[Openstack] LBaaS & VPNaaS

James Denton james.denton at rackspace.com
Wed Oct 7 16:58:10 UTC 2015


Hi Yngvi,

In my most recent experience with VPNaaS on Kilo, I did the following (all on the controller node):

1. Install VPN agent

apt-get install neutron-vpnaas-agent

2. Edit /etc/neutron/vpn_agent.ini and add the following to configure the device driver:

[vpnagent]
vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver

3. Edit /etc/neutron/neutron.conf and add vpnaas to the list of service plugins:

service_plugins = router,vpnaas

4. Edit /etc/neutron/neutron_vpnaas.conf and configure the service provider:

[service_providers]
service_provider = VPN:vpnaas:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

5. Restart Neutron service:

service neutron-server restart

6. Update AppArmor profile:

sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.charon /etc/apparmor.d/disable/
sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.stroke /etc/apparmor.d/disable/
service apparmor restart

7. Work around https://bugs.launchpad.net/neutron/+bug/1456335 <https://bugs.launchpad.net/neutron/+bug/1456335>
cat >> /usr/bin/neutron-vpn-netns-wrapper << EOF
#!/usr/bin/python2

import sys

from neutron_vpnaas.services.vpn.common.netns_wrapper import main

if __name__ == "__main__":
    sys.exit(main())
EOF

8. Set permissions:

chmod 755 /usr/bin/neutron-vpn-netns-wrapper

9. Restart VPN agent

service neutron-vpn-agent restart

——

Here are the instructions for LBaaS. Again, this is for Kilo but may work with Juno as well:

1. Install agent:

apt-get install neutron-lbaas-agent

2. Define interface driver. This is specific to OVS or LinuxBridge. Edit the /etc/neutron/lbaas_agent.ini file and add the following:

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

-OR-

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

3. Define the device driver in /etc/neutron/lbaas_agent.ini:

[DEFAULT]
device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver

 4. Define service provider in  /etc/neutron/neutron_lbaas.conf    :

[service_providers]
service_provider = LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

5. Define service plugin in /etc/neutron/neutron.conf:

service_plugins = router,vpnaas,lbaas

6. Restart Neutron service:

service neutron-server restart

7. Restart LBaaS agent:

service neutron-lbaas-agent restart

——

No returns and no warranty! Give it a shot and let me know.

James Denton
Network Architect
Rackspace Private Cloud
james.denton at rackspace.com

> On Oct 7, 2015, at 5:08 AM, Yngvi Páll Þorfinnsson <yngvith at siminn.is> wrote:
> 
> OK, thanks a lot Sayaji  ;-)
> 
> Regards
> Yngvi
>   <>
> From: Sayaji Patil [mailto:sayaji15 at gmail.com]
> Sent: 6. október 2015 18:21
> To: Yngvi Páll Þorfinnsson <yngvith at siminn.is>
> Cc: openstack at lists.openstack.org
> Subject: Re: [Openstack] LBaaS & VPNaaS
> 
> I was able to get VPNaas working by following this link
> 
> https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall <https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall>
> 
> Regards,
> Sayaji
> 
> On Tue, Oct 6, 2015 at 3:38 AM, Yngvi Páll Þorfinnsson <yngvith at siminn.is <mailto:yngvith at siminn.is>> wrote:
> Dear all
> 
> Can anyone please advise me on a good „install guide for Openstack Juno“ for
> LbaaS and VPNaaS ?
> My openstack servers are all Ubuntu 14.04 LTS.
> 
> Best regards
> Yngvi
> 
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> Post to     : openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> 
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151007/f0f47b37/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151007/f0f47b37/attachment.sig>


More information about the Openstack mailing list