Bug 1301365

Summary: VPNaaS should use libreswan driver instead of openswan by default
Product: Red Hat OpenStack Reporter: Eran Kuris <ekuris>
Component: openstack-packstackAssignee: Ivan Chavero <ichavero>
Status: CLOSED ERRATA QA Contact: Ofer Blaut <oblaut>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0 (Kilo)CC: amuller, aortega, beagles, nlevinki, rhos-flags, srevivo
Target Milestone: ---Keywords: OtherQA, ZStream
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-packstack-7.0.0-0.17.dev1702.g490e674.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-29 13:58:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Eran Kuris 2016-01-24 14:16:05 UTC 
When installing OSP-7 with packstack and enabling "VPNaaS" in answer file 
it install VPNaaS with openswan driver when it should be liberswan.
Driver configuration should be : 

In vpnagent.ini:
[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver


In /etc/neutron/neutron.conf

 service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin


In  /etc/neutron/neutron_vpnaas.conf

service_provider=VPN:libreswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

How reproducible:
always

Steps to Reproduce:
1.deploy with packstack osp-8 and enable vpnass 
2.verify in vpnagent.ini which driver is used 
3.

Actual results:


Expected results:


Additional info:
Comment 2 Eran Kuris 2016-01-24 14:19:35 UTC 
opened on version : 
[root@osp-7-packstack ~]# rpm -qa |grep vpn
openstack-neutron-vpnaas-2015.1.2-1.el7ost.noarch
python-neutron-vpnaas-2015.1.2-1.el7ost.noarch
[root@osp-7-packstack ~]# rpm -qa |grep packstack
openstack-packstack-2015.1-0.15.dev1589.g1d6372f.el7ost.noarch
openstack-packstack-puppet-2015.1-0.15.dev1589.g1d6372f.el7ost.noarch
Comment 3 Assaf Muller 2016-03-28 12:15:40 UTC 
@Brent - Just making sure that Packstack should indeed configure libreswan by default.
Comment 4 Brent Eagles 2016-03-28 14:17:13 UTC 
@Assaf - yes, this is correct. AFAIK, RHEL 7 doesn't come with any other "Swan", so LibreSwan is "it".
Comment 5 Ivan Chavero 2016-04-14 18:08:38 UTC 
this fix has been merged in master, backporting to liberty.

can i have acks for this bug?
Comment 6 Assaf Muller 2016-04-14 19:04:14 UTC 
(In reply to Ivan Chavero from comment #5)
> this fix has been merged in master, backporting to liberty.
> 
> can i have acks for this bug?

As you noticed simply moving the bug to ASSIGNED grants all three ACKs, there's no need to needinfo on rhos-flags anymore :)
Comment 10 errata-xmlrpc 2016-06-29 13:58:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1354