Bug 1301365 - VPNaaS should use libreswan driver instead of openswan by default
VPNaaS should use libreswan driver instead of openswan by default
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 8.0 (Liberty)
Assigned To: Ivan Chavero
Ofer Blaut
: OtherQA, ZStream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-24 09:16 EST by Eran Kuris
Modified: 2016-06-29 09:58 EDT (History)
6 users (show)

See Also:
Fixed In Version: openstack-packstack-7.0.0-0.17.dev1702.g490e674.el7ost
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-06-29 09:58:06 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 306013 None None None 2016-05-13 14:38 EDT

  None (edit)
Description Eran Kuris 2016-01-24 09:16:05 EST
When installing OSP-7 with packstack and enabling "VPNaaS" in answer file 
it install VPNaaS with openswan driver when it should be liberswan.
Driver configuration should be : 

In vpnagent.ini:
[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver


In /etc/neutron/neutron.conf

 service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin


In  /etc/neutron/neutron_vpnaas.conf

service_provider=VPN:libreswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

How reproducible:
always

Steps to Reproduce:
1.deploy with packstack osp-8 and enable vpnass 
2.verify in vpnagent.ini which driver is used 
3.

Actual results:


Expected results:


Additional info:
Comment 2 Eran Kuris 2016-01-24 09:19:35 EST
opened on version : 
[root@osp-7-packstack ~]# rpm -qa |grep vpn
openstack-neutron-vpnaas-2015.1.2-1.el7ost.noarch
python-neutron-vpnaas-2015.1.2-1.el7ost.noarch
[root@osp-7-packstack ~]# rpm -qa |grep packstack
openstack-packstack-2015.1-0.15.dev1589.g1d6372f.el7ost.noarch
openstack-packstack-puppet-2015.1-0.15.dev1589.g1d6372f.el7ost.noarch
Comment 3 Assaf Muller 2016-03-28 08:15:40 EDT
@Brent - Just making sure that Packstack should indeed configure libreswan by default.
Comment 4 Brent Eagles 2016-03-28 10:17:13 EDT
@Assaf - yes, this is correct. AFAIK, RHEL 7 doesn't come with any other "Swan", so LibreSwan is "it".
Comment 5 Ivan Chavero 2016-04-14 14:08:38 EDT
this fix has been merged in master, backporting to liberty.

can i have acks for this bug?
Comment 6 Assaf Muller 2016-04-14 15:04:14 EDT
(In reply to Ivan Chavero from comment #5)
> this fix has been merged in master, backporting to liberty.
> 
> can i have acks for this bug?

As you noticed simply moving the bug to ASSIGNED grants all three ACKs, there's no need to needinfo on rhos-flags anymore :)
Comment 10 errata-xmlrpc 2016-06-29 09:58:06 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1354

Note You need to log in before you can comment on or make changes to this bug.