diff --git a/lib/neutron b/lib/neutron index 8d27febf63..2f2c15f4ad 100755 --- a/lib/neutron +++ b/lib/neutron @@ -931,7 +931,7 @@ function _configure_neutron_l3_agent { Q_L3_ROUTER_PER_TENANT=$Q_USE_NAMESPACE if is_service_enabled q-vpn; then - cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE + neutron_vpn_configure_agent fi cp $NEUTRON_DIR/etc/l3_agent.ini $Q_L3_CONF_FILE diff --git a/lib/neutron_plugins/services/vpn b/lib/neutron_plugins/services/vpn index 5912eab9ca..4d6a2bf9a0 100644 --- a/lib/neutron_plugins/services/vpn +++ b/lib/neutron_plugins/services/vpn @@ -12,6 +12,13 @@ IPSEC_PACKAGE=${IPSEC_PACKAGE:-"openswan"} function neutron_vpn_install_agent_packages { install_package $IPSEC_PACKAGE + if is_ubuntu && [[ "$IPSEC_PACKAGE" == "strongswan" ]]; then + sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.charon /etc/apparmor.d/disable/ + sudo ln -sf /etc/apparmor.d/usr.lib.ipsec.stroke /etc/apparmor.d/disable/ + # NOTE: Due to https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1387220 + # one must use 'sudo start apparmor ACTION=reload' for Ubuntu 14.10 + restart_service apparmor + fi } function neutron_vpn_configure_common { @@ -19,6 +26,18 @@ function neutron_vpn_configure_common { _neutron_deploy_rootwrap_filters $NEUTRON_VPNAAS_DIR } +function neutron_vpn_configure_agent { + cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE + if [[ "$IPSEC_PACKAGE" == "strongswan" ]]; then + iniset_multiline $Q_VPN_CONF_FILE vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver + if is_fedora; then + iniset $Q_VPN_CONF_FILE strongswan default_config_area /usr/share/strongswan/templates/config/strongswan.d + fi + else + iniset_multiline $Q_VPN_CONF_FILE vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver + fi +} + function neutron_vpn_stop { local ipsec_data_dir=$DATA_DIR/neutron/ipsec local pids