Bug 1297833 - VPNaaS should use libreswan driver instead of openswan by default
VPNaaS should use libreswan driver instead of openswan by default
Status: CLOSED CURRENTRELEASE
Product: RDO
Classification: Community
Component: openstack-packstack (Show other bugs)
Juno
Unspecified Unspecified
unspecified Severity unspecified
: ---
: trunk
Assigned To: Javier Peña
Shai Revivo
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-12 10:01 EST by Eran Kuris
Modified: 2017-06-18 02:06 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-06-18 02:06:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 273471 None None None 2016-02-09 11:45 EST
OpenStack gerrit 277951 None None None 2016-02-09 11:45 EST

  None (edit)
Description Eran Kuris 2016-01-12 10:01:55 EST
Description of problem:
When installing OSP-8 with packstack and enabling "VPNaaS" in answer file 
it install VPNaaS with openswan driver when it should be liberswan.
Driver configuration should be : 

In vpnagent.ini:
[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver


In /etc/neutron/neutron.conf

 service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin


In  /etc/neutron/neutron_vpnaas.conf

service_provider=VPN:libreswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

How reproducible:
always

Steps to Reproduce:
1.deploy with packstack osp-8 and enable vpnass 
2.verify in vpnagent.ini which driver is used 
3.

Actual results:


Expected results:


Additional info:
Comment 4 Javier Peña 2016-01-28 04:56:33 EST
Currently, the upstream puppet-neutron code only supports openswan as a provider (https://github.com/openstack/puppet-neutron/blob/master/manifests/agents/vpnaas.pp#L63-L74), and treats libreswan as a drop-in replacement (https://github.com/openstack/puppet-neutron/blob/master/manifests/params.pp#L63-L67).

Is this correct, or are there any differences that recommend using the libreswan-specific driver?
Comment 5 Eran Kuris 2016-01-28 06:24:02 EST
As far as I know its correct
Comment 6 Javier Peña 2016-02-09 11:45:19 EST
Apparently we should use the Libreswan driver, because there are some specific initialization steps required for it (https://bugs.launchpad.net/neutron/+bug/1444017).

Adding support for Libreswan in Packstack via https://review.openstack.org/273471 (puppet-neutron support) and https://review.openstack.org/277951 (Packstack support).
Comment 7 Mike McCune 2016-03-28 18:48:26 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 9 Christopher Brown 2017-06-17 15:26:29 EDT
Looks like this was merged so can be closed now?

Note You need to log in before you can comment on or make changes to this bug.