[openstack-dev] How to implement and configure a new Neutron vpnaas driver from scratch?
Julio Carlos Barrera Juez
juliocarlos.barrera at i2cat.net
Thu May 22 14:06:36 UTC 2014
OK, I modified my neutron.conf file adding your service_plugins line (and
commenting the old ones). I unstacked clear, stacked again, applied both
files and restarted q-svc and q-l3, but VPN plugin seems to be not applied
at all.
These lines continue appearing in q-svc log file:
2014-05-22 06:53:08.523 DEBUG neutron.service [-] service_plugins
= ['neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'] from
(pid=15626) log_opt_values
/usr/local/lib/python2.7/dist-packages/oslo/config/cfg.py:1952
May I restart other services?
Julio C. Barrera Juez
Office phone: +34 93 357 99 27
Distributed Applications and Networks Area (DANA)
i2CAT Foundation, Barcelona, Spain
http://dana.i2cat.net
On 22 May 2014 13:15, Paul Michali (pcm) <pcm at cisco.com> wrote:
> One difference I see in log is that with my setup, I see:
>
> 2014-05-22 10:53:13.107 20564 DEBUG routes.middleware [-] Matched GET
> /vpn/vpnservices.json __call__
> /usr/lib/python2.7/dist-packages/routes/middleware.py:100
> 2014-05-22 10:53:13.108 20564 DEBUG routes.middleware [-] Route path:
> '/vpn/vpnservices.:(format)', defaults: {'action': u'index', 'controller':
> <wsgify at 58423632 wrapping <function resource at 0x37b8050>>} __call__
> /usr/lib/python2.7/dist-packages/routes/middleware.py:102
> 2014-05-22 10:53:13.108 20564 DEBUG routes.middleware [-] Match dict:
> {'action': u'index', 'controller': <wsgify at 58423632 wrapping <function
> resource at 0x37b8050>>, 'format': u'json'} __call__
> /usr/lib/python2.7/dist-packages/routes/middleware.py:103
> 2014-05-22 10:53:13.113 20564 INFO neutron.wsgi
> [req-81180687-3173-4960-b33d-9031c5e57f74 None] 14.0.3.33 - - [22/May/2014
> 10:53:13] "GET /v2.0/vpn/vpnservices.json HTTP/1.1" 200 208 0.020912
>
> Whereas, in your log I see:
>
> 2014-05-22 03:26:33.427 [00;32mDEBUG routes.middleware [ [00;36m- [00;32m] [01;35m [00;32m*No route matched* for GET /vpn/vpnservices.json [00m [00;33mfrom (pid=37367) __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:97 [00m
> 2014-05-22 03:26:33.436 [00;32mDEBUG routes.middleware [ [00;36m- [00;32m] [01;35m [00;32m*No route matched* for GET /vpn/vpnservices.json [00m [00;33mfrom (pid=37367) __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:97 [00m
> 2014-05-22 03:26:33.444 [00;36mINFO neutron.wsgi [ [01;36mreq-d9a6b5c3-4165-4c9f-83c0-1e87f3d43749 [00;36madmin 4e7b8bf6fcfd47028fd63b0bd2f943b3 [00;36m] [01;35m [00;36m127.0.0.1 - - [22/May/2014 03:26:33] "GET /v2.0/vpn/vpnservices.json HTTP/1.1" 404 242 0.235507
> [00m
>
> It looks like you don’t have the VPN plugin enabled. In neutron.conf, you
> should have:
>
> service_plugins =
> neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,
> *neutron.services.vpn.plugin.VPNDriverPlugin*
> service_provider =
> *VPN:junos_vpnaas:neutron.services.vpn.junos_vpnaas.service_drivers.vpnaas_service_driver.VPNaaSServiceDriver:default*
>
> The log provided does not show the VPN plugin...
>
> 2014-05-22 03:22:56.071 [00;32mDEBUG neutron.service [ [00;36m- [00;32m] [01;35m [00;32mservice_plugins = ['*neutron.services.l3_router.l3_router_plugin.L3RouterPlugin*'] [00m [00;33mfrom (pid=37367) log_opt_values /usr/local/lib/python2.7/dist-packages/oslo/config/cfg.py:1952 [00m
>
> 2014-05-22 03:22:56.076 [00;32mDEBUG neutron.service [ [00;36m- [00;32m] [01;35m [00;32mservice_providers.service_provider = ['*VPN:junos_vpnaas:neutron.services.vpn.junos_vpnaas.service_drivers.vpnaas_service_driver.VPNaaSServiceDriver:default*'] [00m [00;33mfrom (pid=37367) log_opt_values /usr/local/lib/python2.7/dist-packages/oslo/config/cfg.py:1960 [00m
>
>
> So the requests are never getting to the core VPN plugin code (let along
> getting to your service driver).
>
>
> Regards,
>
>
> PCM (Paul Michali)
>
> MAIL …..…. pcm at cisco.com
> IRC ……..… pcm_ (irc.freenode.com)
> TW ………... @pmichali
> GPG Key … 4525ECC253E31A83
> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>
>
>
> On May 22, 2014, at 6:31 AM, Julio Carlos Barrera Juez <
> juliocarlos.barrera at i2cat.net> wrote:
>
> Thank you for your dedication Paul.
>
> I forgot to edit these file, you were right. I modified it and now I see
> in the log:
>
> 2014-05-22 03:22:56.076 [00;32mDEBUG neutron.service [ [00;36m- [00;32m]
> [01;35m [00;32mservice_providers.service_provider =
> ['VPN:junos_vpnaas:neutron.services.vpn.junos_vpnaas.service_drivers.vpnaas_service_driver.VPNaaSServiceDriver:default']
> [00m [00;33mfrom (pid=37367) log_opt_values
> /usr/local/lib/python2.7/dist-packages/oslo/config/cfg.py:1960 [00m
>
> This is just my configuration, it seems correct. but I continue getting
> this:
>
> neutron vpn-service-list
> 404 Not Found
>
> The resource could not be found.
>
> This is my log file: http://pastebin.com/raw.php?i=6SZ2Xatg
>
> I don't know how to proceed, this is being a nightmare to me...
>
> Regards,
>
>
> Julio C. Barrera Juez
> Office phone: +34 93 357 99 27
> Distributed Applications and Networks Area (DANA)
> i2CAT Foundation, Barcelona, Spain
> http://dana.i2cat.net
>
>
> On 21 May 2014 18:19, Paul Michali (pcm) <pcm at cisco.com> wrote:
>
>> You have to have your service driver specified (as default) in
>> neutron.conf, and your device_driver specified in vpn_agent.ini. For the
>> former, you can either modify it after the devstack run and then restart
>> the server, or you can tweak the devstack scripts to modify neutron.conf
>> and add in the service driver. For the device driver, you can modify it in
>> /opt/stack/neutron/etc/vpn_agent.ini and it’ll get copied to /etc/neutron/
>> with the change.
>>
>> The log below only shows the reference service driver:
>>
>> 2014-05-21 08:28:46.703 [00;32mDEBUG neutron.service [ [00;36m- [00;32m] [01;35m [00;32mservice_providers.service_provider = ['LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default', '*VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default*'] [00m [00;33mfrom (pid=2199) log_opt_values /usr/local/lib/python2.7/dist-packages/oslo/config/cfg.py:1960 [00m
>>
>>
>> PCM (Paul Michali)
>>
>> MAIL …..…. pcm at cisco.com
>> IRC ……..… pcm_ (irc.freenode.com)
>> TW ………... @pmichali
>> GPG Key … 4525ECC253E31A83
>> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>>
>>
>>
>> On May 21, 2014, at 11:43 AM, Julio Carlos Barrera Juez <
>> juliocarlos.barrera at i2cat.net> wrote:
>>
>> First of all, excuse me for the silent days. I have made some changes in
>> my devstack instance. I took current master branch of devstack repository
>> and applied your patch to it with my plugin files defined (see it in GitHub
>> https://github.com/logoff/devstack/tree/junos-vpnaas). I used a localrc
>> file like this: http://pastebin.com/dE5bYkTE and when I execute this
>> command, it works:
>>
>> neutron subnet-list
>>
>> +--------------------------------------+----------------+---------------+------------------------------------------------+
>> | id | name | cidr |
>> allocation_pools |
>>
>> +--------------------------------------+----------------+---------------+------------------------------------------------+
>> | 7f8e23ef-be53-423e-8fb9-ea6b4f2b5d6b | private-subnet | 10.254.1.0/24| {"start": "10.254.1.2", "end": "10.254.1.254"} |
>> | f3b85fcc-1c01-4ac8-9950-1f45157c6887 | public-subnet | 172.24.4.0/24| {"start": "172.24.4.2", "end": "172.24.4.254"} |
>>
>> +--------------------------------------+----------------+---------------+------------------------------------------------+
>>
>>
>> but when I execute this command, it fails:
>>
>> neutron vpn-service-list
>> 404 Not Found
>>
>> The resource could not be found.
>>
>>
>>
>> Here you can find my q-svc log file (it is big, only 10 minutes of
>> execution: http://pastebin.com/raw.php?i=hqBzg8ED
>> I can not see my plugin anywhere. What do I need to do to achieve adding
>> my single provider VPNaaS plugin to a devstack instance?
>>
>>
>> Julio C. Barrera Juez
>> Office phone: +34 93 357 99 27
>> Distributed Applications and Networks Area (DANA)
>> i2CAT Foundation, Barcelona, Spain
>> http://dana.i2cat.net
>>
>>
>> On 9 May 2014 14:33, Paul Michali (pcm) <pcm at cisco.com> wrote:
>>
>>> Not really sure from the log snippet. Can you make available the full
>>> log (not sure where you can post it)?
>>>
>>> The q-svc log should indicate that your service driver was found and
>>> loaded.
>>>
>>>
>>> PCM (Paul Michali)
>>>
>>> MAIL …..…. pcm at cisco.com
>>> IRC ……..… pcm_ (irc.freenode.com)
>>> TW ………... @pmichali
>>> GPG Key … 4525ECC253E31A83
>>> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>>>
>>>
>>>
>>> On May 6, 2014, at 3:13 PM, Julio Carlos Barrera Juez <
>>> juliocarlos.barrera at i2cat.net> wrote:
>>>
>>> Hi!
>>>
>>> First of all thnak you for your guidance.
>>>
>>> I have followed your instructions with Cisco CSR VPN plugin and my not
>>> finished plugin. I got same results on both cases
>>> I invoked this command on CLI:
>>>
>>> neutron vpn-service-list
>>>
>>>
>>> and the result was:
>>>
>>> 404 Not Found
>>>
>>> The resource could not be found.
>>>
>>>
>>> Looking in the log of q-svc I see:
>>>
>>>
>>> 02014-05-06 12:05:04.119 INFO neutron.wsgi
>>> [req-8e9b50d1-4f6a-4f32-aa3d-db792ba744d5 admin
>>> 1798cd11ee304907aa463e6fea7a09bb] (3743) accepted ('10.0.1.10', 52672)
>>>
>>> 2014-05-06 12:05:04.119 DEBUG keystoneclient.middleware.auth_token [-]
>>> Authenticating user token from (pid=3743) __call__
>>> /opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:603
>>> 2014-05-06 12:05:04.120 DEBUG keystoneclient.middleware.auth_token [-]
>>> Removing headers from request environment:
>>> X-Identity-Status,X-Domain-Id,X-Domain-Name,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-User-Id,X-User-Name,X-User-Domain-Id,X-User-Domain-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant-Id,X-Tenant-Name,X-Tenant,X-Role
>>> from (pid=3743) _remove_auth_headers
>>> /opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:662
>>> 2014-05-06 12:05:04.138 DEBUG keystoneclient.middleware.auth_token [-]
>>> Storing token in cache from (pid=3743) _cache_put
>>> /opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:1121
>>> 2014-05-06 12:05:04.139 DEBUG keystoneclient.middleware.auth_token [-]
>>> Received request from user: cbf59516f8c64a10966b0df843a58608 with
>>> project_id : 1798cd11ee304907aa463e6fea7a09bb and roles: admin from
>>> (pid=3743) _build_user_headers
>>> /opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:910
>>> 2014-05-06 12:05:04.140 DEBUG routes.middleware [-] No route matched
>>> for GET /vpn/vpnservices.json from (pid=3743) __call__
>>> /usr/lib/python2.7/dist-packages/routes/middleware.py:97
>>> 2014-05-06 12:05:04.140 DEBUG routes.middleware [-] No route matched
>>> for GET /vpn/vpnservices.json from (pid=3743) __call__
>>> /usr/lib/python2.7/dist-packages/routes/middleware.py:97
>>> 2014-05-06 12:05:04.148 INFO neutron.wsgi
>>> [req-481d6f8b-c0f4-4862-965f-a0468c37a582 admin
>>> 1798cd11ee304907aa463e6fea7a09bb] 10.0.1.10 - - [06/May/2014 12:05:04] "GET
>>> /v2.0/vpn/vpnservices.json HTTP/1.1" 404 176 0.028534
>>>
>>> I don't know why the service was "Not found".
>>>
>>> May you give me some help to solve this problem?
>>>
>>> Thank you.
>>>
>>>
>>>
>>> Julio C. Barrera Juez
>>> Office phone: +34 93 357 99 27
>>> Distributed Applications and Networks Area (DANA)
>>> i2CAT Foundation, Barcelona, Spain
>>> http://dana.i2cat.net
>>>
>>>
>>> On 28 April 2014 14:10, Paul Michali (pcm) <pcm at cisco.com> wrote:
>>>
>>>>
>>>> On Apr 26, 2014, at 7:39 AM, Julio Carlos Barrera Juez <
>>>> juliocarlos.barrera at i2cat.net> wrote:
>>>>
>>>> I'm trying to configure any VPNaaS plugin in single-provider mode.
>>>> I'm not able to achieve this goal. I'm using a devstack installation and
>>>> I'm editing */etc/neutron/neutron.conf* file, modifying this line:
>>>>
>>>> ...
>>>>
>>>> service_provider=VPN:cisco_csr:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
>>>> ...
>>>>
>>>> and */etc/neutron/vpn_agent.ini* modifyin gthis line:
>>>>
>>>> *...*
>>>>
>>>> *vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.IPsecDriver…*
>>>>
>>>>
>>>> PCM: So what are you modifying these lines to? Are they pointing to
>>>> valid modules?
>>>>
>>>>
>>>>
>>>> I'm not sure if this configuration is OK. I have some doubts:
>>>>
>>>> - Is this configuration a valid one taking into account that plugin
>>>> are available in Python modules path?
>>>>
>>>>
>>>> PCM: Sorry, I don’t understand what you’re asking here.
>>>>
>>>>
>>>> - Where are the log files located to check valid neutron
>>>> configuration?
>>>>
>>>>
>>>> PCM: There is a variable in DevStacks localrc to set where the logs
>>>> are placed. For example:
>>>>
>>>> SCREEN_LOGDIR=/opt/stack/screen-logs
>>>>
>>>> I don’t know what the default is (disabled?).
>>>>
>>>>
>>>> - What services should I restart each time I change this
>>>> configuration?
>>>>
>>>>
>>>> PCM: q-svc for the service_driver, and q-vpn for the device_driver
>>>> (and maybe q-aft?).
>>>>
>>>>
>>>> What I do, is modify vpn_agent.ini in /opt/stack/neutron/etc/ and
>>>> then, using a newer DevStack that has my commit for VPN (
>>>> https://review.openstack.org/#/c/86567/), /etc/neutron/vpn_agent.ini
>>>> will be set with the desired device driver and that will be loaded at start
>>>> up.
>>>>
>>>> Also, I do a patch to DevStack’s lib/neutron and
>>>> lib/neutron_plugins/services/vpn to setup neutron.conf as well, so that,
>>>> again, /etc/neutron/neutron.conf is set up and stack.sh will do the right
>>>> thing. The patch is:
>>>>
>>>> patch -p 1 << EOT
>>>> diff --git a/lib/neutron b/lib/neutron
>>>> index 02dcaf6..452281b 100644
>>>> --- a/lib/neutron
>>>> +++ b/lib/neutron
>>>> @@ -728,6 +728,7 @@ function _configure_neutron_fwaas {
>>>> function _configure_neutron_vpn {
>>>> neutron_vpn_install_agent_packages
>>>> neutron_vpn_configure_common
>>>> + neutron_vpnaas_configure_driver
>>>> }
>>>>
>>>> # _configure_neutron_plugin_agent() - Set config files for neutron
>>>> plugin agent
>>>> diff --git a/lib/neutron_plugins/services/vpn
>>>> b/lib/neutron_plugins/services/vpn
>>>> index d920ba6..a676fdc 100644
>>>> --- a/lib/neutron_plugins/services/vpn
>>>> +++ b/lib/neutron_plugins/services/vpn
>>>> @@ -18,6 +18,10 @@ function neutron_vpn_configure_common {
>>>> _neutron_service_plugin_class_add $VPN_PLUGIN
>>>> }
>>>>
>>>> +function neutron_vpnaas_configure_driver() {
>>>> + iniset_multiline $NEUTRON_CONF service_providers service_provider
>>>> "VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default"
>>>> +}
>>>> +
>>>> function neutron_vpn_stop {
>>>> local ipsec_data_dir=$DATA_DIR/neutron/ipsec
>>>> local pids
>>>> EOT
>>>>
>>>>
>>>> Regards,
>>>>
>>>>
>>>> PCM (Paul Michali)
>>>>
>>>> MAIL …..…. pcm at cisco.com
>>>> IRC ……..… pcm_ (irc.freenode.com)
>>>> TW ………... @pmichali
>>>> GPG Key … 4525ECC253E31A83
>>>> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>>>>
>>>>
>>>>
>>>> Thank you very much.
>>>>
>>>>
>>>> Julio C. Barrera Juez
>>>> Office phone: +34 93 357 99 27
>>>> Distributed Applications and Networks Area (DANA)
>>>> i2CAT Foundation, Barcelona, Spain
>>>> http://dana.i2cat.net
>>>>
>>>>
>>>> On 24 April 2014 16:14, Paul Michali (pcm) <pcm at cisco.com> wrote:
>>>>
>>>>> Not sure I quite understand the question, but to configuring VPNaaS in
>>>>> single provider mode, from a user’s perspective is the same (see
>>>>> api.openstack.org).
>>>>>
>>>>> To bring up a cloud that uses a different vendor’s service and
>>>>> device driver, you need to modify neutron.conf to select the vendor’s
>>>>> service driver (as the default driver), instead of the reference driver,
>>>>> and in vpn_agent.ini you select the vendor’s device driver (instead of or
>>>>> in addition to the reference implementation, doesn’t matter, as it pairs
>>>>> with the service driver).
>>>>>
>>>>> HTHs,
>>>>>
>>>>>
>>>>> PCM (Paul Michali)
>>>>>
>>>>> MAIL …..…. pcm at cisco.com
>>>>> IRC ……..… pcm_ (irc.freenode.com)
>>>>> TW ………... @pmichali
>>>>> GPG Key … 4525ECC253E31A83
>>>>> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>>>>>
>>>>>
>>>>>
>>>>> On Apr 24, 2014, at 3:13 AM, Julio Carlos Barrera Juez <
>>>>> juliocarlos.barrera at i2cat.net> wrote:
>>>>>
>>>>> OK, thank you guys, I understood that it was not possible to
>>>>> configure and make work any VPNaaS plugin. I don't care, by now, because it
>>>>> works in single-provider mode. I knew about the Cisco implementation, but I
>>>>> don't know how to configure it, because I didn't find enough documentation
>>>>> about that topic. I need some help on the basics configuring a VPNaaS
>>>>> plugin in single provider mode, because I only found information about it
>>>>> in 3rd party blog posts, etc.
>>>>>
>>>>> What are the basic steps?
>>>>>
>>>>> Thank you again.
>>>>>
>>>>>
>>>>> Julio C. Barrera Juez
>>>>> Office phone: +34 93 357 99 27
>>>>> Distributed Applications and Networks Area (DANA)
>>>>> i2CAT Foundation, Barcelona, Spain
>>>>> http://dana.i2cat.net
>>>>>
>>>>>
>>>>> On 18 April 2014 10:50, Bo Lin <linb at vmware.com> wrote:
>>>>>
>>>>>> Hi Julio,
>>>>>> +1 for Paul's response. Multiple-provider VPNaaS support is delayed.
>>>>>> But you can take https://review.openstack.org/#/c/74156/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74156/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=3436530b865ab50e305340302d741b5f023419bebc45ec144caa57e4c51b0452>
>>>>>> and https://review.openstack.org/#/c/74144/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74144/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=08ac89d9f0424a7f6bb462accc106a9edc6df8e41b6b7fe568ea287db47abe30> as
>>>>>> examples to write your own vpnaas driver without multi-provider support. If
>>>>>> any questions or problems in your codes leading to not work, just upload
>>>>>> your codes onto the review board, we can find how to solve it :).
>>>>>>
>>>>>> Thanks!
>>>>>> ---Bo
>>>>>>
>>>>>>
>>>>>> ------------------------------
>>>>>> *From: *"Paul Michali (pcm)" <pcm at cisco.com>
>>>>>>
>>>>>> *To: *"OpenStack Development Mailing List (not for usage questions)"
>>>>>> <openstack-dev at lists.openstack.org>
>>>>>> *Sent: *Friday, April 11, 2014 2:15:18 AM
>>>>>>
>>>>>> *Subject: *Re: [openstack-dev] How to implement and configure a new
>>>>>> Neutron vpnaas driver from scratch?
>>>>>>
>>>>>> By not “working” do you mean you cannot get the plugin to work in a
>>>>>> multi-provider environment? Multi-provider solutions have been tabled until
>>>>>> Juno, where more discussion is occurring on what is the best way to support
>>>>>> different service providers.
>>>>>>
>>>>>> However, you should be able to get the plugin to work as the “sole”
>>>>>> VPN service provider, which is what the Cisco solution does currently. You
>>>>>> can look at how I’ve done that in the cisco_ipsec.py modules in the
>>>>>> service_drivers and device_drivers directories, under neutron/services/vpn/.
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> PCM (Paul Michali)
>>>>>>
>>>>>> MAIL …..…. pcm at cisco.com
>>>>>> IRC ……..… pcm_ (irc.freenode.com<https://urldefense.proofpoint.com/v1/url?u=http://irc.freenode.com&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=3f732defa72f3a816af1d5b52eefd459e2939807789cbc29c963da082ce8c010>
>>>>>> )
>>>>>> TW ………... @pmichali
>>>>>> GPG Key … 4525ECC253E31A83
>>>>>> Fingerprint .. 307A 96BB 1A4C D2C7 931D 8D2D 4525 ECC2 53E3 1A83
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Apr 10, 2014, at 1:51 PM, Julio Carlos Barrera Juez <
>>>>>> juliocarlos.barrera at i2cat.net> wrote:
>>>>>>
>>>>>> Hi.
>>>>>>
>>>>>> After 8 months of the patch creation and being abandoned weeks ago (
>>>>>> https://review.openstack.org/#/c/41827/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/41827/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=35c7a80127726543da2ed25bdde79e07b28ce936aa8a1ca7afa4fc20bcbefb65>)
>>>>>> I still don't how can we develop a VPNaaS plugin following Bo Lin
>>>>>> instructions. Is there any other patch trying to solve the problem? Is
>>>>>> there any way to workaround the issue to get a VPNaaS plugin working?
>>>>>>
>>>>>> Thank you!
>>>>>>
>>>>>>
>>>>>> Julio C. Barrera Juez
>>>>>> Office phone: +34 93 357 99 27
>>>>>> Distributed Applications and Networks Area (DANA)
>>>>>> i2CAT Foundation, Barcelona, Spain
>>>>>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=86728c6db62dee1a59132a2b11c5651432e714ee782ead0c4790189d29195b5d>
>>>>>>
>>>>>>
>>>>>> On 27 February 2014 10:51, Bo Lin <linb at vmware.com> wrote:
>>>>>>
>>>>>>> Hi Julio,
>>>>>>> You can take https://review.openstack.org/#/c/74156/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74156/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=3436530b865ab50e305340302d741b5f023419bebc45ec144caa57e4c51b0452>
>>>>>>> and https://review.openstack.org/#/c/74144/<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/74144/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=08ac89d9f0424a7f6bb462accc106a9edc6df8e41b6b7fe568ea287db47abe30> as
>>>>>>> examples to write your own vpnaas driver. More info about service type
>>>>>>> framework, you can also refer to neutron/services/loadbalancer codes.
>>>>>>>
>>>>>>> ------------------------------
>>>>>>> *From: *"Julio Carlos Barrera Juez" <juliocarlos.barrera at i2cat.net>
>>>>>>> *To: *"OpenStack Development Mailing List (not for usage
>>>>>>> questions)" <openstack-dev at lists.openstack.org>
>>>>>>> *Sent: *Thursday, February 27, 2014 5:26:32 PM
>>>>>>> *Subject: *Re: [openstack-dev] How to implement and configure a new
>>>>>>> Neutron vpnaas driver from scratch?
>>>>>>>
>>>>>>>
>>>>>>> I'm following the change you pointed a week ago. It seems that it
>>>>>>> is working now, and will be eventually approved soon. I will be happy when
>>>>>>> it is approved.
>>>>>>>
>>>>>>> Anyway, I need more information about how to develop a service
>>>>>>> driver and a device driver for VPN plugin. I realize doing
>>>>>>> reverse-engineering that I need and RPC agent and and RPC between them to
>>>>>>> communicate and use a kind of callbacks to answer. Where I can find
>>>>>>> documentation about it and some examples? Is there any best practise guide
>>>>>>> of the use of this architecture?
>>>>>>>
>>>>>>> Thank you again!
>>>>>>>
>>>>>>> [image: i2cat]
>>>>>>> Julio C. Barrera Juez
>>>>>>> Office phone: +34 93 357 99 27
>>>>>>> Distributed Applications and Networks Area (DANA)
>>>>>>> i2CAT Foundation, Barcelona, Spain
>>>>>>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=c98b2d74b41b9c8efe74e5f89d418dc5b64cd5b5003dc82b3d794c290d876d04>
>>>>>>>
>>>>>>>
>>>>>>> On 19 February 2014 09:13, Julio Carlos Barrera Juez <
>>>>>>> juliocarlos.barrera at i2cat.net> wrote:
>>>>>>>
>>>>>>>> Thank you very much Bo. I will try all your advices and check if it
>>>>>>>> works!
>>>>>>>>
>>>>>>>> [image: i2cat]
>>>>>>>> Julio C. Barrera Juez
>>>>>>>> Office phone: +34 93 357 99 27
>>>>>>>> Distributed Applications and Networks Area (DANA)
>>>>>>>> i2CAT Foundation, Barcelona, Spain
>>>>>>>> http://dana.i2cat.net<https://urldefense.proofpoint.com/v1/url?u=http://dana.i2cat.net/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=c98b2d74b41b9c8efe74e5f89d418dc5b64cd5b5003dc82b3d794c290d876d04>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 18 February 2014 09:18, Bo Lin <linb at vmware.com> wrote:
>>>>>>>>
>>>>>>>>> I wonder whether your neutron server codes have added the " VPNaaS
>>>>>>>>> integration with service type framework" change on
>>>>>>>>> https://review.openstack.org/#/c/41827/21<https://urldefense.proofpoint.com/v1/url?u=https://review.openstack.org/%23/c/41827/21&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=4a935821d551bb10de76c121ea8f83f57c00bf3a88ac0c73b51d87f96be1524f> ,
>>>>>>>>> if not, the service_provider option is useless. You need to include the
>>>>>>>>> change before developing your own driver.
>>>>>>>>>
>>>>>>>>> QA (In my opinion and sth may be missing):
>>>>>>>>> - What is the difference between service drivers and device
>>>>>>>>> drivers?
>>>>>>>>> service drivers are driven by vpn service plugin and are
>>>>>>>>> responsible for casting rpc request (CRUD of vpnservices) to and do
>>>>>>>>> callbacks from vpn agent.
>>>>>>>>> device drivers are driven by vpn agent and are responsible for
>>>>>>>>> implementing specific vpn operations and report vpn running status.
>>>>>>>>>
>>>>>>>>> - Could I implement only one of them?
>>>>>>>>> device driver must be implemented based on your own device.
>>>>>>>>> Unless the default ipsec service driver is definitely appropriate, suggest
>>>>>>>>> you implement both of them. After including "VPNaaS integration with
>>>>>>>>> service type framework", the service driver work is simple.
>>>>>>>>>
>>>>>>>>> - Where I need to put my Python implementation in my OpenStack
>>>>>>>>> instance?
>>>>>>>>> Do you mean let your instance runs your new codes? The
>>>>>>>>> default source codes dir is /opt/stack/neutron, you need to put your new
>>>>>>>>> changes into the dir and restart the neutron server.
>>>>>>>>>
>>>>>>>>> - How could I configure my OpenStack instance to use this
>>>>>>>>> implementation?
>>>>>>>>> 1. Add your new codes into source dir
>>>>>>>>> 2. Add appropriate vpnaas service_provider into neutron.conf
>>>>>>>>> and add appropriate "vpn_device_driver" option into vpn_agent.ini
>>>>>>>>> 3. restart n-svc and q-vpn
>>>>>>>>>
>>>>>>>>> Hope help you.
>>>>>>>>>
>>>>>>>>> ------------------------------
>>>>>>>>> *From: *"Julio Carlos Barrera Juez" <
>>>>>>>>> juliocarlos.barrera at i2cat.net>
>>>>>>>>> *To: *"OpenStack Development Mailing List" <
>>>>>>>>> openstack-dev at lists.openstack.org>
>>>>>>>>> *Sent: *Monday, February 17, 2014 7:18:44 PM
>>>>>>>>> *Subject: *[openstack-dev] How to implement and configure a new
>>>>>>>>> Neutron vpnaas driver from scratch?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi.
>>>>>>>>>
>>>>>>>>> I have asked in the Q&A website without success (
>>>>>>>>> https://ask.openstack.org/en/question/12072/how-to-implement-and-configure-a-new-vpnaas-driver-from-scratch/<https://urldefense.proofpoint.com/v1/url?u=https://ask.openstack.org/en/question/12072/how-to-implement-and-configure-a-new-vpnaas-driver-from-scratch/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=9uhm%2F59JRfiZ3CXzuhBOpqcTqWk8APswRGJFZ8H2Tos%3D%0A&s=73a239e478da9a7d12255611481016295433378154fb612bd567c30d77788648>
>>>>>>>>> ).
>>>>>>>>>
>>>>>>>>> I want to develop a vpnaas implementation. It seems that since
>>>>>>>>> Havana, there are plugins, services and device implementations. I like the
>>>>>>>>> plugin and his current API, then I don't need to reimplement it. Now I want
>>>>>>>>> yo implement a vpnaas driver, and I see I have two main parts to take into
>>>>>>>>> account: the service_drivers and the device_drivers. IPsec/OpenSwan
>>>>>>>>> implementation is the unique sample I've found.
>>>>>>>>>
>>>>>>>>> I'm using devstack to test my experiments.
>>>>>>>>>
>>>>>>>>> I tried to implement VpnDriver Python class extending the main
>>>>>>>>> API methods like IPsecVPNDriver does. I placed basic implementation files
>>>>>>>>> at the same level of IPsec/OpenSwan does and configured Neutron adding this
>>>>>>>>> line to /etc/neutron/neutron.conf file:
>>>>>>>>>
>>>>>>>>> service_provider =
>>>>>>>>> VPN:VPNaaS:neutron.services.vpn.service_drivers.our_python_filename.OurClassName:default
>>>>>>>>>
>>>>>>>>> I restarted Neutron related services in my devstack instance,
>>>>>>>>> but it seemed it didn't work.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> - What is the difference between service drivers and device
>>>>>>>>> drivers?
>>>>>>>>> - Could I implement only one of them?
>>>>>>>>> - Where I need to put my Python implementation in my OpenStack
>>>>>>>>> instance?
>>>>>>>>> - How could I configure my OpenStack instance to use this
>>>>>>>>> implementation?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I didn't find almost any documentation about these topics.
>>>>>>>>>
>>>>>>>>> Thank you very much.
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> OpenStack-dev mailing list
>>>>>>>>> OpenStack-dev at lists.openstack.org
>>>>>>>>>
>>>>>>>>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=9uhm%2F59JRfiZ3CXzuhBOpqcTqWk8APswRGJFZ8H2Tos%3D%0A&s=46fe06049efb1d29a85b63f7ce101cd69695a368c3da6ea3a91bcd7d2b71ce59
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> OpenStack-dev mailing list
>>>>>>>>> OpenStack-dev at lists.openstack.org
>>>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=638a7f219d00817d3d17746251a9b5090cce130fed11727be8a4cabd09754657>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OpenStack-dev mailing list
>>>>>>> OpenStack-dev at lists.openstack.org
>>>>>>>
>>>>>>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=YmmNfPyv1TNDbHlwFZT9xRPhyBxsQW%2B2aJ3daQ8RC%2BI%3D%0A&s=638a7f219d00817d3d17746251a9b5090cce130fed11727be8a4cabd09754657
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OpenStack-dev mailing list
>>>>>>> OpenStack-dev at lists.openstack.org
>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev<https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=d81bebe644cccedf66fedc084cf34c54e82b5a62712e12d1b5e2c6c1c6ee2c81>
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> OpenStack-dev mailing list
>>>>>> OpenStack-dev at lists.openstack.org
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OpenStack-dev mailing list
>>>>>> OpenStack-dev at lists.openstack.org
>>>>>>
>>>>>> https://urldefense.proofpoint.com/v1/url?u=http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=F5etm0B6kVJ9jleIhCvNyA%3D%3D%0A&m=1%2FHmRV%2F3ce%2Bjpzxjfyhv6xjuBhiOBVrajFVFZjco9Zw%3D%0A&s=d81bebe644cccedf66fedc084cf34c54e82b5a62712e12d1b5e2c6c1c6ee2c81
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OpenStack-dev mailing list
>>>>>> OpenStack-dev at lists.openstack.org
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>
>>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140522/e5062f11/attachment.html>
More information about the OpenStack-dev
mailing list