[Openstack] LBaaS & VPNaaS
James Denton
james.denton at rackspace.com
Wed Oct 7 16:58:10 UTC 2015
Hi Yngvi,
In my most recent experience with VPNaaS on Kilo, I did the following (all on the controller node):
1. Install VPN agent
apt-get install neutron-vpnaas-agent
2. Edit /etc/neutron/vpn_agent.ini and add the following to configure the device driver:
[vpnagent]
vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
3. Edit /etc/neutron/neutron.conf and add vpnaas to the list of service plugins:
service_plugins = router,vpnaas
4. Edit /etc/neutron/neutron_vpnaas.conf and configure the service provider:
[service_providers]
service_provider = VPN:vpnaas:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
5. Restart Neutron service:
service neutron-server restart
6. Update AppArmor profile:
sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.charon /etc/apparmor.d/disable/
sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.stroke /etc/apparmor.d/disable/
service apparmor restart
7. Work around https://bugs.launchpad.net/neutron/+bug/1456335 <https://bugs.launchpad.net/neutron/+bug/1456335>
cat >> /usr/bin/neutron-vpn-netns-wrapper << EOF
#!/usr/bin/python2
import sys
from neutron_vpnaas.services.vpn.common.netns_wrapper import main
if __name__ == "__main__":
sys.exit(main())
EOF
8. Set permissions:
chmod 755 /usr/bin/neutron-vpn-netns-wrapper
9. Restart VPN agent
service neutron-vpn-agent restart
——
Here are the instructions for LBaaS. Again, this is for Kilo but may work with Juno as well:
1. Install agent:
apt-get install neutron-lbaas-agent
2. Define interface driver. This is specific to OVS or LinuxBridge. Edit the /etc/neutron/lbaas_agent.ini file and add the following:
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
-OR-
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
3. Define the device driver in /etc/neutron/lbaas_agent.ini:
[DEFAULT]
device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
4. Define service provider in /etc/neutron/neutron_lbaas.conf :
[service_providers]
service_provider = LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
5. Define service plugin in /etc/neutron/neutron.conf:
service_plugins = router,vpnaas,lbaas
6. Restart Neutron service:
service neutron-server restart
7. Restart LBaaS agent:
service neutron-lbaas-agent restart
——
No returns and no warranty! Give it a shot and let me know.
James Denton
Network Architect
Rackspace Private Cloud
james.denton at rackspace.com
> On Oct 7, 2015, at 5:08 AM, Yngvi Páll Þorfinnsson <yngvith at siminn.is> wrote:
>
> OK, thanks a lot Sayaji ;-)
>
> Regards
> Yngvi
> <>
> From: Sayaji Patil [mailto:sayaji15 at gmail.com]
> Sent: 6. október 2015 18:21
> To: Yngvi Páll Þorfinnsson <yngvith at siminn.is>
> Cc: openstack at lists.openstack.org
> Subject: Re: [Openstack] LBaaS & VPNaaS
>
> I was able to get VPNaas working by following this link
>
> https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall <https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall>
>
> Regards,
> Sayaji
>
> On Tue, Oct 6, 2015 at 3:38 AM, Yngvi Páll Þorfinnsson <yngvith at siminn.is <mailto:yngvith at siminn.is>> wrote:
> Dear all
>
> Can anyone please advise me on a good „install guide for Openstack Juno“ for
> LbaaS and VPNaaS ?
> My openstack servers are all Ubuntu 14.04 LTS.
>
> Best regards
> Yngvi
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> Post to : openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151007/f0f47b37/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151007/f0f47b37/attachment.sig>
More information about the Openstack
mailing list