstack.org
>>>>>>>  http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=638a7f219d00817d3d17746251a9b5090cce130fed11727be8a4cabd09754657>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>>
>>>>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=638a7f219d00817d3d17746251a9b5090cce130fed11727be8a4cabd09754657
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=d81bebe644cccedf66fedc084cf34c54e82b5a62712e12d1b5e2c6c1c6ee2c81>
>>>>>
>>>>>
>>>>  _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>>
>>>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=d81bebe644cccedf66fedc084cf34c54e82b5a62712e12d1b5e2c6c1c6ee2c81
>>>>
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>>  _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>  _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>  _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140521/d7b58d7a/attachment.html>


More information about the OpenStack-dev mailing list